Professional Documents
Culture Documents
MC LC.......................................................................................................................... i
M U ........................................................................................................................... 1
i
2.3.3. Ch k tp th Itakura v Nakamura ...................................... 24
2.3.4. Lc ch k tp th Harn v Kiesler.................................. 26
2.4. Ch k s tp th da trn h mt Elliptic ..................................... 27
2.4.1. Tng quan v h mt trn ng cong elliptic ........................ 27
2.4.2. Lc ch k s tp th Popescu ......................................... 33
2.4.3. Lc ch k s tp th Khali v Farah .............................. 36
2.5. Kt lun chng 2 ........................................................................... 37
KT LUN ..................................................................................................................... 56
ii
DANH MC CC T VIT TT
H Hash Hm bm
M Bn tin d liu
iii
DANH MC HNH
iv
DANH MC BNG
3.1. So snh tnh cht ca IBE v cc h thng kha cng khai truyn thng ..... 42
v
DANH MC CC K HIU TON HC
K HIU NGHA
2 Trng s hu hn gm 2 phn t
Kha b mt ca i tng k
vi
M U
1. L do chn ti
Hin nay hu ht cc quc gia, t chc trn th gii v ang ng dng
m hnh Chnh ph in t v Thng mi in t tn dng cc u im ca
dch v ny v nng cao nng lc cnh tranh, nng lc phc v cng dn ng
thi bo m tnh an ton, xc thc ca dch v. Chnh ph Vit Nam trin
khai ch k s mt s lnh vc v ang ngy cng pht trin. Tuy nhin vic
ng dng ch k in t cn gii hn cc dch v cng cng nh chng thc
s cho khai bo thu, chng thc s cho cng thng tin...Trc s pht trin, yu
cu thc tin ca x hi v tnh hnh th gii, chin lc ca B Thng tin v
truyn thng nh hng n nm 2020 ch ra cn y mnh pht trin dch
v Internet, thng mi in t, v dch v phc v Chnh ph in t. Mt m
kha cng khai l cng ngh cho php ngi dng trao i thng tin bo mt qua
mt mng cng cng khng bo mt, v xc nhn danh tnh ca ngi dng qua
cc ch k s.
Ngy nay, cc giao dch in t ngy cng tr nn ph bin nhiu lnh
vc nh: giao dch ngn hng, mua bn trc tuyn, Tuy nhin nguy c mt an
ton v gy hu qu nghim trng ca cc dch v ny l rt ln. Ch k s
nhanh chng c mt khp mi ni trong nhiu kha cnh ca i sng in t.
Chng c s dng m bo an ton cho cc dch v cn: tnh bo mt, tnh
xc thc, tnh ton vn d liu v tnh khng chi b trch nhim ca mt thc
th no vi thng tin c truyn i. Ch k s khng ch c s dng bi
con ngi, hay t chc m cn c tch hp vo hng t cc thit b dng
Internet of Things (IoT) khi chng cn lin lc v xc thc thng tin trao i
gia cc thc th. Khng c ch k s, vic gi mo cc thng tin nh tuyn,
thng tin v quyn truy cp cho cc h thng in t tr nn d dng hn bao
gi ht i vi cc hacker trong thi i bng n IoT. Do nhu cu ca con ngi
v cc dch v ngy cng pht trin, vic trao i thng tin khng ch l gia
nhng c nhn vi nhau, m cn l gia nhng nhm ngi hay t chc khc
nhau. Cc ng dng thc tin v ch k s cng nh cc phng php bo mt,
nng cao hiu nng cha bao gi mt tnh thi s. Xut pht t thc t , Hc
vin chn ti Nghin cu lc ch k s tp th trn h mt ID-Based
1
vi mong mun tm hiu su v nm vng v ch k s ni chung v ch k s
tp th ni ring trong bo mt an ton thng tin.
2. Cc cng trnh nghin cu c lin quan:
Difie v Hellman, nm 1976 trong bi bo New Directions in
Cryptography [3] cp n khi nim ch k s tuy nhin hai tc gi ny
cha a ra c lc k s thc t no. Phi n nm 1978, trong cng b
A Method for Obtainning Digital Signatures and Public-Key Cryptosystems
[4] R.Rivest, A Shamir, v L.Adleman mi a ra lc k s da trn bi
ton kh phn tch ra tha s c gi l RSA v lc ny vn ang c s
dng cho n ngy nay.
Sau c nhiu cng trnh nghin cu v ch k s, tuy nhin phi n
nm 1988, S.Goldwasser, S.Micali v R.Rivest trong [5] mi nh ngha chnh
xc ch k s v cc yu cu cn phi c ca ch k s. nh ngha v ch k s
c th c tm thy trong [7] v [6].
Ch k s n phn no gii quyt c yu cu ca thc tin. Tuy
nhin trong thc t c nhiu ti liu cn phi c nhiu ngi k. Th d nh cc
bn hp ng mua bn, cho thu, n th tp th th ch k s n khng th
gii quyt c. T giao thc ch k s cho php nhiu ngi cng k vo
mt ti liu gi l ch k s tp th (the digital multisignature) c nghin
cu, pht trin v ng dng t nhiu nm nay gii quyt c rt nhiu yu
cu ca hot ng giao dch trn mng m ch k s n khng p ng.
Ch k s ti Vit Nam:
Vit Nam, ch k s c cng nhn c tnh php l nh ch k s tay
truyn thng hoc con du t nm 2005. Cc ch k s v chng th s c
a vo cc vn bn php l nh cc lut, ngh nh, thng t. Hin nay, ch k
s c ng dng nhiu cng ty nh Viettel, FPT, BKAV Tuy nhin, hu
ht cc m hnh ch k s n c s dng, v cc m hnh ch k s khc vn
cn hn ch ngoi tr BKAV c kh nng cung cp m hnh k nhy. V cc
cng trnh nghin cu a co r t nhi u cac bai bao, an, tai, c xy dng,
phat tri n va vi t v ch ky s n, ch ky s mu, ch ky s t p th , Trn th
gii, l c ch ky s t p th a c xy dng va phat tri n vi r t nhi u cac
cng trinh, bai bao n i ti ng. Ti Vit Nam, ch k s c tp trung nghin cu
2
trong nc bi mt s chuyn gia u ngnh nh GS. TS Nguyn Bnh (Hc
vin Cng ngh bu chnh vin thng), PGS. TS Nguyn Hiu Minh (Hc vin
K thut Mt m), TS Lu Hng Dng (Hc vin K thut qun s). Ngoi ra,
ch k s cn thu ht mt s nghin cu thng qua cc lun vn thc s v ch
k s v ch k s tp th.
3. Mc ch nghin cu
Mc tiu nghin cu ca n bao gm nghin cu cc khi nim v
lc ch k s, ch k s tp th, cc ng dng ca ch k s trong bo mt
thng tin. Trn c s nghin cu cc khi nim c bn v ch k s tp th, Hc
vin tp trung nghin cu su v thc nghim lc ch k s tp th trn h
mt ID-Based.
4. Nhim v nghin cu
Nhim v nghin cu ca n bao gm:
- Tm hiu cc h mt kha cng khai v cc lc ch k s.
- Tm hiu khi nim ch k s tp th v cc lc ch k s tp th.
- Nghin cu thc nghim lc ch k s tp th trn h mt ID-Based.
5. i tng nghin cu
- Cc h mt kha cng khai v cc lc ch k s.
- Ch k s tp th v cc lc ch k s tp th.
- Ch k s tp th trn h mt ID-Based.
6. Phng php nghin cu
n nghin cu da trn cc phng php:
- Phng php nghin cu chuyn gia: tham kho kin ca gio vin
hng dn v cc thy c gio trong khoa cng ngh thng tin.
- Phng php nghin cu ti liu: tham kho mt s ti liu chuyn
ngnh, sch, cc bi bo khoa hc cng ngh thng tin c lin quan.
- Phng php phn tch, tng hp.
3
- Phng php khai thc phn mm my tnh v thc nghim chng
trnh.
7. Phm vi nghin cu
- Nghin cu ch k s tp th, khi nim, m hnh an ton ch k tp th.
- Nghin c h mt nh danh ID-Based.
8. B cc ca n tt nghip
Ngoi phn M u, phn Kt lun, phn Ti liu tham kho. Ni dung
chnh ca n tt nghip c kt cu thnh 3 Chng:
Chng 1: Tng quan v ch k s tp th
Trnh by khi qut v ch k s, ch k s tp th bao gm nh ngha,
phn loi,
Chng 2: Ch k s tp th vi cc h mt khc nhau
Nu nn tnh hnh nghin cu v ch k s tp th v ch k s tp th
trn cc h mt RSA, Elliptic
Chng 3: Nghin cu thc nghim ch k s tp th trn h mt ID -
Based
Gii thiu v h mt ID-Based, ch k s trn h mt ID-Based v nghin
cu thc nghim ch k s tp th trn h mt ID-Based.
4
Chng 1
TNG QUAN V CH K S TP TH
1.1. Ch k s
Difie v Hellman, nm 1976 trong bi bo New Directions in
Cryptography [3] cp n khi nim ch k s tuy nhin hai tc gi ny
cha a ra c lc k s thc t no. Phi n nm 1978, trong cng b
A Method for Obtainning Digital Signatures and Public-Key Cryptosystems
[4] R.Rivest, A Shamir, v L.Adleman mi a ra lc k s da trn bi
ton kh phn tch ra tha s c gi l RSA v lc ny vn ang c s
dng cho n ngy nay.
