两种签密方案的安全性分析及改进

签密是能够在同一算法中提供认证性和机密性的密码方案，而所需要的计算量、通信成本和密文长度比先签名后加密的分开来实现要低，有较多的实际应用需求。多签密方案是多个签密者对同一明文执行签密操作。该文分析了两个签密方案：Li等(2006)提出的签密方案和Zhang等(2008)提出的多签密方案，并通过选择明文攻击证明二者不能不具有语义安全性，并在此基础上提出了改进的方案，采用隐藏消息明文方法抵抗选择明文攻击，采用多签密成员签名认证的方法防止多成员签密密文被篡改，可抵抗选择明文攻击和选择身份攻击，达到语义安全性。

Analysis and Improvement of Two Signcryption Schemes

Signcryption is a cryptographic primitive that simultaneously performs the functions of both digital signature and encryption in a way that is more efficient than signing and encrypting separately. Multi-signcryption is an extension of signcryption scheme for multi-signers performing together the signcryption operation on the same message. Two signcryption schemes, including signcryption proposed by Li et al.(2006), and multi-signcryption scheme by Zhang et al.(2008), are proved not to resist on chosen-plaintext attack and chosen-identity attack under the CPA adversary. Furthermore, the improved signcryption and multi-signcryption schemes are put forward that providing security properties including CPA, CCA2, and public verifiability, which deploy the message hidden method to resist on the chosen-plaintext attack, and multiple signer members authentication to protect the multi-signers’ ciphertexts not be interpolated.