共查询到20条相似文献,搜索用时 62 毫秒
1.
2.
现有的广义指定验证者签名方案的安全性大都是在随机预言机模型下证明的,但是在该模型下的可证安全并不意味着在现实中是安全的.基于Zhang等人提出的无随机预言机模型下的短签名方案,提出了一个在标准模型下可证安全的广义指定验证者签名方案,其强不可伪造性基于k+1平方根假设和指数知识假设,证明了提出方案在选择公钥和选择消息攻击下是无条件不可传递的.方案的签名长度为1366 bits,比现有方案的签名长度要短. 相似文献
3.
Certificateless universal designated verifier signature schemes 总被引:2,自引:0,他引:2
Universal designated verifier signature schemes allows a signature holder to designate the signature to a desire designated verifier, in such a way that only designated verifier can verify this signature, but is unable to convince anyone else of this fact.The previous constructions of universal designated verifier signature rely on the underlying public key infrastructure, that needs both signers and verifiers to verify the authenticity of the public keys, and hence, the certificates are required.This article presents the first model and construction of the certificateless universal designated verifier signature scheme, in which the certificates are not needed.The proposed scheme satisfies all the requirements of the universal designated verifier signature in the certificateless system.Security proofs are provided for the scheme based on the random oracle model, assuming that the Bilinear diffie-hellman (BDH) problem is hard to solve. 相似文献
4.
5.
张兴华 《信息安全与通信保密》2014,(2):85-87,91
基于离散对数难题提出一个指定验证人的无第三方代理多重签名方案。相比于其他代理签名方案,新方案避免了用户私钥的泄露,解决了用户代理权的撤销问题,方案签名过程不需要可信第三方的参与,只在时间戳服务器上维护一张授权期限列表。该方案满足强不可伪造性、可撤销性,可以有效地指定签名验证人且效率较高。 相似文献
6.
对一种基于身份的已知签名人的门限代理签名方案的分析 总被引:1,自引:0,他引:1
在TAMC'06上,Bao等人以双线性对为工具,首次提出了一种基于身份的已知签名人的门限代理签名方案(以下标记为BCW方案),并得出了满足强不可伪造性以及原始签名人发送签名了的授权证书时并不需要安全信道等安全性结论。本文对BCW方案进行了安全性分析,成功地给出了一种攻击,攻击者通过公开渠道获得一个合法的原始签名人发送给代理签名人的签名了的授权证书以及代理签名人已经生成的一个有效的代理签名后,能够伪造出一个新的对相同消息的代理签名,而原始签名人变为攻击者自己。由于验证者并不能验证代理签名人到底是代表谁生成了代理签名, 这样,攻击者就获得了与合法原始签名人相同的权益。为了避免这种攻击,本文提出了改进的措施,分析表明,改进措施能有效地弥补了该方案的安全缺陷。 相似文献
7.
针对目前人们提出的一些基于身份的强指定验证者签名方案安全性证明存在缺陷以及签名方案效率不高的问题,分析了基于身份的强指定验证者签名方案必须满足的安全特性,利用双线性映射设计出一种新的基于身份的强指定验证者签名方案,采用密码学安全性分析的方法对新方案进行安全性证明。结果表明,新方案满足不可传递性、不可伪造性及签名者身份的匿名性,且具有较高的签名效率。 相似文献
8.
Strongly unforgeable threshold multi‐proxy multi‐signature scheme with different proxy groups 下载免费PDF全文
In the majority of threshold multi‐proxy multi‐signature (TMPMS) schemes, only one proxy group is authorized to sign on behalf of all the original members. However, the original signers in various practical applications are often from different organizations. Each original signer should be able to designate a proxy group in his own organization; thus, each original signer could have distinct proxy members. However, this practical requirement of TMPMS schemes is seldom considered. To satisfy this requirement, we propose a new TMPMS scheme in which each original member can designate a proxy group in his own organization. Moreover, the threshold value of each proxy group is unique. We develop a security model to prove the high security and strong unforgeability of the proposed scheme. We analyze the security of our scheme based on the four types of adversaries tested in the security model. Compared with previous schemes, the new scheme offers higher security and superior computational efficiency. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
9.