Sau c nhiu cng trnh nghin cu v ch k s, tuy nhin phi n
nm 1988, S.Goldwasser, S.Micali v R.Rivest mi nh ngha chnh xc ch k
s v cc yu cu cn phi c ca ch k s. nh ngha v ch k s c th
c tm thy trong [7] v [6].
1.1.1. nh ngha v ch k s
nh ngha 1.1: Ch k s (Digital Signature): l d liu c to ra bi
mt lc ch k s, m lin kt thng ip d liu (bn tin, ti liu, bo
co,) vi thc th (con ngi, thit b k thut,) to ra n p ng yu
cu xc thc v ngun gc v tnh ton vn ca thng ip d liu.
nh ngha 1.2: Mt lc ch k s (Digital Signature Scheme) l mt
b cc thut ton (gen, sig, ver). Thut ton gen to ra mt kha b mt xs v mt
kha cng khai ys tng ng ca ngi k S vi u vo l cc tham s h
thng. Thut ton sig ly cc tham s u vo l xs v thng ip m v sinh ra
mt ch k ca m. Vi u vo l thng ip m, ch k s v kha cng khai
ys, thut ton ver s cho ra kt qu true hoc false. Cc biu thc sau y phi
c tha mn cho thut ton sig v ver.
Sig ( x s , m) (1.1)
5
Hn na, mt lc ch k s phi khng th gi mo c. C ngha l
khng th tnh c ch k s ca mt thng ip nu ch bit kha cng khai
m khng bit kha b mt tng ng.
nh ngha 1.3: Hm mt chiu (One-way functions) l hm c tnh
ton chiu thun kh d dng, nhng tnh ton ngc li th rt kh. V d,
cho gi tr ca x th vic tnh hm y f (x) rt d dng, nhng nu bit gi tr ca
hm y f (x) th rt kh tm ra gi tr ca x bi hm ngc f 1 ( y) .
Hm thun:
f :X Y
(1.3)
x X y Y | y f ( x)
Hm ngc:
f 1 : Y X
y Y x X | x f 1 ( y) (1.4)
nh ngha 1.4: Hm bm (Hash function) l mt hm x l chui, vi
bt k di chui bt no, cho u ra l mt chui bt c chiu di c nh n v
khc nhau vi mi u vo khc nhau.
h : X* Yn
x X y Y | y h( x )
(1.5)
6
L phng php to ch k s t thng ip d liu v kha b mt ca
thc th hoc i tng k. Hnh 1.1 ch ra s khi ca quy trnh to ch k
s. Khi hm bm c s dng to ra bn tin i din c chiu di c nh
t thng ip u vo. Ch k s c sinh ra bi vic m ha bn tin i din
s dng kha ring ca ngi gi. Sau , c hai thng ip u vo v ch k
s c gi cho ngi nhn.
Thng ip
Kha ring ca
ngi gi
7
thc ca ngi gi thng ip, ngi nhn sau khi nhn c ch k s phi s
dng mt hm ngc vi hm k, m dng sinh ra ch k s, khi phc li
bn tin i din pha ngi gi. Thng ip nhn c pha ngi nhn c
a vo hm bm ging nh bn ngi gi to ra bn tin i din gc ban
u. Bn tin i din ny c so snh vi bn tin i din va c khi phc
t ch k s. Nu hai bn tin i din ny ging nhau th c th kt lun rng
thng ip nhn c l ng ca ngi gi v khng h b thay i trong qu
trnh truyn. S khi quy trnh kim tra ch k s c ch ra Hnh 1.2.
8
- Ch k trc tip v ch k c phn x
- Ch k s n v ch k s tp th
Ch k s n l ch k s to ra t loi giao thc k s m ch cho php
mt ngi k vo mt ti liu.
Ch k s tp th l ch k s to ra t loi giao thc ch k s cho php
nhiu ngi chia s cc gi tr mt v kha cng khai ca mnh, phn cp ngi
k hoc giao thc k s song songCc h thng in t, ti chnh, chnh ph
cn s xc thc ca nhiu thnh phn trc khi cho giao dch tin hnh ng dng
cc dng ch k s tp th nhm m bo an ton cho ngi s dng. S chp
thun ngy cng tng ca cc loi giao dch tin in t nh Bitcoin,
Ethereum v s u t cho cng ngh BlockChain cho cc lnh vc mc lin
chnh ph cc nc dn n cc nghin cu ch k hng ti nhm cng mnh
m nh chng ta thy nhng nm gn y.
1.1.4. Phn loi tn cng ch k s
Nm 1998, Shafi Goldwasser trong [5] m t cc loi hnh tn cng vo
ch k s. K hiu A l ngi k ngi b tn cng, c hai dng tn cng ch k
s sau:
1. Tn cng vo kha (Key-only attacks): ngi tn cng ch bit kha cng
khai ca A.
2. Tn cng vo vn bn (Message Attacks): ngi tn cng c th phn
tch mt s ch k tng ng vi ch k s bit. Ph thuc vo cch
ngi tn cng quan st hoc la chn vn bn, tn cng vo vn bn
c chia lm 04 loi tn cng nh sau:
a. Tn cng vn bn bit (Known Message Attack): l loi tn cng
m ngi tn cng c th truy cp n ch k ca cc vn bn m1, m2,
, mk nhng khng c t la chn.
b. Tn cng vn bn c la chn tng qut (Generic Chosen
Message Attack): l loi tn cng m ngi tn cng c th truy cp
c cc ch k hp l ca A cho cc vn bn c la chn m1, m2,
, mk, nhng ngi tn cng khng bit kha cng khai ca A. Kiu
tn cng ny c gi l kiu tn cng khng thch ng: ton b cc
9
bn tin c lp trc khi bit c ch k. Tn cng dng ny c
gi l tng qut v kha cng khai ca A khng c bit, v tn cng
ny c th thc hin vi bt k ai.
c. Tn cng vn bn c la chn trc tip (Directed Chosen
Message Attack): Dng tn cng ny l tng t nh tn cng la chn
tng qut, tuy nhin khc ch cc vn bn c to ra sau khi bit
c kha cng khai ca A nhng li c to ra trc khi quan st
bt k ch k no. y cng l tn cng khng thch ng, v ch tn
cng c vi ngi k A no m khng phi l tt c.
d. Tn cng vn bn c la chn thch nghi (Adaptive Chosen
Message Attack): l dng tn cng m ngi tn cng c th s dng A
nh l ngun Oracle. Vn bn c chn khng ch sau khi c bit
kha cng cai ca A m cn c sau khi quan st c cc ch k c
to ra trc .
Bn dng tn cng vn bn trn c lit k theo mc tn cng tng
dn. Do , bt k lc ch k no khi a ra phi chu c tn cng mnh
nht l tn cng vn bn la chn thch nghi.
1.1.5. Cc dng b gy lc ch k s
Cc dng ph v lc ch k s c trnh by y bi Shafi
Goldwasser [5] v mt s tc gi. Nu ngi tn cng b gy c lc ch
k s ca A ngha l tn cng ca h c th c thc hin vi xc xut ln. C
mt s dng ph v lc ch k s nh sau:
1. Ph v hon ton (A total break): Khi ngi tn cng vit c thng
tin b mt ca A.
2. Gi mo tng qut (Universal Forgery): Ngi tn cng c th tm
c thut ton k c chc nng tng ng thut ton k ca A.
3. Gi mo c la chn (Selective Forgery): Ngi tn cng c th tm
c ch k s cho mt bn tin c th c la chn c u tin theo cch ca
ngi tn cng.
10
4. Gi mo c tn ti (Existential Forgery): l gi mo ch k ca t nht
mt vn bn. Ngi tn cng c th khng kim sot ton b qu trnh sinh ra
ch k, nhng c th to ra ch k mt cch ngu nhin, khng ch nh c.
Cc dng tn cng v ph v lc ch k s c trnh by trn c
th c p dng cho tt c cc m hnh ch k s. Tuy nhin, c nhng loi tn
cng v ph v lc ch k s theo c th ca tng m hnh k. Cho n
nay, t m hnh ch k s c s, nhiu m hnh ch k s khc c xut
nh: ch k s nhm, ch k s tp th, ch k s ngng, ch k s vng, ch
k s c cu trc
1.2. Ch k s tp th
1.2.1. Khi nim
Khi nim ch k s tp th da trn thut ton RSA c a ra u tin
bi Nakamura v Itakura vo nm 1983. Lc ch k s tp th cho php mt
tp th ngi k tham gia k vn bn v ngi xc thc c th xc thc c
rng vn bn c tng thnh vin trong thp th tham gia k. Cch n gin
nht to ch k s tp th l ghp tt c cc ch k s n ca tng thnh
vin. Tuy nhin, cch ny s c di ch k ca tp th v thi gian tnh ton
tng t l vi s lng ngi k.
