具有扩展性质的可验证加密签名方案  

作　　者：辛向军[1] 朱云[1] 李俊岭 

机构地区：[1]郑州轻工业学院,河南郑州450002 [2]许昌技术经济学校,河南长葛461500

出　　处：《解放军理工大学学报（自然科学版）》2012年第5期516-520,共5页Journal of PLA University of Science and Technology(Natural Science Edition)

基　　金：河南省基础与前沿技术研究项目(092300410045);河南省教育厅科技攻关项目(2009B120003)

摘　　要：为保护电子商务中公平交换协议交换的一些敏感信息(如机密商业合同),利用Boneh的签名、Dif-fie-Hellman密钥交换原理和对称加密技术,给出了一种可保护敏感信息的可验证加密签名方案的构造,方案具有以下性质:继承了普通可验证加密签名方案的特点;除签名者和指定的签名验证者外,任何人(包括仲裁者)都无法知道要签名消息的内容(如合同的内容);在发生纠纷时,仲裁者无法获得签名者的基本签名(如签名后的合同),但可协助指定签名验证者获得基本签名;当释放某些秘密信息后,可验证加密签名所包含的签名消息m能够得到公开验证。因此,当发生纠纷时,这种公开验证性有助于权威机构(如法官)判决。在离散对数(DLP)和q强Diffie-Hellman问题(q-SDHP)假设下,可证明方案是安全的。Verifiably encrypted signature schemes can be used to construct the fair exchange protocols in e-commerce.To protect the sensitive messages（say,secret business contract） to be exchanged in the fair exchange protocols,in this paper,based on the signature proposed by Boneh,the Diffie-Hellman key exchange principle and the techniques of symmetric encryption,a verifiably encrypted signature scheme,which can protect the sensitive messages,was constructed.The scheme has the properties as follows：（1） It inherits the properties of an ordinary verifiably encrypted signature scheme;（2） Anyone（including the adjudicator） but the signer or the designed verifier knows nothing about what message（say,the context of a contract） is signed;（3） In case of adjudication,the adjudicator cannot obtain the signer＇s basic signature（say,the signed contract）.However,with the help of the adjudicator T,the designed verifier can gain the basic signature;（4） When some secret information is released,the message included in the verifiably encrypted signature can be publicly verified.This public verifiability can help the authority（say,a judge） make a judge in case of dispute.The scheme proves to be secure under the hardness assumption of Discrete Logarithm Problem（DLP） and q-Strong Diffie-Hellman Problem（q-SDHP）.

关 键 词：公平交换 电子商务 可验证加密签名 双线性对 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]