摘要
无证书密码学不需要使用证书,也没有密钥托管问题,是目前的一个研究热点。最近,有学者分别提出了一种高效的无证书签名方案。通过对这两个方案进行分析,指出这两个方案都不满足存在不可伪造性。证明这两个方案对于公钥替换攻击是不安全的,即敌手通过替换用户的公钥可以伪造该用户对任意消息的签名,并给出了详细的攻击过程。
Certificateless cryptography does not need to use certificates and does not suffer from key-escrow problem. Therefore, certificateless cryptography has received much more attention. Recently, Some scholars proposed an efficient certificateless signature scheme respectively. In this paper, we analyse these two schemes and show that neither of them satisfies the property of being unforgeability. We also prove that these two schemes are insecure on replacement attacks against the public key. That is, an adversary could forge a signature for any message of any user by substituting the public key of the user. We also describe the attacking process in detail.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第6期316-317,328,共3页
Computer Applications and Software
关键词
密码分析
无证书签名
公钥替换攻击
Cryptanalysis
Certificateless signature
Public key replacement attacks