Nm 1994, Harn xut m hnh lc k s ngng da trn bi
ton logarithm ri rc m yu cu mt s lng ngi k ti thiu (ngng) th
ch k mi hp l. Sau Harn tip tc xut mt m hnh ch k s tp th
c phn bit trch nhim. Tuy nhin, lc ny c nhc im v vn bo
mt ch mt thnh vin trong tp th ngi k c th t mnh k m khng cn
c s tham gia ca c tp th ngi k. Li v mt s tc gi phn tch lc
ca Harn v tm ra nhc im ny v gi tn cng ny l kha-la-o.
Nm 2002, Chih-Yin Lin et al. xut ba lc ch k s tp th
tng ng vi cu trc k ni tip, song song v kt hp. Cc lc ny c
chiu di ch k s c nh v qu trnh xc nhn ch k l hiu qu.
Mt nm sau, 2003, mt lc ch k s tp th c phn bit trch
nhim c xut bi Popescu, trong mi thnh vin s chu trch nhim
ln phn vn bn c k v phn vn bn k c th c xc nhn m khng
cn tit l ton b vn bn.
11
Nm 2008, cc tc gi a ra lc ch k s tp th da trn bi
ton logarithm ri rc v c chng minh l an ton da trn m hnh Random
Oracle. Nm 2010, Mt nghin cu khc cng a ra lc ch k s tp th
da trn bi ton logarithm ri rc tng thch h tng kha cng khai PKI.
Cng trong 2010, L. H Dng v N.H Minh a ra lc k s tp th trn EC.
Nm 2011, F. Li and Q. Xue xut lc ch k s tp th y
quyn da trn ECC.
Nm 2014, Tiwari v cng s a ra mt lc ch k s tp th
y quyn da trn EC thuc dng chng minh c an ton (provable secure).
Nm 2015, Sudha Devi v cng s xut mt giao thc k s tp th bo
mt v hiu qu da trn ECC c xut trong vi mc ch gim thi
gian tnh ton v c kh nng chng c mt s tn cng tn cng t bn trong
ln ch k s tp th m cc nghin cu trc c nhc im, tuy nhin y l
lc khng c phn bit trch nhim.
C th thy cc lc ch k s tp th da trn h mt ng cong
Elliptic v cc h mt khc gn y thu ht nhiu nh nghin cu. Ch k s
tp th t khi ra i vo nm 1983 v tip tc pht trin cho n nay. Rt nhiu
lc ch k s tp th c xut da trn nhng nhng h mt khc nhau
nh h mt RSA, h mt ng cong elliptic Ch k s tp th c ng
dng rng ri trong thc tin nh thng mi in t v chnh ph in t. Cc
dng ch k tp th c s dng rt nhiu trong cc ng dng ti chnh nh
Bitcoin, khi m cho php mt giao dch ti chnh thc hin cn c nhiu kha
ring. Trong phn tip theo, hc vin nghin cu cc khi nim v ch k s tp
th, phn loi ch k s tp th.
Ch k s tp th c nh ngha bi Boldyreva v Zuhua. Ch k s tp
th c th c tm lc nh sau: Ch k s tp th l ch k to ra t mt lc
ch k s, cho php mt nhm ngi hp tc vi nhau cng k vo mt ti
liu v vic kim tra tnh hp l c th c thc hin nh ch k s n bng
kha cng khai ca nhm.
Lc ch k s tp th cho php mt tp th ngi k tham gia k vn
bn v ngi xc thc c th xc thc c rng vn bn l do tng thnh vin
trong tp th tham gia k. Cch thc thc n gin nht to ch k s tp
12
th n gin l ghp tt c cc ch k thnh phn ca tng thnh vin. Tuy nhin,
nh vy ch k ca tp th s c di t l vi s lng ngi k.
1.2.2. Cc thnh phn ca lc ch k s tp th
- Giao thc sinh kha (xc sut): giao thc ny thng c thc hin
mt ln ban u cho tt c cc thnh vin trong nhm. Mi thnh vin c nhn
u vo thng tin v nhm U, l danh sch v nh danh ca cc thnh vin
trong nhm.
Giao thc sinh kha s sinh cho mi thnh vin cp kha b mt v kha
cng khai tng ng (SKi, PKi).
Ngi tn cng c th xut hin trong qu trnh sinh kha v c th a ra
u vo khc U cho tt c cc thnh vin.
- Giao thc k tp th (xc sut): cc thnh vin trong tp th tham gia k,
kt qu c th c a ra bi mt trong cc thnh vin ca nhm.
- Thut ton xc thc ch k s tp th: thut ton ny c th thc hin
bi mt ngi khc (khng nm trong nhm U), u vo l thng tin v U, thng
ip m v ch k s tp th .
Thut ton cho ra u ra l NG hoc SAI.
1.2.3. Phn loi ch k s tp th da trn cu trc xy dng
1.2.3.1. Phn loi lc ch k s tp th
* Ch k s tp th tun t
Trong cuc sng, thng c rt nhiu quyt nh c thc hin bi nhiu
b phn (c quan) khc nhau v ch k s tp th c a vo thc hin
vic xc thc s ng thun ca cc b phn trong h thng. V d sau y s
lm minh ha cho trng hp ch k s tp th tun t: Mt cng ty mun khai
trng mt chin dch marketing ln. B phn marketing cn phi c c s
chp thun ca c hai b phn: B phn qun l ti chnh (Financial Controller
department) v b phn quan h khch hng (Public Relations department).
Trng hp ny gi l k trn ch k - Signature on signature. Ngha l ngi
k u tin k ln d liu (d liu ra quyt nh m chin dch marketing), v
sau ngi th hai k vo ni dung ca d liu cng vi ch k ca ngi u
13
tin, ngi th ba cng thc hin tng t D liu c k hon tt cho n
khi ch k ca ngi cui cng c t vo d liu. Ph thuc vo chnh sch
phn chia chc nng gia cc b phn ca cng ty, hai tnh hung sau c th xy
ra:
Trng hp ch k s tp th tun t c lp (Independent Sequential
Multiple Signature)
Trong trng hp ny s chp thun ca hai b phn qun l ti chnh v
quan h khch hng c hay khng u khng quan trng. D liu c th c k
bi ngi th nht ri qua ngi th hai. Th t k khng quan trng, ngi th
hai k m khng cn phi kim tra tnh hp l ca ngi th nht. Lc ch
k s tp th trong trng hp ny l thc hin vic kim tra tnh hp l ca mi
ch k mt cch nht qun.
Trng hp ch k s tp th tun t ph thuc (Dependent Sequential
Multiple Signature)
Trong trng hp ny s phn chia chc nng quyn hn ca cc b phn
trong cng ty i hi th t k v kim tra bt buc. Trc khi khai trng chin
dch marketing b phn quan h khch hng ng vi d n trc sau n
b phn qun l ti chnh tip tc xem xt v ng thng qua. Do th t k
rt quan trng ngi k sau kim tra ch k ca ngi k trc ri sau k
vo ni dung ti liu cng vi cc ch k trc . Ch k ca ngi cui cng
tha mn tnh ton vn, xc thc v chng chi t.
* Ch k s tp th song song
Trong nhiu trng hp mt s ng thun phi c k ng thi bi
nhiu thnh vin. Mt bn hp ng c k bi 2 hoc 3 ngi l mt th d
minh ha r rng cho trng hp ny. Mt tha thun quc t c k bi nhiu
thnh vin l mt v d khc ca ch k s tp th song song: Tt c cc ch k
u bnh ng, v khng phn bit ng x. Trong lc ch k s tp th
song song, ch k ca mi ngi c cha trn d liu k, v khng k ln cc
ch k ca ngi khc.
Trong lc ch k s tp th song song, c mt ngi ng vai tr l
ngi qun l. Ngi qun l l ngi c trch nhim:
14
- Tip nhn ch k ca mi ngi k trong nhm v kim tra tnh hp l
ca cc ch k ny.
- Tnh kho cng khai v ch k s tp th ca c nhm.
Ch : m bo tnh an ton ca lc ch k s tp th song song
th bn thn ngi ngi qun l trong nhm cng phi c kim tra ch k.
Vic kim tra ny c thc hin bi nhng ngi trong nhm. Nhng thnh
vin trong nhm c th kim tra ch k ca ngi qun l. Ty theo tng lc
, tng trng hp c th c cc gii php xc thc khc nhau gia ngi qun
l v cc thnh vin khc.
1.2.3.2. Phn loi ch k s tp th theo phn quyn nhng ngi
k ln d liu.
Ch k s tp th c th c phn thnh hai dng l ch k s tp th c
phn bit trch nhim v khng phn bit trch nhim ngi k. Ch k s tp
th c phn bit trch nhim ngi k c a ra u tin bi Harn. Trong lc
ny, mi thnh vin c trch nhim vi tng phn nht nh ca vn bn.
Trong nghin cu ny, Harn cng a ra cc thuc tnh ca ch k s tp th
nh sau:
- Ch k s tp th c th c xc thc ch bng kha cng khai ca c
tp th m khng cn n kha cng khai ca tng thnh vin.
- Khng th to c ch k s ca c tp th nu khng c s tham gia
ca ton b cc thnh vin.
* Ch k s tp th khng phn bit trch nhim
Mt lc ch k s tp th c xut bi Harn, trong cc thnh
vin k c vai tr ging nhau v khng phn bit trch nhim. Tt c cc thnh
vin cng k vo ton b vn bn m v tt c cc thnh vin cng chu trch
nhim vi ton b ni dung ca vn bn. Do vy, lc ch k s tp th ny
l m hnh k tp th khng phn bit trch nhim.
