| In general cryptographic algorithms,there are situations where key information is held by an individual,which will have the following two impacts on the system.First,it will affect the security of the system.If the key information holder abuses its power or is controlled by an adversary,the security of the system will be threatened.Then,it will influence the use of the system.If the holder cannot perform its duties or is destroyed,the system will become unusable.The threshold cryptographic algorithm provides an effective method for solving the above problems.In a threshold cryptographic system,key information will be shared among a group of players,and each computation of shared key information requires the cooperation of multiple players.When the number of unavailable players is less than the threshold value,the computation of key information will not be affected.The threshold cryptographic algorithm ensures the secure generation,storage and use of key information,and it is widely used in distributed systems.In this thesis,we mainly focus on the threshold SM9 signature scheme and threshold SM9 decryption scheme.By constructing a distributed generation protocol for the master private key and a distributed generation protocol for the users' private keys of the SM9 scheme,a fully distributed threshold SM9 signature and threshold SM9 decryption scheme is given.Our main research results are as follows:First,according to Gennaro's distributed key generation protocol,we give a distributed generation protocol for the master private key and distribute it among n KGC's servers.Through our experimental analysis,we give the generated time comparison of the master secret key and master public key under different thresholds.Meanwhile,there are two problems during the generation of the user's secret key.One is the multiplication of shared secrets and the secret inverse computation steps will lead to an increase of the threshold value,the other is the number of KGC's servers does not match the number of users.We propose a(t,n)threshold distributed generation scheme of the user's private key by improving the multiplication of shared secrets and the sharing of the secret's inverse to solve the first problem.Next,to solve the second problem,we give the definition and security model of the(t,n;k,m)threshold SM9 signature scheme according to the definition and security model of Baek's identity-based threshold signature scheme.Therefore,we propose the(t,n;k,m)threshold SM9 signature scheme and give the security proof of the scheme.In the(t,n;k,m)threshold SM9 signature scheme,the distributed generation protocol of the master private key and the distributed generation protocol of the user's private key are used to generate the shares of the user's private key which each user will obtain.And k users with the correct private key shares can cooperate to generate the signature,which has the same signature length as the ordinary signature.Finally,we give the definition and security model of the(t,n;k,m)threshold SM9 decryption scheme according to the definition and security model of Baek's identity-based threshold decryption scheme in order to solve the problem as well.We then propose a(t,n;k,m)threshold SM9 decryption scheme and give its security proof.In the(t,n;k,m)threshold SM9 decryption scheme,the distributed generation protocol of the master private key and the distributed generation protocol of the user's private key are used to generate the shares of the private key which each user will obtain,and the ciphertext decryption step is completed by k users who hold the correct private key shares.In the end,k honest users can cooperate to decrypt and get the plaintext successfully. |
PDF Full Text Request