摘要
无证书密码体制既能避免基于身份的密码体制中存在的密钥托管问题,又能简化公钥证书的管理,具有巨大的优越性。对四个无证书签密方案进行了密码分析,指出有两个方案存在保密性攻击,有三个方案存在伪造性攻击。使用签名部分绑定接收者、加密部分绑定发送者和增加随机数的方法,分别对它们进行了改进。在随机预言机模型中,对改进方案进行了安全性证明,表明改进方案是安全的。
Certificateless cryptography eliminates the key escrow problem inherent in identity based cryptosystems, and simplifies the certificate management in the traditional public key cryptosystem, which has great superiority. Four certificateless signcryption schemes were analyzed, which shows there exist confidentiality attacks in two schemes and forgeability attacks in three schemes. The four schemes were improved by using the methods of binding receiver in signature part, binding sender in encryption part and including random number in signcryption part respectively. Finally, the improved schemes were proved in the random oracle model, and it shows the improved schemes are secure.
出处
《计算机工程与科学》
CSCD
北大核心
2013年第8期69-76,共8页
Computer Engineering & Science
基金
江西省教育厅科技项目(GJJ12614)
关键词
无证书签密
保密性攻击
伪造性攻击
公钥替换攻击
随机预言机模型
certificateless signcryption
confidentiality attacks
forgeability attacks
public key re-placement attacks
random oracle model