15
Vn bn
c k
K s
K s
K s
K s
K s
16
Vn bn cn k c
chia cho cc thnh
vin chu trch nhim
K s
K s
K s
K s
K s
17
Chng 2
CH K S TP TH VI CC H MT KHC NHAU
2.1. Tnh hnh nghin cu v ch k s tp th
Nm 1983, ln u tin K.Nakamura v K.Itakura a ra khi nim ch
k s tp th. Harn vo nm 1994 xut m hnh lc k s tp th
ngng da trn bi ton Lgarithm ri rc, l lc k s yu cu phi c mt
lng tp th ti thiu (ngng) th ch k mi c th hp l. n nm 1999,
Harn li tip tc ci tin v a ra khi nim ch k s tp th c phn bit trch
nhim. ng tic l lc k tp th ny c im yu bo mt, khin mt trong
s tp th ngi k c th gian ln, t mnh k m khng cn c s tham gia k
ca c tp th. im yu ny c tc gi Li v ng nghip ch ra vo nm
2000, tn cng dng ny c gi l tn cng kha la o (Rogue-Key Attack),
trong thnh vin ca nhm thay v cng b kha cng khai ca mnh li s
dng kha cng khai l mt hm ph thuc vo cc kha cng khai ca cc
thnh vin khc c th d dng to ra ch k s tp th m khng cn c s
tham gia ca cc thnh vin khc.
Nm 2000, Shich v ng nghip xut lc ch k tp th ng dng
Mobie, c chia ra lm 2 trng hp ni tip v k song song. Nm 2001, Lin,
Wu v Hwang cng b lc k s tp th c cu trc da trn h mt nh
danh [8]. Tuy nhin ngay sau lc ny b b gy bi Mitchell [9] ngay
trong nm 2001.
Nm 2003, Constantin Popescu xut lc k tp th da trn ng
cong Elliptic [20], tuy nhin trong lc ny b li v li ny c cng b
vo nm 2011.
Nm 2005, Kawauchi xut lc ch k s tp th da trn hm mt
chiu tuy nhin giao thc k cn c s ph thuc trnh t k.
Nm 2006, Bellare khi qut ha tng ca Pointcheval v Stern v a
ra nh ngha v c t v ch k s tp th trong [11].
Nm 2007, Abound cng b lc k s tp th da trn h mt RSA,
ci tin t lc ca Okamoto. Cng trong nm ny, Hakim Khali v Ahcene
xut lc k s tp th da trn DSA v ECDSA [12].
18
Baghezandi v cng s trnh by nh gi bo mt mt s lc ch
k s tp th vo nm 2008, ng thi Bagherzandi cng trnh by kh y v
nh ngha ch k s tp th v m t cc tn cng vo ch k s tp th, ngoi
ra Bagherzandi cng chng minh bo mt ca ch k s thng qua b
Forking.
N.R.Sunitha, B.B.Amberker v P.Koulgi vo nm 2008 xut m hnh
sc in t s dng lc k s tp th da trn lc k ElGamal (logarith
ri rc), m hnh k ni tip ln lt, tuy nhin th t k th khng cn phi xc
nh trc [13].
Duc-Phong, Bonnecaze v Gabillon nm 2008 cng b lc k s tp
th da trn bi ton Logarithm ri rc c chng minh bo mt bng m hnh
Oracle da trn tng ca Bellare. Nm 2009, ba tc gi tip tc xut ch
k s tp th da trn cp song tuyn tnh.
Meziani vo nm 2010 a ra lc k s tp th khc hn cc lc
c, da trn Coding Theoory. Tuy nhin tnh ng dng ca lc ny khng
cao.
Nm 2010, Zuhua Shao da trn h mt Logarithm ri rc xut lc
k tp th vi nh ngha v m hnh rt chi tit v c th cng ch ra nhng
im m ngi tn cng c th trin khai. Cng trong nm 2010 Jia Yu xut
lc k tp th Forward-Sucure, bn cnh ch k s ngng v ch k m.
Trong lc k forward-sucure signature scheme, ton b thi gian c chia
thnh nhiu phn on, cho mi phn on s s dng mt kha b mt khc
nhau, trong khi kha cng khai th khng thay i trong ton b qu trnh k.
Kha b mt cho mi phn on s c tnh thay i trong ton b qu trnh k.
Kha b mt cho mi phn on s c tnh trn kha c bng mt hm mt
chiu. Mi ch k c mt ngha trong mt thi gian xc nh, khi xc thc
ngoi vic xc thc tnh hp l ca ch k, lc cn cho php xc thc c
qu trnh k qua tng phn on thi gian. Lc k ny c xut da
trn song tuyn tnh.
Nm 2015 Jinila trong [14] cng b lc k s tp th dng trong
mng giao thng da trn h mt RSA theo ID-Based, nhm lm gim kch
thc s tp th bi ton h thng ch c mt cp kha cng khai v b mt dng
19
chung, ngoi ra vai tr ca tng thnh vin khng c ngha bi ch k thnh
phn ca mi thnh vin n thun ch l php nhn thng ip m vi ch s
thnh phn si do trung tm cung cp, nh vy trung tm hon ton tnh c gi
tr ny m khng cn ti s tham gia ca thnh vin.
Tip sau y hc vin s trnh by lc ch k s tp th da trn mt
s h mt ph thng v mang tnh i din.
2.2. Ch k s tp th da trn bi ton Logarithm ri rc
ElGamal l ngi u tin xut s dng bi ton Logarithm ri rc
xy dng lc k s [15] nm 1985. Sau ny thut ton DSA trong chun
[16] cng da trn lc Elgamal c sa i ban hnh thnh chun cho ch
k s. Harn nm 1999 cng b bi u tin a ra khi nim ch k s tp th
phn bit trch nhim. Sau nm 2003, Hwang a ra lc k s tp th c
phn bit trch nhim.
* Lc ch k s tp th Khali v Farah
Lc k tp th ny do Khali cng b trong nm 2007 [12].
- Sinh kha
(1) Chn hai s nguyn t ln p, q sao cho q|(p1) nh c nh ngha
trong tiu chun [3] ban hnh nm 2013. Chn g l s sinh c bc q trong trng
.
(2) Mi thnh vin Ui, 1 i t chn s ngu nhin ln xi lm kha b
mt:1 xi q.
(3) Ui tnh kha cng khai yi tng ng nh sau:
yi = gxi mod p
- To ch k s tp th
(1) Ngi trng nhm chn ngu nhin s k1, (1 < k1 < n) v tnh
r1 = (1 mod p) mod q
b = k1(H(m) + a1x1) mod q
s = b1 mod q
Sau gi (r1,s) cho tt c thnh vin.
20
(2) Cc thnh vin kim tra tnh hp l ch k ca ngi qun l bng
cch tnh:
u = H(m)s mod q,
v = r1 s mod n
r = (gu yv mod p) mod q
Kim tra nu r = r1 th ch k hp l, ngc li l khng.
(3) Mi ngi k Ui, i 1 s tnh ch k nh sau:
ki = s(H(m) + r1xi) mod q
ri = (gki mod p) mod q
Sau s gi gi tr ny n ngi qun l.
(4) Ngi qun l s kim tra tnh hp l ca tng ch k thnh vin v
to ch k tp th l tp (a1,a2,...,at,s).
- Kim tra ch k s tp th
(1) Ngi kim tra, xc thc ch k tnh:
u = H(m)s mod n, v = r1s mod n
(2) Tip theo tnh cc im:
= ( . )
=1
= ( )
=1
21
= ( (()+ ) ) = ( ) =
=1 =1
22
=
(3) nu , ch k hp l, ngc li th khng.
- Chng minh tnh ng n ca thut ton
nh l 2.2.1. (Euler) Vi mi s n,a nguyn t cng nhau ta c:
() 1 (mod n) (2.4)
Chng minh. Xt tp s nguyn:
R = {x1,x2,...,x(n)}
Mi phn t xi l s nguyn dng duy nht nh hn n vi gcd(xi,n) = 1,
nhn mi phn t ca R vi a v ly phn d khi chia cho n, ta s c tp S:
S = {(ax1 mod n),(ax2 mod n),...,(ax(n) mod n)}
Nhn thy tp S c cc phn t ch l hon v ca cc phn t ca tp R v
a l nguyn t cng nhau vi n, xi cng l nguyn t cng nhau vi n suy ra axi
cng nguyn t cng nhau vi n. T nhn tt c cc phn t ca S v R ta c:
() ()
( )
=1 =1
() ()
= ()
=1 =1
() ()
() . [ ] = ()
=1 =1
() 1()
Khi n l s nguyn t ta c nh l Fermat nh:
an-1 1 (mod n)
Theo nh l Euler ta c:
() 1 (mod n) (2.5)
T c th d dng thy rng:
)e =
= se = (
=
()+1 =
(2.6)
23
2.3.2. Ch k s tp th RDSA
Ch k s tp th RDSA (repeated individual signature) l lc k n
lp li to nn ch k tp th.
l bn tm lc ca vn bn m, c
K hiu thng chng ta s s
dng hm bm bo mt no :
= h(m) (2.7)
- K vn bn
K hiu tp th gm t ngi k l GU = {U1,U2,...,Ut}. Giao thc k tp
th cho hu ht tt c cc lc k tp th da trn lc k n s l:
(1) Ngi k U1 s s dng kha b mt d1 ca mnh k vo
, thng
l m ha bng kha b mt ny.
