LI CAM OAN

Em xin cam oan cc kt qu c trnh by trong n tt nghip

Nghin cu lc ch k s tp th trn h mt ID-Based l cng trnh
nghin cu ca em di s hng dn ca TS L Xun c. Cc s liu, kt qu
trong n tt nghip l hon ton trung thc v cha c cng b trong bt k
cng trnh no trc y. Cc kt qu c s dng tham kho u c
trch dn y v theo ng quy nh.

Bc Ninh, ngy ... thng ... nm 2017

Hc vin

Nguyn Th Thu Hin

 LI CM N
Trong qu trnh nghin cu v hon thin n tt nghip ny, em
nhn c nhiu s gip v ng gp qu bu.
u tin, em xin by t lng cm n su sc ti Thy gio hng dn l
TS L Xun c - Vin Khoa hc Cng ngh Qun s lun ng h, ng
vin, tn tnh gip v h tr nhng iu kin tt nht cho em trong sut qu
trnh nghin cu v hon thin n tt nghip.
Em xin chn thnh cm n Khoa Cng ngh thng tin - Trng i hc
K thut - Hu cn Cng an nhn dn to iu kin thun li em hon
thnh nhim v. Em cng xin cm n i Tin Hc - Phng Vin Thng Tin Hc
- Cng an thnh ph H Ni to iu kin cho php em nghin cu n tt
nghip trong thi gian thc tp tt nghip ti n v.
Cui cng, em xin by t lng cm n n gia nh, anh em, bn b, cc
ng ch, ng i ng vin v c v em trong sut thi gian nghin cu.
Xin trn trng cm n tt c!
 MC LC

MC LC.......................................................................................................................... i

DANH MC CC T VIT TT .............................................................................. iii

DANH MC HNH ........................................................................................................ iv

DANH MC BNG ....................................................................................................... v

DANH MC CC K HIU TON HC ............................................................... vi

M U ........................................................................................................................... 1

Chng 1. TNG QUAN V CH K S TP TH ............................................. 5

1.1. Ch k s .......................................................................................... 5
1.1.1. nh ngha v ch k s............................................................. 5
1.1.2. Thut ton to v xc nhn ch k s ....................................... 6
1.1.3. Phn loi ch k s.................................................................... 8
1.1.4. Phn loi tn cng ch k s..................................................... 9
1.1.5. Cc dng b gy lc ch k s ......................................... 10
1.2. Ch k s tp th ............................................................................ 11
1.2.1. Khi nim ................................................................................. 11
1.2.2. Cc thnh phn ca lc ch k s tp th........................ 13
1.2.3. Phn loi ch k s tp th da trn cu trc xy dng ......... 13
1.3. Kt lun chng 1 ........................................................................... 17

Chng 2. CH K S TP TH VI CC H MT KHC NHAU ............. 18

2.1. Tnh hnh nghin cu v ch k s tp th..................................... 18
2.2. Ch k s tp th da trn bi ton Logarithm ri rc ................... 20
2.3. Ch k s tp th da trn h mt RSA ......................................... 22
2.3.1. Ch k s RSA.......................................................................... 22
2.3.2. Ch k s tp th RDSA........................................................... 24

i
 2.3.3. Ch k tp th Itakura v Nakamura ...................................... 24
2.3.4. Lc ch k tp th Harn v Kiesler.................................. 26
2.4. Ch k s tp th da trn h mt Elliptic ..................................... 27
2.4.1. Tng quan v h mt trn ng cong elliptic ........................ 27
2.4.2. Lc ch k s tp th Popescu ......................................... 33
2.4.3. Lc ch k s tp th Khali v Farah .............................. 36
2.5. Kt lun chng 2 ........................................................................... 37

Chng 3. NGHIN CU THC NGHIM LC CH K S TP TH

TRN H MT ID-BASED................................................................................................ 38
3.1. Ch k s tp th da trn cp Song tuyn tnh ............................. 38
3.2. Nghin cu thc nghim lc ch k s tp th trn h mt ID-
Based ................................................................................................................ 39
3.2.1. H mt ID-Based ..................................................................... 39
3.2.2. Ch k s tp th trn h mt ID-Based .................................. 44
3.2.3. Nghin cu thc nghim lc ch k s tp th trn h mt
ID-Based....................................................................................................... 48
3.3. Kt lun chng 3 ........................................................................... 55

KT LUN ..................................................................................................................... 56

TI LIU THAM KHO............................................................................................. 57

ii
 DANH MC CC T VIT TT

K HIU NGHA TING ANH NGHA TING VIT

DLP Discrete Logarithm Problem Bi ton logarit ri rc

DSA Digital Signature Algorithm Thut ton ch k s

DSS Digital Signature Scheme Lc ch k s

EC Elliptic Curve ng cong Elliptic

ECC Elliptic Curve Cryptography Mt m trn ng cong

Elliptic

ECDLP Elliptic Curve Discrete Bi ton logarit ri rc trn

Logarithm Problem ng cong Elliptic

ECDSA Elliptic Curve Digital Thut ton ch k s trn

Signature Algorithm ng cong Elliptic

H Hash Hm bm

IFP Integer Factorization Problem Bi ton phn tch tha s

nguyn t

IoT Internet of Things

M Bn tin d liu

PKI Public Key Infrastructure H tng kha cng khai

RSA Rivest Shamir Adleman

SHA Secure Hash Algorithm Thut ton bm bo mt

IBE Indetity based encryption M ha trn h mt nh danh

PKG Private key generator Kha b mt

iii
 DANH MC HNH

1.1. Quy trnh to ch k s ............................................................................................. 7

1.2. Quy trnh xc thc ch k s.................................................................................... 8

1.3. K s tp th khng phn bit trch nhim ........................................................... 16

1.4. K s tp th c phn bit trch nhim.................................................................. 17

2.1. Php cng trn ng cong Elliptic....................................................................... 30

2.2. V d v tnh cht kt hp trn ng cong Elliptic............................................. 33

3.1. M ha vi mt h thng IBE. ............................................................................... 40

3.2. Gii m vi mt h thng IBE ............................................................................... 41

3.3. Giao din chnh ca phn mm Netbeans IDE 8.1 .............................................. 48

3.4. Giao din chng trnh............................................................................................ 55

iv
 DANH MC BNG

3.1. So snh tnh cht ca IBE v cc h thng kha cng khai truyn thng ..... 42

3.2. Bn thut ton trong lc IBE .......................................................................... 42

3.3. Kh nng p dng cc cng ngh m ho khc nhau trong vic t c cc

mc tiu an ninh thng tin...................................................................................................... 43

v
 DANH MC CC K HIU TON HC

K HIU NGHA

( ) Cc im ca ng cong Elliptic trn trng hu hn

(gm c im )

Trng s hu hn gm q phn t vi q l s nguyn t

2 Trng s hu hn gm 2 phn t

gcd(, ) c s chung ln nht ca a v b

Kha b mt ca i tng k

Kha cng khai ca i tng k

Tp hp cc s nguyn {0,1, , q-1}

{0,1} K hiu chui bit c di bt k

vi
 M U
1. L do chn ti
Hin nay hu ht cc quc gia, t chc trn th gii v ang ng dng
m hnh Chnh ph in t v Thng mi in t tn dng cc u im ca
dch v ny v nng cao nng lc cnh tranh, nng lc phc v cng dn ng
thi bo m tnh an ton, xc thc ca dch v. Chnh ph Vit Nam trin
khai ch k s mt s lnh vc v ang ngy cng pht trin. Tuy nhin vic
ng dng ch k in t cn gii hn cc dch v cng cng nh chng thc
s cho khai bo thu, chng thc s cho cng thng tin...Trc s pht trin, yu
cu thc tin ca x hi v tnh hnh th gii, chin lc ca B Thng tin v
truyn thng nh hng n nm 2020 ch ra cn y mnh pht trin dch
v Internet, thng mi in t, v dch v phc v Chnh ph in t. Mt m
kha cng khai l cng ngh cho php ngi dng trao i thng tin bo mt qua
mt mng cng cng khng bo mt, v xc nhn danh tnh ca ngi dng qua
cc ch k s.
Ngy nay, cc giao dch in t ngy cng tr nn ph bin nhiu lnh
vc nh: giao dch ngn hng, mua bn trc tuyn, Tuy nhin nguy c mt an
ton v gy hu qu nghim trng ca cc dch v ny l rt ln. Ch k s
nhanh chng c mt khp mi ni trong nhiu kha cnh ca i sng in t.
Chng c s dng m bo an ton cho cc dch v cn: tnh bo mt, tnh
xc thc, tnh ton vn d liu v tnh khng chi b trch nhim ca mt thc
th no vi thng tin c truyn i. Ch k s khng ch c s dng bi
con ngi, hay t chc m cn c tch hp vo hng t cc thit b dng
Internet of Things (IoT) khi chng cn lin lc v xc thc thng tin trao i
gia cc thc th. Khng c ch k s, vic gi mo cc thng tin nh tuyn,
thng tin v quyn truy cp cho cc h thng in t tr nn d dng hn bao
gi ht i vi cc hacker trong thi i bng n IoT. Do nhu cu ca con ngi
v cc dch v ngy cng pht trin, vic trao i thng tin khng ch l gia
nhng c nhn vi nhau, m cn l gia nhng nhm ngi hay t chc khc
nhau. Cc ng dng thc tin v ch k s cng nh cc phng php bo mt,
nng cao hiu nng cha bao gi mt tnh thi s. Xut pht t thc t , Hc
vin chn ti Nghin cu lc ch k s tp th trn h mt ID-Based

1
vi mong mun tm hiu su v nm vng v ch k s ni chung v ch k s
tp th ni ring trong bo mt an ton thng tin.
2. Cc cng trnh nghin cu c lin quan:
Difie v Hellman, nm 1976 trong bi bo New Directions in
Cryptography [3] cp n khi nim ch k s tuy nhin hai tc gi ny
cha a ra c lc k s thc t no. Phi n nm 1978, trong cng b
A Method for Obtainning Digital Signatures and Public-Key Cryptosystems
[4] R.Rivest, A Shamir, v L.Adleman mi a ra lc k s da trn bi
ton kh phn tch ra tha s c gi l RSA v lc ny vn ang c s
dng cho n ngy nay.
Sau c nhiu cng trnh nghin cu v ch k s, tuy nhin phi n
nm 1988, S.Goldwasser, S.Micali v R.Rivest trong [5] mi nh ngha chnh
xc ch k s v cc yu cu cn phi c ca ch k s. nh ngha v ch k s
c th c tm thy trong [7] v [6].
Ch k s n phn no gii quyt c yu cu ca thc tin. Tuy
nhin trong thc t c nhiu ti liu cn phi c nhiu ngi k. Th d nh cc
bn hp ng mua bn, cho thu, n th tp th th ch k s n khng th
gii quyt c. T giao thc ch k s cho php nhiu ngi cng k vo
mt ti liu gi l ch k s tp th (the digital multisignature) c nghin
cu, pht trin v ng dng t nhiu nm nay gii quyt c rt nhiu yu
cu ca hot ng giao dch trn mng m ch k s n khng p ng.
Ch k s ti Vit Nam:
Vit Nam, ch k s c cng nhn c tnh php l nh ch k s tay
truyn thng hoc con du t nm 2005. Cc ch k s v chng th s c
a vo cc vn bn php l nh cc lut, ngh nh, thng t. Hin nay, ch k
s c ng dng nhiu cng ty nh Viettel, FPT, BKAV Tuy nhin, hu
ht cc m hnh ch k s n c s dng, v cc m hnh ch k s khc vn
cn hn ch ngoi tr BKAV c kh nng cung cp m hnh k nhy. V cc
cng trnh nghin cu a co r t nhi u cac bai bao, an, tai, c xy dng,
phat tri n va vi t v ch ky s n, ch ky s mu, ch ky s t p th , Trn th
gii, l c ch ky s t p th a c xy dng va phat tri n vi r t nhi u cac
cng trinh, bai bao n i ti ng. Ti Vit Nam, ch k s c tp trung nghin cu

2
 trong nc bi mt s chuyn gia u ngnh nh GS. TS Nguyn Bnh (Hc
vin Cng ngh bu chnh vin thng), PGS. TS Nguyn Hiu Minh (Hc vin
K thut Mt m), TS Lu Hng Dng (Hc vin K thut qun s). Ngoi ra,
ch k s cn thu ht mt s nghin cu thng qua cc lun vn thc s v ch
k s v ch k s tp th.
3. Mc ch nghin cu
Mc tiu nghin cu ca n bao gm nghin cu cc khi nim v
lc ch k s, ch k s tp th, cc ng dng ca ch k s trong bo mt
thng tin. Trn c s nghin cu cc khi nim c bn v ch k s tp th, Hc
vin tp trung nghin cu su v thc nghim lc ch k s tp th trn h
mt ID-Based.
4. Nhim v nghin cu
Nhim v nghin cu ca n bao gm:
- Tm hiu cc h mt kha cng khai v cc lc ch k s.
- Tm hiu khi nim ch k s tp th v cc lc ch k s tp th.
- Nghin cu thc nghim lc ch k s tp th trn h mt ID-Based.
5. i tng nghin cu
- Cc h mt kha cng khai v cc lc ch k s.
- Ch k s tp th v cc lc ch k s tp th.
- Ch k s tp th trn h mt ID-Based.
6. Phng php nghin cu
n nghin cu da trn cc phng php:
- Phng php nghin cu chuyn gia: tham kho kin ca gio vin
hng dn v cc thy c gio trong khoa cng ngh thng tin.
- Phng php nghin cu ti liu: tham kho mt s ti liu chuyn
ngnh, sch, cc bi bo khoa hc cng ngh thng tin c lin quan.
- Phng php phn tch, tng hp.