JuHee Ki Jung Yeon Hwang DaeHun Nyang Beom‐Hwan Chang Dong Hoon Lee Jong‐in Lim 《ETRI Journal》2012,34(2):235-244
An identity‐based strong designated verifier signature scheme provides restricted verifiability only for a verifier designated by a signer and proper privacy for the signer. In this paper, we show that strong designated verifier signature schemes do not satisfy the self‐unverifiability requirement in the sense that not only exposure of the verifier's secret key but also of the signer's secret key enables an attacker to verify signatures, which should have been the exclusive right of the verifier. We also present a generic method to construct a strong identity‐based designated verifier signature scheme with self‐unverifiability from identity‐based key encapsulation and identity‐based key sharing schemes. We prove that a scheme constructed from our method achieves unforgeability, non‐transferability, and self‐unverifiability if the two underlying components are secure. To show the advantage of our method, we present an example that outputs short signatures and we analyze its performance. 相似文献
10.
11.
12.
Because of its wide application in anonymous authentication and attribute-based messaging, the attribute-based signature scheme has attracted the public attention since it was proposed in 2008. However, most of the existing attribute-based signature schemes are no longer secure in quantum era. Fortunately, lattice-based cryptography offers the hope of withstanding quantum computers. And lattices has elevated it to the status of a promising potential alternative to cryptography based on discrete log and factoring, owing to implementation simplicity, provable security reductions and quantum-immune. In this paper, the first lattice attribute-based signature scheme in random oracle model is proposed, which is proved existential unforgeability and perfect privacy. Compared with the current attribute-based signature schemes, our new attribute-based signature scheme can resist quantum attacks and has much shorter public-key size and signature size. Furthermore, this scheme is extended into an attribute-based signature scheme on number theory research unit (NTRU) lattice, which is also secure even in quantum era and has much higher efficiency than the former. 相似文献
13.
为了满足在司法行政、电子政务等领域的应用需求,提出了无证书强指定验证者多重签名的概念和敌手模型,利用双线性对构造了第一个无证书强指定验证者多重签名方案,在计算双线性Diffie-Hellman问题和计算Diffie-Hellman问题假设下证明了该方案是存在性不可伪造的,而且该方案满足强指定验证者签名和多重签名应具备的性质。方案执行效率高,生成的指定验证者多重签名长度仅为160 bit,签名验证时需要的双线性对运算个数是固定的,仅需一个双线性对。所以,即使在计算资源与网络带宽受限的无线网络中方案也非常实用。 相似文献
14.
基于双线性对运算,提出了一个只能被指定验证者验证的新的短签名方案.把消息的签名从基于RSA签名算法的1024比特下降到170比特左右,降低了网络数据流量,有效地避免了网络中常见的阻塞问题,提高了网络使用率.同时满足了只有签名者指定的验证人才能正确验证该签名的正确性,可以有效防止对与签名人相关信息的泄露.在计算性Diffie-Hellman问题困难假设下利用随机预言模型证明了该方案的安全性.并且根据实际情况下的遗嘱签定,给出了遗嘱签定协议的具体应用. 相似文献
15.
16.
无证书签名具有基于身份密码体制和传统公钥密码体制的优点,可解决复杂的公钥证书管理和密钥托管问题.Wu和Jing提出了一种强不可伪造的无证书签名方案,其安全性不依赖于理想的随机预言机.针对该方案的安全性,提出了两类伪造攻击.分析结果表明,该方案无法实现强不可伪造性,并在"malicious-but-passive"的密钥生成中心攻击下也是不安全的.为了提升该方案的安全性,设计了一个改进的无证书签名方案.在标准模型中证明了改进的方案对于适应性选择消息攻击是强不可伪造的,还能抵抗恶意的密钥生成中心攻击.此外,改进的方案具有较低的计算开销和较短的私钥长度,可应用于区块链、车联网、无线体域网等领域. 相似文献
17.
18.
19.
We revisit the security definitions of blind signatures as proposed by Pointcheval and Stern (J Cryptol 13(3):361–396, 2000). Security comprises the notions of one-more unforgeability, preventing a malicious user to generate more signatures than requested, and of blindness, averting a malicious signer to learn useful information about the user’s messages. Although this definition is well established nowadays, we show that there are still desirable security properties that fall outside of the model. More precisely, in the original unforgeability definition is not excluded that an adversary verifiably uses the same message m for signing twice and is then still able to produce another signature for a new message \(m'\ne m\). Intuitively, this should not be possible; yet, it is not captured in the original definition, because the number of signatures equals the number of requests. We thus propose a stronger notion, called honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that turns any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one. 相似文献
20.
Xiaolei Dong Haifeng Qian Zhenfu Cao 《Wireless Communications and Mobile Computing》2009,9(2):217-225
In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd. 相似文献