摘要
签密是一种能够同时提供加密和认证功能的密码体制.该文首次将签密的应用范围推广到仅需要机密性或完整性的场合,提出了广义签密的定义.广义签密不仅具有一般签密的属性,针对特定的输入还可提供单独的加密或签名功能.基于椭圆曲线数字签名标准ECDSA,文中提出一个广义签密方案SC-ECDSA,无特定验证方时等价于ECDSA签名,无特定发送方时等价于AtE(OTP$,MAC)结构加密,第三方可在ECDSA的模式下公开验证.在Random Oracle模型上证明了该方案的安全性:CUF-CPA的机密性、与ECDSA同等的不可伪造性和不可否认性.效率分析表明,在适当的安全参数下SC-ECDSA的计算量比目前最快的SCS签密降低了78%.
Signcryption is a new cryptographic primitive that simultaneously fulfills both the functions of signature and encryption. The definition of generalized signcryption is proposed in the paper firstly. Generalized signcryption has a special feature that provides confidentiality or authentici ty separately under specific inputs. So it is more useful than common ones. Based on ECDSA, a signcryption scheme called SC ECDSA is designed. It will be equivalent to an AtE(OTPs, MAC) encryption scheme or ECDSA when one of party is absent. A third party can verify the signcryption text publicly in the method of ECDSA. Security properties are proven based on Random Ora cle mode: Confidentiality(CUF-CPA), unforgeability(UF-CMA) and non-repudiation. For typical security parameters for high level security applications, compared with the others, SC ECDSA presents a 78% reduction in computational cost.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第11期2003-2012,共10页
Chinese Journal of Computers
基金
国家自然科学基金(60473029)资助.
