北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2016, Vol. 39 ›› Issue (1): 112-116.doi: 10.13190/j.jbupt.2016.01.021

• 研究报告 • 上一篇    下一篇

改进的可证明安全无证书签名方案

汤永利, 王菲菲, 叶青, 闫玺玺   

  1. 河南理工大学计算机科学与技术学院, 河南焦作 454000
  • 收稿日期:2016-02-18 出版日期:2016-02-28 发布日期:2016-01-29
  • 作者简介:汤永利(1972-),副教授,E-mail:yltang@hpu.edu.cn.
  • 基金资助:

    国家自然科学基金项目(61300216);河南省科技厅项目(152102410048,142300410147);河南省教育厅项目(12A520021,16A520013);河南理工大学博士基金项目(B2013-043,B2014-044)

Improved Provably Secure Certificateless Signature Scheme

TANG Yong-li, WANG Fei-fei, YE Qing, YAN Xi-xi   

  1. College of Computer Sciences and Technology, Henan Polytechnic University, Henan Jiaozuo 454000, China
  • Received:2016-02-18 Online:2016-02-28 Published:2016-01-29

摘要:

给出樊爱宛等无证书签名方案的一个伪造攻击,攻击显示第Ⅰ类强攻击者能成功伪造任意用户对任意消息的有效签名.分析发现原方案不安全的原因在于,签名阶段选取的随机数没有与消息M关联起来,通过将签名阶段选取的随机数与消息M相关的Hash函数值进行绑定的方式给出了改进方案,其中安全性最优的方案在签名阶段只需1个点乘,在验证阶段需要4个点乘,可抵抗第Ⅰ类超级攻击者、第Ⅱ类超级攻击者的攻击;其余方案在签名阶段只需1个点乘,在验证阶段需要3个点乘,可抵抗第Ⅰ类强攻击者、第Ⅱ类超级攻击者的攻击,针对现实世界的攻击者是安全的.改进方案在椭圆曲线离散对数困难性假设下是可证明安全的.

关键词: 无证书签名, 椭圆曲线离散对数难题, 可证明安全, 随机预言模型

Abstract:

A forgery attack on Fan Aiwan et al's certificateless signature scheme was presented. It is found that the strong type I adversary could forge any user's valid signature on any message. The reason of this problem is that the random number selected in the signature generation phase is not associated with the message M. To improve the original scheme's security, the improved schemes in which the random number selected in the signature generation phase is bound to the hash function value of message M was proposed. The scheme proposed can resist both super type Ⅰ and type Ⅱ adversary, and it only needs one scalar multiplication in signature generation phase and four scalar multiplications in signature verification phase; the other schemes proposed can resist strong type Ⅰ and super type Ⅱ adversary and are secure against the attacker in the real world. In addition, they only need one scalar multiplication in signature generation phase, and three scalar multiplications in signature verification phase. The improved schemes are provably secure under the intractability of elliptic curve discrete logarithm problem.

Key words: certificateless signature, elliptic curve discrete logarithm problem, provable security, random oracle model

中图分类号: