隨著網路科技的進步以及各企業及政府導入電子化，文件的傳遞不僅以紙本方式傳送，亦可用數位的方式經由網路傳遞。然而欲簽署文件內容可能為跨部門或包含多種專業領域。基於上述情形，文件應分割成若干僅含單一專業知識領域或部門的子文件，再經由簽署群體管理者將欲簽署子文件委派給符合條件的簽署者。過去學者提出的多重簽章方法有以下問題：(1)僅對同一份文件簽署(2)簽章易遭竄改(3)簽署者無法自行產生私鑰，無法防止系統中心的偽冒攻擊。有鑑於此，本論文將使用應用於分割式文件之多重簽章機制。提出的簽章機制中，簽署者能夠依職權、部門簽署文件，達到組織分工與責任分擔的考量。此外，簽署者在金鑰產生階段時能夠自行選擇私鑰，並自行驗算由系統中心回傳公鑰之正確性，使雙方的通訊不須依賴第三方認證中心即可完成，能有效縮短作業時間，並防止系統中心的偽冒攻擊。
關鍵詞：自我驗證、文件切割、多重簽章、選派簽署者

As a tendency internationalized enterprises and e-government, document not only in paper work but also digital form. Considering division of labor, the signing documents may include different specialized knowledge domain. According to such circumstance, documents should divide into some proper subdocuments in accordance with the specific knowledge domains for candidate signatories. Signatories group manager divides the documents and deliver to the signatories group.
In the past, scholars proposed some multisignature method have such problems, (1) all participant sign the same document (2) it is easy to fix the content of document (3) signer cannot generate secrete key him/herself, when system authority have user secret, it’s have possibility to forge valid user signature. In view of the above, the proposed scheme will use document decomposition with self-certified multisignature which satisfy such condition. In the proposed scheme, signatories can sign the corresponding subdocument instead of the whole document. When verify the multisignature, verifier can user group public key to verify the multisignature and check the validity of public key when passing the verification at the same time.
Keywords：self-certified, document decomposition, multisignature signature, selective signatories

電子簽章法
http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=J0080037

[DH76] W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No.6, pp. 644-654, 1976.
[RSA78] R. Rivest, A. Shamir and L. Adleman., “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, Vol. 21, No. 2, pp. 120-126, 1978.
[IN83] K. Itakura and K. Nakamura, “A public-key cryptosystem suitable for digital multisignatures,” NEC Research & Development, Vol. 71, pp. 1-8, 1983.
[ELG84] T. ElGamal, ”A Public-Key Cryptosystem an a Signature Scheme Based on Discrete Logarithms,” IEEE Transections on Information Theory, Vol. IT-31, pp. 469–472, 1985.
[CCI87] CCITT Draft Recommendation, “The Directory
Authentication Framework”, Version 7, Nov. 1987.
[Sha87] A. Shamir, "Identity-based cryptosystems and signature schemes", Advances in Cryptology, Proc. of CRYPT0'84, Vol. 196, pp. 47-53, 1985.
[Oka88] T. Okamoto, “A Digital Multisignature Scheme using Bijective Public-key Cryptosystem,” ACM Transactions on Computer Systems, Vol. 6, No. 4, pp. 432-441, 1988.
[HK89] L. Harn and T. Kiesler, “New Scheme for Digital Multisignature,” Electronics Letters, Vol. 25, No. 15, pp. 1002-1003, 1989.
[KH90] T. Kiesler and L. Harn, “RSA Blocking and Multisignature Schemes with No Bit Expansion,” Electronics Letters, Vol. 26, No.18, pp. 1490-1491, 1990.
[Boy91] C. Boyd, “Multisignatures Based on Zero Knowledge Schemes,” Electronics Letters, Vol. 27, No. 22, pp. 2002-2004, 1991.
[OO91] K. Ohta and T. Okamoto, “A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme,” Proceedings of the 1st International Conference on the Theory and Application of Cryptology and Information Security - Advances in Cryptology - ASIACRYPT’91, pp. 139-148, 1991.
[HZ92] T. Hardjono and Y. Zheng, “A Practical Digital Multisignature Scheme Based on Discrete Logarithms,”Proceedings of Advances in Cryptology - AUSCRYPT’92, pp. 122-132, 1992.
[Har94] L.Harn, “Group-oriented (t, n) threshold digital signature scheme and digital multisignature,” IEE Proceedings Computers Digital Techniques, Vol. 141, No. 5, pp. 307-313, 1994.
[LHL94] C.M. Li, T. Hwang, and N.Y. Lee, “Threshold-Multisignature
Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders,” Proceedings of Workshop on the Theory and Application of Cryptographic Techniques -Advances in Cryptology - UROCRYPT’94, pp. 194-204, 1994.
[MH96] M. Michels and P. Horster, “On the risk of disruption in several multiparty signature schemes,” Advances in Cryptology: ASIACRYPT’ 96, Springer Verlag, Berlin, pp. 334-345, 1996.
[Har99] L.Harn, “digital multisignature scheme with distinguished signing authorities,” ELECTRONICS LETTERS, Vol. 35, pp.294-295, 1999.
[CWH00] Y.S. Chang, T.C. Wu and S.C. Huang, ”ElGamal-like digital signature and multisignature schemes using self-certified public keys”, The Journal of Systems and Software, Vol. 50, pp. 99-105, 2000.
[LHC00] Z.C. Li, L.C.K. Hui, K.P. Chow, C.F. Chong, W.W. Tsang and H.W. Chan, “Cryptanalysis of Harn digital multisignature scheme with distinguished signing authorities,” ELECTRONICS LETTERS, Vol. 36, No. 4, pp. 314-315, 2000.
[WHG01] T.C. Wu, C.C. Huang, D.J Guan, ”Delegated multisignature scheme with document decomposition”, The Journal of Systems and Software, Vol. 55, pp. 321-328, 2001.
[Bol03] A. Boldyreva, “Threshold Signatures, Multisignatures and
Blind Signatures based on the Gap-Diffie-Hellman-GroupSignature Scheme,” Proceedings of Public Key Cryptography- PKC’03, pp. 31-46, 2003.
[CL04] C.C. Chang and I.C. Lin, “An Improvement of Delegated Multisignature Scheme with Document Decomposition”, ACM SIGOPS Operating Systems , Vol. 38, No. 4, pp. 52-57, 2004.
[HL04] S.J. Hwang and Y.H. Lee, “Repairing ElGamal-like multi-signature schemes using self-certified public keys,” Applied Mathematics and Computation, Vol. 156, pp.73-83, 2004.
[BN07] M. Bellare and G. Neven, “Identity-Based Multi-Signaturesfrom RSA,” Proceedings of Topics in Cryptology -CT-RSA’07, San Francisco, CA, USA, pp. 145-162, 2007.