歷經多年研究發展，數位簽章相較於傳統的手寫式簽名，可提供更為強健的安全性保障。環簽章(Ring Signature)可同時達到隱私性(Forward Privacy)和可公開驗證的完整性(Publicly Verifiable Forward Integrity)兩種安全特性。引用自我驗證公鑰系統(Self-certified Public Key System)，可解決公鑰憑證驗證、管理與運算成本的問題。本論文提出使用自我驗證公鑰系統之可追蹤環簽章，該系統不僅能保障簽署者之匿名性(Anonymity)，也強化了真實簽署者之隱私權。若須依據法律規範追蹤真實簽署者身分，或者判斷是否有非合法環簽章成員偽造假簽章時，可藉由本方法之簽章追蹤(3.6)進而追查出簽署者的真實身分。本方法能夠達到Girault定義之安全等級的最高等級。

After several years of research and development, the digital signature provided a stronger security guarantee than traditional handwritten signature. The ring signature achieves forward security and publicly verifiable forward Integrity. Using self-certified public key system solves the problem of public key certificate verification, management, and operation costs. This study proposed a traceable ring signature using self-certified public key system, which protects the anonymity of the signer and reinforced the privacy rights of the actual signer. If tracking the identity of the actual signer is required to be accordance with legal norms, or determine whether any member of the non-legal ring sealer is forging a false seal, the signature of the signer can be traced through the signature of the method (3.6). The proposed method in this study can reach the highest level of Girault's defined security level.

[1] Rivest R L, Shamir A, and Tauman Y, “How to leak a secret”, Proceedings of ASIACRYPT’01. Lecture Notes in Computer Science, Berlin: Springer-Verlag, 2001, pp. 552–565.
[2] D. Chaum and E. van Heyst, “Group signatures”, in Advances in Cryptology—Eurocrypt ’91, Lecture Notes in Comput. Sci. 541, Springer‐Verlag, New York, 1991, pp. 257–265.
[3] M. Abe, M. Ohkubo, and K. Suzuki. “Efficient threshold signer-ambiguous signatures from variety of keys”. IEICE Trans. Fund., 2004, vol. E87-A, no.2, pp. 471–479.
[4] A. Bender, J. Katz, and R. Morselli. “Ring signatures:stronger definitions, and constructions without random oracles”. In S. Halevi and T. Rabin, editors, Theory of Cryptography — TCC 2006, volume 3876 of Lecture Notes in Computer Science. Springer-Verlag, 2006, pp. 60–79.
[5] E. Bresson, J. Stern, and M. Szydlo. “Threshold ring signatures and applications to ad-hoc groups”. In Moti Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science. Springer-Verlag, 2002, pp. 465–480.
[6] Y. Komano, K. Ohta, A. Shimbo, and S. Kawamura. “Toward the fair anonymous signatures: Deniable ring signatures”. In D. Pointcheval, editor, CT-RSA ’06, volume 3860 of Lecture Notes in Computer Science. Springer-Verlag, 2006, pp. 174–191.
[7] M. Naor. “Deniable ring authentication”. In CRYPTO 2002, 2002, pp. 481–498.
[8] J. K. Liu, V. K. Wei, and D. S. Wong. “Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract)”. In ACISP 2004, volume 3108 of Lecture Notes in Computer Science, 2004, pp. 325–335.
[9] M. H. Au, S. S. M. Chow, W. Susilo, and P. P. Tsang. “Short linkable ring signatures revisited”. In EUROPKI 2006, volume 4043 of Lecture Notes in Computer Science, 2006, pp. 101–115.
[10] J. K. Liu and D. S. Wong. “Linkable ring signatures: Security models and new schemes”. In ICCSA 2005, volume 3481 of Lecture Notes in Computer Science, 2005, pp. 614–623.
[11] P. P. Tsang and V. K. Wei. “Short linkable ring signatures for e-voting, e-cash and attestation”. In IPSEC 2005, 2005.
[12] P. P. Tsang, V. K. Wei, T. K. Chan, M. H. Au, J. K. Liu, and D. S. Wong. “Separable linkable threshold ring signatures”. In INDCRYPT 2004, volume 3348 of Lecture Notes in Computer Science, 2004, pp. 389–398.
[13] Fujisaki, E., Suzuki, K, “Traceable ring signature”, PKC 2007: Public Key Cryptography – PKC 2007, pp. 181-200.
[14] W. Diffie and M.E. Hellman.New “directions in cryptography”. IEEE Trans.Inform. Theory, IT-22, November 1976, pp. 644–654.
[15] M. Girault, “Self-Certified Public Keys”, EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques, Brighton, UK — April 08 - 11, 1991, pp. 490-497.
[16] Shamir, A., “Identity-based cryptosystems and signature schemes”. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196. Springer, Heidelberg (1985), pp. 47–53.
[17] Shahrokh Saeednia, “A note on Girault's self-certified model”, Information Processing Letters, v.86 n.6, 30 June 2003, p.323-327.
[18] V. Miller, "Uses of elliptic curves in cryptography", Advances in Cryptology—Crypto '85, vol. 218, 1986, pp. 417-426.
[19] Ν. Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation, vol. 48, 1987, pp. 203-209.
[20] R. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public key cryptosystems", Communications of the ACM, vol. 21, no. 2, Feb. 1978, pp. 120-126.
[21] ElGamal, T., “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”. IEEE Trans. Inform. Theory, 31 (1985), pp. 469–472.
[22] T. C. Wu, “Digital Signature/Multisignature Schemes Giving Public Key Verification and Message Recovery Simultaneously,” Computer Systems Science and Engineering, 2001, pp. 329-337.
[23] Chen Y Q, Susilo W, Mu Y, “Identity-based anonymous designated ring signatures”, Proceedings of IWCMC’06. USA: ACM Press, 2006, pp. 189–194.
[24] Lv J Q, Wang X M, “Verifiable ring signature”, DMS Proceedings of CANS’03, 2003, pp. 663–665.
[25] Nan Li, Yi Mu, Willy Susilo and Fuchun Guo, “Self-certified ring signatures”, ASIACCS '11 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 396-400.
[26] Zhang F G, Kim K, “ID-based blind signature and ring signature from pairings”, Proceedings of ASIACRYPT’02. Lecture Notes in Computer Science, Berlin: Springer-Verlag, 2002, pp. 533–547.
[27] Certicom Corporation, “ECC whitepapers：current public-key cryptography systems”, https://www.certicom.ca/ecc/wecc2.html.
[28] H. C. Williams, “A ?+1 method of factoring”, Mathematics of Computation, 1982, vol. 39, no. 159, pp. 225–234.
[29] National Institute of Standards and Technology (2016), “Recommendation on Key Management,” Special Publication 800-57, available from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf.
[30] J. Camenisch and M. Stadler., “Efficient group signature schemes for large groups”. In CRYPTO '97, vol. 1296 of LNCS. Springer Verlag, 1997, pp. 410–424.
[31] Fiat, A., and Shamir, A., “How to prove yourself: Practical Solutions of Identification and Signature Problems”. Advances in Cryptology—Crypto '86, Lecture Notes in Computer Science, Vol. 263 (1987), Springer-Verlag, Berlin, pp. 186–194.
[32] H. Petersen and P. Horster, “Self-certified Keys-Concepts and Applications”, Proc. Communications and Multimedia Security’97, Chapman & Hall, 1997, pp. 102–116.