基於免憑證的定時釋出加密系統以及其在可認證電子郵件系統之應用 / Certificateless timed-release encryption and its application to certified email system

林欣瑤

Unknown Date

本論文提出了一個免憑證加密系統的方案，並且將此方案實作出來，使得此方案更具實用性。此方案主要架構為免憑證加密系統，利用此系統的特性消除傳統公開金鑰密碼系統中需要公開金鑰憑證認證的麻煩，也不會產生基於身分認證加密系統的私鑰託管問題，有效的結合了兩項系統的優點，並且提高了這兩種系統的安全性及方便性。本論文的協定中，在基於身分認證加密系統的公鑰部分還加入了階級以及時間戳記的概念，用以限制接收方取得部份私鑰的能力，並且也將接收方的部分公鑰加入其中，來增加部份私鑰的安全性。另外此協定也加入了提早解密金鑰的部分，可讓傳送方在傳出密文後更改解密時間，而不需要重新使用新的公鑰加密資訊，便可提早讓接收方取得相對應的明文資訊。 / In this paper, we propose a new certificateless public key encryption system, and implement it for securing e-mail systems. Certificateless cryptography, which is in contrast to traditional public key crypto-systems, does not require the use of certificates to guarantee the authenticity of public key. It does rely on the use of a trusted third party (TTP) who is in possession of a master key, just like the identity-based public key cryptography. However, certificateless public key crypto-system does not suffer from the key escrow property, whereas, it is a problem in the identity-based public key crypto-systems. Moreover, in our system, we add some new properties like level and time-stamp to limit the ability of receivers and to promote the safety of the system. Time-stamp ensures that the ciphertext cannot be decrypted before the indicated time and a level ensures that only the user with the corresponding identity and level can decrypt the ciphertext. In addition, a new feature is also introduced which is called the time-release encryption. Time-release encryption allows the encrypter to publish a release key so that the ciphertext can be decrypted by the receiver before the time indicated in the time-stamp when necessary.

免憑證

加密

協定

安全性證明

Certificateless

Encryption

System

security analysis

免憑證代理簽名及其代理盲簽名擴張 / Certificateless proxy signature and its extension to blind signature

陳力瑋

Unknown Date

在傳統的公開金鑰簽章系統中，用戶的公鑰需要一個可信第三方(Trusted Third Party-TTP)發給憑證來保證其可靠性。其後Shamir提出基於使用者身分的簽名機制(ID-Based Signature)　儘管不需要憑證，但此種系統的概念中，TTP仍然扮演著強大的角色，隨之而來的是金鑰託管(Key Escrow)的問題。而在2003年時提出的免憑證簽章系統Certificateless Signature Scheme(CL-S)概念中，不僅不需要憑證也同時解決了Key Escrow的問題。本篇文章便是基於CL-S的概念下，發展出一套免憑證的可代理簽章系統(CL-Proxy Signature)。並且可利用簡單的方式使我們的系統擴張成為一個支援盲簽名(Blind Signature)的免憑證代理盲簽章系統。 / Traditional public key cryptosystem (PKC) requires a Trusted-Third-Party(TTP) for the management of certificates of users’ public keys. To solve this problem, Shamir introduced the concept of ID based signature scheme. Although the ID based signature scheme doesn't require the certificate management, TTP still plays an important role here. In addition, ID-based schemes have the key escrow problem. In 2003, a certificateless signature scheme has been introduced. In a certificateless signature scheme, certificates are not required on one hand and can solve the key escrow problem on the other hand. In this paper, based on the concept of certificateless, we introduce a certificateless proxy signature scheme. A remarkable feature of our scheme is that it can be extended into a certificateless proxy blind signature.

免憑證簽章系統

代理簽章系統

盲簽章系統

Certificateless signature

Proxy signature

Blind signature

可訊息回復之免憑證簽章機制之研究 / Certificateless signatures with message recovery

詹省三, Chan, Sheng San

Unknown Date

在傳統的簽章機制中，我們需要一個具有公信力的第三方 (Trusted Third Party, TTP) 來核發數位憑證，以驗證公開金鑰確實屬於簽章者所擁有，為了減少TTP的負擔，於是就有學者提出了免憑證簽章 (Certificateless Signature) 機制。另一方面，具有訊息回復 (Message Recovery) 功能的數位簽章是指原始訊息不需要與簽章一起傳送給接收者以簡化訊息及簽章在傳送時的長度。 本論文中我們提出了一個具有訊息回復功能的免憑證簽章機制，和一般簽章方式相比，我們的方法不僅具有免憑證簽章的優點，訊息回復功能也減少了訊息和簽章的總長度，提昇了訊息的傳送效率 (Communication Cost)，在效能方面也有不錯的表現，因此非常適用於以頻寬為主要考量的公司組織以及對短訊息作簽章的應用，最後我們也有對我們的簽章方法做完整的安全性證明。 / In traditional digital signature systems, a trusted third party (TTP) is required in order to issue a digital certificate. The certificate is to assure that the public key actually belongs to the person of the signature. In order to reduce the burden of TTP, some scholars proposed the Certificateless Signatures. On the other hand, a digital signature with message recovery is a signature that the message itself is not required to be transmitted together with the signature. It has the advantage of small data size of communication. In this paper, a certificateless signature with message recovery is proposed. It inherits both the advantages of certificateless signatures and signatures providing message recovery. The performance of our scheme is compared with other schemes which shows that our scheme is quite efficient and the security of the scheme is finally proved in the random oracle model.

密碼學

數位簽章

訊息回復

免憑證簽章

雙線性配對

Cryptography

Digital signature

Message recovery

Certificateless signature

Bilinear pairing