3
 - Phng php khai thc phn mm my tnh v thc nghim chng
trnh.
7. Phm vi nghin cu
- Nghin cu ch k s tp th, khi nim, m hnh an ton ch k tp th.
- Nghin c h mt nh danh ID-Based.
8. B cc ca n tt nghip
Ngoi phn M u, phn Kt lun, phn Ti liu tham kho. Ni dung
chnh ca n tt nghip c kt cu thnh 3 Chng:
Chng 1: Tng quan v ch k s tp th
Trnh by khi qut v ch k s, ch k s tp th bao gm nh ngha,
phn loi,
Chng 2: Ch k s tp th vi cc h mt khc nhau
Nu nn tnh hnh nghin cu v ch k s tp th v ch k s tp th
trn cc h mt RSA, Elliptic
Chng 3: Nghin cu thc nghim ch k s tp th trn h mt ID -
Based
Gii thiu v h mt ID-Based, ch k s trn h mt ID-Based v nghin
cu thc nghim ch k s tp th trn h mt ID-Based.

4
 Chng 1
TNG QUAN V CH K S TP TH
1.1. Ch k s
Difie v Hellman, nm 1976 trong bi bo New Directions in
Cryptography [3] cp n khi nim ch k s tuy nhin hai tc gi ny
cha a ra c lc k s thc t no. Phi n nm 1978, trong cng b
A Method for Obtainning Digital Signatures and Public-Key Cryptosystems
[4] R.Rivest, A Shamir, v L.Adleman mi a ra lc k s da trn bi
ton kh phn tch ra tha s c gi l RSA v lc ny vn ang c s
dng cho n ngy nay.
Sau c nhiu cng trnh nghin cu v ch k s, tuy nhin phi n
nm 1988, S.Goldwasser, S.Micali v R.Rivest mi nh ngha chnh xc ch k
s v cc yu cu cn phi c ca ch k s. nh ngha v ch k s c th
c tm thy trong [7] v [6].
1.1.1. nh ngha v ch k s
nh ngha 1.1: Ch k s (Digital Signature): l d liu c to ra bi
mt lc ch k s, m lin kt thng ip d liu (bn tin, ti liu, bo
co,) vi thc th (con ngi, thit b k thut,) to ra n p ng yu
cu xc thc v ngun gc v tnh ton vn ca thng ip d liu.
nh ngha 1.2: Mt lc ch k s (Digital Signature Scheme) l mt
b cc thut ton (gen, sig, ver). Thut ton gen to ra mt kha b mt xs v mt
kha cng khai ys tng ng ca ngi k S vi u vo l cc tham s h
thng. Thut ton sig ly cc tham s u vo l xs v thng ip m v sinh ra
mt ch k ca m. Vi u vo l thng ip m, ch k s v kha cng khai
ys, thut ton ver s cho ra kt qu true hoc false. Cc biu thc sau y phi
c tha mn cho thut ton sig v ver.
Sig ( x s , m) (1.1)

True if Pr( sig (m, xs )) 0

Ver (m, , y s ) (1.2)
False, otherwise

5
 Hn na, mt lc ch k s phi khng th gi mo c. C ngha l
khng th tnh c ch k s ca mt thng ip nu ch bit kha cng khai
m khng bit kha b mt tng ng.
nh ngha 1.3: Hm mt chiu (One-way functions) l hm c tnh
ton chiu thun kh d dng, nhng tnh ton ngc li th rt kh. V d,
cho gi tr ca x th vic tnh hm y f (x) rt d dng, nhng nu bit gi tr ca
hm y f (x) th rt kh tm ra gi tr ca x bi hm ngc f 1 ( y) .
Hm thun:
f :X Y
(1.3)
x X y Y | y f ( x)

Hm ngc:
f 1 : Y X
y Y x X | x f 1 ( y) (1.4)
nh ngha 1.4: Hm bm (Hash function) l mt hm x l chui, vi
bt k di chui bt no, cho u ra l mt chui bt c chiu di c nh n v
khc nhau vi mi u vo khc nhau.
h : X* Yn
x X y Y | y h( x )
(1.5)

Hm bm cn tha mn cc tnh cht sau:

L hm bm mt chiu (One-way Hash Functions): ngha l cho mt chui
gi tr u vo, vic tnh ton gi tr bm l rt d dng, nhng rt kh khi
phc chui gi tr u vo nu bit gi tr bm ca n.
L hm khng va chm mnh: ngha l rt kh tm c x1 v x2 tha
mn {x1 x 2 h( x1) h( x 2)} .

1.1.2. Thut ton to v xc nhn ch k s

- Thut ton to ch k s

6
 L phng php to ch k s t thng ip d liu v kha b mt ca
thc th hoc i tng k. Hnh 1.1 ch ra s khi ca quy trnh to ch k
s. Khi hm bm c s dng to ra bn tin i din c chiu di c nh
t thng ip u vo. Ch k s c sinh ra bi vic m ha bn tin i din
s dng kha ring ca ngi gi. Sau , c hai thng ip u vo v ch k
s c gi cho ngi nhn.

Thng ip

Hm mt chiu Thng tin i din

Thng ip Hm k s
thng ip
Ch k s

Kha ring ca
ngi gi

Hnh 1.1. Quy trnh to ch k s

Gii thch cc khi chc nng trn s :

1. Thng ip (Message): Ngun thng ip u vo.
2. Hm mt chiu (Hash function): Hm bm 1 chiu.
3. Thng tin i din thng ip (Message Digest): Thng tin i din
thng ip c tnh qua hm bm 1 chiu.
4. Hm k s (Signature Function): Khi chc nng to ch k s.
5. Kha ring ca ngi gi (Senders Private Key): Kha ring b mt
ca ngi gi.
6. D liu sau khi k bao gm: thng ip v ch k.
- Thut ton xc nhn ch k s
L phng php kim tra tnh hp l ca ch k s tng ng vi thng
ip d liu, da trn kha cng khai ca thc th hoc i tng k khng
nh tnh xc thc v ngun gc v tnh ton vn ca mt thng ip d liu cn
kim tra. Thng ip t ngi gi c gii m v bt k ai cng c th c
c nh s dng kha cng khai ca ngi gi. Nhng m bo tnh xc

7
thc ca ngi gi thng ip, ngi nhn sau khi nhn c ch k s phi s
dng mt hm ngc vi hm k, m dng sinh ra ch k s, khi phc li
bn tin i din pha ngi gi. Thng ip nhn c pha ngi nhn c
a vo hm bm ging nh bn ngi gi to ra bn tin i din gc ban
u. Bn tin i din ny c so snh vi bn tin i din va c khi phc
t ch k s. Nu hai bn tin i din ny ging nhau th c th kt lun rng
thng ip nhn c l ng ca ngi gi v khng h b thay i trong qu
trnh truyn. S khi quy trnh kim tra ch k s c ch ra Hnh 1.2.

Hm mt chiu Thng tin i din

Thng ip
thng ip

So snh ng hoc sai

Khi chc nng Thng tin i din

Ch k s kim tra k s thng ip

Kha cng khai

ca ngi gi

Hnh 1.2. Quy trnh xc thc ch k s

Gii thch cc khi chc nng trn s :

1. Thng ip: Ngun thng ip u vo.
2. Hm mt chiu (Hash Function): Khi hm bm.
3. Thng tin i din thng ip (Message Digest), l thng tin c tnh
t thng ip gc qua hm bm. Thng tin ny cng c tnh ngc t ch k
s v kha cng khai ca ngi gi.
4. Khi chc nng kim tra ch k s.
5. Kha ring ca ngi gi (Senders Private Key).
6. Ch k s (Digital Signature).
1.1.3. Phn loi ch k s

8
 - Ch k trc tip v ch k c phn x
- Ch k s n v ch k s tp th
Ch k s n l ch k s to ra t loi giao thc k s m ch cho php
mt ngi k vo mt ti liu.
Ch k s tp th l ch k s to ra t loi giao thc ch k s cho php
nhiu ngi chia s cc gi tr mt v kha cng khai ca mnh, phn cp ngi
k hoc giao thc k s song songCc h thng in t, ti chnh, chnh ph
cn s xc thc ca nhiu thnh phn trc khi cho giao dch tin hnh ng dng
cc dng ch k s tp th nhm m bo an ton cho ngi s dng. S chp
thun ngy cng tng ca cc loi giao dch tin in t nh Bitcoin,
Ethereum v s u t cho cng ngh BlockChain cho cc lnh vc mc lin
chnh ph cc nc dn n cc nghin cu ch k hng ti nhm cng mnh
m nh chng ta thy nhng nm gn y.
1.1.4. Phn loi tn cng ch k s
Nm 1998, Shafi Goldwasser trong [5] m t cc loi hnh tn cng vo
ch k s. K hiu A l ngi k ngi b tn cng, c hai dng tn cng ch k
s sau:
1. Tn cng vo kha (Key-only attacks): ngi tn cng ch bit kha cng
khai ca A.
2. Tn cng vo vn bn (Message Attacks): ngi tn cng c th phn
tch mt s ch k tng ng vi ch k s bit. Ph thuc vo cch
ngi tn cng quan st hoc la chn vn bn, tn cng vo vn bn
c chia lm 04 loi tn cng nh sau:
a. Tn cng vn bn bit (Known Message Attack): l loi tn cng
m ngi tn cng c th truy cp n ch k ca cc vn bn m1, m2,
, mk nhng khng c t la chn.
b. Tn cng vn bn c la chn tng qut (Generic Chosen
Message Attack): l loi tn cng m ngi tn cng c th truy cp
c cc ch k hp l ca A cho cc vn bn c la chn m1, m2,
, mk, nhng ngi tn cng khng bit kha cng khai ca A. Kiu
tn cng ny c gi l kiu tn cng khng thch ng: ton b cc

9
 bn tin c lp trc khi bit c ch k. Tn cng dng ny c
gi l tng qut v kha cng khai ca A khng c bit, v tn cng
ny c th thc hin vi bt k ai.
c. Tn cng vn bn c la chn trc tip (Directed Chosen
Message Attack): Dng tn cng ny l tng t nh tn cng la chn
tng qut, tuy nhin khc ch cc vn bn c to ra sau khi bit
c kha cng khai ca A nhng li c to ra trc khi quan st
bt k ch k no. y cng l tn cng khng thch ng, v ch tn
cng c vi ngi k A no m khng phi l tt c.
d. Tn cng vn bn c la chn thch nghi (Adaptive Chosen
Message Attack): l dng tn cng m ngi tn cng c th s dng A
nh l ngun Oracle. Vn bn c chn khng ch sau khi c bit
kha cng cai ca A m cn c sau khi quan st c cc ch k c
to ra trc .
Bn dng tn cng vn bn trn c lit k theo mc tn cng tng
dn. Do , bt k lc ch k no khi a ra phi chu c tn cng mnh
nht l tn cng vn bn la chn thch nghi.
1.1.5. Cc dng b gy lc ch k s
Cc dng ph v lc ch k s c trnh by y bi Shafi
Goldwasser [5] v mt s tc gi. Nu ngi tn cng b gy c lc ch
k s ca A ngha l tn cng ca h c th c thc hin vi xc xut ln. C
mt s dng ph v lc ch k s nh sau:
1. Ph v hon ton (A total break): Khi ngi tn cng vit c thng
tin b mt ca A.
2. Gi mo tng qut (Universal Forgery): Ngi tn cng c th tm
c thut ton k c chc nng tng ng thut ton k ca A.
3. Gi mo c la chn (Selective Forgery): Ngi tn cng c th tm
c ch k s cho mt bn tin c th c la chn c u tin theo cch ca
ngi tn cng.

