橢圓曲線密碼配對與其應用

Abstract

由於橢圓曲線雙線性Diffie-Hellman問題之計算困難度，藉由配對（pairing）實現之協定陸續被提出，例如：身份加密（ID-based encryption）及密鑰協議機制。密鑰協議機制為透過不安全的通訊管道，讓欲進行通聯的使用者協議出共同密鑰（common secret key）；多方密鑰協議機制則是允許多位使用者在進行通聯之前，立即協議出加解密之共同密鑰。本論文將藉由雙線性配對函數提出一套密鑰協議機制，可以在通聯者低於四人時，透過一次訊息交換，同時完成身份驗證與密鑰協議。此外，該機制大幅降低使用者必須妥善保存的私鑰量，僅為橢圓曲線上的一點。我們將說明任何成功假扮公證第三方（TTP, trusted third party）的第三者，必定具備對應的私鑰資訊或超級強大的計算能力。我們也將透過magma的實作，說明此篇論文提出的機制確實可行。

Due to the computational infeasibility of Bilinear Diffie-Hellman Problem on elliptic curves, many protocols based on pairings are constructed, such as ID-based encryption and key agreement. A key agreement protocol is a cryptographical primitive which allows participants to share a common secret key via insecure channel. In particular, a multiparty key agreement protocol manages arbitrary number of participants. In the thesis, we present a new authenticated multiparty key agreement protocol by using pairing. The authentication and the key agreement in our scheme can be done in just one round if the number of participants is less than four. Another advantage is that all participants only need to possess one piece of secret information of their own (a point on elliptic curve), hence the cost of secret protection is reduced in embedded systems. In security aspects, we show that if the system is compromised by Eve (a malicious user), then Eve either has secret information or has overwhelming computational ability to fool others by acting as the TTP (Trusted Third Party). We also show our scheme is efficient by using “magma”.