摘要
对新近提出的两个高效无证书签名方案进行安全性分析,指出这两个签名方案都能受到替换公钥攻击。任意攻击者都可以通过替换签名人的公钥从而达到对任意选择的消息成功伪造签名,分析这两个签名方案能受到替换公钥攻击的根本原因。最后通过这两个攻击总结分析了无证书签名方案设计过程需要注意的要点,这对无证书签名方案的设计具有借鉴意义。
We analyse the security of two efficient certificateless signature schemes presented recently, and point out that they can all suffer from the public-key replacement attack.Any attacker can forge valid signature successfully on the message optionally selected by replacing the keys of the singers.We also analyse the primary reason of the public-key replacement attack against these two signature schemes.Finally, through these two attacks we summarise and analyse some key points that have to pay attention to in the process of certificateless signature schemes design, which is of referential significance to the design of the certificateless signature schemes.
出处
《计算机应用与软件》
CSCD
北大核心
2014年第12期311-313,322,共4页
Computer Applications and Software
基金
国家自然科学基金项目(61373140)
福建省教育厅项目(JA12291)
莆田学院教改项目(JG2012020)
关键词
数字签名
无证书
替换公钥攻击
双线性对
安全性分析
Digital signature
Certificateless
Public-key replacement attack
Bilinear pairings Security analysis