10
 4. Gi mo c tn ti (Existential Forgery): l gi mo ch k ca t nht
mt vn bn. Ngi tn cng c th khng kim sot ton b qu trnh sinh ra
ch k, nhng c th to ra ch k mt cch ngu nhin, khng ch nh c.
Cc dng tn cng v ph v lc ch k s c trnh by trn c
th c p dng cho tt c cc m hnh ch k s. Tuy nhin, c nhng loi tn
cng v ph v lc ch k s theo c th ca tng m hnh k. Cho n
nay, t m hnh ch k s c s, nhiu m hnh ch k s khc c xut
nh: ch k s nhm, ch k s tp th, ch k s ngng, ch k s vng, ch
k s c cu trc
1.2. Ch k s tp th
1.2.1. Khi nim
Khi nim ch k s tp th da trn thut ton RSA c a ra u tin
bi Nakamura v Itakura vo nm 1983. Lc ch k s tp th cho php mt
tp th ngi k tham gia k vn bn v ngi xc thc c th xc thc c
rng vn bn c tng thnh vin trong thp th tham gia k. Cch n gin
nht to ch k s tp th l ghp tt c cc ch k s n ca tng thnh
vin. Tuy nhin, cch ny s c di ch k ca tp th v thi gian tnh ton
tng t l vi s lng ngi k.
Nm 1994, Harn xut m hnh lc k s ngng da trn bi
ton logarithm ri rc m yu cu mt s lng ngi k ti thiu (ngng) th
ch k mi hp l. Sau Harn tip tc xut mt m hnh ch k s tp th
c phn bit trch nhim. Tuy nhin, lc ny c nhc im v vn bo
mt ch mt thnh vin trong tp th ngi k c th t mnh k m khng cn
c s tham gia ca c tp th ngi k. Li v mt s tc gi phn tch lc
ca Harn v tm ra nhc im ny v gi tn cng ny l kha-la-o.
Nm 2002, Chih-Yin Lin et al. xut ba lc ch k s tp th
tng ng vi cu trc k ni tip, song song v kt hp. Cc lc ny c
chiu di ch k s c nh v qu trnh xc nhn ch k l hiu qu.
Mt nm sau, 2003, mt lc ch k s tp th c phn bit trch
nhim c xut bi Popescu, trong mi thnh vin s chu trch nhim
ln phn vn bn c k v phn vn bn k c th c xc nhn m khng
cn tit l ton b vn bn.
11
 Nm 2008, cc tc gi a ra lc ch k s tp th da trn bi
ton logarithm ri rc v c chng minh l an ton da trn m hnh Random
Oracle. Nm 2010, Mt nghin cu khc cng a ra lc ch k s tp th
da trn bi ton logarithm ri rc tng thch h tng kha cng khai PKI.
Cng trong 2010, L. H Dng v N.H Minh a ra lc k s tp th trn EC.
Nm 2011, F. Li and Q. Xue xut lc ch k s tp th y
quyn da trn ECC.
Nm 2014, Tiwari v cng s a ra mt lc ch k s tp th
y quyn da trn EC thuc dng chng minh c an ton (provable secure).
Nm 2015, Sudha Devi v cng s xut mt giao thc k s tp th bo
mt v hiu qu da trn ECC c xut trong vi mc ch gim thi
gian tnh ton v c kh nng chng c mt s tn cng tn cng t bn trong
ln ch k s tp th m cc nghin cu trc c nhc im, tuy nhin y l
lc khng c phn bit trch nhim.
C th thy cc lc ch k s tp th da trn h mt ng cong
Elliptic v cc h mt khc gn y thu ht nhiu nh nghin cu. Ch k s
tp th t khi ra i vo nm 1983 v tip tc pht trin cho n nay. Rt nhiu
lc ch k s tp th c xut da trn nhng nhng h mt khc nhau
nh h mt RSA, h mt ng cong elliptic Ch k s tp th c ng
dng rng ri trong thc tin nh thng mi in t v chnh ph in t. Cc
dng ch k tp th c s dng rt nhiu trong cc ng dng ti chnh nh
Bitcoin, khi m cho php mt giao dch ti chnh thc hin cn c nhiu kha
ring. Trong phn tip theo, hc vin nghin cu cc khi nim v ch k s tp
th, phn loi ch k s tp th.
Ch k s tp th c nh ngha bi Boldyreva v Zuhua. Ch k s tp
th c th c tm lc nh sau: Ch k s tp th l ch k to ra t mt lc
ch k s, cho php mt nhm ngi hp tc vi nhau cng k vo mt ti
liu v vic kim tra tnh hp l c th c thc hin nh ch k s n bng
kha cng khai ca nhm.
Lc ch k s tp th cho php mt tp th ngi k tham gia k vn
bn v ngi xc thc c th xc thc c rng vn bn l do tng thnh vin
trong tp th tham gia k. Cch thc thc n gin nht to ch k s tp

12
th n gin l ghp tt c cc ch k thnh phn ca tng thnh vin. Tuy nhin,
nh vy ch k ca tp th s c di t l vi s lng ngi k.
1.2.2. Cc thnh phn ca lc ch k s tp th
- Giao thc sinh kha (xc sut): giao thc ny thng c thc hin
mt ln ban u cho tt c cc thnh vin trong nhm. Mi thnh vin c nhn
u vo thng tin v nhm U, l danh sch v nh danh ca cc thnh vin
trong nhm.
Giao thc sinh kha s sinh cho mi thnh vin cp kha b mt v kha
cng khai tng ng (SKi, PKi).
Ngi tn cng c th xut hin trong qu trnh sinh kha v c th a ra
u vo khc U cho tt c cc thnh vin.
- Giao thc k tp th (xc sut): cc thnh vin trong tp th tham gia k,
kt qu c th c a ra bi mt trong cc thnh vin ca nhm.
- Thut ton xc thc ch k s tp th: thut ton ny c th thc hin
bi mt ngi khc (khng nm trong nhm U), u vo l thng tin v U, thng
ip m v ch k s tp th .
Thut ton cho ra u ra l NG hoc SAI.
1.2.3. Phn loi ch k s tp th da trn cu trc xy dng
1.2.3.1. Phn loi lc ch k s tp th
* Ch k s tp th tun t
Trong cuc sng, thng c rt nhiu quyt nh c thc hin bi nhiu
b phn (c quan) khc nhau v ch k s tp th c a vo thc hin
vic xc thc s ng thun ca cc b phn trong h thng. V d sau y s
lm minh ha cho trng hp ch k s tp th tun t: Mt cng ty mun khai
trng mt chin dch marketing ln. B phn marketing cn phi c c s
chp thun ca c hai b phn: B phn qun l ti chnh (Financial Controller
department) v b phn quan h khch hng (Public Relations department).
Trng hp ny gi l k trn ch k - Signature on signature. Ngha l ngi
k u tin k ln d liu (d liu ra quyt nh m chin dch marketing), v
sau ngi th hai k vo ni dung ca d liu cng vi ch k ca ngi u

13
tin, ngi th ba cng thc hin tng t D liu c k hon tt cho n
khi ch k ca ngi cui cng c t vo d liu. Ph thuc vo chnh sch
phn chia chc nng gia cc b phn ca cng ty, hai tnh hung sau c th xy
ra:
Trng hp ch k s tp th tun t c lp (Independent Sequential
Multiple Signature)
Trong trng hp ny s chp thun ca hai b phn qun l ti chnh v
quan h khch hng c hay khng u khng quan trng. D liu c th c k
bi ngi th nht ri qua ngi th hai. Th t k khng quan trng, ngi th
hai k m khng cn phi kim tra tnh hp l ca ngi th nht. Lc ch
k s tp th trong trng hp ny l thc hin vic kim tra tnh hp l ca mi
ch k mt cch nht qun.
Trng hp ch k s tp th tun t ph thuc (Dependent Sequential
Multiple Signature)
Trong trng hp ny s phn chia chc nng quyn hn ca cc b phn
trong cng ty i hi th t k v kim tra bt buc. Trc khi khai trng chin
dch marketing b phn quan h khch hng ng vi d n trc sau n
b phn qun l ti chnh tip tc xem xt v ng thng qua. Do th t k
rt quan trng ngi k sau kim tra ch k ca ngi k trc ri sau k
vo ni dung ti liu cng vi cc ch k trc . Ch k ca ngi cui cng
tha mn tnh ton vn, xc thc v chng chi t.
* Ch k s tp th song song
Trong nhiu trng hp mt s ng thun phi c k ng thi bi
nhiu thnh vin. Mt bn hp ng c k bi 2 hoc 3 ngi l mt th d
minh ha r rng cho trng hp ny. Mt tha thun quc t c k bi nhiu
thnh vin l mt v d khc ca ch k s tp th song song: Tt c cc ch k
u bnh ng, v khng phn bit ng x. Trong lc ch k s tp th
song song, ch k ca mi ngi c cha trn d liu k, v khng k ln cc
ch k ca ngi khc.
Trong lc ch k s tp th song song, c mt ngi ng vai tr l
ngi qun l. Ngi qun l l ngi c trch nhim:

14
 - Tip nhn ch k ca mi ngi k trong nhm v kim tra tnh hp l
ca cc ch k ny.
- Tnh kho cng khai v ch k s tp th ca c nhm.
Ch : m bo tnh an ton ca lc ch k s tp th song song
th bn thn ngi ngi qun l trong nhm cng phi c kim tra ch k.
Vic kim tra ny c thc hin bi nhng ngi trong nhm. Nhng thnh
vin trong nhm c th kim tra ch k ca ngi qun l. Ty theo tng lc
, tng trng hp c th c cc gii php xc thc khc nhau gia ngi qun
l v cc thnh vin khc.
1.2.3.2. Phn loi ch k s tp th theo phn quyn nhng ngi
k ln d liu.
Ch k s tp th c th c phn thnh hai dng l ch k s tp th c
phn bit trch nhim v khng phn bit trch nhim ngi k. Ch k s tp
th c phn bit trch nhim ngi k c a ra u tin bi Harn. Trong lc
ny, mi thnh vin c trch nhim vi tng phn nht nh ca vn bn.
Trong nghin cu ny, Harn cng a ra cc thuc tnh ca ch k s tp th
nh sau:
- Ch k s tp th c th c xc thc ch bng kha cng khai ca c
tp th m khng cn n kha cng khai ca tng thnh vin.
- Khng th to c ch k s ca c tp th nu khng c s tham gia
ca ton b cc thnh vin.
* Ch k s tp th khng phn bit trch nhim
Mt lc ch k s tp th c xut bi Harn, trong cc thnh
vin k c vai tr ging nhau v khng phn bit trch nhim. Tt c cc thnh
vin cng k vo ton b vn bn m v tt c cc thnh vin cng chu trch
nhim vi ton b ni dung ca vn bn. Do vy, lc ch k s tp th ny
l m hnh k tp th khng phn bit trch nhim.

15
 Vn bn
c k
K s

K s

K s

K s

K s

Hnh 1.3. K s tp th khng phn bit trch nhim

* Ch k s tp th c phn bit trch nhim

Trong thc t, nhng ngi k c vai tr v v tr khc nhau s chu trch
nhim vi cc phn khc nhau ca vn bn. Mi ngi k s chu trch nhim
vi phn vn bn lin quan n chc nng v trch nhim ca mnh. Lc
ch k s m bo thuc tnh ny l lc ch k s tp th c phn bit trch
nhim ca ngi k. Nm 1999, Harn xut lc ch k s tp th c
phn bit trch nhim ca ngi k m c nhng thuc tnh nh sau.
- Mi thnh vin c trch nhim khc nhau trong vn bn cn k.
- Mt phn ca vn bn c th xc thc m khng nht thit phi bit ton
b vn bn.

