强不可伪造的基于身份服务器辅助验证签名方案

标准模型下的基于身份签名方案大多数是存在性不可伪造的,无法阻止攻击者对已经签名过的消息重新伪造一个合法的签名,并且验证签名需要执行耗时的双线性对运算。为了克服已有基于身份签名方案的安全性依赖强和计算代价大等缺陷,提出了一个强不可伪造的基于身份服务器辅助验证签名方案,并在标准模型下证明了新方案在合谋攻击、自适应选择身份和消息攻击下是安全的。分析结果表明,新方案有效减少了双线性对的计算量,大大降低了签名验证算法的计算复杂度,在效率上优于已有的基于身份签名方案。     

安全的无可信PKG的部分盲签名方案

利用gap Diffie-Hellman(GDH)群,在部分盲签名机制的基础上,提出了一个有效的基于身份的无可信私钥生成中心(PKG,private key generator)的部分盲签名方案.方案中PKG不能够伪造合法用户的签名,因为它只能生成一部分私钥.在随机预言模型下,新方案能抵抗适应性选择消息攻击和身份攻击下的存在性伪造,其安全性依赖于CDHP问题.该方案满足正确性和部分盲性,与Chow方案相比具有较高的效率.     

对一类群签名方案的伪造攻击

该文对王晓明等(2003)和林松等(2006)最近依据Tseng-Jan(1999)群签名方案各自提出的一种改进群签名设计了两种伪造攻击策略。利用该伪造攻击,攻击人不需要任何签名者的保密身份信息和秘密密钥信息,只是通过选取随机参数、改变原方案的部分设计步骤就能成功伪造出群成员证书,进而伪造出验证有效的群签名,从而威胁到群签名人的合法权益。该文的伪造攻击策略对Lee-Chang(1998)群签名、Tseng-Jan群签名及由其演化而来的所有群签名方案都具有效性,从而证明该类群签名方案全都是不安全的。     

对一种自证明签名方案的攻击和改进

本文对一种自证明签名方案实施了伪造攻击.在这种攻击下CA通过改变数字签名中的相关参数,可以对其用户的任意消息伪造自证明签名.本文提出了能抵抗该攻击的改进方案,分析表明改进方案和Schnorr签名具有相同的安全性.     

新的基于身份的广义指定验证者签名方案

指定验证者签名可以实现签名者选择所期望的验证者验证签名的有效性,从而达到控制数字签名任意传播的目的.基于双线性对构造了一个新的基于身份的广义指定验证者签名方案.新方案采用引进两个独立PKG的方法,在一定程度上消除了现存方案中单个PKG可以随意伪造用户签名的安全隐患.证明了在GDH假设和随机预言模型下,新方案在基于身份的广义指定验证者签名的不可伪造性和秘密性概念下是安全的.     

面向ZigBee网络节点安全定位的消息签名方案

针对ZigBee网络节点定位中消息的安全性问题,该文提出一种带隐私保护的消息签名方案。方案基于椭圆曲线(ECC)上的无双线性对运算,设计了带身份隐私保护的定位请求消息签名算法和坐标隐私保护的定位参照消息签名算法。理论证明了所提方案可抵御伪造攻击、重放攻击等多种外部攻击,同时具备隐私保护、身份追踪等功能。性能分析结果表明,与同类方案相比,所提方案计算开销和通信开销均具有优势。     

基于属性的抗合谋攻击可变门限环签名方案

基于属性的密码体制是基于身份密码体制的泛化和发展,它将身份扩展为一系列属性的集合,具有更强的表达性,并且拥有相同属性的成员自动组成一个环,便于隐匿签名者身份。通过对现有的基于属性门限环签名方案的深入分析,发现这些方案虽然满足匿名性要求,但拥有互补属性的恶意用户可以通过合谋伪造出有效签名。为弥补上述缺陷,首先给出基于属性门限环签名的不可伪造性、不可区分性及抗合谋攻击性的形式化定义,然后给出一个基于属性的抗合谋攻击可变门限环签名方案,其安全性可归约为CDH（computational Diffie-Hellman）困难问题。所提方案通过在用户属性密钥中引入互不相同的秘密随机因子的方法,防止合谋攻击者利用组合私钥的方式伪造签名。在随机预言机模型下,方案被证明能够抵抗适应性选择消息的存在性伪造及合谋攻击,并具有相同签名属性集用户间的不可区分性。与同类方案相比,新方案还具备更高的运算效率。     

格上基于身份的增量签名方案

将基于身份的密码学思想应用于增量签名中,提出了基于身份的增量签名概念,并基于格上困难问题设计了一种基于身份的增量签名方案.在标准的小整数解困难假设下,所提方案在标准模型下满足适应性选择身份和选择消息攻击下的不可伪造性.理论分析和实验结果表明,所提增量签名算法比标准签名算法具有更高的计算效率.     

