Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/134089
|
| Title: | 基於ECDSA之部分盲簽章及其在比特幣上應用之研究
A Study on Partially Blind ECDSA and Its Application on Bitcoin |
| Authors: | 黃泓遜
Huang, Hong-Xun |
| Contributors: | 左瑞麟
Tso, Ray-Lin
黃泓遜
Huang, Hong-Xun |
| Keywords: | ECDSA
部分盲簽章
比特幣
ECDSA
Partially Blind Signature
Bitcoin |
| Date: | 2021 |
| Issue Date: | 2021-03-02 14:34:04 (UTC+8) |
| Abstract: | 盲簽章是一種能夠不讓簽名者知道自己所簽訊息的數位簽章。然而在實際應用中,簽名者往往需要記錄一些與簽名相關的額外訊息。為了解決這個問題,部分盲簽章的概念被提出。除了具有盲簽章的性質外,部分盲簽章可以讓簽名者能從所簽訊息中獲取到所需的相關的資訊。部分盲簽章在被提出至今有不少成果被提出,但這些成果都需要花費較多的運算時間,或是不易應用到實際應用中。除此之外,隨著數位貨幣(如:比特幣)的興起,愈來愈多消費者會購買數位貨幣。但目前的購買方式無法隱藏消費者的電子錢包位置,因此一些研究將重點放在基於橢圓曲線簽章算法(Elliptic Curve Digital Signature Algorithm,ECDSA)的盲簽章的研究上。然而由於盲簽章存在簽名者完全不知道所簽訊息的特性,使得這些基於ECDSA的盲簽章難以靈活地運用在數位貨幣系統上。因此,我們提出了提出了三個部分盲簽章。我們的第一個簽章是到目前為止的研究是效能最好的部分盲簽章。另外,為了與比特幣系統更加契合,我們提出了兩種改版之ECDSA及其在通用群模型(Generic Group Model)下的安全性證明,並基於此提出了兩種首次與現行比特幣系統相契合的ECDSA部分盲簽章。我們為上述的部分盲簽章都提供了安全性證明及效能分析。最後我們提出了我們的部分盲簽章在購買比特幣時的應用方式。
Blind signatures allow a user to obtain a signature without revealing message information to the signer. However, in many cases, the signer must record additional information relevant to the signature. Therefore, a partially blind signature was proposed to enable the signer to obtain some information from the signed message.
Although many partially blind signature schemes have been proposed, they are time intensive and impractical.
Additionally, with the development of blockchain technology, users increasingly use Bitcoin for purchasing and trading with coin providers.
Some studies have indicated that elliptic curve digital signature algorithm (ECDSA)-based blind signatures are compatible with Bitcoin because they prevent the linking of sensitive information due to the untamability of Bitcoin. However, these approaches are not sufficiently flexible because blind signatures do not allow the signer to obtain any information.
In this thesis, we proposed three partially blind signature schemes.
To the best of our knowledge, compared with other state-of-the-art schemes, our first scheme is the most practical partially blind signature. Additionally, to be more compatible with the current Bitcoin protocol, we introduced two variants of ECDSA with their security proofs under generic group model. Based on these two variants of ECDSA we proposed two partially blind signature schemes. Security proofs are provided to demonstrate that all proposed schemes have satisfactory unforgeability and blindness. At last we describe a application of bitcoin purchasing based on proposed schemes. |
| Reference: | [1] D. R. Brown, “Generic groups, collision resistance, and ECDSA,” Designs, Codes and
Cryptography, vol. 35, no. 1, pp. 119–152, 2005.
[2] A. Lysyanskaya, “Signature schemes and applications to cryptographic protocol design,”
Ph.D. dissertation, Massachusetts Institute of Technology, 2002.
[3] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE transactions on
Information Theory, vol. 22, no. 6, pp. 644–654, 1976.
[4] D. Chaum, A. Fiat, and M. Naor, “Untraceable electronic cash,” in Conference on the
Theory and Application of Cryptography. Springer, 1988, pp. 319–327.
[5] D. Chaum, “Blind signatures for untraceable payments,” in Advances in cryptology.
Springer, 1983, pp. 199–203.
[6] M. Abe and E. Fujisaki, “How to date blind signatures,” in International Conference on
the Theory and Application of Cryptology and Information Security. Springer, 1996, pp.
244–251.
[7] M. Abe and T. Okamoto, “Provably secure partially blind signatures,” in Annual
International Cryptology Conference. Springer, 2000, pp. 271–286.
[8] S. Nakamoto, “Bitcoin: A peertopeer electronic cash system,” Manubot, Tech. Rep.,
2019.
[9] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital signature algorithm
(ECDSA),” International journal of information security, vol. 1, no. 1, pp. 36–63, 2001.
[10] D. W. Kravitz, “Washington, DC: U.S. patent and trademark office,” U.S. Patent No. 5,
vol. 231, p. 668, 1993.