16
 Vn bn cn k c
chia cho cc thnh
vin chu trch nhim
K s

K s

K s

K s

K s

Hnh 1.4. K s tp th c phn bit trch nhim

1.3. Kt lun chng 1

Trong chng ny, u tin cc khi nim v nh ngha c bn c
dng trong ch k s, ch k s tp th c trnh by. Tip theo, tng quan
cc vn nghin cu trong nc v trn th gii v cc ch k s tp th. Da
trn qu trnh ny, trong chng tip theo, Hc vin s tp trung nghin cu cc
lc ch k s tp th trn cc h mt khc nhau nhm mc ch hiu mt
cch tng quan v cc h mt kha cng khai, ch k s trn cc h mt v cc
lc ch k s tp th trn cc h mt.

17
 Chng 2
CH K S TP TH VI CC H MT KHC NHAU
2.1. Tnh hnh nghin cu v ch k s tp th
Nm 1983, ln u tin K.Nakamura v K.Itakura a ra khi nim ch
k s tp th. Harn vo nm 1994 xut m hnh lc k s tp th
ngng da trn bi ton Lgarithm ri rc, l lc k s yu cu phi c mt
lng tp th ti thiu (ngng) th ch k mi c th hp l. n nm 1999,
Harn li tip tc ci tin v a ra khi nim ch k s tp th c phn bit trch
nhim. ng tic l lc k tp th ny c im yu bo mt, khin mt trong
s tp th ngi k c th gian ln, t mnh k m khng cn c s tham gia k
ca c tp th. im yu ny c tc gi Li v ng nghip ch ra vo nm
2000, tn cng dng ny c gi l tn cng kha la o (Rogue-Key Attack),
trong thnh vin ca nhm thay v cng b kha cng khai ca mnh li s
dng kha cng khai l mt hm ph thuc vo cc kha cng khai ca cc
thnh vin khc c th d dng to ra ch k s tp th m khng cn c s
tham gia ca cc thnh vin khc.
Nm 2000, Shich v ng nghip xut lc ch k tp th ng dng
Mobie, c chia ra lm 2 trng hp ni tip v k song song. Nm 2001, Lin,
Wu v Hwang cng b lc k s tp th c cu trc da trn h mt nh
danh [8]. Tuy nhin ngay sau lc ny b b gy bi Mitchell [9] ngay
trong nm 2001.
Nm 2003, Constantin Popescu xut lc k tp th da trn ng
cong Elliptic [20], tuy nhin trong lc ny b li v li ny c cng b
vo nm 2011.
Nm 2005, Kawauchi xut lc ch k s tp th da trn hm mt
chiu tuy nhin giao thc k cn c s ph thuc trnh t k.
Nm 2006, Bellare khi qut ha tng ca Pointcheval v Stern v a
ra nh ngha v c t v ch k s tp th trong [11].
Nm 2007, Abound cng b lc k s tp th da trn h mt RSA,
ci tin t lc ca Okamoto. Cng trong nm ny, Hakim Khali v Ahcene
xut lc k s tp th da trn DSA v ECDSA [12].

18
 Baghezandi v cng s trnh by nh gi bo mt mt s lc ch
k s tp th vo nm 2008, ng thi Bagherzandi cng trnh by kh y v
nh ngha ch k s tp th v m t cc tn cng vo ch k s tp th, ngoi
ra Bagherzandi cng chng minh bo mt ca ch k s thng qua b
Forking.
N.R.Sunitha, B.B.Amberker v P.Koulgi vo nm 2008 xut m hnh
sc in t s dng lc k s tp th da trn lc k ElGamal (logarith
ri rc), m hnh k ni tip ln lt, tuy nhin th t k th khng cn phi xc
nh trc [13].
Duc-Phong, Bonnecaze v Gabillon nm 2008 cng b lc k s tp
th da trn bi ton Logarithm ri rc c chng minh bo mt bng m hnh
Oracle da trn tng ca Bellare. Nm 2009, ba tc gi tip tc xut ch
k s tp th da trn cp song tuyn tnh.
Meziani vo nm 2010 a ra lc k s tp th khc hn cc lc
c, da trn Coding Theoory. Tuy nhin tnh ng dng ca lc ny khng
cao.
Nm 2010, Zuhua Shao da trn h mt Logarithm ri rc xut lc
k tp th vi nh ngha v m hnh rt chi tit v c th cng ch ra nhng
im m ngi tn cng c th trin khai. Cng trong nm 2010 Jia Yu xut
lc k tp th Forward-Sucure, bn cnh ch k s ngng v ch k m.
Trong lc k forward-sucure signature scheme, ton b thi gian c chia
thnh nhiu phn on, cho mi phn on s s dng mt kha b mt khc
nhau, trong khi kha cng khai th khng thay i trong ton b qu trnh k.
Kha b mt cho mi phn on s c tnh thay i trong ton b qu trnh k.
Kha b mt cho mi phn on s c tnh trn kha c bng mt hm mt
chiu. Mi ch k c mt ngha trong mt thi gian xc nh, khi xc thc
ngoi vic xc thc tnh hp l ca ch k, lc cn cho php xc thc c
qu trnh k qua tng phn on thi gian. Lc k ny c xut da
trn song tuyn tnh.
Nm 2015 Jinila trong [14] cng b lc k s tp th dng trong
mng giao thng da trn h mt RSA theo ID-Based, nhm lm gim kch
thc s tp th bi ton h thng ch c mt cp kha cng khai v b mt dng

19
chung, ngoi ra vai tr ca tng thnh vin khng c ngha bi ch k thnh
phn ca mi thnh vin n thun ch l php nhn thng ip m vi ch s
thnh phn si do trung tm cung cp, nh vy trung tm hon ton tnh c gi
tr ny m khng cn ti s tham gia ca thnh vin.
Tip sau y hc vin s trnh by lc ch k s tp th da trn mt
s h mt ph thng v mang tnh i din.
2.2. Ch k s tp th da trn bi ton Logarithm ri rc
ElGamal l ngi u tin xut s dng bi ton Logarithm ri rc
xy dng lc k s [15] nm 1985. Sau ny thut ton DSA trong chun
[16] cng da trn lc Elgamal c sa i ban hnh thnh chun cho ch
k s. Harn nm 1999 cng b bi u tin a ra khi nim ch k s tp th
phn bit trch nhim. Sau nm 2003, Hwang a ra lc k s tp th c
phn bit trch nhim.
* Lc ch k s tp th Khali v Farah
Lc k tp th ny do Khali cng b trong nm 2007 [12].
- Sinh kha
(1) Chn hai s nguyn t ln p, q sao cho q|(p1) nh c nh ngha
trong tiu chun [3] ban hnh nm 2013. Chn g l s sinh c bc q trong trng
.
(2) Mi thnh vin Ui, 1 i t chn s ngu nhin ln xi lm kha b
mt:1 xi q.
(3) Ui tnh kha cng khai yi tng ng nh sau:
yi = gxi mod p
- To ch k s tp th
(1) Ngi trng nhm chn ngu nhin s k1, (1 < k1 < n) v tnh
r1 = (1 mod p) mod q
b = k1(H(m) + a1x1) mod q
s = b1 mod q
Sau gi (r1,s) cho tt c thnh vin.

20
 (2) Cc thnh vin kim tra tnh hp l ch k ca ngi qun l bng
cch tnh:
u = H(m)s mod q,
v = r1 s mod n
r = (gu yv mod p) mod q
Kim tra nu r = r1 th ch k hp l, ngc li l khng.
(3) Mi ngi k Ui, i 1 s tnh ch k nh sau:
ki = s(H(m) + r1xi) mod q
ri = (gki mod p) mod q
Sau s gi gi tr ny n ngi qun l.
(4) Ngi qun l s kim tra tnh hp l ca tng ch k thnh vin v
to ch k tp th l tp (a1,a2,...,at,s).
- Kim tra ch k s tp th
(1) Ngi kim tra, xc thc ch k tnh:
u = H(m)s mod n, v = r1s mod n
(2) Tip theo tnh cc im:

= ( . )
=1

= ( )
=1

(3) Kim tra nu r = r th ch k s hp l.

- Chng minh.

.
= ( . ) = ( () . 1 )
=1 =1

21


= ( (()+ ) ) = ( ) =
=1 =1

2.3. Ch k s tp th da trn h mt RSA

Lc ch k s ny do R. Rivest, A. Shamir v L. Adleman xut
vo nm 1978 trong cng trnh [4].
2.3.1. Ch k s RSA
- Sinh kha
(1) Chn hai s nguyn ln p, q v tnh n = p.q v hm (n) = (p-1)(q-1).
(n) c gi l hm Euler. Nu p l s nguyn t th:
(p) = p-1 (2.1)
(n) cho ra tng s cc s nguyn nh hn n v nguyn t cng nhau vi
n.
(2) Chn s nguyn e, 1<e< (n), sao cho gcd(e, (n)) = 1.
(3) Tnh s nghch o ca e trong () l s d c ngha l ed 1 (mod
(n)).
Kha cng khai s l (n,e) v kha b mt s l (n,d).
- Sinh ch k s
(1) Tnh gi tr bm
= h(m) vi h() l hm bm bo mt v d nh SHA-
c biu din di dng s nguyn trong khong [0,n1].
256 v
(2) Tnh ch k s:

s=
- Xc thc ch k s
(1) Ngi nhn, nhn c thng ip m v ch k s, tnh gi tr bm
= h(m).

(2) Tnh gi tr:

= se
(2.3)

22
 =
(3) nu , ch k hp l, ngc li th khng.
- Chng minh tnh ng n ca thut ton
nh l 2.2.1. (Euler) Vi mi s n,a nguyn t cng nhau ta c:
() 1 (mod n) (2.4)
Chng minh. Xt tp s nguyn:
R = {x1,x2,...,x(n)}
Mi phn t xi l s nguyn dng duy nht nh hn n vi gcd(xi,n) = 1,
nhn mi phn t ca R vi a v ly phn d khi chia cho n, ta s c tp S:
S = {(ax1 mod n),(ax2 mod n),...,(ax(n) mod n)}
Nhn thy tp S c cc phn t ch l hon v ca cc phn t ca tp R v
a l nguyn t cng nhau vi n, xi cng l nguyn t cng nhau vi n suy ra axi
cng nguyn t cng nhau vi n. T nhn tt c cc phn t ca S v R ta c:
() ()

( )
=1 =1
() ()

= ()
=1 =1
() ()

() . [ ] = ()
=1 =1

() 1()
Khi n l s nguyn t ta c nh l Fermat nh:
an-1 1 (mod n)
Theo nh l Euler ta c:
() 1 (mod n) (2.5)

T c th d dng thy rng:
)e =
= se = (
=
()+1 =
(2.6)

23
2.3.2. Ch k s tp th RDSA
Ch k s tp th RDSA (repeated individual signature) l lc k n
lp li to nn ch k tp th.
l bn tm lc ca vn bn m, c
K hiu thng chng ta s s
dng hm bm bo mt no :

= h(m) (2.7)
- K vn bn
K hiu tp th gm t ngi k l GU = {U1,U2,...,Ut}. Giao thc k tp
th cho hu ht tt c cc lc k tp th da trn lc k n s l:
(1) Ngi k U1 s s dng kha b mt d1 ca mnh k vo
, thng
l m ha bng kha b mt ny.
(2) Tip theo ln lt tng ngi k Ui s k ln vn bn tm lc m
ngi Ui1 k v chuyn tip cho ngi Ui+1.
(3) Cui cng, ngi k Ut s k vo vn bn tm lc, to ra ch k SG
m nhng ngi khc k v gi cho ngi nhn (ngi xc thc) v vn bn
cn gi.
- Xc thc ch k
(1) Ngi nhn nhn ch k SG v vn bn m. To bn tm lc
=
h(m).
(2) Tip theo ln lt xc thc ch k ca tng ngi gi theo th t
ngc li vi qu trnh k.
Lc k tp th ny c nhiu nhc im v hiu nng tnh ton,
chim dng khng gian lu ch ln (tt c cc kha cng khai ca ngi k),
ng thi phi tun th ng th t k ca ngi k. khc phc nhc im
ny, nhiu lc k tp th c pht trin.
2.3.3. Ch k tp th Itakura v Nakamura
Itakura v Nakamura l hai tc gi xut lc ch k s tp th u
tin vo nm 1983. Tuy nhin lc li c im yu nht nh.[1]
- Sinh kha

