Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (21): 106-110.DOI: 10.3778/j.issn.1002-8331.2010.21.030

• 网络、通信、安全 • Previous Articles     Next Articles

Analysis and improvement of two digital signature schemes without certifi-
cates

NONG Qiang,HAO Yan-hua,HUANG Ru-fen   

  1. 1.Department of Computer Science and Engineering,Zhangzhou Normal University,Zhangzhou,Fujian 363000,China
    2.Key Laboratory of Information Security Technology,Zhangzhou Normal University,Zhangzhou,Fujian 363000,China
  • Received:2009-01-12 Revised:2009-03-25 Online:2010-07-21 Published:2010-07-21
  • Contact: NONG Qiang

对两种无需证书的数字签名方案的分析及改进

农 强,郝艳华,黄茹芬   

  1. 1.漳州师范学院 计算机科学与工程系,福建 漳州 363000
    2.漳州师范学院 信息安全技术福建省高等学校重点实验室,福建 漳州 363000
  • 通讯作者: 农 强

Abstract: It is pointed out that Fan et al’s certificateless proxy signature scheme and Ming et al’s certificateless universal designated verifier signature scheme are both insecure against public key replacement attack.At the same time,Fan et al’s scheme can not resist the original signer changing attack.An adversary can forge a valid signature on the same message which is generated by these proxy signers on behalf of this attacker himself.Besides,it is pointed out that there exists a defect in Ming et al’s security proof of certificateless signature by using the replay technique directly.By hashing the public key with the proxy authorized certificate to avoid these attacks,the improved schemes can improve the security efficiently and also retain the other merits of the original schemes.

Key words: certificateless public-key cryptography, proxy signature, universal designated verifier signature, public key replacement attack

摘要: 指出樊睿等人的基于无证书的代理签名方案和明洋等人的基于无证书的广义指定验证者签名方案都无法抵抗替换公钥攻击,同时樊睿等人的方案也无法抵抗原始签名人改变攻击,攻击者可以伪造一个他授权代理签名人对相同消息的代理签名,此外,还指出明洋等人在安全性证明中将重放技术直接应用在无证书环境中是不正确的。通过将代理授权证书和用户的公钥作为密码哈希函数的输入,使攻击者无法替换用户的公钥及更改代理授权证书,改进方案有效提高了原方案的安全性,同时保留了原方案的其他优点。

关键词: 无证书公钥密码体制, 代理签名, 广义指定验证者签名, 替换公钥攻击

CLC Number: