利用Weil 配對之跨領域身份基礎附驗證金鑰合議協定

Hong-Bin Tsai; 蔡宏彬

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/34194

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆(Chin-Laung Lei)
dc.contributor.author	Hong-Bin Tsai	en
dc.contributor.author	蔡宏彬	zh_TW
dc.date.accessioned	2021-06-13T05:57:40Z	-
dc.date.available	2006-07-10
dc.date.copyright	2006-07-10
dc.date.issued	2006
dc.date.submitted	2006-06-28
dc.identifier.citation	[1] S.S. Al-Riyami and K.G. Paterson. Tripartite authenticated key agreement protocols from pairings. In IMA Conference on Cryptography and Coding, volume 2898 of LNCS, pages 332–359, 2003. [2] M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology - CRYPTO’93, volume 773 of LNCS, pages 232–249, 1994. [3] S. Blake-Wilson, D. Johnson, and A. Menezes. Key agreement protocols and their security analysis. In 5th Annual Workshop on Selected Areas in Cryptography (SAC’98), volume 1355 of LNCS, pages 30–45, 1997. [4] D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In Proceedings of Advances in Cryptology – CRYPTO 2001: 21st Annual International Cryptology Conference, volume 2139 of LNCS, pages 213–229, 2001. [5] L. Chen and C. Kudla. Identity based authenticated key agreement protocols from pairings. In Proceedings of 16th IEEE Computer Security Foundation Workshop, 2003, pages 219–233, 2004. [6] W. Diffie and M. Hellman. New directions in cryptography. In IEEE Transactions on Information Theory, 1976. [7] G. Frey, M. Mぴuller, and H.G. Rぴuck. The tate pairing and the discrete logarithm applied to elliptic curve cryptography. In IEEE Transaction on Information Theory, 1999. [8] N. McCullagh and P. S.L.M. Barreto. A new two-party identity-based authenticated key agreement. In Proceedings of Topics in Cryptology– CT-RSA 2005: The Cryptographers’Track at the RSA Conference, volume 3376 of LNCS, pages 262–274, 2005. [9] A. Menezes, T. Okamoto, and S. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. In IEEE Transaction on Information Theory, 1993. [10] A. Menezes, M. Qu, and S. Vanstone. Some new key agreement protocols providing mutual implicit authentication. In Proceedings of the Second Workshop on Selected Areas in Cryptography, SAC’95, 1995. [11] Alfred Menezes. Elliptic Curve Public Key Cryptosystems. SECS 234. Kluwer Academic Publishers, 1993. [12] C. Mitchell, M. Ward, and P. Wilson. Key control in key agreement protocols. Electronics Letters, 34(10):980–981, 1998. [13] E.K. Ryu, E.J. Yoon, and K.Y. Yoo. An efficient id-based authenticated key agreement protocol from pairings. In Proceedings of Third International IFIP-TC6 Networking Conference 2004, volume 3042 of LNCS, pages 1458–1463, 2004. [14] A. Shamir. Identity-based cryptosystems and signature schemes. In Advances in Cryptology - CRYPTO ’84, volume 196 of LNCS, pages 47–53, 1984. [15] Joseph H. Silverman. The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics. Springer Verlag, 1986. [16] Joseph H. Silverman and John Tate. Rational Points on Elliptic Curves. Undergraduate Texts in Mathematics. Springer Verlag, 1992. [17] N.P. Smart. An identity based authenticated key agreement protocol based on the weil pairing. Electronics Letters, 38(13):630–632, 2002. [18] E. R. Verheul. Evidence that XTR is more secure than supersingular elliptic curve systems. In Advances in Cryptology - EUROCRYPT 2001, volume 17 of LNCS, pages 277–296, 2004.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/34194	-
dc.description.abstract	當溝通雙方分處於不同領域 (domain) ，而想建立共享金鑰來進行祕密通訊時，就需要一個跨領域的金鑰合議協定 (key agreement protocol) 。近年來，很多身份基礎 (identity-based) 的附驗證 (authenticated) 金鑰合議協定被提出來。絕大多數的研究在解決此類通訊協定效率問題時，皆假設溝通的雙方處於同一個領域；例如：同一間公司的雇員。也就是說，在身份基礎的架構 (identity-based scheme) 下，溝通的雙方必須向同一個被信任的管理者 (Trusted Authority) 註冊，來獲得相對應於使用者公開身份 (public identity) 的私鑰 (private key) 。然而，在現今溝通頻繁的社會，欲建立祕密通訊的雙方極有可能處於不同的領域；例如：各自屬於兩間獨立的公司的雇員。如此一來，一個可以實現跨領域金鑰合議的通訊協定便有其必要性。 Chen 和 Kudla 在 2003 年曾提出一個具有跨領域特性的身份基礎附驗證金鑰合議協定。然而，他們所設計的協定中假設了不同領域的被信任管理者採用了一樣的系統參數，所有的領域管理者都必須向一個信任第三方 (Trusted Third Party) 索取共用的參數。我們發現這樣的假設產生了一些潛在的問題。首先，當信任第三方更新系統參數時，所有的信任管理者都必須立即更新，否則採用了不同的系統參數將導致處於不同領域的使用者無法建立共享金鑰。如此一來，從整個系統的角度來看，金鑰更新所產生的計算量相當地大，同時還有金鑰更新不同步的問題，使用者若處於金鑰更新較慢的領域，將無法和其他領域的使用者建立共享金鑰。其次，依賴信任第三方提供系統參數，而不是讓信任管理者自由地選擇系統參數，將大大限制了信任管理者在金鑰管理上的彈性。在本篇論文當中，我們提出了一個跨領域金鑰合議通訊協定，允許信任管理者自行決定系統參數，在不降低安全性的情況下，使處於不同領域的使用者仍然可以建立共享金鑰。如此一來，每個領域的信任管理者可以自由地決定金鑰更新的時間點，更新的動作也不會影響到其他領域的信任管理員及使用者，亦可自由地選擇系統參數，也提高了金鑰管理的彈性。	zh_TW