24
 (1) Chn hai s nguyn t ln p, q. Tnh gi tr n0 = pq v (n0) =
(p1)(q1), vi mi ngi k Ui chn s ri v chn s e sao cho e < (n0),
gcd(e,(n0)) = 1 v e > max{ri}1it.
(2) Mi ngi k Ui c kha cng khai l (ni,e,i) vi ni = ni.ri sao cho ri <
rj vi 1 i < j t c ngha l ni < nj.
(3) Ngi k Ui c kha b mt l di c chn sao cho edi 1 (mod
(ni)).
- K vn bn
K theo th t ngi c ri nh nht cho n ln nht.
1 mod ni, sau gi n ngi k U2.
(1) Ngi k U1 tnh si
(2) Ngi k Ui s k vo ch k ca ngi k trc Ui-1 vi 2 i t1
bng cch tnh:

si 1

(mod ni)
(3) Ngi cui cng Ut s k vo ch k nhn c t ngi Ut-1 bng
cch tnh:

s = st 1

(mod nt)

- Xc thc ch k
(1) Theo trnh t ngc li t gi tr cao xung thp, vi kha cng khai
(ni,e) vi mi t i 1, tnh:
si-1 (mod ni)
(2) Cui cng ngi xc thc s tnh c s0 = (mod n1).
th ch k hp l, ngc li th khng.
(3) Nu s0 =
- Chng minh.
si-1 = sei =(sds-1)e= si-1
Nhc im ca lc ny l di ca ch k s tng ln sau mi ln
k v khi n khng phi l s nguyn t th lc s c im yu l c th khi
phc c vn bn m khng cn bit n kha b mt.
25
2.3.4. Lc ch k tp th Harn v Kiesler
Hai tc gi Harn v Kiesler nm 1989 xut lc k tp th cho
ngi xc thc c xc nh trc [13] c m t di y.
- Sinh kha
(1) Mi ngi k Ui, 1 i t chn ngu nhin hai cp i s nguyn t
ln (pi,qi) v ( , ) cp u tin dng cho vic k tp th, cp th 2 cho
m ha thng ip.
(2) Tnh ni = piqi v = . ) v vi ni < h < vi h l ngng cng
khai bit trc. Sp xp sao cho n1 < n2 < ... < ni < ... < nt.
(3) Tnh cp (ei,di) v ,
) sao cho:

ei.di 1 (mod (ni)), .

1 (mod (
))
(4) Kha cng khai s l tp hp (ni,ei,).

- K vn bn
(1) Bn th ba tnh ci 1 mod n1 v gi gi tr c1 ti U1.

(2) U1 gii m 11 = 1 1 mod n1, sau kim tra v so snh vi thng
ip nhn c, nu hp l U1 s dng kha cng khai ca U2 m ha ch k:

s1 1 , c2 =1 2 mod n2
Sau U1 gi c2 n ngi k U2.
(3) Ngi k Ui vi 2 i t gii m ch k t ngi gi Ui-1 v c ln
lt gii m tm li gi tr m.

1
1 si-2 mod ni-1 (2.8)
...

22 si mod n2 (2.9)

1 1 m mod n2 (2.10)

Tip theo to ch k s si 1
sau m ha ch k ny bng kha
cng khai ca ngi k Ui+1 bng cch tnh:

26

ci+1 1

mod ni+1
(4) n ngi k cui cng Ut, s tip tc tin hnh tng t vi vic coi
ngi xc nhn nh l thnh vin Ut+1:

s mod nV
Ngi xc thc V c kha cng khai l (eV, nV ).
- Xc thc ch k
(1) Ngi xc thc V dng kha b mt dV tnh:

mod nV st
(2) Ln lt gii m ra m bng cch thc tng t nh cch tnh (2.8)
n (2.10).
(3) So snh gi tr m gii m c vi gi tr m nhn c, nu trng
nhau l ch k hp li, ngc li l khng hp l.
- Chng minh.
1
1 1
1 = (2 ) = 2
2.4. Ch k s tp th da trn h mt Elliptic
2.4.1. Tng quan v h mt trn ng cong elliptic
Nm 250 sau Cng nguyn, Diophant khi gii bi ton tm s tng ca
thp cc qu cu m khi tri ra mt t c th xp thnh mt hnh vung dn
n gii phng trnh (y l s qu cu trn 1 cnh hnh vung; x l s tng ca
thp):
y2 = 12 + 22 + 32 + + x2 = x(x + 1)(2x + 1) /6
Phng trnh y2 = x(x + 1)(2x + 1)/6 l mt dng ca ng cong Elliptic.
Nm 1637, nh ton hc v vt l hc ngi Php Pierre de Fermat cng b nh
l Fermat cui cng khi vit trn l bn copy cng trnh ca Diophant: Phng
trnh sau y l v nghim:
xn + yn = zn , n > 2

27
 Hn ba th k, c rt nhiu nh ton hc c gng chng minh nh l
ny xong u tht bi, mi cho n nm 1994, Andrew Wiles, gio s trng
Princeton gy mt ting vang ln trong cng ng ton hc th gii vo thi
im khi s dng ng cong Elliptic c dng y2 = x(x an )(x + bn ) cng
vi l thuyt v Modul chng minh nh l Fermat cui cng. Nm 1987,
Lenstra xut thut ton phn tch s nguyn ra tha s nguyn t s dng
ng cong Elliptic, l thut ton tng i nhanh, chy vi thi gian di
hm m v l thut ton nhanh th 3 trong vic phn tch ra tha s nguyn t,
sau phng php sng a thc ton phng v phng php sng trng s tng
qut [2].
Trong lnh vc mt m, vo nm 1985, Victor S. Miller cng b bi bo
u tin v ng dng ng cong EC trong mt m Use of Elliptic Curves in
Cryptography v sau l Neal Koblitz vi Elliptic curve cryptosystem vo
nm 1987. T cho n nay c rt nhiu cng b nghin cu v EC v l
thuyt v trong thc tin cng ngy ng dng ECC cng c s dng rng ri,
v c a thnh cc tiu chun. Mt s tiu chun lin quan n ng
cong Elliptic:
IEEE 1363: Tiu chun ny bao gm gn nh tt c cc thut ton v cc
h kha cng khai trong c ECDH, ECDSA, ECMQV v ECIES. Trong phn
ph lc c c cc thut ton c bn v l thuyt s lin quan n h mt kha
cng khai.
ANSI X9.62 v X9.63: Cc chun ny tp trung vo ng cong Elliptic
v c th v ECDSA trong X9.62 v ECDH, ECMQV v ECIES trong X9.63.
Cc chun ny cng xc nh khun dng cc d liu v danh mc cc ng
cong khuyn co s dng.
FIPS 186.2: Tiu chun ca NIST cho ch k s, m t chi tit v thut
ton DSA algorithm.
SECG: L tiu chun c bin son bi nhm cc doanh nghip dn dt
bi cng ty Certicom, gn nh l nh x ca cc chun ANSI nhng c tip
cn trn mi trng Web t Website http://www.secg.org/
ISO 15946-2: Tiu chun m t v ECDSA v ECIES (cn c gi l
ECIES-KEM).

28
 RFC 3278: Use of Elliptic Curve Cryptography (ECC) Algorithms in
Cryptographic Message Syntax (CMS) l khuyn ngh s dng thut ton ECC
trong m ha thng ip vn bn.
* Phng trnh Weierstra ca ng cong Elliptic
- ng cong Elliptic c dng sau:
y2 = x3 + Ax + B (2.11)
Trong A v B l cc hng s. Cc gi tr ca x, y, A, B thng l cc
gi tr trn mt trng no , v d nh R (s thc), Q (s hu t), C (s phc),
hoc trng hu hn Fq, vi q = pn trong p l s nguyn t vi n 1. Nu K l
mt trng c a, b K, khi ta ni ng cong Elliptic c nh ngha trn
trng K. im (x, y) trn ng cong Elliptic vi (x, y) K c gi l im
K - Hu t. Dng tng qut phng trnh Weierstrass ca ng cong Elliptic s
c biu din di dng:
y2 + a1xy + a3y = x3 + a2x2 + a4x + a6, (2.12)
Trong a1, , a6 l cc hng s. Dng (2.12) thng c s dng vi
cc trng K c c s char(K) bng 2 hoc 3. Khi K c char(K) khc 2 c th
bin i (2.12) thnh dng sau:
1 3 2 12 1 3 32
(y + + ) = ( 3 + ( 2 + ) 2 + (4 + )( + 6 )
2 2 4 2 4

C th vit li nh sau: 12 = x3 + 2 x2 + 4 x2+6 ,

Vi y1 = y + a1x/2 + a3/2 v vi cc hng s 2 , 4 , 6 . Khi K c chap(K)
khc 3 c th dng php th x1 = x + 2 /3 v ta c:
12 = 13 + Ax + B,
Trong A, B l cc hng s no . ng cong (2.11) c nh thc =
16(4A3+ 27B). ng cong ny s suy bin v khng c 3 nghim phn bit
khi = 0, trong ti liu ny chng ta ch xt cc ng cong c 0.
- H mt trn ng cong Elliptic
Khi nim: Tp hp tt c cc im (x, y) vi x, y F p tho mn phng
trnh ca ng cong E v vi mt im v cc cng vi mt php ton

29
cng s to thnh mt nhm, gi l nhm cc im trn ng cong elliptic
trong F p , k hiu l E( F p ). Ging nh nhm nhn trn trng hu hn, nhm
ny c s dng xy dng nn h mt Elliptic.
* Php cng cc im trn ng cong Elliptic
Xt hai im P1 = (x1, y1) v P2 = (x2, y2) trn ng cong Elliptic E nh
Hnh 2.1:
y2 + a1xy + a3y = x3 + a2x2 + a4x + a6
Php cng gia hai im trn ng cong E c nh ngha nh sau:
P3(x3, y3) = P1(x1, y1) + P2(x2, y2) (2.13)
Trong P3(x3, y3) = (x3, ), im (x3, ), l giao im ca ng
cong E v ng thng i qua P1 v P2. V 2 im P3(x3, y3), (x3, ), u
nm trn ng cong E nn (x3, y3), (x3, ) phi tha mn phng trnh

Hnh 2.1. Php cng trn ng cong Elliptic

30
 Sau khi nh ngha v c cng thc tnh tng 2 im trn ng cong E,
chng ta s nh ngha php nhn v hng hay php cng nhiu ln mt im
trn E.
* Nhn v hng ca mt im trn ng cong Elliptic
Vi n N \ {0} nh ngha php nhn v hng ca im P nm trn
ng cong E l php cng n ln chnh bn thn im P:
P nP = P + P + + P = Q
ti u php nhn v hng, c th s dng phng php Nhn i-v-
cng, u tin biu din s n di dng: n = n0 + 2n1 + 22n2 + + 2mnm vi [n0
. . . nm] {0, 1}, sau p dng thut ton:
Thut ton 1.1 Phng php Nhn i-v-cng
1: Q 0
2: for i = 0 to m do
3: if ni = 1 then
4: Q Cngim(Q,P)
5: end if
6: P Nhni(P)
7: end for
8: return Q
Ngoi phng php Nhn i-v-cng, c th s dng phng php
Trt-cas. Cc phng php ny cho php nhn v hng mt cch ti u.
Lu :
Khng tn ti php nhn 2 im trn ng cong E, c ngha l khng
tn ti P Q vi P, Q E.
Khng tn ti thut ton chia v hng Q : n.
* Nhm (+) ca cc im trn ng cong Elliptic
Xt ng cong Elliptic E c nh ngha bi phng trnh

31
 y2 = x3 + Ax + B
Xt 3 im nm trn ng cong E l P1, P2, P3 ln lt c cc ta l
(x1, y1), (x2, y2) v (x3, y3).
cc im trn ng cong Elliptic to thnh nhm (+), im v
cng () s c thm vo ng cong, k hiu l , im ny s nm trn
cng v di cng ca trc y. Mt trong nhng thuc tnh quan trng nht ca
ng cong Elliptic l tn ti nhm cc im vi php cng nm trn ng
cong.
nh l 1.5.1. Php cng vi cc im P, P1, P2, P3 trn ng cong E tha
mn cc tnh cht ca nhm:
1. (Giao hon): P1 + P2 = P2 + P1;
2. (im n v): P + = P;
3. (im nghch o): Tn ti P ca P sao cho P + P= ;
4. (Kt hp): (P1 + P2) + P3 = P1 + (P2 + P3).

