论文部分内容阅读
给出杨波等基于证书签名方案的一个伪造攻击,攻击显示诚实但好奇的认证中心可在不知用户秘密值的情况下,仅通过选取随机参数便能成功伪造任意用户对任意消息的有效签名.分析发现原方案不安全的原因在于证书生成阶段计算的承诺值R并没有作为签名阶段Hash函数的输入之一,通过将R增加为Hash函数的输入,给出了一个改进方案.改进方案在效率上与原方案是同等的,在离散对数困难性假设下可证明是安全的.
This paper presents a counterfeit attack based on certificate signing scheme such as Yang Bo, which shows that the honest but curious authentication center can successfully forge any user’s valid signature of any message by selecting random parameters without knowing the user secret value. The reason why the original scheme is not secure is that the commitment value R calculated in the certificate generation phase is not one of the inputs of the Hash function in the signature stage and an improved scheme is given by adding R to the input of the Hash function. Equivalent to the original scheme, it proved to be safe under the assumption of discrete logarithm difficulties.