计算机科学与探索 ›› 2020, Vol. 14 ›› Issue (8): 1327-1337.DOI: 10.3778/j.issn.1673-9418.1907051

• 网络与信息安全 • 上一篇    下一篇

可信第三方的伪名签名方案研究

陈虹,陈红霖,黄洁,肖成龙,郭鹏飞,金海波   

  1. 辽宁工程技术大学 软件学院,辽宁 葫芦岛 125105
  • 出版日期:2020-08-01 发布日期:2020-08-07

Study on Pseudonym Signature Scheme of Trusted Third Party

CHEN Hong, CHEN Honglin, HUANG Jie, XIAO Chenglong, GUO Pengfei, JIN Haibo   

  1. College of Software, Liaoning Technical University, Huludao, Liaoning 125105, China
  • Online:2020-08-01 Published:2020-08-07

摘要:

互联网中用户资料极易泄露,用户的匿名性和安全性问题亟待解决。伪名签名方案可以使用户在网络通信中保持匿名,但存在认证机构与域管理机构合谋泄露的风险和对违规用户响应慢的问题。针对该问题,提出了可信第三方参与的伪名签名方案。在该方案中,用户首先向认证机构申请允许使用某个伪名的许可证书,然后使用该许可证书向域管理机构申请该伪名的证书,并使用该伪名在域中构建伪名签名,最后通过追踪中心(可信第三方)快速检测可能存在违规操作的用户,由认证机构进行相应的处理。方案通过双重伪名更好地保证了用户的匿名性,降低了中央认证机构的运算成本,提高了系统的门限,并且在获取违规用户真实身份时具有快速响应能力,降低了系统因用户违规操作带来的潜在损失。

关键词: 伪名签名, 双重伪名, 去匿名化, 部分盲签名

Abstract:

User data on the Internet are extremely easy to leak, and the anonymity and security issues of users need to be resolved. The pseudonym system can make users remain anonymous in network communication, but there are risks of collusion between authentication agencies and domain management agencies and a slow response to the offending user. Aiming at this problem, a pseudonym signature scheme involving trusted third parties is proposed in this paper. The user first applies to the certificate authority for a license permitting the use of a pseudonym, then uses the license to apply for the pseudonym certificate from the domain authority, and uses the pseudonym to construct a pseudonym signature in the domain. Finally, users with illegal operations are quickly detected by tracking center (trusted third party), and the certificate authority will handle the corresponding processing. The proposed scheme guarantees the anonymity of users better by using double pseudonyms, reduces the operation cost of the certificate authority, improves the threshold of the system, has fast response ability in acquiring the real identity of users who violate the rules, and reduces the potential loss of the system caused by users?? illegal operations.

Key words: pseudonymous signature, double pseudonym, de-anonymization, partial blind signature