共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
对一种基于身份的已知签名人的门限代理签名方案的分析 总被引:1,自引:0,他引:1
在TAMC'06上,Bao等人以双线性对为工具,首次提出了一种基于身份的已知签名人的门限代理签名方案(以下标记为BCW方案),并得出了满足强不可伪造性以及原始签名人发送签名了的授权证书时并不需要安全信道等安全性结论。本文对BCW方案进行了安全性分析,成功地给出了一种攻击,攻击者通过公开渠道获得一个合法的原始签名人发送给代理签名人的签名了的授权证书以及代理签名人已经生成的一个有效的代理签名后,能够伪造出一个新的对相同消息的代理签名,而原始签名人变为攻击者自己。由于验证者并不能验证代理签名人到底是代表谁生成了代理签名, 这样,攻击者就获得了与合法原始签名人相同的权益。为了避免这种攻击,本文提出了改进的措施,分析表明,改进措施能有效地弥补了该方案的安全缺陷。 相似文献
3.
在指定验证者代理签名中,原始签名者把自己的签名权力授权给一个代理签名者,后者可以代表前者签名消息,但是仅仅只有指定验证者能够相信签名的有效性。已知的指定验证者代理签名方案的安全性证明都是在随机预言机模型中的,该文中基于Waters签名方案,首次提出无随机预言机下可证安全的指定验证者代理签名方案。在弱Gap Bilinear Diffie-Hellman假设下,证明所提方案能够抵抗适应性选择消息攻击下的存在性伪造。 相似文献
4.
This paper presents a self‐certified digital signature scheme with message recovery that is proven to be secure. So far, many schemes of this kind have been proposed to keep message secret in the transmission. But Zhang et al. has proposed the man‐in‐middle attack to Shao's self‐certified signature scheme, which is based on discrete logarithm. The attacker can make a new signature by using an old one, but the reason of such man‐in‐middle attack was not referred. We present the scheme of Yoon et al., which is also based on discrete logarithm, that cannot resist man‐in‐middle attack either, give the analysis of the attack, and propose a new scheme. The proposed scheme can resist forgery attack in the random oracle model and avoid message leakage, the man‐in‐middle attack, and meanwhile has several security characters. Compared with some self‐certified schemes, our scheme is the best because of the time cost. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
5.
Shin-Jia Hwang En-Ti Li 《Communications Letters, IEEE》2003,7(4):195-196
Due to the special requirements of the mobile code system, Shieh et al. (see IEEE Trans. Veh. Technol., vol.49, p.1464-73, July 2000) proposed some multisignature schemes based on a new digital signature scheme with message recovery. One major characteristic of these schemes is to avoid using one-way hash functions and message redundancy schemes. However, this causes some security flaw. An attack is proposed to show that the underlying signature scheme is not secure. To overcome the attack, the message redundancy schemes may be still used. 相似文献
6.
Chin-Chen Chang Ya-Fen Chang 《Communications Letters, IEEE》2004,8(8):485-487
In 2000, Shieh et al. proposed some multisignature schemes based on a new digital signature scheme to satisfy the special requirements of the mobile system. In these schemes, one-way hash functions and message redundancy schemes are not used. Later, Hwang and Li indicated that Shieh et al.'s digital signature scheme suffers from the forgery attacks. They also claimed that message redundancy schemes should still be used to resist some attacks. In this letter, we show another attack on Shieh et al.'s signature scheme and propose a secure digital signature scheme, where neither one-way hash functions nor message redundancy schemes are employed. 相似文献
7.
利用双线性群,在代理重签名机制和盲签名机制的基础上,提出了一个有效的无证书盲代理重签名方案。方案中解决了密钥托管问题及证书管理带来的额外开销,同时实现了代理者在签名转换中消息隐私特性。基于NGBDH问题和Many-NGBDH的困难性,证明了新方案具有能够抵抗伪造攻击的特性。该方案满足正确性和消息盲性。 相似文献
8.
现有的广义指定验证者签名方案的安全性大都是在随机预言机模型下证明的,但是在该模型下的可证安全并不意味着在现实中是安全的.基于Zhang等人提出的无随机预言机模型下的短签名方案,提出了一个在标准模型下可证安全的广义指定验证者签名方案,其强不可伪造性基于k+1平方根假设和指数知识假设,证明了提出方案在选择公钥和选择消息攻击下是无条件不可传递的.方案的签名长度为1366 bits,比现有方案的签名长度要短. 相似文献
9.