32
 Hnh 2.2. V d v tnh cht kt hp trn ng cong Elliptic

2.4.2. Lc ch k s tp th Popescu
Trong mc ny s m t tm tt lc thut ton ca tc gi Popescu
trong tp ch Studies in Informatics and Control [10]. Lc ch k s tp
th bao gm 3 pha, pha sinh kha, pha sinh ch k v pha kim tra ch k. Gi
thit rng c t ngi k Ui, 1 i t cng k vo vn bn m {0,1}.
- Sinh kha
Chn b tham s nh trong [20], sau tin hnh cc bc nh sau:

33
 (1) Chn p l s nguyn t v n l s nguyn. Gi f(x) l a thc ti gin
trn GF(p) c bc n, sinh ra trng hu hn GF(pn) v l nghim ca f(x) trong
GF(pn).
(2) Hai phn t a,b GF(pn) nh ngha ng cong Elliptic E trn GF(pn)
c phng trnh l y2 = x3 + ax + b vi p > 3 v 4a3 + 27b2 0.
(3) Hai phn t xp v yp trong GF(pn) xc nh im P = (xp,yp) vi bc
nguyn t q trong E(GF(pn)) vi P 0, m 0 l im trung ha.
(4) nh ngha hm chuyn i c(x) : GF(pn) Zp nh sau:
1

() = ,
=0
1

= ( ), 0
=0

Cc bc sinh kha c thc hin nh sau:

(1) Mi ngi k chn ngu nhin s nguyn di trong khong [1,q1] v
tnh kha cng khai tng ng nh l im Qi = diP.
(2) Tnh kha cng khai tng cho tt c ngi k (bng tng tt c cc
kha cng khai ca tng ngi k) Q ==1 = dP = (xQ,yQ) vi d ==1 di
(mod q).
(3) nh ngha hm H l hm bm mt chiu v d nh SHA-256.
- To ch k s tp th
Mi ngi k Ui thc hin cc bc sau y:
(1) Chn ngu nhin s ki [1,q1] v tnh Ri = kiP = (xRi,yRi), 1 i t.
(2) Chuyn i gi tr x ca im Ri thnh s nguyn ri = c(xRi), vi c(x)
l hm chuyn. Gi tr ri c truyn cho tt c cc thnh vin khc trong nhm.
(3) Khi ri,1 i t c cung cp y thng qua knh truyn, mi thnh
vin s tnh gi tr giao c:
r = r1 + r2 ++ rt (mod q) (2.14)

34
 (4) Thng qua kha ring (kha b mt) di v ki, k vn bn m, ngi k
Ui s tnh: si = diH(m) kir (mod q). (2.15)
(5) Truyn cp (m,si) ti ngi y nhim c phn cng, khi ngi ny
nhn c ton b cp ch k s s tin hnh kim tra bng im:
(r-1H(m) mod q)Qi (r-1 si mod q)P = ( , ), 1 i t
V kim tra ri = ( , ) (mod q), 1 i t. Sau khi kim tra cc ch k
ca tt c cc thnh vin v nu chng u hp l th tin hnh tnh ch k s tp
th (r,s) vi :
s = s1 + s2 ++ st (mod q).
- Kim tra ch k s tp th
(1) Khi mi cp ch k (m,si), 1 i t tha mn iu kin:
(r-1 H(m) mod q)Qi (r-1 si mod q)P =( , ), 1 i t
(2) Tnh tng cho tt c ngi k:
(r-1 H(m) mod q)Q (r-1s mod q)P = (xe,ye)
s = s1 + s2 ++ st (mod q)

= = = ( , )
=1

v r = c(xe) (mod q), ni cch khc ngi kim tra tnh im (xe,ye)
(3) Kim tra nu r = c(xe) (mod q), nu ng th cp ch k (r,s) chp
nhn, nu sai th t chi ch k.
- Chng minh.

1 ()) ( 1 ) = 1 ( () )
=1

= 1 ( () () + )
=1 =1 =1

35


= 1 ( ) = =
=1 =1

2.4.3. Lc ch k s tp th Khali v Farah

Lc k tp th ny do Khali cng b trong nm 2007 [17].
- Sinh kha
Chn b tham s nh trong [31]. Sau tin hnh cc bc nh sau:
(1) Mi thnh vin Ui, 1 i t chn s ngu nhin ln di lm kha b
mt.
(2) Ui tnh kha cng khai Qi tng ng nh sau: Qi = diP.
- To ch k s tp th
Mi ngi k Ui thc hin cc bc sau y:
(1) Ngi trng nhm chn ngu nhin s k, (1 < k < n) v tnh R1 = kP
= (x1,y1) v chuyn x1 thnh s nguyn.
1 Tnh tip r1 =
1 mod n v
tnh:
s = k(H(m) + r1d1) mod n (2.16)
Sau gi (r1,s) cho tt c thnh vin.
(2) Cc thnh vin kim tra tnh hp l ch k ca ngi qun l bng
cch tnh:
u = H(m)s mod n, v = r1s mod n
R = uP + vQ1
Kim tra nu r = r1 th ch k hp l, ngc li l khng.
(3) Mi ngi k Ui, i 1 s tnh ch k nh sau:
ri = s(H(m) + r1di) mod n (2.17)
Sau s gi gi tr ny n ngi qun l.
(4) Ngi qun l s kim tra tnh hp l ca tng ch k thnh vin v
to ch k tp th l tp (a1,a2,...,at,s).
- Kim tra ch k s tp th

36
 (1) Ngi kim tra, xc thc ch k tnh:
u = H(m)s mod n, v = r1s mod n
(2) Tip theo tnh cc im:

= ( + )
=1

=
=1

(3) Chuyn i cc ta x ca im R0,R thnh s nguyn , .

r= mod n, r = mod n
(4) Kim tra nu r = r th ch k s hp l ngc li l khng hp l.
- Chng minh.

= ( + ) = (() + )
=1 =1

= (() + ) = =
=1 =1

2.5. Kt lun chng 2

Trong chng ny, Hc vin s gii thiu s lc v tnh hnh nghin cu
ch k s tp th sau l tp trung nghin cu cc lc ch k s tp th
trn cc h mt khc nhau: h mt RSA, h mt Elliptic nhm mc ch hiu mt
cch tng quan v cc h mt kha cng khai, ch k s trn cc h mt (ch k
s RSA, ch k s tp th RDSA, Itakura v Nakamura) v cc lc ch k
s tp th trn cc h mt (Lc ch k s tp th Khali v Farah, Lc
ch k tp th Harn v Kiesler, Lc ch k s tp th Popescu). Trong
chng tip theo, Hc vin s i vo trng tm ca ti nghin cu thc
nghim ch k s tp th trn h mt ID-Based.

37
 Chng 3
NGHIN CU THC NGHIM LC CH K S TP TH
TRN H MT ID-BASED
Nm 1985, Shamir ln u tin a ra tng v h mt nh danh (ID-
Base) [21], trong thay v vic to ra kha cng khai bng phng php ngu
nhin, y c th dng cc thng tin nh danh nh a ch Email, s chng
minh th to ra kha cng khai, u im ca h mt ny l khng cn phi
trao i kha cng khai, v c th bit kha cng khai t trc khi cp kha
c to ra, khng cn phi trao i kha cng khai v n c th c to ra theo
mt quy nh tng minh v d dng. H mt nh danh c bit ph hp vi
nhng mi trng c mt s lng ln ngi dng. T sau cng trnh ca Boneh
and Franklin nm 2001, hng lot cng trnh khc da trn ID-Based c pht
trin.
3.1. Ch k s tp th da trn cp Song tuyn tnh
Lc ch k s tp th Boldyreva
Lc do Boldyreva cng b vo nm 2003 [22].
- Sinh kha
(1) Coi hm bm H : {0,1} E (nhm cc im nm trn ng cong
Elliptic c bc l q l hm nh x ti im.
(2) Chn kha b mt l xi v kha cng khai tng tng l =
xiP, vi ui U,1 i t.
- To ch k s tp th
(1) Mi thnh vin ui tnh i = xiH(m) v gi n ngi k D.
(2) D tnh gi tr k s ca c tp th: = =1 v a ra ch k s
(m,).
- Kim tra ch k s tp th
(1)Tnh kha cng khai ca c tp th: == =1
(2) Kim tra iu kin:
e(P,) = e( ,H(m))

38
 Nu ng th ch k s hp l, ngc li l khng.
- Chng minh.

e(P, ) = (, ) = (, ()
=1 =1

= ( , ()) = (,())
=1

3.2. Nghin cu thc nghim lc ch k s tp th trn h mt ID-

Based
3.2.1. H mt ID-Based
H mt ID-Based hay IBE ( Identity-based encryption ngha l M ha
da trn nh danh) l cng ngh m ha kha cng khai cho php ngi dng
tnh ton kha cng khai t mt chui ty . Chng ta thng ngh n chui
ny nh th hin mt nhn dng no , nhng thng hu ch khi s dng mt
nhn dng tnh ton mt kho cng khai nh vy.
Kh nng tnh ton cc phm khi cn thit cho cc h thng IBE khc bit
so vi cc h thng kho cng khai truyn thng, v cc tnh cht ny mang li
nhng li ch thc tin ng k trong mt s trng hp. V vy, mc d c rt t
trng hp, trong khng th gii quyt bt k vn no vi cc cng ngh
kha cng khai truyn thng c th c gii quyt bng IBE, cc gii php s
dng IBE c th n gin hn nhiu thc hin v h tr t hn nhiu so vi
cc gii php thay th.
IBE ln u tin c cp bi Adi Shamir vo nm 1985, khi ng m
t mt phc tho th ca cc tnh cht m mt h thng nh vy nn c v lm
th no n c th c s dng, mc d ng khng th tm thy mt cng
ngh an ton v kh thi lm vic nh ng m t. ng dng nh thy nhng
u im ca IBE lin quan n tnh d s dng so vi cc cng ngh khc khi
ng m t IBE theo cch ny.

39
 Mt chng trnh da trn nhn dng ging nh mt h thng th in t
l tng: Nu bn bit tn v a ch ca ai , bn c th gi cho anh ta nhng
thng ip m anh ta ch c th c v bn c th xc minh nhng ch k m ch
c anh ta mi c th to ra. N lm cho cc thut ton m ho c cung cp cho
ngi s dng rt r rng, v c th c s dng c hiu qu bi c cha kha
hoc giao thc.
Mt h thng IBE c nhng im tng ng vi cc h thng kha cng
khai truyn thng, nhng cng kh khc theo nhng cch khc. Mc d kha
cng khai truyn thng cha tt c cc tham s cn thit s dng kha, s
dng mt h thng IBE, ngi dng thng cn c mt tp hp cc tham s
cng khai t mt bn th ba ng tin cy. Vi cc tham s ny, ngi dng c
th tnh ton kha IBE cng khai ca bt k ngi dng no v s dng n
m ha thng tin cho ngi dng . Qu trnh ny c th hin trong hnh
di y.

Hnh 3.1. M ha vi mt h thng IBE.