(2) Tip theo ln lt tng ngi k Ui s k ln vn bn tm lc m
ngi Ui1 k v chuyn tip cho ngi Ui+1.
(3) Cui cng, ngi k Ut s k vo vn bn tm lc, to ra ch k SG
m nhng ngi khc k v gi cho ngi nhn (ngi xc thc) v vn bn
cn gi.
- Xc thc ch k
(1) Ngi nhn nhn ch k SG v vn bn m. To bn tm lc
=
h(m).
(2) Tip theo ln lt xc thc ch k ca tng ngi gi theo th t
ngc li vi qu trnh k.
Lc k tp th ny c nhiu nhc im v hiu nng tnh ton,
chim dng khng gian lu ch ln (tt c cc kha cng khai ca ngi k),
ng thi phi tun th ng th t k ca ngi k. khc phc nhc im
ny, nhiu lc k tp th c pht trin.
2.3.3. Ch k tp th Itakura v Nakamura
Itakura v Nakamura l hai tc gi xut lc ch k s tp th u
tin vo nm 1983. Tuy nhin lc li c im yu nht nh.[1]
- Sinh kha
24
(1) Chn hai s nguyn t ln p, q. Tnh gi tr n0 = pq v (n0) =
(p1)(q1), vi mi ngi k Ui chn s ri v chn s e sao cho e < (n0),
gcd(e,(n0)) = 1 v e > max{ri}1it.
(2) Mi ngi k Ui c kha cng khai l (ni,e,i) vi ni = ni.ri sao cho ri <
rj vi 1 i < j t c ngha l ni < nj.
(3) Ngi k Ui c kha b mt l di c chn sao cho edi 1 (mod
(ni)).
- K vn bn
K theo th t ngi c ri nh nht cho n ln nht.
1 mod ni, sau gi n ngi k U2.
(1) Ngi k U1 tnh si
(2) Ngi k Ui s k vo ch k ca ngi k trc Ui-1 vi 2 i t1
bng cch tnh:
si 1
(mod ni)
(3) Ngi cui cng Ut s k vo ch k nhn c t ngi Ut-1 bng
cch tnh:
s = st 1
(mod nt)
- Xc thc ch k
(1) Theo trnh t ngc li t gi tr cao xung thp, vi kha cng khai
(ni,e) vi mi t i 1, tnh:
si-1 (mod ni)
(2) Cui cng ngi xc thc s tnh c s0 = (mod n1).
th ch k hp l, ngc li th khng.
(3) Nu s0 =
- Chng minh.
si-1 = sei =(sds-1)e= si-1
Nhc im ca lc ny l di ca ch k s tng ln sau mi ln
k v khi n khng phi l s nguyn t th lc s c im yu l c th khi
phc c vn bn m khng cn bit n kha b mt.
25
2.3.4. Lc ch k tp th Harn v Kiesler
Hai tc gi Harn v Kiesler nm 1989 xut lc k tp th cho
ngi xc thc c xc nh trc [13] c m t di y.
- Sinh kha
(1) Mi ngi k Ui, 1 i t chn ngu nhin hai cp i s nguyn t
ln (pi,qi) v ( , ) cp u tin dng cho vic k tp th, cp th 2 cho
m ha thng ip.
(2) Tnh ni = piqi v = . ) v vi ni < h < vi h l ngng cng
khai bit trc. Sp xp sao cho n1 < n2 < ... < ni < ... < nt.
(3) Tnh cp (ei,di) v ,
) sao cho:
- K vn bn
(1) Bn th ba tnh ci 1 mod n1 v gi gi tr c1 ti U1.
(2) U1 gii m 11 = 1 1 mod n1, sau kim tra v so snh vi thng
ip nhn c, nu hp l U1 s dng kha cng khai ca U2 m ha ch k:
s1 1 , c2 =1 2 mod n2
Sau U1 gi c2 n ngi k U2.
(3) Ngi k Ui vi 2 i t gii m ch k t ngi gi Ui-1 v c ln
lt gii m tm li gi tr m.
1
1 si-2 mod ni-1 (2.8)
...
22 si mod n2 (2.9)
1 1 m mod n2 (2.10)
Tip theo to ch k s si 1
sau m ha ch k ny bng kha
cng khai ca ngi k Ui+1 bng cch tnh:
26
ci+1 1
mod ni+1
(4) n ngi k cui cng Ut, s tip tc tin hnh tng t vi vic coi
ngi xc nhn nh l thnh vin Ut+1:
s mod nV
Ngi xc thc V c kha cng khai l (eV, nV ).
- Xc thc ch k
(1) Ngi xc thc V dng kha b mt dV tnh:
mod nV st
(2) Ln lt gii m ra m bng cch thc tng t nh cch tnh (2.8)
n (2.10).
(3) So snh gi tr m gii m c vi gi tr m nhn c, nu trng
nhau l ch k hp li, ngc li l khng hp l.
- Chng minh.
1
1 1
1 = (2 ) = 2
2.4. Ch k s tp th da trn h mt Elliptic
2.4.1. Tng quan v h mt trn ng cong elliptic
Nm 250 sau Cng nguyn, Diophant khi gii bi ton tm s tng ca
thp cc qu cu m khi tri ra mt t c th xp thnh mt hnh vung dn
n gii phng trnh (y l s qu cu trn 1 cnh hnh vung; x l s tng ca
thp):
y2 = 12 + 22 + 32 + + x2 = x(x + 1)(2x + 1) /6
Phng trnh y2 = x(x + 1)(2x + 1)/6 l mt dng ca ng cong Elliptic.
Nm 1637, nh ton hc v vt l hc ngi Php Pierre de Fermat cng b nh
l Fermat cui cng khi vit trn l bn copy cng trnh ca Diophant: Phng
trnh sau y l v nghim:
xn + yn = zn , n > 2
27
Hn ba th k, c rt nhiu nh ton hc c gng chng minh nh l
ny xong u tht bi, mi cho n nm 1994, Andrew Wiles, gio s trng
Princeton gy mt ting vang ln trong cng ng ton hc th gii vo thi
im khi s dng ng cong Elliptic c dng y2 = x(x an )(x + bn ) cng
vi l thuyt v Modul chng minh nh l Fermat cui cng. Nm 1987,
Lenstra xut thut ton phn tch s nguyn ra tha s nguyn t s dng
ng cong Elliptic, l thut ton tng i nhanh, chy vi thi gian di
hm m v l thut ton nhanh th 3 trong vic phn tch ra tha s nguyn t,
sau phng php sng a thc ton phng v phng php sng trng s tng
qut [2].
Trong lnh vc mt m, vo nm 1985, Victor S. Miller cng b bi bo
u tin v ng dng ng cong EC trong mt m Use of Elliptic Curves in
Cryptography v sau l Neal Koblitz vi Elliptic curve cryptosystem vo
nm 1987. T cho n nay c rt nhiu cng b nghin cu v EC v l
thuyt v trong thc tin cng ngy ng dng ECC cng c s dng rng ri,
v c a thnh cc tiu chun. Mt s tiu chun lin quan n ng
cong Elliptic:
IEEE 1363: Tiu chun ny bao gm gn nh tt c cc thut ton v cc
h kha cng khai trong c ECDH, ECDSA, ECMQV v ECIES. Trong phn
ph lc c c cc thut ton c bn v l thuyt s lin quan n h mt kha
cng khai.
ANSI X9.62 v X9.63: Cc chun ny tp trung vo ng cong Elliptic
v c th v ECDSA trong X9.62 v ECDH, ECMQV v ECIES trong X9.63.
Cc chun ny cng xc nh khun dng cc d liu v danh mc cc ng
cong khuyn co s dng.
FIPS 186.2: Tiu chun ca NIST cho ch k s, m t chi tit v thut
ton DSA algorithm.
SECG: L tiu chun c bin son bi nhm cc doanh nghip dn dt
bi cng ty Certicom, gn nh l nh x ca cc chun ANSI nhng c tip
cn trn mi trng Web t Website http://www.secg.org/
ISO 15946-2: Tiu chun m t v ECDSA v ECIES (cn c gi l
ECIES-KEM).
28
RFC 3278: Use of Elliptic Curve Cryptography (ECC) Algorithms in
Cryptographic Message Syntax (CMS) l khuyn ngh s dng thut ton ECC
trong m ha thng ip vn bn.
