电子学报 ›› 2019, Vol. 47 ›› Issue (9): 1972-1978.DOI: 10.3969/j.issn.0372-2112.2019.09.022

• 学术论文 • 上一篇    下一篇

一种标准模型下无证书签名方案的安全性分析与改进

杨小东, 王美丁, 裴喜祯, 李雨潼, 陈春霖, 麻婷春   

  1. 西北师范大学计算机科学与工程学院, 甘肃兰州 730070
  • 收稿日期:2018-07-21 修回日期:2018-11-13 出版日期:2019-09-25 发布日期:2019-09-25
  • 作者简介:杨小东.Email:y200888@163.com;王美丁.E-mail:775631303@qq.com;裴喜祯.E-mail:15635293587@163.com;李雨潼.E-mail:lytnwnu@163.com;陈春霖.E-mail:chenchunlin731@163.com;麻婷春.E-mail:nwnumtch@163.com
  • 基金资助:
    国家自然科学基金(No.61662069,No.61562077);中国博士后科学基金(No.2017M610817);兰州市科技计划项目(No.2013-4-22);西北师范大学青年教师科研能力提升计划项目(No.WNU-LKQN-14-7)

Security Analysis and Improvement of a Certificateless Signature Scheme in the Standard Model

YANG Xiao-dong, WANG Mei-ding, PEI Xi-zhen, LI Yu-tong, CHEN Chun-lin, MA Ting-chun   

  1. College of Computer Science and Engineering, Northwest Normal University, Lanzhou, Gansu 730070, China
  • Received:2018-07-21 Revised:2018-11-13 Online:2019-09-25 Published:2019-09-25

摘要: 无证书签名具有基于身份密码体制和传统公钥密码体制的优点,可解决复杂的公钥证书管理和密钥托管问题.Wu和Jing提出了一种强不可伪造的无证书签名方案,其安全性不依赖于理想的随机预言机.针对该方案的安全性,提出了两类伪造攻击.分析结果表明,该方案无法实现强不可伪造性,并在"malicious-but-passive"的密钥生成中心攻击下也是不安全的.为了提升该方案的安全性,设计了一个改进的无证书签名方案.在标准模型中证明了改进的方案对于适应性选择消息攻击是强不可伪造的,还能抵抗恶意的密钥生成中心攻击.此外,改进的方案具有较低的计算开销和较短的私钥长度,可应用于区块链、车联网、无线体域网等领域.

关键词: 无证书签名, 伪造攻击, 公钥, 私钥, 数字签名, 密码学

Abstract: Certificateless signature combines the advantages of identity-based cryptosystem and traditional public-key cryptosystem to solve the problems of complex public key certificate management and key escrow.Wu and Jing proposed a strongly unforgeable certificateless signature scheme whose security does not depend on the ideal random oracle.In this paper,two types of forgery attacks are proposed for the security of this scheme.The analysis results show that this scheme cannot achieve strong unforgeability and is insecure under the "malicious-but-passive" key generation center attack.To enhance the security of this scheme,an improved certificateless signature scheme is presented.The improved scheme is proved to be strongly unforgeable against adaptive chosen-message attacks and can also resist malicious key generation center attacks.In addition,the improved scheme has lower computational overhead and shorter private key length,and can be applied to blockchain,Internet of vehicles,wireless body area network and other fields.

Key words: certificateless signature, forgery attack, public key, private key, digital signature, cryptography

中图分类号: