基于DAA的轻量级多商家多重息票系统

doi:10.11959/j.issn.1000-436x.2016175

通信学报 ›› 2016, Vol. 37 ›› Issue (9): 30-45.doi: 10.11959/j.issn.1000-436x.2016175

基于DAA的轻量级多商家多重息票系统

柳欣^1,²,徐秋亮³,张波⁴

¹ 山东青年政治学院信息工程学院，山东济南 250103
² 山东省高校信息安全与智能控制重点实验室（山东青年政治学院），山东济南 250103
³ 山东大学计算机科学与技术学院，山东济南 250101
⁴ 济南大学信息科学与工程学院，山东济南 250022

出版日期:2016-09-25 发布日期:2016-09-28
基金资助:
国家自然科学基金资助项目;山东省自然科学基金资助项目;山东省高等学校科技计划资助项目;山东青年政治学院博士科研启动经费资助项目

Lightweight multi-coupon system for multi-merchant environments with DAA

Xin LIU^1,²,Qiu-liang XU³,Bo ZHANG⁴

¹ School of Information Engineering,Shandong Youth University of Political Science,Jinan 250103,China
² Key Laboratory of Information Security and Intelligent Control in Universities of Shandong (Shandong Youth University of Political Science),Jinan 250103,China
³ School of Computer Science and Technology,Shandong University,Jinan 250101,China
⁴ School of Information Science and Engineering,University of Jinan,Jinan 250022,China

Online:2016-09-25 Published:2016-09-28
Supported by:
The National Natural Science Foundation of China;Shandong Provincial Natural Science Foundation;The Project of Shandong Province Higher Educational Science and Technology Program;The Doctoral Research Start-up Funding Project of Shandong Youth University of Political Science

摘要/Abstract

摘要：

基于Brickell等的DAA（direct anonymous attestation）方案提出一个支持多商家环境的多重息票系统。新系统将多重息票中的关键元素与抗篡改的TPM（trusted platform module）芯片进行绑定，从而能更有效地阻止用户的共享行为。新系统的构造过程使用了Chow等的服务器辅助签名验证技术、Yang等的自盲化证书技术以及Peng等的区间证明技术，使用户在息票发布和兑换协议中均无需执行低效的对运算。相对于多个同类系统，新系统同时满足多个较理想的性质，而且与ARM TrustZone平台上的移动支付框架兼容。此外，新系统在通信和运算耗费方面具有明显优势。

关键词: 多重息票, 直接匿名证明, 服务器辅助签名验证, 区间证明, 不可分割性

Abstract:

A multi-coupon system for multi-merchant environments was proposed by extending the DAA (direct anonymous attestation) scheme of Brickell etc.The new system bound the key elements in multi-coupon with the tamper-resistant TPM（trusted platform module）chip,so that it could prevent users from sharing behavior more effectively.By using the server-aided signature verification of Chow etc,the self-blindable credential technique of Yang etc,and range proof of Peng etc,the new system does not require customers to perform expensive pairing operations in the issue protocol and the redeem protocol.Compared with previous similar systems,the new system simultaneously satisfies several ideal properties and it is compatible with the mobile payment framework on the ARM TrustZone platform.Moreover,it has obvious advantages in aspects of communication and computation costs.

Key words: multi-coupon, direct anonymous attestation, server-aided signature verification, range proof, unsplittability

柳欣,徐秋亮,张波. 基于DAA的轻量级多商家多重息票系统[J]. 通信学报, 2016, 37(9): 30-45.

Xin LIU,Qiu-liang XU,Bo ZHANG. Lightweight multi-coupon system for multi-merchant environments with DAA[J]. Journal on Communications, 2016, 37(9): 30-45.

图/表 4

表1

Adv与B在不同安全性质实验中充当的角色"

安全性质实验	Adv充当的角色	B充当的角色
不可伪造性（模式1）	$\bar{U}, \bar{\bar{U}} (h o s t)$	$I, V, \bar{\bar{U}} (T P M)$
不可伪造性（模式2）	$\bar{V}$	,IU
无关联性	$\bar{V}, \bar{I}, \bar{U}$	U
可声明性	$\bar{V}, \bar{I}, \bar{U}$	V
不可分割性	$\bar{U}, \bar{\bar{U}} (h o s t)$	$I, V, \bar{\bar{U}} (T P M)$