* Phng trnh Weierstra ca ng cong Elliptic
- ng cong Elliptic c dng sau:
y2 = x3 + Ax + B (2.11)
Trong A v B l cc hng s. Cc gi tr ca x, y, A, B thng l cc
gi tr trn mt trng no , v d nh R (s thc), Q (s hu t), C (s phc),
hoc trng hu hn Fq, vi q = pn trong p l s nguyn t vi n 1. Nu K l
mt trng c a, b K, khi ta ni ng cong Elliptic c nh ngha trn
trng K. im (x, y) trn ng cong Elliptic vi (x, y) K c gi l im
K - Hu t. Dng tng qut phng trnh Weierstrass ca ng cong Elliptic s
c biu din di dng:
y2 + a1xy + a3y = x3 + a2x2 + a4x + a6, (2.12)
Trong a1, , a6 l cc hng s. Dng (2.12) thng c s dng vi
cc trng K c c s char(K) bng 2 hoc 3. Khi K c char(K) khc 2 c th
bin i (2.12) thnh dng sau:
1 3 2 12 1 3 32
(y + + ) = ( 3 + ( 2 + ) 2 + (4 + )( + 6 )
2 2 4 2 4
29
cng s to thnh mt nhm, gi l nhm cc im trn ng cong elliptic
trong F p , k hiu l E( F p ). Ging nh nhm nhn trn trng hu hn, nhm
ny c s dng xy dng nn h mt Elliptic.
* Php cng cc im trn ng cong Elliptic
Xt hai im P1 = (x1, y1) v P2 = (x2, y2) trn ng cong Elliptic E nh
Hnh 2.1:
y2 + a1xy + a3y = x3 + a2x2 + a4x + a6
Php cng gia hai im trn ng cong E c nh ngha nh sau:
P3(x3, y3) = P1(x1, y1) + P2(x2, y2) (2.13)
Trong P3(x3, y3) = (x3, ), im (x3, ), l giao im ca ng
cong E v ng thng i qua P1 v P2. V 2 im P3(x3, y3), (x3, ), u
nm trn ng cong E nn (x3, y3), (x3, ) phi tha mn phng trnh
30
Sau khi nh ngha v c cng thc tnh tng 2 im trn ng cong E,
chng ta s nh ngha php nhn v hng hay php cng nhiu ln mt im
trn E.
* Nhn v hng ca mt im trn ng cong Elliptic
Vi n N \ {0} nh ngha php nhn v hng ca im P nm trn
ng cong E l php cng n ln chnh bn thn im P:
P nP = P + P + + P = Q
ti u php nhn v hng, c th s dng phng php Nhn i-v-
cng, u tin biu din s n di dng: n = n0 + 2n1 + 22n2 + + 2mnm vi [n0
. . . nm] {0, 1}, sau p dng thut ton:
Thut ton 1.1 Phng php Nhn i-v-cng
1: Q 0
2: for i = 0 to m do
3: if ni = 1 then
4: Q Cngim(Q,P)
5: end if
6: P Nhni(P)
7: end for
8: return Q
Ngoi phng php Nhn i-v-cng, c th s dng phng php
Trt-cas. Cc phng php ny cho php nhn v hng mt cch ti u.
Lu :
Khng tn ti php nhn 2 im trn ng cong E, c ngha l khng
tn ti P Q vi P, Q E.
Khng tn ti thut ton chia v hng Q : n.
* Nhm (+) ca cc im trn ng cong Elliptic
Xt ng cong Elliptic E c nh ngha bi phng trnh
31
y2 = x3 + Ax + B
Xt 3 im nm trn ng cong E l P1, P2, P3 ln lt c cc ta l
(x1, y1), (x2, y2) v (x3, y3).
cc im trn ng cong Elliptic to thnh nhm (+), im v
cng () s c thm vo ng cong, k hiu l , im ny s nm trn
cng v di cng ca trc y. Mt trong nhng thuc tnh quan trng nht ca
ng cong Elliptic l tn ti nhm cc im vi php cng nm trn ng
cong.
nh l 1.5.1. Php cng vi cc im P, P1, P2, P3 trn ng cong E tha
mn cc tnh cht ca nhm:
1. (Giao hon): P1 + P2 = P2 + P1;
2. (im n v): P + = P;
3. (im nghch o): Tn ti P ca P sao cho P + P= ;
4. (Kt hp): (P1 + P2) + P3 = P1 + (P2 + P3).
32
Hnh 2.2. V d v tnh cht kt hp trn ng cong Elliptic
2.4.2. Lc ch k s tp th Popescu
Trong mc ny s m t tm tt lc thut ton ca tc gi Popescu
trong tp ch Studies in Informatics and Control [10]. Lc ch k s tp
th bao gm 3 pha, pha sinh kha, pha sinh ch k v pha kim tra ch k. Gi
thit rng c t ngi k Ui, 1 i t cng k vo vn bn m {0,1}.
- Sinh kha
Chn b tham s nh trong [20], sau tin hnh cc bc nh sau:
33
(1) Chn p l s nguyn t v n l s nguyn. Gi f(x) l a thc ti gin
trn GF(p) c bc n, sinh ra trng hu hn GF(pn) v l nghim ca f(x) trong
GF(pn).
(2) Hai phn t a,b GF(pn) nh ngha ng cong Elliptic E trn GF(pn)
c phng trnh l y2 = x3 + ax + b vi p > 3 v 4a3 + 27b2 0.
(3) Hai phn t xp v yp trong GF(pn) xc nh im P = (xp,yp) vi bc
nguyn t q trong E(GF(pn)) vi P 0, m 0 l im trung ha.
(4) nh ngha hm chuyn i c(x) : GF(pn) Zp nh sau:
1
() = ,
=0
1
= ( ), 0
=0
34
(4) Thng qua kha ring (kha b mt) di v ki, k vn bn m, ngi k
Ui s tnh: si = diH(m) kir (mod q). (2.15)
(5) Truyn cp (m,si) ti ngi y nhim c phn cng, khi ngi ny
nhn c ton b cp ch k s s tin hnh kim tra bng im:
(r-1H(m) mod q)Qi (r-1 si mod q)P = ( , ), 1 i t
V kim tra ri = ( , ) (mod q), 1 i t. Sau khi kim tra cc ch k
ca tt c cc thnh vin v nu chng u hp l th tin hnh tnh ch k s tp
th (r,s) vi :
s = s1 + s2 ++ st (mod q).
- Kim tra ch k s tp th
(1) Khi mi cp ch k (m,si), 1 i t tha mn iu kin:
(r-1 H(m) mod q)Qi (r-1 si mod q)P =( , ), 1 i t
(2) Tnh tng cho tt c ngi k:
(r-1 H(m) mod q)Q (r-1s mod q)P = (xe,ye)
s = s1 + s2 ++ st (mod q)
= = = ( , )
=1
v r = c(xe) (mod q), ni cch khc ngi kim tra tnh im (xe,ye)
(3) Kim tra nu r = c(xe) (mod q), nu ng th cp ch k (r,s) chp
nhn, nu sai th t chi ch k.
- Chng minh.
1 ()) ( 1 ) = 1 ( () )
=1
= 1 ( () () + )
=1 =1 =1
35
= 1 ( ) = =
=1 =1
36
(1) Ngi kim tra, xc thc ch k tnh:
u = H(m)s mod n, v = r1s mod n
(2) Tip theo tnh cc im:
= ( + )
=1
=
=1
= ( + ) = (() + )
=1 =1
= (() + ) = =
=1 =1
37
Chng 3
NGHIN CU THC NGHIM LC CH K S TP TH
TRN H MT ID-BASED
Nm 1985, Shamir ln u tin a ra tng v h mt nh danh (ID-
Base) [21], trong thay v vic to ra kha cng khai bng phng php ngu
nhin, y c th dng cc thng tin nh danh nh a ch Email, s chng
minh th to ra kha cng khai, u im ca h mt ny l khng cn phi
trao i kha cng khai, v c th bit kha cng khai t trc khi cp kha
c to ra, khng cn phi trao i kha cng khai v n c th c to ra theo
mt quy nh tng minh v d dng. H mt nh danh c bit ph hp vi
nhng mi trng c mt s lng ln ngi dng. T sau cng trnh ca Boneh
and Franklin nm 2001, hng lot cng trnh khc da trn ID-Based c pht
trin.
3.1. Ch k s tp th da trn cp Song tuyn tnh
Lc ch k s tp th Boldyreva
Lc do Boldyreva cng b vo nm 2003 [22].
- Sinh kha
(1) Coi hm bm H : {0,1} E (nhm cc im nm trn ng cong
Elliptic c bc l q l hm nh x ti im.
(2) Chn kha b mt l xi v kha cng khai tng tng l =
xiP, vi ui U,1 i t.
- To ch k s tp th
(1) Mi thnh vin ui tnh i = xiH(m) v gi n ngi k D.
(2) D tnh gi tr k s ca c tp th: = =1 v a ra ch k s
(m,).
- Kim tra ch k s tp th
(1)Tnh kha cng khai ca c tp th: == =1
(2) Kim tra iu kin:
e(P,) = e( ,H(m))
38
Nu ng th ch k s hp l, ngc li l khng.
- Chng minh.
e(P, ) = (, ) = (, ()
=1 =1
= ( , ()) = (,())
=1
39
Mt chng trnh da trn nhn dng ging nh mt h thng th in t
l tng: Nu bn bit tn v a ch ca ai , bn c th gi cho anh ta nhng
thng ip m anh ta ch c th c v bn c th xc minh nhng ch k m ch
c anh ta mi c th to ra. N lm cho cc thut ton m ho c cung cp cho
ngi s dng rt r rng, v c th c s dng c hiu qu bi c cha kha
hoc giao thc.