[11] 李鴻, “一種基於橢圓曲線的部分盲簽名方案,” 宿州學院學報, no. 1, pp. 89–91, 2004.
[12] M. An, “Blind signatures with DSA/ECDSA?” Annual International Cryptology
Conference, pp. 271–286, 2004. [Online]. Available: http://lists.virus.org/cryptography0404/msg00149.html
[13] W. Ladd, “Blind signatures for bitcoin transaction anonymity,” 2012.
[14] X. Yi and K.Y. Lam, “A new blind ECDSA scheme for bitcoin transaction anonymity,”
in Proceedings of the 2019 ACM Asia Conference on Computer and Communications
Security, 2019, pp. 613–620.
[15] D. Pointcheval and J. Stern, “Provably secure blind signature schemes,” in International
Conference on the Theory and Application of Cryptology and Information Security.
Springer, 1996, pp. 252–265.
[16] M. Stadler, J.M. Piveteau, and J. Camenisch, “Fair blind signatures,” in International
Conference on the Theory and Applications of Cryptographic Techniques. Springer, 1995,
pp. 209–219.
[17] Y. Frankel, Y. Tsiounis, and M. Yung, ““indirect discourse proofs”: Achieving efficient fair
offline ecash,” in International Conference on the Theory and Application of Cryptology
and Information Security. Springer, 1996, pp. 286–300.
[18] Y. Xie, F. Zhang, X. Chen, and K. Kim, “Idbased distributed ’magic ink’ signature,” in
Information and Communications Security, Fifth International Conference, ICICS, 2003,
pp. 10–13.
[19] A. Shamir, “Identitybased cryptosystems and signature schemes,” in Workshop on the
theory and application of cryptographic techniques. Springer, 1984, pp. 47–53.
[20] A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing elliptic curve logarithms to
logarithms in a finite field,” iEEE Transactions on information Theory, vol. 39, no. 5, pp.
1639–1646, 1993.
[21] F. Zhang and K. Kim, “Idbased blind signature and ring signature from pairings,” in
International Conference on the Theory and Application of Cryptology and Information
Security. Springer, 2002, pp. 533–547.
[22] S. Lal and A. K. Awasthi, “Proxy blind signature scheme,” Journal of Information Science
and Engineering. Cryptology ePrint Archive, Report, vol. 72, 2003.
[23] F. Zhang, R. SafaviNaini, and C.Y. Lin, “New proxy signature, proxy blind signature
and proxy ring signature schemes from bilinear pairing.” IACR Cryptol. ePrint Arch., vol.
2003, p. 104, 2003.
[24] Z. Tan, Z. Liu, and C. Tang, “Digital proxy blind signature schemes based on DLP and
ECDLP,” MM Research Preprints, vol. 21, no. 7, pp. 212–217, 2002.
[25] S. S. Chow, L. C. Hui, S.M. Yiu, and K. Chow, “Forwardsecure multisignature and blind
signature schemes,” Applied Mathematics and Computation, vol. 168, no. 2, pp. 895–908,
2005.
[26] D. N. Duc, J. H. Cheon, and K. Kim, “A forwardsecure blind signature scheme
based on the strong RSA assumption,” in International Conference on Information and
Communications Security. Springer, 2003, pp. 11–21.
[27] L. Liu and Z. Cao, “Universal forgeability of a forwardsecure blind signature scheme
proposed by Duc et al.” IACR Cryptol. ePrint Arch., vol. 2004, p. 262, 2004.
[28] X. Chen, F. Zhang, and K. Kim, “IDbased multiproxy signature and blind multisignature
from bilinear pairings,” Proceedings of KIISC, vol. 3, pp. 11–19, 2003.
[29] A. Lysyanskaya and Z. Ramzan, “Group blind digital signatures: A scalable solution to
electronic cash,” in International Conference on Financial Cryptography. Springer, 1998,
pp. 184–197.
[30] J. Kim, K. Kim, and C. Lee, “An efficient and provably secure threshold blind signature,”
in International Conference on Information Security and Cryptology. Springer, 2001, pp.
318–327.
[31] D. L. Vo, F. Zhang, and K. Kim, “A new threshold blind signature scheme from pairings,”
2003.
[32] T. K. Chan, K. Fung, J. K. Liu, and V. K. Wei, “Blind spontaneous anonymous group
signatures for ad hoc groups,” in European Workshop on Security in Adhoc and Sensor
Networks. Springer, 2004, pp. 82–94.
[33] D. Jena, S. K. Jena, and B. Majhi, “A novel untraceable blind signature based on elliptic
curve discrete logarithm problem,” 2007.
[34] M. Nikooghadam and A. Zakerolhosseini, “An efficient blind signature scheme based on
the elliptic curve discrete logarithm problem,” ISeCureThe ISC International Journal of
Information Security, vol. 1, no. 2, pp. 125–131, 2009.
