摘要
无证书签名能有效解决密钥管理和密钥托管问题,它的这个优越特性使得它成为密码学研究的热点之一.然而许多提出的无证书签名方案都存在一些安全漏洞,使得这些方案不满足不为伪造的特性.对最近提出的两个高效的无证书签名方案进行了安全分析,分别指出这两个方案存在的两种安全攻击(1)公钥替换攻击;(2)一般伪造攻击.同时,针对这些问题提出了改进的方案,并对改进后的方案进行了安全和性能分析.分析显示,改进的方案在几乎不增加计算和通信代价的情况,能满足不为伪造的特性.因此,改进的方案相比原方案具有更好的执行效率.
Certificateless signature efficiently solves the problems of the key management and key escrow, and the excellent property of certificateless signature makes it become one of the hot spot in the area of cryptography. However, many existing certificateless signature schemes had some security drawbacks which made theme not satisfy the property of unforgeability. This paper analyzes the security of two efficient cerfiticateless signature schemes which had been proposed recently and points out that two schemes exist two kinds of attacks ( 1 ) public key replacement attack; ( 2 ) normal forgeability attack. At the same time, an improved scheme which aims to these problems is proposed, and the efficiency and security are analyzed. The analysis shows that the improved scheme can satisfy the unforgeability property almost without adding computational cost and communicational cost. Therefore, the improved scheme has better performance than the original scheme.
出处
《小型微型计算机系统》
CSCD
北大核心
2016年第10期2264-2268,共5页
Journal of Chinese Computer Systems
基金
上海市教育委员会科研创新基金重点项目(14ZZ167)资助
国家自然科学基金项目(61103213)资助
软件工程(软件服务工程)(XXKZD1301)资助
广西自然科学基金项目(2014GXNSFAA11838-2)资助
上海市自然科学基金项目(13ZR1417300)资助
关键词
密码学
无证书签名
代理盲签名
密码分析
公钥替换
cryptography
certificateless signature
proxy blind signature
cryptanalysis
public key replacement