对一种无证书聚合签名方案的攻击与改进 |
| |
作者单位: | ;1.华东交通大学理学院;2.华东交通大学系统工程与密码学研究所 |
| |
摘 要: | 无证书聚合签名方案能够有效提高签名验证阶段的效率,其存在两类攻击,在类型I攻击中,攻击者不知道系统主密钥和用户的部分私钥,但能替换用户的公钥;在类型II攻击中,攻击者知道系统主密钥和用户的部分私钥,但不能替换用户公钥.无证书聚合签名方案只有同时能够抵抗这两类攻击,才能说明方案是安全的.大多数无证书聚合签名方案在随机预言机模型下证明了其安全性,但是有些方案不能抵抗类型II攻击.以陈提出的无证书聚合签名方案为例,给出一种适用于一些无证书聚合签名方案的对应攻击方法.攻击者在拥有系统主密钥的情况下,根据两个有效的签名可以伪造出任意一个消息的有效签名.在此基础上提出了一个改进的无证书聚合签名方案,并在随机预言机模型下证明了新方案针对类型I攻击和类型II类攻击是存在性不可伪造的.
|
关 键 词: | 无证书 聚合签名 伪造签名 随机预言机 存在性不可伪造 |
Attack and Improvement on a Certificateless Aggregate Signature Scheme |
| |
Affiliation: | ,School of Science,East China Jiaotong University,Institute of Systems Engineering and Cryptography,East China Jiaotong University |
| |
Abstract: | Certificateless aggregate signature scheme can improve the efficiency of the signature verification phase,and the scheme exists two types of attacks: in type I attack,the adversary cannot access the system's master key and the user's private key,but it can replace the user's public key; in type II attack,the adversary knows the system's master key and the user's private key,but it cannot replace the user's public key. A certificateless aggregate signature scheme is secure if it can resist the two types of attacks at the same time. Most of the certificateless aggregate signature schemes prove to be safe in the random oracle model,but some schemes can not resist type II adversaries. This paper makes the certificateless aggregate signature scheme proposed by Chen as an example which gives the corresponding attack method that is suitable for some certificateless aggregate signature schemes. The attacker who has system master key can forge a valid signature for any messages while knowing two valid signatures. The new scheme is proposed and proved to be existentially unforgeable for the type I and type II adversary in the random oracle model. |
| |
Keywords: | certificateless aggregate signature forge a signature random oracle model existentially unforgeable |
本文献已被 CNKI 等数据库收录! |
|