表1

表2

表3

表4

参考文献 31

[1]	CHANG C C , SUN C Y . A secure and efficient authentication scheme for e-coupon systems[J]. Wireless Personal Communications, 2014,77(4): 2981-2996.
[2]	HSUEH S C , CHEN J M . Sharing secure m-coupons for peer-generated targeting via eWOM communications[J]. Electronic Commerce Research and Applications, 2010,9(4): 283-293.
[3]	CHEN L , ENZMANN M , SADEGHI A R ,et al. A privacy-protecting coupon system[C]// The 9th International Conference on Financial Cryptography and Data Security. Roseau, 2005: 93-108.
[4]	NGUYEN L , . Privacy-protecting coupon system revisited[C]// The 10th International Conference on Financial Cryptography and Data Security. Anguilla,British West Indies, 2006: 266-280.
[5]	CHEN L , ESCALANTE A,L?HR H , et al . A privacy-protecting multi-coupon scheme with stronger protection against splitting[C]// The 11th International Conference on Financial Cryptography and Data Security. Scarborough,Trinidad and Tobago, 2008: 29-44.
[6]	L?HR H . Privacy-preserving protocols and applications for trusted platforms[D]. Bochum:Ruhr-Universit, 2012.
[7]	柳欣, 徐秋亮 . 实用的强不可分割多重息票方案[J]. 计算机研究与发展, 2012,49(12): 2575-2590. LIU X , XU Q L . Practical multi-coupon systems with strong unsplittability[J]. Journal of Computer Research and Development, 2012,49(12): 2575-2590.
[8]	柳欣, 徐秋亮 . 并发安全的紧凑多重息票方案[J]. 电子学报, 2012,40(5): 877-882. LIU X , XU Q L . Compact multi-coupon systems with concurrent security[J]. Acta Electronica Sinica, 2012,40(5): 877-882.
[9]	HINAREJOS M F, , ISERN-DEYà A P , FERRER-GOMILA J L ,et al. MC-2D:an efficient and scalable multicoupon scheme[J]. The Computer Journal, 2015,58(4): 758-778.
[10]	WANG W J , FENG D G , QIN Y ,et al. ExBLACR:extending BLACRsystem[C]// The 19th Australasian Conference on Information Security and Privacy. Wollongong,NSW,Australia, 2014: 397-412.
[11]	XI L , FENG D G . FARB:fast anonymous reputation-based blacklisting without TTPs[C]// The 13th Workshop on Privacy in the Electronic Society. Scottsdale,Arizona,USA, 2014: 139-148.
[12]	CANARD S , GOUGET A , HUFSCHMITT E . A handy multi-coupon system[C]// The 4th International Conference Applied Cryptography and Network Security. Singapore, 2006: 66-81.
[13]	ISERNS-DEYà A P , HUGUET-ROTGER L PAYERAS-CAPELLà M M ,et al. On the practicability of using group signatures on mobile devices:implementation and performance analysis on the android platform[J]. International Journal of Information Security, 2014,(8): 1-11.
[14]	CHOW S S M , AU M H , SUSILO W . Server-aided signatures verification secure against collusion attack[J]. Information Security Technical Report, 2013,17(3): 46-57.
[15]	CANARD S , DEVIGNE J , SANDERS O . Delegating a pairing can be both secure and efficient[C]// The 12th International Conference on Applied Cryptography and Network Security. Lausanne,Switzerland, 2014: 549-565.
[16]	BRICKELL E , LI J T . A pairing-based DAA scheme further reducing TPM resources[C]// The 3rd International Conference on Trust and Trustworthy Computing. Berlin,Germany, 2010: 181-195.
[17]	杨波, 冯登国, 秦宇 ,等. 基于可信移动平台的直接匿名证明方案研究[J]. 计算机研究与发展, 2014,51(7): 1436-1445. YANG B , FENG D G , QIN Y ,et al. Research on direct anonymous attestation scheme on trusted mobile platform[J]. Journal of Computer Research and Development, 2014,51(7): 1436-1445.
[18]	CESENA E,L?HR H , RAMUNNO G , et al . Anonymous authentication with TLS and DAA[C]// The 3rd International Conference on Trust and Trustworthy Computing. Berlin,Germany, 2010: 47-62.
[19]	CHEN L , . A DAA scheme requiring less TPM resources[C]// The 5th International Conference on Information Security and Cryptology. Beijing,China, 2010: 350-365.
[20]	张倩颖, 冯登国, 赵世军 . 基于可信芯片的平台身份证明方案研究[J]. 通信学报, 2014,35(8): 95-106. ZHANG Q Y , FENG D G , ZHAO S J . Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014,35(8): 95-106.
[21]	BALDIMTSI F , LYSYANSKAYA A . Anonymous credentials light[C]// 2013 ACM SIGSAC conference on Computer & Communications Security. Berlin,Germany, 2013: 1087-1098.
[22]	PIRKER M , SLAMANIG D . A framework for privacy-preserving mobile payment on security enhanced arm trustzone platforms[C]// Proceedings in 2012 IEEE 11th International Conference on Trust,Security and Privacy in Computing and Communications. Liverpool,UK, 2012: 1155-1160.
[23]	AU M H , SUSILO W , MU Y ,et al. Constant-size dynamic k-times anonymous authentication[J]. IEEE Systems Journal, 2013,7(2): 249-261.
[24]	YANG Y , DING X , LU H ,et al. Self-blindable credential:towardslightweight anonymous entity authentication[EB/OL]. .
[25]	PENG K , YI L . Studying a range proof technique-exception and optimization[C]// The 6th International Conference on Cryptology in Africa. Cairo,Egypt, 2013: 328-341.
[26]	DODIS Y , YAMPOLSKIY A . A verifiable random function with short proofs and keys[C]// The 8th International Workshop on Theory and Practice in Public Key Cryptography. Les Diablerets,Switzerland, 2005: 416-431
[27]	SCOTT M . Unbalancing pairing-based key exchange protocols[EB/OL]. .
[28]	AU M H , SUSILO W , YIU S M . Event-oriented k-times revocable-iff-linked group signatures[C]// The 11th Australasian Conference on Information Security and Privacy. Melbourne,Australia, 2006: 223-234.
[29]	PENG K , . A general,flexible and efficient proof of inclusion and exclusion[C]// Cryptographers’ Track at the RSA Conference 2011. San Francisco,CA,USA, 2011: 33-48.
[30]	CAMENISCH J , LYSYANSKAYA A . A signature scheme with efficient protocols[C]// The 3rd International Conference on Security in Communication Networks. Amalfi,Italy, 2002: 268-289.
[31]	PENG K , BOYD C , DAWSON E . Batch zero knowledge proof and verification and its applications[J]. ACM Transactions on Information and System Security, 2007,10(2): 1-28.

