北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (s2): 24-29.doi: 10.13190/jbupt.2006s2.24.295

• 论文 • 上一篇    下一篇

向前安全的动态门限签名方案

于佳1, 郝蓉1,2,赵志刚1,李大兴2   

  1. 1. 青岛大学 信息工程学院, 山东 青岛 266071; 2. 山东大学 网络信息安全研究所,山东 济南 250100
  • 收稿日期:2006-09-06 修回日期:1900-01-01 出版日期:2006-11-30 发布日期:2006-11-30
  • 通讯作者: 于佳

A Forward-Secure Proactive Threshold Signature Scheme

YU Jia1; HAO Rong1,2; ZHAO Zhi-gang1; LI DA-xing2   

  1. 1.College of Information Engineering, Qingdao University, Qingdao 266071,China
    2.Institute of Network Security, Shandong University, Jinan 250100,China
  • Received:2006-09-06 Revised:1900-01-01 Online:2006-11-30 Published:2006-11-30
  • Contact: YU Jia

摘要:

给出了向前安全的动态门限签名方案的形式化定义,并提出了一个具体的方案,方案具有向前安全的所有属性:将签名的整个生命周期划分成若干个时间段,每个时间段都要进行密钥的更新,更新函数是单向函数,这就使得从当前密钥无法得到之前时间段的密钥,整个生命周期中,公钥不变。同时,具有动态安全的所有性质:提供对密钥份额的周期性更新,可以检测恶意行为,并对错误份额进行恢复。这种签名方案有着重要的意义:如果攻击者不能在一个时间段中攻破不少于门限数目个服务器,就无法伪造当前时间段的签名;即使能够攻破门限数目个服务器,也无法伪造当前时间段之前的签名。

关键词: 可验证密钥共享, 向前安全, 动态安全, 门限签名

Abstract:

The formal definition of forward-secure proactive threshold signature scheme is presented, and a concrete scheme is described. The scheme has all the forward-secure properties. The whole lifetime of the signatures is divided into several time periods, the secret key is updated in each time period, and the update function is just one-way. Therefore, the adversary knows no secret keys for previous time periods even if she has got the current secret key. The public key is fixed during the whole lifetime. At the same time, the scheme has all the properties of proactive security. It can renew shares periodically, detect malicious actions, and recover bad shares. The scheme has the great significance: If an attacker can’t break into no fewer than threshold severs in one period, she can’t forge any signature for the current time period; even if she can break into threshold severs, she can’t forge any signature for previous time periods.

Key words: verifiable secret sharing, forward security, proactive security;threshold scheme

中图分类号: