國立臺灣大學資訊工程學系Lyuu, Yuh-DauhYuh-DauhLyuuWu, Ming-LuenMing-LuenWu2006-09-272018-07-052006-09-272018-07-05http://ntur.lib.ntu.edu.tw//handle/246246/20060927122900617757Computer networks bring tremendous progress to the information-based society. Com- panies, organizations, and governments have been using computers and networks to process or transmit digital data. But this also results in many di®erent types of security requirements for group-oriented cryptographic applications. In this thesis we study existing cryptographic tools and then use them to design more complex cryptographic systems. Several fundamental cryptographic primitives are useful not only as stand-alone applications but also as building blocks in the designing of secure cryptographic objects. Using these building blocks, we develop new cryptographic applications, including a full public-key traitor-tracing scheme and a convertible group undeniable signature scheme. A fully public-key traitor-tracing scheme is a public-key traitor-tracing scheme that allows a subscriber to choose his or her own private decryption key without others learning the key. The distributor of the digital content uses the public data coming from all subscribers to compute a public encryption key. The paid contents are then transmitted to the subscribers, after being encrypted with the public key. Each subscriber can decrypt the data using his or her own secret key. Even if a coalition of subscribers conspire to create a pirate decoder with a tamper-free decryption key, there is a tracing algorithm to trace them. A realization of the scheme is presented in this thesis. Our scheme is long-lived, which means that the subscribers' secret keys need not be regenerated after the pirate key is detected or when subscribers join or leave the system. Finally, our scheme guarantees anonymity. A group undeniable signature satis¯es the following requirements: (1) only group members can anonymously sign on behalf of the group; (2) a veri¯er must interact with the group manager to verify the signature; (3) the group manager can identify the signer of a valid signature. A convertible group undeniable signature scheme allows the group manager to turn select group undeniable signatures into universally veri¯able group signatures. An e±cient realization of the scheme is proposed in this thesis. Our scheme is unforgeable, exculpable, unlinkable, and coalition-resistant. The proposed scheme allows the group manager to delegate the ability to confirm and deny signatures to trusted parties. The sizes of the public key and signatures are independent of the group size.application/pdf547456 bytesapplication/pdfzh-TWotherhttp://ntur.lib.ntu.edu.tw/bitstream/246246/20060927122900617757/1/thesis_d5526009.pdf