Mt h thng IBE c nhng im tng ng vi cc h thng kha cng
khai truyn thng, nhng cng kh khc theo nhng cch khc. Mc d kha
cng khai truyn thng cha tt c cc tham s cn thit s dng kha, s
dng mt h thng IBE, ngi dng thng cn c mt tp hp cc tham s
cng khai t mt bn th ba ng tin cy. Vi cc tham s ny, ngi dng c
th tnh ton kha IBE cng khai ca bt k ngi dng no v s dng n
m ha thng tin cho ngi dng . Qu trnh ny c th hin trong hnh
di y.
40
Hnh 3.2. Gii m vi mt h thng IBE
41
Bng 3.1. So snh tnh cht ca IBE v cc h thng kha cng khai truyn thng
Cc bc Tm lc
42
Bng 3.3. Kh nng p dng cc cng ngh m ho khc nhau trong vic t
c cc mc tiu an ninh thng tin
- Tnh bo mt - C - C
- Tnh ton vn - Khng - C
- Kh dng - Khng - C
- Xc thc - Khng - C
- Khng bc b - Khng - Khng
43
kh nng xc minh danh tnh ca ngi dng. Khng bc b ngn cn vic t
chi cc cam kt hoc hnh ng trc . Vic s dng mt m c th h tr
hu ht cc mc tiu ny; Vic s dng IBE ch c th h tr mt trong nhng
mc tiu ny. iu ny c tm tt trong Bng 3.3.
IBE cung cp mt gii php d dng cung cp s bo mt ca d liu. N
khng cung cp tnh ton vn, tnh kh dng, xc thc v khng phn hi. y l
nhng d dng c cung cp bi ch k s bng cch s dng cc phm c
to ra v qun l bi mt h thng kha cng khai truyn thng. Tuy nhin,
chng ta s thy rng nhng li ch m IBE cung cp lm cho n tr thnh
mt gii php rt tt cho mt s vn , v mt gii php lai s dng IBE cho m
ho v mt h thng kha cng khai truyn thng cung cp ch k s c th
l mt gii php kt hp cc tnh nng tt nht ca mi cng ngh.
3.2.2. Ch k s tp th trn h mt ID-Based
Do Rajeev Anand v Sahadeo Padhye xut vo nm 2013 [22].
- Ci t
Coi G1 l nhm cng cyclic c bc l s nguyn t q v phn t sinh l P.
G2 l nhm nhn cyclic c cng bc q. e l mt nh x song tuyn tnh e : G1G1
G2. H1,H2,H3 l cc hm bm c s dng cho mc ch bo mt v c
nh ngha nh sau:
H1 : {0,1} G1, H2 : {0,1} , H3 : {0,1}{0,1} .
(1) Vi tham s bo mt k chn ngu nhin s .
(2) Tnh kha cng khai ca h thng: Ppub = sP G1.
(3) Cng b tham s ca h thng l
Params = (k,G1,G2,q,e,H1,H2,H3,P,Ppub).
- Tch kha
Ngi k y nhim c nh danh l ID, c n ngi c th k y nhim
vi 1 i n.
(1) Bt k ai cng c th tnh kha cng khai ca ngi cn y nhim: QID
= H1(ID) G1 v nhng ngi c y nhim = H1(ID ) G1.
44
(2) Ngi qun tr h thng s tnh kha b mt cho ngi y nhim v
c y nhim SID = sQID v = sID vi 1 i n. Ngi qun tr s
thng qua knh b mt gi cc kha b mt ny cho cc thnh vin.
- Ngi y nhim k
(1) Vi vn bn m {0,1}, ngi k chn ngu nhin x q .
(2) Tnh cc gi tr:
Vs = xP, H = H2(m)
Ws = HSID + xPpub
(3) Ch k ca ngi y nhim l = (Ws,Vs).
- Xc thc ch k ngi y nhim
(1) Vi vn bn m v ch k = (Ws,Vs) nhn c, ngi xc thc tnh:
H' = H2(m) v QID = H1(ID).
(2) Chp nhn ch k khi iu kin sau tha mn:
e(Ws,P) = e(HQID + Vs,Ppub) (3.1)
- Sinh kha cho ngi c y nhim
Trong giai on ny ngi y nhim s trao i vi ngi c y nhim
vi cc quyn c y nhim. lm vic ny ngi y nhim s to ra mt vn
bn bo m w, vn bn ny s km theo mt s thng tin v vn bn, v nhng
hn ch ca vn bn s y nhim, thi gian hoc nh danh ca nhng ngi s
y nhim.
(1) y nhim: Ngi cn y nhim chn ngu nhin t . v tnh:
V = tP,
h = H2(w),
W = hSID + tPpub G1
Chuyn gi tr (W,V,w) vi cc thnh vin qua knh truyn b mt.
(2) Kim tra y nhim: mi thnh vin s tnh h = H2(w) v kim tra
iu kin sau (nu khng tha mn th phi yu cu gi li hoc\ hy giao thc):
45
e(W,P) = e(hQID + V,Ppub)
(3) Sinh kha y nhim: mi thnh vin s tnh h = H2(w) tnh kha
b mt y nhim:
pk = W + hS
- Sinh ch k y nhim
Trong pha ny s c mt ngi ph trch c nhim v tp hp ht tt c
cc ch k thnh phn.
(1) Mi thnh vin ID s chn ngu nhin s xi .
(2) Tnh cc gi tr: h3 = H3(m,w) v = xiP v gi gi tr n (n1)
cc thnh vin cn li.
(3) Cc thnh vin tnh v gi :
=
=1
= h3pk + xiPpub
(4) Ngi ph trch sau khi c cc ch k thnh phn s to kha cng
khai y nhim:
pk = h(QID + ID ) + V (3.2)
46
(3) Tnh cc gi tr:
h = H2(w)
3 = H3(m,w)
= [ + ] +
=1
(, ) = ( , 3 + )
=1
(, [3 + x ) = ( , 3 + )
=1
(, [3 ( + ) + ]) = ( , 3 + )
=1
(, [3 ( + + ) + ]) = ( , 3 + )
=1
(, [3 ( + + ) + ]) = ( , 3 + )
=1
( , [3 ( + + ) + ]) = ( , 3 + )
=1
( , [3 ( + + )] + ) = ( , 3 + )
=1
47
( , 3 [[( + + ] + ) = ( , 3 + )
=1
( , 3 [[ + + ] + ) = ( , 3 + )
=1
( , 3 + ) = ( , 3 + )
Biu thc cui cng ng khi 3 = 3
3.2.3. Nghin cu thc nghim lc ch k s tp th trn h mt ID-
Based
- Chng trnh thc nghim ch k s tp th trn h mt ID-Based c
xy dng trn ngn ng lp trnh Python.
- Ci t, s dng phn mm Netbeans IDE 8.1 trn my tnh thc
nghim chng trnh.
48
Vo Tool -> plugins -> downloaded -> add plugins
- Ci t PyQT5 lp trnh giao din cho chng trnh.
Chng trnh c s dng 1 s module ca PyQT5 nh:
+ QtCore: l module bao gm phn li khng thuc chc nng GUI,
v d dng lm vic vi thi gian, file v th mc, cc loi d
liu, streams, URLs, mime type, threads hoc processes.
+ QtGui: bao gm cc class dng cho vic lp trnh giao din
(windowing system integration), event handling, 2D graphics, basic
imaging, fonts v text.
+ QtWidgets: bao gm cc class cho widget, v d: button, hp
thoi, c s dng to nn giao din ngi dng c bn
nht.