Maryam Rajabzadeh Asaar Mahmoud Salmasizadeh Mohammad Reza Aref 《International Journal of Communication Systems》2018,31(6)
Signatures with partially message recovery in which some parts of messages are not transmitted with signatures to make them shorter are helpful where bandwidth is one of the critical concern. This primitive is especially used for signing short messages in applications such as time stamping, certified email services, and identity‐based cryptosystems. In this paper, to have quantum‐attack‐resistant short signatures, the first signature scheme with partially message recovery based on coding theory is presented. Next, it is shown that the proposal is secure under Goppa Parametrized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. Relying on the partially message recovery property, the proposal is shorter than Dallot signature scheme, the only provably secure and practical code‐based signature scheme, while it preserves Dallot signature efficiency. We should highlight that our scheme can be used as a building block to construct short code‐based signature schemes with special properties. To show this, we present a provably secure short designated verifier signature scheme, a nontransferable form of short signatures, which is used in electronic voting and deniable authentication protocols. 相似文献
10.
11.
Xiaolei Dong Haifeng Qian Zhenfu Cao 《Wireless Communications and Mobile Computing》2009,9(2):217-225
In electronic communication and wireless communication, message authentication should be necessary. However, traditional method message authentication code (MAC) employs a symmetric cryptographical technique and it needs to keep a shared private key between two parties. For convenience, people now begins to use public key techniques to provide message authentication. In wireless communication, we shall save more space for message itself because of the limited resources. Therefore, we believe that our proposed digital signature scheme will be more fitful for this kind of communication due to the following merits: (1) in addition to inheriting the merits of RSA signature such as high verification efficiency, the proposed scheme also shows its advantage over RSA by resisting low public key exponent attack; (2) comparing with 1024 bits RSA, our digital signature scheme can sign 2048‐bit long message once, and generate a signature with 1025 bits length which doubles the capacity of the 1024‐bit RSA signature; (3) the scheme is provably secure and its security is tightly related to the hardness of conic‐based (CB)‐RSA assumption. Copyright © 2008 John Wiley & Sons, Ltd. 相似文献
12.
《中国邮电高校学报(英文版)》2014,21(6):52-60
The notion of the identity-based (id-based) strong designate verifier signature (SDVS) was extent to the lattice-based cryptography. The authors proposed an id-based SDVS scheme over lattices by using the basis delegation technical in fixed dimension. The proposed scheme is based on the hardness of the learning with errors (LWE) problem, and the unforgeability against adaptive chosen message and selective identity attack is based on the hardness of the short integer solution (SIS) problem in the random oracle model. If the parameters m, n and q are the same, the signature length of this scheme is only 3mlbq bits shorter than (3m+n)lb q bits which is the signature length of the known lattice-based SDVS scheme in the public key environment. As a result, the proposed scheme is not only id-based but also efficient about the signature length and the computation cost. Moreover, this article also proposed an id-based strong designate verifier ring signature (SDVRS) scheme based on the proposed SDVS scheme, which satisfies anonimity, unforgeability. 相似文献
13.
14.
为了加强ElGamal型数字签名方案的安全性,最近祁明等人对两类ElGamal型数字签名方案的安全性和基于两类签名方案的通行字认证方案进行了分析和讨论,并且提出了两类改进型的方案.本文首先指出了他们提出的第一个p型方案是不安全的,攻击者可以伪造任意消息的数字签名.本文证明了广义ElGamal型数字签名方案都不能抵御代换攻击.本文最后还证明了他们提出的两类改进型方案也不能抵御同态攻击,因而并不具有所说的安全性. 相似文献
15.
分析了Ad Hoc网络中DSR按需路由发现原理及黑洞攻击原理,针对DSR路由协议面临的黑洞攻击问题,提出了一种基于JYH聚合签名算法的路由记录认证机制,新方案在DSR路由请求和路由应答消息中定义了路径证明属性,并设计了与之适应的输入签名算法和输出验证算法;最后,采用形式化逻辑SVO方法对该路由记录认证机制的安全性进行了分析。分析表明,提出的路由记录认证机制可以有效抵御针对DSR路由协议的黑洞攻击。 相似文献
16.
17.
18.
Zhiwei Wang 《电子科学学刊(英文版)》2010,27(4):528-530
Digital signature is one of the most important cryptographic primitives. We proposed a new digital signature scheme based
on Catalano’s trapdoor. Since Catalano’s trapdoor is more efficient than existing trapdoors in number theory, our scheme need
not modular exponentiation but several modular multiplications in the signing algorithm. We also proved our scheme is provably
secure against adaptively chosen message attack by using the Forking lemma. 相似文献
19.
Cheng Xiangguo Liu Jingmei Guo Lifeng Wang Xinmei 《电子科学学刊(英文版)》2006,23(4):569-573
I. Introduction A multisignature allows any subgroup of a given group of potential signers to jointly sign a message such that a verifier is convinced that each member of the subgroup participated in signing. An aggre-gate signature, recently proposed by Boneh et al.[1], however, is a scheme that allows n members of a given group of potential signers to sign n different messages and all these signatures can be aggregated into a single signature. This single signature will convince the verifie… 相似文献