论文标题:秘密共享及相关应用研究
Research on Secret Sharing and Its Related Applications
论文作者 肖清华
论文导师 平玲娣;潘雪增,论文学位 博士,论文专业 计算机科学与技术
论文单位 浙江大学,点击次数 76,论文页数 126页File Size5070k
2005-01-01论文网 http://www.lw23.com/lunwen_304062292/ 秘密共享体制;接入结构;信息率;欺诈;多重签名;电子拍卖
Secret sharing scheme; access structure; information rate; cheating;multi-signature; electronic auction
在保密通信等相关领域,为了实现信息的安全保密,人们主要采用加密的手段来保密信息,而加密的核心是密钥的保密问题,密钥的管理直接影响着通信系统的安全。一般来讲,最安全的密钥管理方法是把它存储在一个保卫森严的地方,比如一台计算机、人的记忆或保险柜中。但实际上,计算机的故障、人的突然死亡或对保险柜的破坏常常使这种方法丧失应有的效力。一个相对有效的补救办法是把密钥重复备份,并且保存在不同的地方,但这样仍然不能从本质上解决这类问题。 而运用秘密共享技术则可以彻底地解决上述问题。所谓秘密共享体制就是将要保管的秘密s提供给一个参与者集合P中的所有成员分开保管,当且仅当集合P的一个授权子集中的所有成员出示他们的秘密份额时才能恢复出共享秘密s,而任何非授权子集成员则得不到关于秘密s的任何信息。 事实上,秘密共享在现实生活中应用相当广泛,比如银行或政府机要库门的开启、导弹的发射等等都需要多人同时到场。一些重要的事情或信息,如果只由某个人单独保管,那是极其危险的,容易被破坏、篡改、或者丢失。所以,应该由多人分开掌管。 本文首先对秘密共享技术的研究进行了综述,在此基础上,给合多重签名,对其中最常见和主要的门限秘密共享-多重签名技术和矢量空间秘密共享-多重签名技术做了有益的探索。然后针对秘密共享技术在电子拍卖中的应用,提出了两个实用的解决方案。最后,本文对秘密共享技术、秘密共享-多重签名技术的未来发展趋势做出了展望。具体来说,本文的主要成果包括如下几个方面:(1)对当前秘密共享体制进行了综述,介绍了秘密共享的常见思想、数学模型、接入结构种类、信息率的计算,以及防欺诈手段等等。然后,提出了一个新的秘密共享方案:基于二次剩余的安全矢量空间秘密共享方案。它以防欺诈的门限方案作为其特殊情形,对所共享的秘密进行封装,公开其承诺量,分发者分发秘密份额时检测共享秘密的正确性,防止了恶意分发者散发虚假的份额。利用特定条件下计算二次剩余的困难性,恢复秘密时验证各参与者提供的份额的有效性,也【浙江大学博士学位论文】=肖清华二杜绝了恶意参与者欺诈的可能性;(2)在秘密共享一多重签名方面,本论文针对数字签名的可跟踪性,以及确认签名是否来自同一个参与者授权子集这两个问题,指出了秘密共享和多重签名各自存在的不足,在此基础上,把两者结合起来,并从门限秘密共享一多重签名、矢量空间秘密共享一多重签名两方面对秘密共享一多重签名技术进行探讨,把Sunder一Kumar门限秘密共享一多重签名方案推广到更为广泛的矢量空间上,并独立地提出了一个双通道的安全矢量空间秘密共享一多重签名方案。该方案建立在安全的矢量空间秘密共享体制上,能有效地防止欺诈。利用在两个独立的通道分别采取不同的签名形式,在不降低签名效率的前提下,极大地提高了签名的安全性。恶意参与者如果想伪造签名,则他们必须同时在两个通道上伪造成功,进一步增加了欺诈的难度;(3)对电子拍卖而言,交易的安全问题成为其生存和发展的首要条件。单一服务器完成的拍卖是一种集中式的处理,存在单点故障的问题,所以分布式拍卖被用于达到容错与安全性的要求,这也导致了秘密共享技术在电子拍卖中应用极为广泛。本论文对电子拍卖的演进进行了回顾,在此基础上,提出了两个高效的电子拍卖方案:广义的安全电子拍卖以及M+1价位安全拍卖的推广方案。前者能够适用于任何的拍卖形式,包括一般的英式拍卖、荷兰式拍卖,以及推广的Vickrey拍卖和M+1价位拍卖。它基本包涵了这些拍卖协议所具有的一切优点,在电子商务领域具有很大的实用价值。后者则从保护投标者的角度出发,基于ASmuth一B10om秘密共享方案,能求出中标的任意价位,从而满足商品的最优化分配。 本论文大致分为三个部分:秘密共享研究的综述、秘密共享一多重签名以及秘密共享在电子拍卖中的应用。第二章为秘密共享研究的综述,介绍了秘密共享的常见思想和数学模型、接入结构种类、信息率的计算、理想接入结构的拟阵研究、以及秘密共享体制的防欺诈手段等等。 第三章提出了一个新的秘密共享方案:基于二次剩余的安全矢量空间秘密共享方案。这一章详细介绍了该方案的设计及实现,并对该方案的正确性、安全性 以及效率进行了详尽的分析。 在秘密共享一多重签名部分,本文首先综述了多重签名的研究概况,介绍了第H页【浙江大学博士学位论文】二肖清华=几类典型的多重签名方案,在此基础上,给出了门限秘密共享一多重签名,以及矢量空间秘密共享一多重签名的设计与实现。最后在Sunder一KLima:门限秘密共享一多重签名基础上,给出了一个推广的矢量空间秘密共享一多重签名方案,并对该推广方案的安全性和效率进行了详细的分析。 在第四章的基础上,本文在第五章提出了一种新的秘密共享一多重签名方案:双通道的矢量空间秘密共享一多重签名方案。详细介绍了该方案的设计及实现,并对该方案的正确性、安全性以及效率进行了详尽的分析。 第六章首先综述了电子拍卖的研究概况,包括电子拍卖的
In order to protect data we can encrypt it, but in order to protect the encryption key we need a different method (further encryptions change the problem rather than solve it). The most secure key management scheme keeps the key in a single, well-guarded location (a computer, a human brain, or a safe). This scheme is highly unreliable since a single misfortune (a computer breakdown, sudden death, or sabotage) can make the information inaccessible. An obvious solution is to store multiple copies of the key at different locations, but this increases the danger of security breaches (computer penetration, betrayal, or human errors).Secret sharing can solve the problems mentioned above perfectly. Informally, a secret sharing scheme is a method of distributing a secret key s among a set of participants P in such a way that qualified subsets of P can