40
 Hnh 3.2. Gii m vi mt h thng IBE

Ngi nhn thng tin m ho IBE sau xc thc mt cch no ti

my pht kho c nhn (PKG), mt bn th ba ng tin cy tnh ton kha c
nhn IBE tng ng vi kha cng khai IBE c th. PKG thng s dng thng
tin b mt c gi l b mt gc, cng vi nhn dng ca ngi dng, tnh
ton mt kha c nhn nh vy. Sau khi tnh kho ny c tnh, n c phn
phi an ton cho ngi c y quyn (m t trong Hnh 3.2). Trong mt s
kha cng khai truyn thng, chng ta c th tm tt cc thut ton lin quan n
vic to v s dng cp kha cng khai-c nhn nh to ra, m ha v gii m
quan trng. Hai thut ton b sung, chng nhn v xc nhn chnh xc, thng
c s dng trong nhiu trin khai ca cc chng trnh nh vy. xc nh
y cc hot ng ca mt chng trnh nh vy chng ta cn phi xc nh
hot ng ca mi thut ton. Trong bc to kho, mt kho ca cp kha cng
khai-c nhn c to ngu nhin v kho khc trong cp c tnh t n. Sau
, kha cng khai v danh tnh ca ch s hu c CA k bng ch k s
to chng ch s. M ha c thc hin bng kha cng khai c trong chng
ch ny. Gii m c thc hin bng kha c nhn tng ng vi kho cng
khai.

41
 Bng 3.1. So snh tnh cht ca IBE v cc h thng kha cng khai truyn thng

IBE H thng kha cng khai truyn thng

- Cc tham s cng khai c phn - Tt c cc tham s bt buc l mt

phi bi mt TTP phn ca kha cng khai
- Kha ch b mt PKG c s dng - Kha c nhn CA c s dng
tnh ton cc kha c nhn to chng ch s
- Kha c nhn do PKG to ra - Kha c nhn c to ngu nhin
- Kha cng cng c th c tnh bi - Kha cng khai c tnh t kha c
bt k ngi dng no nhn
- Cc phm thng ngn - Cc phm thng c gi tr trong thi
- Ch m ha gian di
- Ch k s v m ha

Bng 3.2. Bn thut ton trong lc IBE

Cc bc Tm lc

- Thit lp - Khi to tt c cc tham s h thng.

- Khai thc - Tnh mt m c nhn IBE t kha b
- M ha mt PKG v nhn dng bng cch s
dng cc tham s h thng.
- Gii m
- M ha thng tin s dng kha cng
khai IBE c tnh t cc tham s h
thng v nhn dng.
- Gii m thng tin s dng mt kha
c nhn IBE c tnh t kha b mt
PKG v danh tnh.

42
 Bng 3.3. Kh nng p dng cc cng ngh m ho khc nhau trong vic t
c cc mc tiu an ninh thng tin

Mc tiu an ton IBE Cc cng ngh kha cng

khai truyn thng

- Tnh bo mt - C - C
- Tnh ton vn - Khng - C
- Kh dng - Khng - C
- Xc thc - Khng - C
- Khng bc b - Khng - Khng

Trong mt lc IBE cng c bn thut ton c s dng to v s

dng cp kha cng khai - c nhn. y thng c gi l thit lp, khai thc,
m ha v gii m. Thit lp l thut ton vi cc tham s cn thit cho vic tnh
ton IBE c khi to, bao gm c b mt chnh m PKG s dng tnh ton
cc kha c nhn IBE. Khai thc l thut ton tnh ton kha c nhn IBE t
cc tham s c thit lp trong bc thit lp cng vi nhn dng ca ngi
dng v s dng b mt chnh ca PKG thc hin vic ny. M ha c thc
hin vi mt kha cng khai IBE c tnh t thng s t bc thit lp v nhn
dng ca ngi dng. Gii m c thc hin vi mt kha c nhn IBE c
tnh t nhn dng ca ngi dng v kho c nhn ca PKG.
Hot ng ca cc chng trnh IBE theo bn phn sau: cc thut ton
thc hin cc bc thit lp, khai thc, m ha v gii m.
C nm mc tiu chnh m gii php bo mt thng tin c th p ng:
cung cp tnh bo mt, tnh ton vn, tnh kh dng, xc thc v khng phn hi.
Bo mt gi b mt thng tin t nhng ngi khng c y quyn xem n.
Tnh ton vn m bo rng thng tin khng b thay i bi cc phng tin tri
php hoc khng xc nh.Tnh kh dng c yu cu bi ngi dng ti thi
im thng tin c yu cu v trong biu mu m ngi dng cn. Xc thc l

43
kh nng xc minh danh tnh ca ngi dng. Khng bc b ngn cn vic t
chi cc cam kt hoc hnh ng trc . Vic s dng mt m c th h tr
hu ht cc mc tiu ny; Vic s dng IBE ch c th h tr mt trong nhng
mc tiu ny. iu ny c tm tt trong Bng 3.3.
IBE cung cp mt gii php d dng cung cp s bo mt ca d liu. N
khng cung cp tnh ton vn, tnh kh dng, xc thc v khng phn hi. y l
nhng d dng c cung cp bi ch k s bng cch s dng cc phm c
to ra v qun l bi mt h thng kha cng khai truyn thng. Tuy nhin,
chng ta s thy rng nhng li ch m IBE cung cp lm cho n tr thnh
mt gii php rt tt cho mt s vn , v mt gii php lai s dng IBE cho m
ho v mt h thng kha cng khai truyn thng cung cp ch k s c th
l mt gii php kt hp cc tnh nng tt nht ca mi cng ngh.
3.2.2. Ch k s tp th trn h mt ID-Based
Do Rajeev Anand v Sahadeo Padhye xut vo nm 2013 [22].
- Ci t
Coi G1 l nhm cng cyclic c bc l s nguyn t q v phn t sinh l P.
G2 l nhm nhn cyclic c cng bc q. e l mt nh x song tuyn tnh e : G1G1
G2. H1,H2,H3 l cc hm bm c s dng cho mc ch bo mt v c
nh ngha nh sau:
H1 : {0,1} G1, H2 : {0,1} , H3 : {0,1}{0,1} .
(1) Vi tham s bo mt k chn ngu nhin s .
(2) Tnh kha cng khai ca h thng: Ppub = sP G1.
(3) Cng b tham s ca h thng l
Params = (k,G1,G2,q,e,H1,H2,H3,P,Ppub).
- Tch kha
Ngi k y nhim c nh danh l ID, c n ngi c th k y nhim
vi 1 i n.
(1) Bt k ai cng c th tnh kha cng khai ca ngi cn y nhim: QID
= H1(ID) G1 v nhng ngi c y nhim = H1(ID ) G1.

44
 (2) Ngi qun tr h thng s tnh kha b mt cho ngi y nhim v
c y nhim SID = sQID v = sID vi 1 i n. Ngi qun tr s

thng qua knh b mt gi cc kha b mt ny cho cc thnh vin.
- Ngi y nhim k
(1) Vi vn bn m {0,1}, ngi k chn ngu nhin x q .
(2) Tnh cc gi tr:
Vs = xP, H = H2(m)
Ws = HSID + xPpub
(3) Ch k ca ngi y nhim l = (Ws,Vs).
- Xc thc ch k ngi y nhim
(1) Vi vn bn m v ch k = (Ws,Vs) nhn c, ngi xc thc tnh:
H' = H2(m) v QID = H1(ID).
(2) Chp nhn ch k khi iu kin sau tha mn:
e(Ws,P) = e(HQID + Vs,Ppub) (3.1)
- Sinh kha cho ngi c y nhim
Trong giai on ny ngi y nhim s trao i vi ngi c y nhim
vi cc quyn c y nhim. lm vic ny ngi y nhim s to ra mt vn
bn bo m w, vn bn ny s km theo mt s thng tin v vn bn, v nhng
hn ch ca vn bn s y nhim, thi gian hoc nh danh ca nhng ngi s
y nhim.
(1) y nhim: Ngi cn y nhim chn ngu nhin t . v tnh:
V = tP,
h = H2(w),
W = hSID + tPpub G1
Chuyn gi tr (W,V,w) vi cc thnh vin qua knh truyn b mt.
(2) Kim tra y nhim: mi thnh vin s tnh h = H2(w) v kim tra
iu kin sau (nu khng tha mn th phi yu cu gi li hoc\ hy giao thc):

45
 e(W,P) = e(hQID + V,Ppub)
(3) Sinh kha y nhim: mi thnh vin s tnh h = H2(w) tnh kha
b mt y nhim:
pk = W + hS

- Sinh ch k y nhim
Trong pha ny s c mt ngi ph trch c nhim v tp hp ht tt c
cc ch k thnh phn.
(1) Mi thnh vin ID s chn ngu nhin s xi .
(2) Tnh cc gi tr: h3 = H3(m,w) v = xiP v gi gi tr n (n1)
cc thnh vin cn li.
(3) Cc thnh vin tnh v gi :

=
=1

= h3pk + xiPpub
(4) Ngi ph trch sau khi c cc ch k thnh phn s to kha cng
khai y nhim:
pk = h(QID + ID ) + V (3.2)

V sau kim tra iu kin:

e(P, ) = e(Ppub, h pk + ) (3.3)
- Xc thc ch k y nhim
Ngi xc thc ch k y nhim sau khi nhn vn bn m0 v ch k
(p,V,w,Up) s tin hnh cc bc sau:
(1) Kim tra m0 v bo m w c tha mn cc iu kin lin quan hay
khng.
(2) Kim tra xem n ngi k c c ngi y quyn y nhim hay
khng. Nu khng th dng v t chi ch k.

46
 (3) Tnh cc gi tr:
h = H2(w)
3 = H3(m,w)

= [ + ] +

=1

(4) Kim tra iu kin sau nu ng th chp nhn ch k, ngc li t

chi:
e(P,p) = e(Ppub,3 Qpk + Up) (3.4)
- Chng minh.
e(P,p) = e(Ppub,3 Qpk + Up)

(, ) = ( , 3 + )
=1

(, [3 + x ) = ( , 3 + )
=1

(, [3 ( + ) + ]) = ( , 3 + )

=1

(, [3 ( + + ) + ]) = ( , 3 + )

=1

(, [3 ( + + ) + ]) = ( , 3 + )

=1

( , [3 ( + + ) + ]) = ( , 3 + )

=1

( , [3 ( + + )] + ) = ( , 3 + )

=1

47


( , 3 [[( + + ] + ) = ( , 3 + )
=1

( , 3 [[ + + ] + ) = ( , 3 + )
=1

( , 3 + ) = ( , 3 + )
Biu thc cui cng ng khi 3 = 3
3.2.3. Nghin cu thc nghim lc ch k s tp th trn h mt ID-
Based
- Chng trnh thc nghim ch k s tp th trn h mt ID-Based c
xy dng trn ngn ng lp trnh Python.
- Ci t, s dng phn mm Netbeans IDE 8.1 trn my tnh thc
nghim chng trnh.

Hnh 3.3. Giao din chnh ca phn mm Netbeans IDE 8.1

- Thm plugins chy code Python

48
 Vo Tool -> plugins -> downloaded -> add plugins
- Ci t PyQT5 lp trnh giao din cho chng trnh.
Chng trnh c s dng 1 s module ca PyQT5 nh:
+ QtCore: l module bao gm phn li khng thuc chc nng GUI,
v d dng lm vic vi thi gian, file v th mc, cc loi d
liu, streams, URLs, mime type, threads hoc processes.
+ QtGui: bao gm cc class dng cho vic lp trnh giao din
(windowing system integration), event handling, 2D graphics, basic
imaging, fonts v text.
+ QtWidgets: bao gm cc class cho widget, v d: button, hp
thoi, c s dng to nn giao din ngi dng c bn
nht.
- Code giao din cho chng trnh:
from PyQt5 import QtCore, QtGui, QtWidgets
class Ui_Dialog(object):
def setupUi(self, Dialog):
Dialog.setObjectName("Dialog")
Dialog.resize(949, 582)
Dialog.setAutoFillBackground(False)
self.lText1 = QtWidgets.QLabel(Dialog)
self.lText1.setGeometry(QtCore.QRect(280, 20, 451, 31))
font = QtGui.QFont()
font.setFamily("Tahoma")
font.setPointSize(14)
self.lText1.setFont(font)
self.lText1.setObjectName("lText1")
self.pushButton = QtWidgets.QPushButton(Dialog)
self.pushButton.setGeometry(QtCore.QRect(280, 440, 101, 31))
self.pushButton.setObjectName("pushButton")