[35] D. He, J. Chen, and R. Zhang, “An efficient identitybased blind signature scheme without
bilinear pairings,” Computers & Electrical Engineering, vol. 37, no. 4, pp. 444–450, 2011.
[36] H.Y. Chien, J.K. Jan, and Y.M. Tseng, “RSAbased partially blind signature with
low computation,” in Proceedings. Eighth International Conference on Parallel and
Distributed Systems. ICPADS 2001. IEEE, 2001, pp. 385–389.
[37] F. Zhang, R. SafaviNaini, and W. Susilo, “Efficient verifiable encrypted signature
and partially blind signature from bilinear pairings,” in International Conference on
Cryptology in India. Springer, 2003, pp. 191–204.
[38] G. Maitland and C. Boyd, “A provably secure restrictive partially blind signature scheme,”
in International Workshop on Public Key Cryptography. Springer, 2002, pp. 99–114.
[39] S. S. Chow, L. C. Hui, S.M. Yiu, and K. Chow, “Two improved partially blind signature
schemes from bilinear pairings,” in Australasian Conference on Information Security and
Privacy. Springer, 2005, pp. 316–328.
[40] T. Okamoto, “Efficient blind and partially blind signatures without random oracles,” in
Theory of Cryptography Conference. Springer, 2006, pp. 80–99.
[41] C.P. Schnorr, “Efficient identification and signatures for smart cards,” in Conference on
the Theory and Application of Cryptology. Springer, 1989, pp. 239–252.
[42] V. S. Miller, “Use of elliptic curves in cryptography,” in Conference on the theory and
application of cryptographic techniques. Springer, 1985, pp. 417–426.
[43] D. Pointcheval and J. Stern, “Provably secure blind signature schemes,” in International
Conference on the Theory and Application of Cryptology and Information Security.
Springer, 1996, pp. 252–265.
[44] ——, “Security arguments for digital signatures and blind signatures,” Journal of
cryptology, vol. 13, no. 3, pp. 361–396, 2000.
[45] J. H. Silverman and J. Suzuki, “Elliptic curve discrete logarithms and the index calculus,”
in International Conference on the Theory and Application of Cryptology and Information
Security. Springer, 1998, pp. 110–125.
[46] V. I. Nechaev, “Complexity of a determinate algorithm for the discrete logarithm,”
Mathematical Notes, vol. 55, no. 2, pp. 165–172, 1994.
[47] V. Shoup, “Lower bounds for discrete logarithms and related problems,” in International
Conference on the Theory and Applications of Cryptographic Techniques. Springer, 1997,
pp. 256–266.
[48] S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of interactive proof
systems,” SIAM Journal on computing, vol. 18, no. 1, pp. 186–208, 1989.
[49] A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification
and signature problems,” in Conference on the theory and application of cryptographic
techniques. Springer, 1986, pp. 186–194.
[50] O. Blazy, D. Pointcheval, and D. Vergnaud, “Compact roundoptimal partiallyblind
signatures,” in International Conference on Security and Cryptography for Networks.
Springer, 2012, pp. 95–112.
[51] W.J. Tsaur, J.H. Tsao, and Y.H. Tsao, “An efficient and secure ECCbased partially
blind signature scheme with multiple banks issuing ecash payment applications,” in
Proceedings of the International Conference on eLearning, eBusiness, Enterprise
Information Systems, and eGovernment (EEE). The Steering Committee of The World
Congress in Computer Science, Computer …, 2018, pp. 94–100.
[52] S. H. Islam and G. Biswas, “A pairingfree identitybased authenticated group key
agreement protocol for imbalanced mobile networks,” Annals of télécommunicationsannales des telecommunications, vol. 67, no. 1112, pp. 547–558, 2012.
[53] ——, “Provably secure and pairingfree certificateless digital signature scheme using
elliptic curve cryptography,” International Journal of Computer Mathematics, vol. 90,
no. 11, pp. 2244–2258, 2013.
[54] N. Tahat, E. Ismail, and A. Alomari, “Partially blind signature scheme based on chaotic
maps and factoring problems,” Italian Journal of Pure and Applied Mathematics, p. 165,
2018.
[55] N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz, “Comparing elliptic curve
cryptography and RSA on 8bit CPUs,” in International workshop on cryptographic
hardware and embedded systems. Springer, 2004, pp. 119–132.
[56] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza,
“Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium
on Security and Privacy. IEEE, 2014, pp. 459–474.
[57] G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,”
Ethereum project yellow paper, vol. 151, no. 2014, pp. 1–32, 2014. |
| Description: | 碩士
國立政治大學
資訊科學系
107753047 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0107753047 |
| Data Type: | thesis |
| DOI: | 10.6814/NCCU202100361 |
| Appears in Collections: | [資訊科學系] 學位論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 304701.pdf | | 667Kb | Adobe PDF2 | 133 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
