对一种无证书聚合签名方案的攻击与改进
摘要:
无证书聚合签名方案能够有效提高签名验证阶段的效率,其存在两类攻击,在类型I攻击中,攻击者不知道系统主密钥和用户的部分私钥,但能替换用户的公钥;在类型II攻击中,攻击者知道系统主密钥和用户的部分私钥,但不能替换用户公钥.无证书聚合签名方案只有同时能够抵抗这两类攻击,才能说明方案是安全的.大多数无证书聚合签名方案在随机预言机模型下证明了其安全性,但是有些方案不能抵抗类型II攻击.以陈提出的无证书聚合签名方案为例,给出一种适用于一些无证书聚合签名方案的对应攻击方法.攻击者在拥有系统主密钥的情况下,根据两个有效的签名可以伪造出任意一个消息的有效签名.在此基础上提出了一个改进的无证书聚合签名方案,并在随机预言机模型下证明了新方案针对类型I攻击和类型II类攻击是存在性不可伪造的.
Certificateless aggregate signature scheme can improve the efficiency of the signature verification phase,and the scheme exists two types of attacks: in type I attack,the adversary cannot access the system's master key and the user's private key,but it can replace the user's public key; in type II attack,the adversary knows the system's master key and the user's private key,but it cannot replace the user's public key. A certificateless aggregate signature scheme is secure if it can resist the two types of attacks at the same time. Most of the certificateless aggregate signature schemes prove to be safe in the random oracle model,but some schemes can not resist type II adversaries. This paper makes the certificateless aggregate signature scheme proposed by Chen as an example which gives the corresponding attack method that is suitable for some certificateless aggregate signature schemes. The attacker who has system master key can forge a valid signature for any messages while knowing two valid signatures. The new scheme is proposed and proved to be existentially unforgeable for the type I and type II adversary in the random oracle model.
作者:
汤鹏志 郭红丽 张婷婷 陈祚松 胡凯雨 周庆
机构地区:
华东交通大学理学院 华东交通大学系统工程与密码学研究所
出处:
《betway官方app 学报:自然科学版》 CAS 北大核心 2017年第1期71-78,共8页
基金:
国家自然科学基金(11361024 11261019) 江西省自然科学基金项目(20151BAB201002) 江西省研究生创新专项资金项目(YC2015-S255)
关键词:
无证书 聚合签名 伪造签名 随机预言机 存在性不可伪造
certificateless aggregate signature forge a signature random oracle model existentially unforgeable
分类号:
TP309.2 [自动化与计算机技术—计算机系统结构]