reconstruct the value of s, whereas any other (non-qualified) subsets of P cannot determine anything about the value of s.Secret sharing schemes are useful in any important action that requires the concurrence of several designated people to be initiated, such as launching a missile, opening a bank vault or even opening a safety deposit box. Secret sharing schemes are also used in management of cryptographic keys and multi-party secure protocols.This dissertation made a summarization of the research on secret sharing, and made a view for the trend of future research on secret sharing. With regard to this, this dissertation made a research on threshold secret sharing-multisignature and vector space secret sharing-multisignature. And then, this dissertation proposed two practical electronic auction schemes as to extend the application of secret sharing in electronic auction field. In a word, this dissertation includes the following outcomes:1) There was a summarization that covers common idea, mathematic model, access structure, information rate of secret sharing scheme, etc. And then, this dissertation proposed a secret sharing scheme of secure vector space based on quadratic residue. It extends the normal threshold structure. In this scheme, the secret was encapsulated, and its commitment was publicized. Then everyone can verify the correctness of the distribution of secret shares. Any malicious dealer would be detected efficiently. In the process of secret recovery, by means of the intractability of quadratic residue over finite field of large prime order, each shareholder who pooled share would be authenticated, which prevents adversaries from getting the secret or shares and the shareholders from cheating each other. Thus any unfaithful shareholders can be traced and determined.2) For secret sharing-multisignature, from the point of the signing group, what it concerns is the traceability of the signing set. On the other hand, for the verifier, whether the signature is indeed from that group and signed by at least t members (not the membership of the members in that group) is concerned most. Both secretsharing-signature and multi-signature cannot independently solve this problem. Combining the idea of secret sharing-signature schemes with the multi-signature schemes, this dissertation analyzed the architecture and technological characteristics of threshold secret sharing-multisignature and vector space secret sharing-multisignature, and then extended the Sunder-Kumar threshold secret sharing-multisignature scheme to that based on vector space structure. Afterwards, this dissertation proposed a vector space secret sharing based multi-signature scheme with two channels. This scheme is based on secure vector space secret sharing, and can prevent adversaries from cheating efficiently. In each channel, the signature is made separately, which highly improves this scheme"s security without losing its efficiency. If malicious participants try to forge the group signature, they must succeed in both channels with little probability.3) In electronic auction, the involved parties may be physically located anywhere. Each party has a computer connected to an electronic network. The parties
|
