| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a method capable of determining whether two signatures are produced by the same signer or not without specifying the signer who he is in an electronic signature technology considering anoymity of the signer. <P>SOLUTION: An identity verifying device is designed to encrypt identifiers C<SB>i</SB>, C<SB>i</SB>' of the signer P<SB>i</SB>, and to transmit encrypted messages E(C<SB>i</SB>), E(C<SB>i</SB>') to a disclosure device. The disclosure device is designed to calculate homomorphism encryption functionθ'(E(C<SB>i</SB>),Σ),θ(E(C<SB>i</SB>'),Σ'), to calculate Y<SB>i</SB>=θ'(E(C<SB>i</SB>),Σ)<SP>si</SP>, Y<SB>i</SB>'=θ'(E(C<SB>i</SB>'))<SP>si</SP>' after selecting random numbers s<SB>i</SB>, s<SB>i</SB>', and to transmit m groups (Y<SB>i</SB>=, Y<SB>i</SB>') which are performed appropriate rearrangement to the identity verifying device. The identity verifying device is designed to decode the m groups (Y<SB>i</SB>, Y<SB>i</SB>'), and to determineΣ,Σ' as the same signer if (1, 1) is included in the result of decoding. <P>COPYRIGHT: (C)2006,JPO&NCIPI</p> |