49
 self.QLE_mes = QtWidgets.QLineEdit(Dialog)
self.QLE_mes.setGeometry(QtCore.QRect(280, 399, 631, 31))
self.QLE_mes.setObjectName("QLE_mes")
self.label = QtWidgets.QLabel(Dialog)
self.label.setGeometry(QtCore.QRect(130, 400, 141, 21))
font = QtGui.QFont()
font.setPointSize(12)
self.label.setFont(font)
self.label.setObjectName("label")
self.QTE_KQ = QtWidgets.QPlainTextEdit(Dialog)
self.QTE_KQ.setGeometry(QtCore.QRect(280, 490, 631, 71))
self.QTE_KQ.setObjectName("QTE_KQ")
self.label_2 = QtWidgets.QLabel(Dialog)
self.label_2.setGeometry(QtCore.QRect(260, 81, 21, 21))
font = QtGui.QFont()
font.setPointSize(12)
font.setItalic(True)
--
def retranslateUi(self, Dialog):
_translate = QtCore.QCoreApplication.translate
Dialog.setWindowTitle(_translate("Dialog", "ID BASED
MULTISIGNATURE"))
self.lText1.setText(_translate("Dialog", "CH K S TP TH DA TRN
H MT ID-BASED"))
self.pushButton.setText(_translate("Dialog", "K"))
self.label.setText(_translate("Dialog", "Thng ip cn k:"))
self.label_2.setText(_translate("Dialog", "k:"))
self.label_3.setText(_translate("Dialog", "P:"))
self.label_4.setText(_translate("Dialog", "ID_y nhim:"))

50
 self.label_5.setText(_translate("Dialog", "ID_ngi k 1:"))
self.label_6.setText(_translate("Dialog", "ID_ngi k 2:"))
self.label_7.setText(_translate("Dialog", "ID_ngi k 3:"))
self.label_8.setText(_translate("Dialog", "Ch k tp th y nhim:"))

if __name__ == "__main__":
import sys
app = QtWidgets.QApplication(sys.argv)
Dialog = QtWidgets.QDialog()
ui = Ui_Dialog()
ui.setupUi(Dialog)
Dialog.show()
sys.exit(app.exec_())
// M ngun da trn thut ton ch k tp th
def _algo4a(t, u):
'''computing of $(-t^2 +u*s -t*p -p^2)^3$
The algorithm is by J.Beuchat et.al, in the paper of "Algorithms and Arithmetic
Operators for Computing
the $eta_T$ Pairing in Characteristic Three", algorithm 4 in the appendix
'''
c0 = f3m.cubic(t) # c0 == t^3
c1 = f3m.cubic(u)
f3m.neg(c1, c1) # c1 == -u^3
m0 = f3m.mult(c0, c0) # m0 == c0^2
v0 = f3m.zero()
f3m.neg(m0, v0) # v0 == -c0^2
f3m.sub(v0, c0, v0) # v0 == -c0^2 -c0
f3m._add2(v0) # v0 == -c0^2 -c0 -1
v1 = c1

51
 v2 = f3m.one()
f3m.sub(v2, c0, v2) # v2 == 1 -c0
return [[v0, v1], [v2, f3m.zero()], [f3m.two(), f3m.zero()]]

def _algo4(xp, yp, xq, yq):

re = f3m._m % 12
xp = f3m._clone(xp)
f3m._add1(xp) # xp == xp + b
yp = f3m._clone(yp)
if re == 1 or re == 11:
f3m.neg(yp, yp) # yp == -\mu*b*yp, \mu == 1 when re==1, or 11
xq = f3m.cubic(xq) # xq == xq^3
yq = f3m.cubic(yq) # yq == yq^3
t = f3m.zero(); f3m.add(xp, xq, t) # t == xp+xq
nt = f3m.zero()
f3m.neg(t, nt) # nt == -t
nt2 = f3m.mult(t, nt) # nt2 == -t^2
v2 = f3m.mult(yp, yq) # v2 == yp*yq
v1 = f3m.mult(yp, t) # v1 == yp*t
if re == 7 or re == 11: # \lambda == 1
nyp = f3m.zero(); f3m.neg(yp, nyp) # nyp == -yp
nyq = f3m.zero(); f3m.neg(yq, nyq) # nyq == -yq
a1 = [[v1, nyq], [nyp, f3m.zero()], [f3m.zero(), f3m.zero()]]
# a1 == \lambda*yp*t -\lambda*yq*s -\lambda*yp*p
else: # \lambda == -1
f3m.neg(v1, v1) # v1 == -yp*t
a1 = [[v1, yq], [yp, f3m.zero()], [f3m.zero(), f3m.zero()]]
a2 = [[nt2, v2], [nt, f3m.zero()], [f3m.two(), f3m.zero()]]
# a2 == -t^2 +yp*yq*s -t*p -p^2

52
 R = f36m.mult(a1, a2)
for _ in range((f3m._m - 1) // 2):
R = f36m.cubic(R)
xq = f3m.cubic(xq)
xq = f3m.cubic(xq)
f3m._add2(xq) # xq <= xq^9-b
yq = f3m.cubic(yq)
yq = f3m.cubic(yq)
f3m.neg(yq, yq) # yq <= -yq^9
f3m.add(xp, xq, t) # t == xp+xq
f3m.neg(t, nt) # nt == -t
nt2 = f3m.mult(t, nt) # nt2 == -t^2
u = f3m.mult(yp, yq) # u == yp*yq
S = [[nt2, u], [nt, f3m.zero()], [f3m.two(), f3m.zero()]]
R = f36m.mult(R, S)
return R
--
def pairing(x1, y1, x2, y2):
'''computing the Tate bilinear pairing

:param x1: the x coordinate of element $P=[x1, y1]$

:type x1: list
:param y1: the y coordinate of element $P=[x1, y1]$
:type y1: list
:param x2: the x coordinate of element $R=[x2, y2]$
:type x2: list
:param y2: the y coordinate of element $R=[x2, y2]$
:type y2: list
:returns: the result

53
 '''
if (f3m._m - 1)//2 % 2 == 0:
f = _algo5
else:
f = _algo4
v = f(x1, y1, x2, y2)
return _algo8(v)

def init(bits_of_order_of_G1):
'''init whole module. making sure the order of G1 is at least $bits_of_order_of_G1$'''
for p in _params:
p = p.split()
bit_num = int(p[2])
if bit_num >= bits_of_order_of_G1:
m, t, _, order = map(int, p[:4])
f3m._set_param(m, t)
ecc._order = order
x, y = p[4:]
ecc._x = f3m._from_str(x)
ecc._y = f3m._from_str(y)
return
raise NotImplementedError('max supported bit num is 911')

54
 - Giao din chng trnh:

Hnh 3.4. Giao din chng trnh

3.3. Kt lun chng 3

Chng cui ny, u tin ta nghin cu v ch k s da trn cp Song
tuyn tnh c th lc ch k s tp th Boldyreva. Phn th hai ca
chng i vo nghin cu thc nghim ch k s tp th trn h mt ID-Based.
Trong mc chnh ca ti ny ta s hiu r hn v h mt ID-Based trn nn
tng h mt ng cong Elliptic, tip n ch k s tp th trn h mt ID-
Based v cui cng l nghin cu thc nghim ch k s tp th trn h mt ID-
Based.

55
 KT LUN
* Cc kt qu t c
- n nu r cc vn cn nghin cu v ch k s, ch k s tp
th cc ng dng ca ch k s trong bo mt thng tin, nu tng quan cc vn
nghin cu trong nc v trn th gii v cc ch k s tp th.
- Gii thiu s lc v tnh hnh nghin cu ch k s tp th sau l tp
trung nghin cu cc lc ch k s tp th trn cc h mt khc nhau: h
mt RSA, h mt Elliptic nhm mc ch hiu mt cch tng quan v cc h mt
kha cng khai, ch k s trn cc h mt (ch k s RSA, ch k s tp th
RDSA, Itakura v Nakamura) v cc lc ch k s tp th trn cc h mt
(Lc ch k s tp th Khali v Farah, Lc ch k tp th Harn v
Kiesler, Lc ch k s tp th Popescu), ch k s da trn cp Song tuyn
tnh c th lc ch k s tp th Boldyreva.
- Nghin cu v thc nghim lc ch k s tp th trn h mt ID-
Based.
* Hng pht trin
- xut m hnh ng dng ch k s nhm p ng cc yu cu t ra
khi trin khai mt Chnh ph in t trong thc t x hi, p dng ph hp cho
cc i tng l cc t chc, cc c quan hnh chnh, cc doanh nghip,
- Pht trin lc ch k s theo h mt ID-Based c an ton cao v
hiu qu thc hin cao theo m hnh xut.

56
 TI LIU THAM KHO
Ti liu Ting Vit
[1] ng Minh Tun (2016), Ch k s tp th, Chuyn Tin s, Vin
Khoa hc v Cng ngh Qun S, B Quc Phng, H Ni.
[2] ng Minh Tun (2016), H Mt m kha cng khai da trn ng
cong Elliptic, Chuyn Tin s, Vin Khoa hc v Cng ngh Qun S, B
Quc Phng, H Ni.
Ti liu Ting Anh
[3] Whitfield Diffie and Martin E. Hellman (1976), New Directions in
Cryptography, IEEE Trans. Info. Theory, IT-22 (6), pp. 644654.
[4] R.L. Rivest, A. Shamir, and L. Adleman (1978), A Method for
Obtaining Digital Signatures and Public-Key Cryptosystems, Commun. ACM,
21, pp. 120126.
[5] Shafi Goldwasser, Silvio Micali, and Ronald L.Rivest (1988), A Digital
Signature Scheme Secure Against Adaptive Chosen-Message Attacks, SIAM
Journal on Computing - Special issue on cryptography, 17 (2), pp. 281308.
[6] Rafail Ostrovsky (2010), Foundations of Cryptography, CS
282A/MATH 209A.
[7] Yehuda Lindell (2010), Foundations of Cryptography, Bar-Ilan
University.
[8] Chih-Yin Lin, Tzong-Chen Wu, and Jing-Jang Hwang (2001), ID-
based structured multisignature schemes, Advances in Network and Distributed
Systems Security, Kluwer Academic Publishers, Boston, pp. 4559.
[9] Chris J. Mitchell (December 2001), An attack on an ID-based
multisignature scheme , Royal Holloway, University of London, Mathematics
Department Technical Report RHUL-MA-2001-9.
[10] Constantin Popescu (2003), A Digital Multisignature Scheme with
Distinguished Signing Responsibilities, Studies in Informatics and Control.
[11] Mihir Bellare and Gregory Neven (2006), Multi-Signatures in the
Plain Public-Key Model and a General Forking Lemma, ACM CCS.
57
 [12] Hakim Khali and Ahcene Farah (2007), DSA and ECDSA-based
MultiSignature Schemes, IJCSNS International Journal of Computer Science
and Network Security, 7 (7).
[13] N.R.Sunitha, B.B.Amberker, and Prashant Koulgi (2008),
Transferable echeques using Forward-Secure Multi-signature Scheme,
Proceedings of the World Congress on Engineering and Computer Science, San
Francisco, USA.
[14] Bevish Jinila and Komathy (2015), Cluster Oriented ID Based
Multi-signature Scheme for Traffic Congestion Warning in Vehicular Ad Hoc
Networks, Emerging ICT for Bridging the Future, 2, pp. 337345.
[15] Tather Elgamal (1985), A public-key cryptosystem and a signature
scheme based on discrete logarithm, IEEE Trans. Inform. Theory, 31, pp. 469472.
[16] NIST (2013), Digital Signature Standard (DSS) FIPS 186-4, National
Institute of Standards and Technology.
[17] Hakim Khali and Ahcene Farah (2007), DSA and ECDSA-based
MultiSignature Schemes, IJCSNS International Journal of Computer Science
and Network Security, 7 (7).
[18] Alexandra Boldyreva (2003), Efficient threshold signature,
multisignature and blind signature schemes based on the Gap-Diffie-Hellman-
group signature scheme, PKC2003, LNCS2139, pp. 3146.
[19] L. Harn and T. Kiesler (1989), New scheme for digital
multisignature, Electron. Lett. 25 (15), pp. 10021003.
[20] Constantin Popescu (2003), A Digital Multisignature Scheme with
Distinguished Signing Responsibilities, Studies in Informatics and Control.
[21] Adi Shamir (1985), Identity-Based Cryptosystems and Signature
Schemes, CRYPTO 84, LNCS 196, pp. 4753.
[22] Rajeev Anand Sahu and Sahadeo Padhye (2015), Provable secure
identitybased multi-proxy signature scheme, Int. J. Commun. Syst. 28.

58