1. Field of the Invention
The present invention relates to data encryption. More particularly, the present invention relates to a digital signature method and system based on identification information of group members.
2. Description of the Related Art
With the increased use and development of computers, reliance on networks for exchanging information between computers has also increased. As computer networks become more prevalent, abuses thereof, and thus, the importance of network security techniques, have increased.
Protocols for sharing keys between entities are techniques for preserving the confidentiality of data transmitted through networks.
FIG. 1A is a block diagram of a exemplary digital signature process. FIG. 1B is a block diagram depicting a exemplary digital signature authentication process. The block diagrams of FIGS. 1A and 1B may be used with conventional digital signature processes.
A conventional digital signature process employs a public key encryption technique using a hash function. In a public key encryption algorithm, which is an asymmetric encryption system with different encryption keys and decryption keys, a sender performs encryption, i.e., encoding, using his/her own secret key and a receiver's public key, as shown in FIG. 1A. Then, the receiver performs decryption, using his/her own secret key and a sender's public key, as shown in FIG. 1B. This asymmetric encryption system is mainly used for distributing encryption keys or session keys and for digital signatures, as shown, rather than for message encryption. As shown in FIG. 1A, the digital signature is then transmitted with the original message.
The hash function, which converts a message into a digest value of fixed length, is a unidirectional function, so it is impossible to obtain the original message from the digest value. Since the probability that a message different from the original message has the same message digest is very low, the hash function is used for confirming whether the message is forged. Frequently used hash functions include Message Digest 5 (MD5) and Secure Hash Algorithm (SHA).
As shown in FIG. 1B, a receiver receives the original message and the digital signature sent in FIG. 1A. Then, the receiver performs user authentications, message integrity checks, and non-repudiation checks by comparing the digest value which results from inputting the original message to the hash function with the digest value which results from decrypting, i.e., decoding, the digital signature.
Key sharing protocols among entities require a public key authentication system confirming whose public key is used for the digital signature. Such a system is called a Public Key Infrastructure (PKI). A public key certificate is issued from a third institution that every user can trust. That is, in the PKI, a certified institution is required for distributing and authenticating the public key certificate in order to guarantee the integrity of the public key. Therefore, an encryption technique using identification information of group members as public keys has been developed to manage public keys without appealing to the certified institution.
The identification information can include private information such as user's social security number, address, age, and the like, and logical addresses such as an IP address or a MAC address of the terminal to which the user is hooked up.
A group signature method to perform a digital signature on behalf of a group has been introduced in advanced home networking. For example, suppose that one electronic device out of many devices in a home performs a digital signature. In this case, only the digital signature has to be identified, since the specific electronic device which performed the digital signature is not of interest. A group signature technique that only identifies the group who performed the digital signature was first introduced by Chaum and Heijst.
Furthermore, a group signature technique based on user identification information, and using the above-mentioned user identification information-based encryption method and the group signature method has been developed. Such a group signature technique generates the keys used in digital signatures of group members using identification information of group members, and does not require a separate operation for processing certificates when authenticating digital signatures. In addition, this technique can quickly acquire the identification information of the signed-members.
However, the group signature method according to the conventional art has certain drawbacks. For example, new group members are not allowed after initialization. Furthermore, the group signature method does not work properly after adding or deleting group members. Also, the length of digital signature increases as the number of members increases. As an additional disadvantage, the functions of the group manager cannot be separated in the conventional group signature method.
Therefore, an advanced encryption method which has a fixed-length digital signature irrespective of the addition/deletion of group members and is safe from attacks such as forgery, conspiracy, etc., is highly desirable. Furthermore, an advanced encryption method that provides separability of the functions of the group manager is greatly needed.