已有系统	发布协议复杂度	是否支持兑换不同类型服务	是否允许用户指定兑换次数	是否支持多商家环境	不可分割性质等级	不可分割性实现机制	匿名性等级
文献[3]	O(1)	否	否	否	弱	软件	强
文献[4]	O(1)	否	否	否	弱	软件	强
文献[5]	O(k)	否	是	否	强	软件	强
文献[6]	O(k)	否	是	是	强	软件	强
文献[7]方案1	O(1)	否	是	否	强	软件	强
文献[7]方案2	O(1)	是	是	否	强	软件	强
文献[8]方案1	O(1)	否	是	否	强	软件	强
文献[8]方案2	O(1)	否	是	否	强	软件	强
文献[9]	O(1)	是	是	是	弱	软件	弱
文献[12]	O(1)	是	是	否	—	—	强
本文	O(1)	是	是	是	最强	硬件	强

方案		发布协议			兑换协议
方案	用户		商家/发布者	用户		商家
文献[3]	26 528		2 528	1 343 424		0
文献[4]	651		491	3 790		0
文献[5]	166 400		129 088	25 888		2 528
文献[6]	161 408		137 088	32 864		2 528
文献[7]方案1	13 750		982	14 510		0
文献[7]方案2	15 190		982	8 413		0
文献[8]方案1	1 793		822	16 683		0
文献[8]方案2	17 418		7 003	174 109		5 464
文献[9]	18 848		3 072	29 794		160
本文	982		491	11 326		320

方案			兑换协议
方案	用户	商家/发布者	用户	商家
文献[3]	30Exp(G₁ )	30Exp(G₁ )	1 010Exp(G₁ )	500Exp(G₁ )
文献[4]	P+22Exp(G₁ )	3Exp(G₁ )	2P+48Exp(G₁ )	4P+34Exp(G₁ )
文献[5]	1520Exp(G₁ )	1520Exp(G₁ )	130Exp(G₁ )	120Exp(G₁ )
文献[6]	1 040Exp(G₁ )	550Exp(G₁ )	160Exp(G₁ )	140Exp(G₁ )
文献[7]方案1	2P+96Exp(G₁ )	50Exp(G₁ )	6P+19Exp(G₁ )	4P+21Exp(G₁ )
文献[7]方案2	2P+96Exp(G₁ )	48Exp(G₁ )	2P+42Exp(G₁ )	2P+31Exp(G₁ )
文献[8]方案1	16P+5Exp(G₁ )	13Exp(G₁ )	63Exp(G₁ )	16P+36Exp(G₁ )
文献[8]方案2	16P+127Exp(G₁ )	144Exp(G₁ )	956Exp(G₁ )	17P+847Exp(G₁ )
文献[9]	—	10Exp(G₁ )	2P+34Exp(G₁ )	2P+48Exp(G₁ )
本文	2Exp(G₁ )*	4Exp(G ₁)	2Exp(G₁ )*	2P+33Exp(G ₁)
本文	53Exp(G₁ )**	4Exp(G ₁)	51Exp(G₁ )**	2P+33Exp(G ₁)

基于DAA的轻量级多商家多重息票系统

Lightweight multi-coupon system for multi-merchant environments with DAA

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 31

相关文章 3

Metrics

推荐阅读 0

[1]	柳欣,徐秋亮,张斌,张波. 基于直接匿名证明的k次属性认证方案[J]. 通信学报, 2018, 39(12): 113-133.
[2]	杨力，张俊伟，马建峰，刘志宏. 改进的移动计算平台直接匿名证明方案[J]. 通信学报, 2013, 34(6): 8-75.
[3]	杨力,张俊伟,马建峰,刘志宏. 改进的移动计算平台直接匿名证明方案[J]. 通信学报, 2013, 34(6): 69-75.