dc.description.abstract	An inter-domain key agreement protocol is needed while two parties in distinct domains desire to have a shared secret that is mutually agreed. A number of identity-based (ID-based) authenticated key agreement (AK) protocols using the Weil and Tate pairings have been proposed in recent years. These researches include how to make the protocols efficient, e.g., McCullagh and Barreto’s ”New Two-Party Identity-Based Authenticated Key Agreement”; how to extend AK protocol to a group, e.g., Reddy and Nalla’s ”Identity Based Authenticated Group Key Agreement Protocol”. Most of them achieve key agreement between parties inside a single domain, for example, employers of a company, staff of an organization. In other words, parties involved in communication are required to register to a common Trusted Authority (TA), which generates private keys from user’s public identity in an identity-based cryptosystem. Nowadays, a large number of communications are raised between parties in different domains, e.g., two independent companies. It is highly possible that these parties register to different TAs and thus a key agreement protocol suitable for this case is necessary. In 2003, Chen and Kudla have proposed a key agreement protocol that helps the establishment of shared secret key between parties in distinct domains. Later in 2005 McCullagh and Barreto have further proposed a new protocol to improve the efficiency of Chen and Kudla’s work. However, we found their protocols suffer from the lack of scalability and practicability. If parties involved in key agreement have registered to the same TA, they may apply identical system parameters for pairing computation. However, when parties involved in key agreement registered to distinct TAs, the possibility of applying different system parameters is not negligible. All previous works have assumed that system parameters for pairing computation are globally agreed or decided by an international standard body, which may cause vast cost of key update in real applications. Besides, following their protocols, two parties in different domains can agree on a shared secret only by applying identical system parameters. In other words, the inter-domain key agreement may fail for TAs that are inevitably equipped with different parameters, e.g., a delay of parameter update from the international standard body. In this paper, we propose an inter-domain identity-based authenticated key agreement protocol that eliminates the requirement of applying identical generator P ∈ G1 for TAs participating in key agreement protocols and achieves to establish a shared secret key between parties in distinct domains.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T05:57:40Z (GMT). No. of bitstreams: 1 ntu-95-R93921094-1.pdf: 967919 bytes, checksum: f153e7c7422b641cdd787443efe5a7b8 (MD5) Previous issue date: 2006	en
dc.description.tableofcontents	1 Introduction 5 2 Preliminaries 10 2.1 Weil Pairing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 Mathematical Hard Problems . . . . . . . . . . . . . . . . . . 12 2.3 Identity-Based Encryption . . . . . . . . . . . . . . . . . . . . 13 2.4 Security Attributes . . . . . . . . . . . . . . . . . . . . . . . . 16 2.5 Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3 Related Work 21 3.1 Smart’s Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.2 Chen and Kudla’s Protocol . . . . . . . . . . . . . . . . . . . . 23 4 Inter-domain Identity-Based Authenticated Key Agreement Protocol 27 4.1 Design Concept . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2 Our ID-ID-AK Protocol . . . . . . . . . . . . . . . . . . . . . 29 5 Security Analysis 36 5.1 Security Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.2 Security Attributes of the Protocol . . . . . . . . . . . . . . . 40 6 Conclusions and Future Works 43
dc.language.iso	en
dc.subject	Weil 配對	zh_TW
dc.subject	金鑰合議	zh_TW
dc.subject	身份基礎	zh_TW
dc.subject	identity-based encryption	en
dc.subject	pairing-based cryptosystem	en
dc.subject	key agreement protocol	en
dc.title	利用Weil 配對之跨領域身份基礎附驗證金鑰合議協定	zh_TW
dc.title	Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing	en
dc.type	Thesis
dc.date.schoolyear	94-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	顏嗣鈞(Hsu-chun Yen),黃秋煌(Chua-Huang Huang),莊仁輝(Jen-Hui Chuang),范俊逸(Chun-I Fan)
dc.subject.keyword	Weil 配對,金鑰合議,身份基礎,	zh_TW
dc.subject.keyword	key agreement protocol,pairing-based cryptosystem,identity-based encryption,	en
dc.relation.page	48
dc.rights.note	有償授權
dc.date.accepted	2006-06-28
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-95-1.pdf 未授權公開取用	945.23 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。