【正文】 過程。論文以對RSA體制所采用的數(shù)論基礎(chǔ)的研究為前提，結(jié)合多種RSA實(shí)現(xiàn)算法，對影響RSA效率的關(guān)鍵環(huán)節(jié)——模冪乘積的運(yùn)算進(jìn)行了深入的研究分析，并提出了改進(jìn)方案。1. 對密碼學(xué)，信息安全做了簡要的概述，介紹了當(dāng)今密碼學(xué)的基本動態(tài)，闡述了目前RSA加密體制的現(xiàn)狀和不足，詳細(xì)分析了RSA加密體制的數(shù)論基礎(chǔ)以及面臨的安全問題及對策。通過對數(shù)論基礎(chǔ)（歐拉定理、乘法逆元等）以及加解密變換的研究，分析了RSA實(shí)現(xiàn)加解密的過程。結(jié)合當(dāng)前針對RSA算法的攻擊手段及對策，歸納總結(jié)了提高其安全性的原則。2. 為了減少RSA模冪乘運(yùn)算過程耗時，提高RSA加解密的速度，選擇了當(dāng)前RSA主要算法中的指數(shù)進(jìn)制化算法、基于乘同余特性的ＳＭＭ算法進(jìn)行深入研究，分析總結(jié)出兩種算法的優(yōu)缺點(diǎn)并據(jù)此提出一種組合型的改進(jìn)算法，在算法的改進(jìn)一節(jié)中提及，我們下一步的研究工作將是以實(shí)驗(yàn)為基礎(chǔ)比較所提出的改進(jìn)算法與原有算法得出新算法效率有一定程度提高的結(jié)論，達(dá)到預(yù)先設(shè)想的結(jié)果。以新算法為核心設(shè)計(jì)一加密軟件，并提出一基于單位局域網(wǎng)的郵件收發(fā)系統(tǒng)的RSA應(yīng)用方案。RSA雖然具有其它眾多加密體制無法比擬的安全性能，但其工作效率一直影響其進(jìn)一步發(fā)展，為進(jìn)一步提高RSA的效率，增大適用范圍，進(jìn)一步需要開展的工作有：１. 新的實(shí)現(xiàn)算法的研究在現(xiàn)有的RSA實(shí)現(xiàn)算法中不論是以降低指數(shù)為手段減少替代次數(shù)進(jìn)而提高運(yùn)算效率的指數(shù)進(jìn)制化算法還是目前公認(rèn)的以將普通的模余轉(zhuǎn)換成模n同余并進(jìn)行相應(yīng)操作為手段的具有較高模乘性能的算法，都存在算法改進(jìn)不足或適用范圍受限制的問題。因此通過整合更多實(shí)現(xiàn)算法的優(yōu)點(diǎn)研究新的實(shí)現(xiàn)算法是一個具有實(shí)際意義的方向。２. 加密系統(tǒng)的配合應(yīng)用研究在當(dāng)今還沒有一個較RSA公鑰密碼系統(tǒng)更為優(yōu)秀的密碼系統(tǒng)出現(xiàn)之前，能夠既利用RSA加密系統(tǒng)的高安全性又利用其他密碼系統(tǒng)的高效性，進(jìn)行加密系統(tǒng)的配合使用可以有效的解決問題。如單密鑰加密算法的密鑰管理是一個復(fù)雜過程，密鑰的管理直接決定著它的安全性，因此采用公鑰密碼系統(tǒng)管理單鑰加密系統(tǒng)的密鑰，然后用單鑰加密算法加密數(shù)據(jù)，這樣就形成了兩類密碼體制的優(yōu)點(diǎn)，即實(shí)現(xiàn)了加密速度快的優(yōu)點(diǎn)，又實(shí)現(xiàn)了方便管理密鑰的優(yōu)點(diǎn)。 致謝首先感謝我的指導(dǎo)張文麗老師的細(xì)心指導(dǎo)和各論壇程序員朋友的支持與建議。其次感謝陜西理工學(xué)院電信工程系的領(lǐng)導(dǎo)和老師，是他們的鼓勵和教導(dǎo)使我逐漸成長為一名合格的大學(xué)畢業(yè)生。在學(xué)分攻讀期間，王少華，尹繼武，陳莉，王戰(zhàn)備，龍光利，侯寶生，張文麗，陳正濤等各位老師無私的將自己所掌握的知識傳授于我；在畢設(shè)程序調(diào)試階段他們給予許多熱情的指導(dǎo)，在這里我對他們深表感謝。真誠的感謝在畢設(shè)過城中給予我?guī)椭母魑焕蠋熀屯瑢W(xué)，謝謝你們！參考文獻(xiàn)[1] 馮登國，計(jì)算機(jī)通信網(wǎng)絡(luò)安全，[M]北京:清華大學(xué)出版社，2001.[2] 黃元飛，陳麟，唐三平信息安全與加密解密核心技術(shù)[M]上海:浦東電子出版 社，2001[3] 吳世忠，2003國內(nèi)外網(wǎng)絡(luò)與信息安全年度報(bào)告(上)，信息安全與通信保密，: P12}14[4] 吳世忠，2003國內(nèi)外網(wǎng)絡(luò)與信息安全年度報(bào)告(心，信息安全與通信保密，: P9} 12[5] [J]. 科技情報(bào)開發(fā)與經(jīng)濟(jì)： 2006年01期[6] 蘭海兵,程勝利. RSA算法及其實(shí)現(xiàn)技術(shù)的改進(jìn)研究 [J]. 交通與計(jì)算機(jī)： 2006年01期[7] 程庭,張明慧,石國營. 一種基于DES和RSA算法的數(shù)據(jù)加密方案及實(shí)現(xiàn) [J].河南教育學(xué)院學(xué)報(bào)(自然科學(xué)版)：2003年02期： 7476[8] 王國兵,楊建沾,謝貴. 基于RSA算法的網(wǎng)絡(luò)安全體系構(gòu)造 [J].武漢大學(xué)學(xué)報(bào)(自然科學(xué)版)： 2000年01期： 3336[9] 呂皖麗，鐘城．?dāng)?shù)字簽名方案分析[J]．廣東科學(xué)院學(xué)報(bào)，2002，18(14)：161165．[10] 李繼紅．ElGamal型數(shù)字簽名方案及其應(yīng)用的研究[D]．西安：西安電子科技大學(xué)，1999．[11] 張先紅編著．?dāng)?shù)字簽名原理及技術(shù)[M]．北京：機(jī)械工業(yè)出版社．2004．1．[12] 鄭子偉,李翠華. 用類的RSA體制實(shí)現(xiàn)方案 [J].華僑大學(xué)學(xué)報(bào)(自然科學(xué)版)： 2003年03期： 102105[13] 楊維忠,李彤, [J].云南大學(xué)學(xué)報(bào)(自然科學(xué)版)： 2004年03期： 3538 [14] Rivet R L, Shamir A，Ad leman L. A method for obtaining digital signatures and public key cryptosystems. Comm., ACM. [M] 1977[15] Peter L Montgomery. Modular Multiplication Without Trial Division. [J] Mathematics of Computation, 1985, 44(170): S 19521[16] , Curves and Primality Proving[J].Mathematics of Computation，1993,61(2):2968．[17] iptic Curves over Finite Field and the Computation of Square Roots Mod P[J].Mathematics of Computation,1985,53(4):483494．