北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (2): 64-67.doi: 10.13190/jbupt.200802.64.097

• 论文 • 上一篇    下一篇

对一类无证书签名方案的攻击及改进

曹雪菲1,Kenneth.G.Paterson2,寇卫东1   

  1. 1.西安电子科技大学 综合业务网理论及关键技术国家重点实验室, 西安710071; 2. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX,UK
  • 收稿日期:2007-06-11 修回日期:1900-01-01 出版日期:2008-04-28 发布日期:2008-04-28
  • 通讯作者: 曹雪菲

An Attack on a Certificateless Signature Scheme and Its Improvement

CAO Xue-fei1, Kenneth.G.Paterson2, KOU Wei-dong1   

  1. 1.State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China; 2. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK
  • Received:2007-06-11 Revised:1900-01-01 Online:2008-04-28 Published:2008-04-28
  • Contact: CAO Xue-fei

PDF

641

摘要:

给出了对一个已有的高效无证书签名方案的替换公钥攻击,表明了在该方案中,攻击者可以通过替换签名者公钥伪造签名。进而针对该攻击提出了改进方案,改进方案将用户单一公钥替换为公钥对,增加了公钥有效性验证,简化了签名产生算法,在随机预言机模型下具有存在性不可伪造性。

关键词: 无证书签名, 替换公钥攻击, 密钥托管

Abstract:

That a presented proposal of efficient certificateless signature scheme is insecure against public key replacement attack is demonstrated. It is shown that an adversary who replaces the public key of a signer can forge valid signatures for the signer without knowledge of the signer’s private key. Then the scheme is improved by replacing the original public key with a public key pair. It enables a verifier to check the validity of a signer’s public key pair by simplifying the signature construction. The improved scheme is proven secure against existential forgery under the random oracle model.

Key words: certificateless signature, public key replacement attack, key escrow

中图分类号: 

版权所有 © 2018 《北京邮电大学学报》编辑部 京ICP备14033833号     在线人数:今日访问 当前在线 总访问

通信地址:北京市海淀区西土城路10号北京邮电大学195信箱    邮编:100876    电话:(010)62281995    QQ:307514248    微博    留言    电子邮箱:byxb@bupt.edu.cn