- Code giao din cho chng trnh:
from PyQt5 import QtCore, QtGui, QtWidgets
class Ui_Dialog(object):
def setupUi(self, Dialog):
Dialog.setObjectName("Dialog")
Dialog.resize(949, 582)
Dialog.setAutoFillBackground(False)
self.lText1 = QtWidgets.QLabel(Dialog)
self.lText1.setGeometry(QtCore.QRect(280, 20, 451, 31))
font = QtGui.QFont()
font.setFamily("Tahoma")
font.setPointSize(14)
self.lText1.setFont(font)
self.lText1.setObjectName("lText1")
self.pushButton = QtWidgets.QPushButton(Dialog)
self.pushButton.setGeometry(QtCore.QRect(280, 440, 101, 31))
self.pushButton.setObjectName("pushButton")
49
self.QLE_mes = QtWidgets.QLineEdit(Dialog)
self.QLE_mes.setGeometry(QtCore.QRect(280, 399, 631, 31))
self.QLE_mes.setObjectName("QLE_mes")
self.label = QtWidgets.QLabel(Dialog)
self.label.setGeometry(QtCore.QRect(130, 400, 141, 21))
font = QtGui.QFont()
font.setPointSize(12)
self.label.setFont(font)
self.label.setObjectName("label")
self.QTE_KQ = QtWidgets.QPlainTextEdit(Dialog)
self.QTE_KQ.setGeometry(QtCore.QRect(280, 490, 631, 71))
self.QTE_KQ.setObjectName("QTE_KQ")
self.label_2 = QtWidgets.QLabel(Dialog)
self.label_2.setGeometry(QtCore.QRect(260, 81, 21, 21))
font = QtGui.QFont()
font.setPointSize(12)
font.setItalic(True)
--
def retranslateUi(self, Dialog):
_translate = QtCore.QCoreApplication.translate
Dialog.setWindowTitle(_translate("Dialog", "ID BASED
MULTISIGNATURE"))
self.lText1.setText(_translate("Dialog", "CH K S TP TH DA TRN
H MT ID-BASED"))
self.pushButton.setText(_translate("Dialog", "K"))
self.label.setText(_translate("Dialog", "Thng ip cn k:"))
self.label_2.setText(_translate("Dialog", "k:"))
self.label_3.setText(_translate("Dialog", "P:"))
self.label_4.setText(_translate("Dialog", "ID_y nhim:"))
50
self.label_5.setText(_translate("Dialog", "ID_ngi k 1:"))
self.label_6.setText(_translate("Dialog", "ID_ngi k 2:"))
self.label_7.setText(_translate("Dialog", "ID_ngi k 3:"))
self.label_8.setText(_translate("Dialog", "Ch k tp th y nhim:"))
if __name__ == "__main__":
import sys
app = QtWidgets.QApplication(sys.argv)
Dialog = QtWidgets.QDialog()
ui = Ui_Dialog()
ui.setupUi(Dialog)
Dialog.show()
sys.exit(app.exec_())
// M ngun da trn thut ton ch k tp th
def _algo4a(t, u):
'''computing of $(-t^2 +u*s -t*p -p^2)^3$
The algorithm is by J.Beuchat et.al, in the paper of "Algorithms and Arithmetic
Operators for Computing
the $eta_T$ Pairing in Characteristic Three", algorithm 4 in the appendix
'''
c0 = f3m.cubic(t) # c0 == t^3
c1 = f3m.cubic(u)
f3m.neg(c1, c1) # c1 == -u^3
m0 = f3m.mult(c0, c0) # m0 == c0^2
v0 = f3m.zero()
f3m.neg(m0, v0) # v0 == -c0^2
f3m.sub(v0, c0, v0) # v0 == -c0^2 -c0
f3m._add2(v0) # v0 == -c0^2 -c0 -1
v1 = c1
51
v2 = f3m.one()
f3m.sub(v2, c0, v2) # v2 == 1 -c0
return [[v0, v1], [v2, f3m.zero()], [f3m.two(), f3m.zero()]]
52
R = f36m.mult(a1, a2)
for _ in range((f3m._m - 1) // 2):
R = f36m.cubic(R)
xq = f3m.cubic(xq)
xq = f3m.cubic(xq)
f3m._add2(xq) # xq <= xq^9-b
yq = f3m.cubic(yq)
yq = f3m.cubic(yq)
f3m.neg(yq, yq) # yq <= -yq^9
f3m.add(xp, xq, t) # t == xp+xq
f3m.neg(t, nt) # nt == -t
nt2 = f3m.mult(t, nt) # nt2 == -t^2
u = f3m.mult(yp, yq) # u == yp*yq
S = [[nt2, u], [nt, f3m.zero()], [f3m.two(), f3m.zero()]]
R = f36m.mult(R, S)
return R
--
def pairing(x1, y1, x2, y2):
'''computing the Tate bilinear pairing
53
'''
if (f3m._m - 1)//2 % 2 == 0:
f = _algo5
else:
f = _algo4
v = f(x1, y1, x2, y2)
return _algo8(v)
def init(bits_of_order_of_G1):
'''init whole module. making sure the order of G1 is at least $bits_of_order_of_G1$'''
for p in _params:
p = p.split()
bit_num = int(p[2])
if bit_num >= bits_of_order_of_G1:
m, t, _, order = map(int, p[:4])
f3m._set_param(m, t)
ecc._order = order
x, y = p[4:]
ecc._x = f3m._from_str(x)
ecc._y = f3m._from_str(y)
return
raise NotImplementedError('max supported bit num is 911')
54
- Giao din chng trnh:
55
KT LUN
* Cc kt qu t c
- n nu r cc vn cn nghin cu v ch k s, ch k s tp
th cc ng dng ca ch k s trong bo mt thng tin, nu tng quan cc vn
nghin cu trong nc v trn th gii v cc ch k s tp th.
- Gii thiu s lc v tnh hnh nghin cu ch k s tp th sau l tp
trung nghin cu cc lc ch k s tp th trn cc h mt khc nhau: h
mt RSA, h mt Elliptic nhm mc ch hiu mt cch tng quan v cc h mt
kha cng khai, ch k s trn cc h mt (ch k s RSA, ch k s tp th
RDSA, Itakura v Nakamura) v cc lc ch k s tp th trn cc h mt
(Lc ch k s tp th Khali v Farah, Lc ch k tp th Harn v
Kiesler, Lc ch k s tp th Popescu), ch k s da trn cp Song tuyn
tnh c th lc ch k s tp th Boldyreva.
- Nghin cu v thc nghim lc ch k s tp th trn h mt ID-
Based.
* Hng pht trin
- xut m hnh ng dng ch k s nhm p ng cc yu cu t ra
khi trin khai mt Chnh ph in t trong thc t x hi, p dng ph hp cho
cc i tng l cc t chc, cc c quan hnh chnh, cc doanh nghip,
- Pht trin lc ch k s theo h mt ID-Based c an ton cao v
hiu qu thc hin cao theo m hnh xut.
56
TI LIU THAM KHO
Ti liu Ting Vit
[1] ng Minh Tun (2016), Ch k s tp th, Chuyn Tin s, Vin
Khoa hc v Cng ngh Qun S, B Quc Phng, H Ni.
[2] ng Minh Tun (2016), H Mt m kha cng khai da trn ng
cong Elliptic, Chuyn Tin s, Vin Khoa hc v Cng ngh Qun S, B
Quc Phng, H Ni.
Ti liu Ting Anh
[3] Whitfield Diffie and Martin E. Hellman (1976), New Directions in
Cryptography, IEEE Trans. Info. Theory, IT-22 (6), pp. 644654.
[4] R.L. Rivest, A. Shamir, and L. Adleman (1978), A Method for
Obtaining Digital Signatures and Public-Key Cryptosystems, Commun. ACM,
21, pp. 120126.
[5] Shafi Goldwasser, Silvio Micali, and Ronald L.Rivest (1988), A Digital
Signature Scheme Secure Against Adaptive Chosen-Message Attacks, SIAM
Journal on Computing - Special issue on cryptography, 17 (2), pp. 281308.
[6] Rafail Ostrovsky (2010), Foundations of Cryptography, CS
282A/MATH 209A.
[7] Yehuda Lindell (2010), Foundations of Cryptography, Bar-Ilan
University.
[8] Chih-Yin Lin, Tzong-Chen Wu, and Jing-Jang Hwang (2001), ID-
based structured multisignature schemes, Advances in Network and Distributed
Systems Security, Kluwer Academic Publishers, Boston, pp. 4559.
[9] Chris J. Mitchell (December 2001), An attack on an ID-based
multisignature scheme , Royal Holloway, University of London, Mathematics
Department Technical Report RHUL-MA-2001-9.
[10] Constantin Popescu (2003), A Digital Multisignature Scheme with
Distinguished Signing Responsibilities, Studies in Informatics and Control.
[11] Mihir Bellare and Gregory Neven (2006), Multi-Signatures in the
Plain Public-Key Model and a General Forking Lemma, ACM CCS.
57
[12] Hakim Khali and Ahcene Farah (2007), DSA and ECDSA-based
MultiSignature Schemes, IJCSNS International Journal of Computer Science
and Network Security, 7 (7).
[13] N.R.Sunitha, B.B.Amberker, and Prashant Koulgi (2008),
Transferable echeques using Forward-Secure Multi-signature Scheme,
Proceedings of the World Congress on Engineering and Computer Science, San
Francisco, USA.
[14] Bevish Jinila and Komathy (2015), Cluster Oriented ID Based
Multi-signature Scheme for Traffic Congestion Warning in Vehicular Ad Hoc
Networks, Emerging ICT for Bridging the Future, 2, pp. 337345.
[15] Tather Elgamal (1985), A public-key cryptosystem and a signature
scheme based on discrete logarithm, IEEE Trans. Inform. Theory, 31, pp. 469472.
[16] NIST (2013), Digital Signature Standard (DSS) FIPS 186-4, National
Institute of Standards and Technology.
[17] Hakim Khali and Ahcene Farah (2007), DSA and ECDSA-based
MultiSignature Schemes, IJCSNS International Journal of Computer Science
and Network Security, 7 (7).
[18] Alexandra Boldyreva (2003), Efficient threshold signature,
multisignature and blind signature schemes based on the Gap-Diffie-Hellman-
group signature scheme, PKC2003, LNCS2139, pp. 3146.
[19] L. Harn and T. Kiesler (1989), New scheme for digital
multisignature, Electron. Lett. 25 (15), pp. 10021003.
[20] Constantin Popescu (2003), A Digital Multisignature Scheme with
Distinguished Signing Responsibilities, Studies in Informatics and Control.
[21] Adi Shamir (1985), Identity-Based Cryptosystems and Signature
Schemes, CRYPTO 84, LNCS 196, pp. 4753.
[22] Rajeev Anand Sahu and Sahadeo Padhye (2015), Provable secure
identitybased multi-proxy signature scheme, Int. J. Commun. Syst. 28.
58