论文部分内容阅读
给出樊爱宛等无证书签名方案的一个伪造攻击,攻击显示第Ⅰ类强攻击者能成功伪造任意用户对任意消息的有效签名.分析发现原方案不安全的原因在于,签名阶段选取的随机数没有与消息M关联起来,通过将签名阶段选取的随机数与消息M相关的Hash函数值进行绑定的方式给出了改进方案,其中安全性最优的方案在签名阶段只需1个点乘,在验证阶段需要4个点乘,可抵抗第Ⅰ类超级攻击者、第Ⅱ类超级攻击者的攻击;其余方案在签名阶段只需1个点乘,在验证阶段需要3个点乘,可抵抗第Ⅰ类强攻击者、第Ⅱ类超级攻击者的攻击,针对现实世界的攻击者是安全的.改进方案在椭圆曲线离散对数困难性假设下是可证明安全的.
A counterfeit attack is given, such as Fan Ai-wan and other certificateless signature schemes. The attack shows that class I strong attacker can successfully forge any valid signature of any user on any message. The analysis shows that the original scheme is not secure because the random number selected in the signature phase has no Associated with the message M, an improved scheme is proposed by binding the random numbers selected by the signature stage to the Hash function values related to the message M, in which the most secure scheme needs only 1 point multiplication in the signature phase, In the verification stage, four points multipliers are needed to resist the attacks of the first type of super-attacker and the second-class super attacker. The remaining schemes need only 1 point multiplication in the signing stage and 3 points multiplication in the verification stage, which can resist Attacks by class I strong attackers and class II super attackers are safe against real-world attackers. The improved scheme is provably safe under the assumption that the elliptic curve discrete logarithm is difficult.