Study on Privacy-preserving Cryptography Algorithms
|School||University of Electronic Science and Technology|
|Course||Information and Communication Engineering|
|Keywords||conditionally anonymous ring signature provable security model non-interactive zero-knowledge proof system deniable ring authentication designatedconfirmer signature|
Digital signature and authentication are the main research fields in thecryptography. As the fundmental of information security, digital signature andauthentication become the focus. Specially, the ring signature, designated confirmersignature and deniable authentication play the important role in the privacy-preserving.For example, ring signature schemes can be used in the e-voting system, where thevoters should keep the anonymity. Designated confirmer signature schemes can beapplied into the digitization system of healthcare, in which the remote patients canenjoy comprehensive diagnosis and treatments without leaking the privacy. For payingfor authentication, such as checking a piece of software, the deniable authentication isrequired.In this thesis, author focuses on the privacy-preserving of the participants in thesystem. The ring signature algorithms which achieve the anonymity of the signer are theresearch object. Rely on the ring signatures, non-interactive zero-knowledge proofsystem, pseudorandom function and provable security model, the goals of this thesis areto construct efficient and secure ring signature schemes with additional properties; topropose deniable ring authentication protocols under the concurrent setting; and topresent a privacy-enhanced designated confirmer signature scheme without randomoracles. The efficiency and security of these constructions are improved compared torelated works, such that they can be applied to the resource-constraint and flexiblenetworks.The contribution of this thesis is as follows:1. Construct an efficient conditionally anonymous ring signature in therandom oracle model. In this construction, the actual signer can be traced withoutthe help of the group manager. The advantage of this construction is that theproposed confirmation and disavowal algorithms are non-interactive with constantcosts. Moreover, this construction depends on the standard complexityassumptions.2. Construct two conditionally anonymous ring signatures without random oracles. In order to improve the security, two conditionally anonymous ringsignatures without random oracles are proposed in this thesis. The firstconstruction is a framework which uses the tools of adaptive unboundedsimulation-sound non-interactive zero-knowledge proof system and pseudorandomfunction and shows that the security only depends on general complexityassumptions, such as one-way function and trapdoor permutation. The second oneis a concrete construction based on the non-interactive witness-indistinguishableproof system. The security holds under non-standard assumptions, such as strongDiffie-Hellman assumption and subgroup decision assumption. However, this workdoes not use generic zero-knowledge proof system. Therefore, it is more efficientthan the first one.3. Construct two concurrently deniable ring authentication protocols. Theyallow a sender to authenticate message to a receiver with her identity hiddenamong group of participants that she randomly chooses, while the recipient cannotconvince a third party that the fact of this authentication has happened. The firstproposal is based on timed commitment, zero-knowledge proof system and genericring signature scheme. The second construction is based on the assumption thatusers have public keys of a multi-receiver encryption. Additionally, a concreteCCA2multi-receiver encryption scheme without random oracles is constructed inthis thesis. Compared to the related works, the deniability of both protocols holdsin a concurrent setting and the communication rounds are optimal.4. Construct a privacy-enhanced designated confirmer signature withoutrandom oracles. Both the signer and confirmer in this construction can confirm avalid designated confirmer signature (DCS) and disavow an invalid one.Furthermore, the authority of the confirmer is limited. That is, the confirmer cannotconvert a valid DCS into a standard signature. This new property of DCS is morefavorable to the privacy of signer.