Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (5): 98-100.

• 网络、通信、安全 • Previous Articles     Next Articles

Cryptanalysis of two certificateless signature schemes

LI Bingfang1,2,RU Xiujuan3,ZHANG Shanshan4   

  1. 1.Department of Basic Course,Shaanxi Railway Institute,Weinan,Shaanxi 714000,China
    2.School of Communication and Engineering,Xidian University,Xi’an 710071,China
    3.Department of Computer,Kaifeng University,Kaifeng,Henan 475004,China
    4.Department of Mathematics,Baoji University of Arts and Sciences,Baoji,Shaanxi 721007,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-02-11 Published:2011-02-11

对两类无证书签名方案的密码学分析

李兵方1,2,茹秀娟3,张姗姗4   

  1. 1.陕西铁路工程职业技术学院 基础课部,陕西 渭南 714000
    2.西安电子科技大学 通信工程学院,西安 710071
    3.开封大学 公共计算机教研部,河南 开封 475004
    4.宝鸡文理学院 数学系,陕西 宝鸡 721007

Abstract: A certificateless signature scheme presented by Xu et al and a certificateless proxy signature scheme presented by Fan et al are cryptanalyzed.It is showd that Xu et al’s scheme is universally forgeable,and in Fan et al’s scheme,an original signer disclosed his private key when he delegates his signing ability to a proxy signer.Furthermore,Fan et al’s scheme cannot resist a public-key replacement attack.The attack shows that anyone who replaces an original signer’s public key and a proxy signer’s public key can forge valid proxy signatures on behalf of the proxy signer without knowledge of the proxy signer’s proxy private key.

Key words: certificateless signature, proxy signature, public-key replacement attack

摘要: 对Xu等提出的无证书签名方案和Fan的无证书代理签名方案进行了安全性分析,指出Xu的签名方案是可以普遍伪造的。而Fan的代理签名方案中,原始签名人在授权过程中泄露了自己的私钥,且该代理签名不能抵抗公钥替换攻击,即任何人(没有代理私钥)只要替换了原始签名人和代理签名人的公钥就可以伪造代理签名人的代理签名。

关键词: 无证书签名, 代理签名, 公钥替换攻击