两类新的基于证书签名方案的安全性分析

通过对翟正元等人新近提出的基于证书的代理盲签名方案进行了分析,发现该签名方案并不安全,至少能够受到两种替换公钥攻击.攻击者通过替换原始签名的公钥或者替换代理签名者的公钥都能够做到对任意选择的消息成功伪造签名.另外,对陈建能等人给出的基于证书聚合签名进行了安全性分析,指出该签名方案同样能够受到替换公钥攻击.所给出这些的攻击方法对于基于证书签名的构造具有借鉴意义.

Cryptanalysis of Two New Certificate-Based Signature Schemes

A new certificate-based proxy blind signature scheme is analyzed, which is proposed by Di Zhengyuan etc.. However, this scheme is insecure, because it can suffer from at least two types of public key replacement attack. That is, any one can replace the public key of the original singer or the public key of the proxy singer, and then forge a valid proxy signature on any message. In addition, the new certificate-based aggregate signature scheme propose by Chen Jianneng etc., is analyzed. The result showed that their signature scheme also can suffer from the public key replacement attack. Furthermore, the attack method in this paper has valuable reference to the construction of the type of certificate-based proxy signature.