附錄A：英文資料及翻譯英文資料：(It es from Carlton :Securing ：清華大學(xué)出版社，2002)Cryptanalysis and Improvement of Digital Multisignature Scheme Based on RSASU Li (粟　栗) CUI Guohua (崔國華)CHEN Jing (陳　晶)　YUAN Jun (袁　雋)School of Computer Science and Technology, Hua zhong University of Science and Technology, Wuhan 430074, ChinaAbstractZhang et proposed a sequential multisignature scheme based on RSA. The scheme has advantages of low putation and munication costs, and so on. However, we find a problem in their scheme that the verifier can not distinguish whether the multisignature is signed by all the signers of the group or only by the last signer. Thus, any single signature created by the last signer can be used as a multisignature created by the whole group members. This paper proposes an improved scheme that can overe the defect. In the new scheme, the identity messages of all the signers are added in the multisignature and used in verification phase, so that the verifier can know the signature is generated by which signers. Performance analysis shows that the proposed scheme costs less putation than the original scheme in both signature and verification phases. Furthermore, each partial signature is based on the signer’s identity certificate, which makes the scheme more secure.Key words:　Digital multisignature。 Sequential multisignature。 RSA cryptosystem。 CryptanalysisIntroductionMultisignature is a joint signature generated by a group of signers. The group has a security policy that requires a multisignature to be signed by all group members with the knowledge of multiple private keys. Digital multisignatures should have several basic properties [1]: (1)Multisignatures are generated by multiple group members with the knowledge of multiple private keys. (2) Multisignatures can be verified easily by using the group public key without knowing each signer s public key. (3) It is putationallyin feasible to generate the group signature without the cooperation of all group members.In 2003, Zhang et [2]proposed a sequential multisignature scheme based on RSA, in which all the signers use a mon modulus. The scheme has the advantages of low putation and munication costs, and can resist forgery and coalition attacks. The difficulty of breaking the system is equivalent to that of factoring a large integer into its twolarge prime factors. However, our cryptanalysis of Zhang et ’s scheme finds a serious problem。 that is a ultisignature is verified by using the last signer’s public key instead of the group public key. As a result the verifier can not distinguish whether a signature is signed by a group of signers or only by the last signer, which violates the basic properties of sequential multisignature[1, 3, 4]. Therefore, we propose an improvement scheme to overe this defect in this paper, so that the verifier knows who have created the multisignature. Performance and security analyses show that the new scheme not only keeps the advantages of original cheme, but also satisfies the definition of mltisignature and is more secure.1　Review of Zhang et s Sequential Multisignature Scheme1. 1　System initializationFirst the Trust Center (TC) selects two large prim p and q ,and putes the RSA modulusn=pq. Then, TC selects a random number as the public key which makes gcd (e,)=1, wheregcd() is the greatest mon divisor function, =(p1)(q1),and 1e. Finally,TC putes the private key d which makes ed≡1mod((n)). In the mean while, TC publishes the public key (n, e) and keeps (d, p, q) secretly. Define (i=1,2,…,k)to be t