两种群签名方案的安全性分析

群签名允许群成员以匿名的方式代表整个群体对消息进行签名。而且,一旦发生争议,群管理员可以识别出签名者。该文对Posescu(2000)群签名方案和Wang-Fu(2003)群签名方案进行了安全性分析,分别给出一种通用伪造攻击方法,使得任何人可以对任意消息产生有效群签名,而群权威无法追踪到签名伪造者。因此这两个方案都是不安全的。     

一种安全的群签名方案

对Tseng-Jan(1999)的群签名方案提出了一种新的伪造攻击,任何人利用这种攻击都能伪造出有效的群签名。针对该文提出的伪造攻击和Z.C.Li等人(2000)提出的伪造攻击,对 Tseng-Jan的群签名方案进行了改进,提出了一种新的安全群签名方案。新方案不仅能抵抗各种伪造攻击,而且保留了Tseng-Jan方案的主要优点,并且增加了群成员可注销的特性。     

Cryptanalysis of Chang et al.'s signature scheme with message recovery

Recently, Chang et al., (2004) proposed a new digital signature scheme with message recovery and claimed that neither one-way hash functions nor message redundancy schemes were employed in their scheme. However, in this letter, two forgery attacks are proposed to show that Chang et al.'s signature scheme is not secure. To resist these attacks, the message redundancy schemes may still be used.     

Signing a digital signature without using one-way hash functions and message redundancy schemes

In 2000, Shieh et al. proposed some multisignature schemes based on a new digital signature scheme to satisfy the special requirements of the mobile system. In these schemes, one-way hash functions and message redundancy schemes are not used. Later, Hwang and Li indicated that Shieh et al.'s digital signature scheme suffers from the forgery attacks. They also claimed that message redundancy schemes should still be used to resist some attacks. In this letter, we show another attack on Shieh et al.'s signature scheme and propose a secure digital signature scheme, where neither one-way hash functions nor message redundancy schemes are employed.     

Improvement of ID-based proxy re-signature scheme with pairing-free

As an all-important cryptographical technique, proxy re-signature (PRS) is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits a proxy to translate an entity’s signature into another entity’s signature on the identical message. Most existing PRS schemes make use of time-consuming pairing computation. Recently, to discard time-consuming pairing operator and complicated certificate-management, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analyzing their security, i.e., any one can fabricate a signature on arbitrary data. After the relevant attacks are shown, the reasons which result in such attacks are analyzed. Finally, to address the above-mentioned attacks, we put forward an improved ID-based PRS scheme. The improved scheme not only preserves all advantages of Wang et al.’s scheme, but also is demonstrated to be provably secure in the ROM. Compared with the other two ID-PRS schemes, our improved ID-PRS scheme offers more advantages in respect of the overall performance and security.

     

两个无证书聚合签名方案的安全性分析

张玉磊等人(2015)提出了两种无证书聚合签名方案,并证明其方案在随机预言机模型下是可证明安全的。该文分析张玉磊等人提出的两种方案的安全性,指出了第1种方案可以抵抗两类攻击者的攻击;第2种方案不能抵抗第1类攻击者和第2类攻击者的攻击,给出详细的攻击过程,证明攻击者伪造出的签名可以通过验证,分析了第2种方案存在伪造攻击的原因,提出了改进的方案。     

无证书聚合签名方案的安全性分析和改进

该文分析了He等人(2014)提出的无证书签名方案和Ming等人(2014)提出的无证书聚合签名方案的安全性,指出Ming方案存在密钥生成中心(KGC)被动攻击,He方案存在KGC被动攻击和KGC主动攻击。该文描述了KGC对两个方案的攻击过程,分析了两个方案存在KGC攻击的原因,最后对Ming方案提出了两类改进。改进方案不仅克服了原方案的安全性问题,同时也保持了原方案聚合签名长度固定的优势。     

Privacy-preserving data aggregation scheme against internal attackers in smart grids

With fast advancements of communication, systems and information technologies, a smart grid (SG) could bring much convenience to users because it could provide a reliable and efficient energy service. The data aggregation (DA) scheme for the SG plays an important role in evaluating information about current energy usage. To achieve the goal of preserving users’ privacy, many DA schemes for the SG have been proposed in last decade. However, how to withstand attacks of internal adversaries is not considered in those schemes. To enhance preservation of privacy, Fan et al. proposed a DA scheme for the SG against internal adversaries. In Fan et al.’s DA scheme, blinding factors are used in evaluating information about current energy usage and the aggregator cannot get the consumption information of any individual user. Fan et al. demonstrated that their scheme was secure against various attacks. However, we find that their scheme suffers from the key leakage problem, i.e., the adversary could extract the user’s private key through the public information. To overcome such serious weakness, this paper proposes an efficient and privacy-preserving DA scheme for the SG against internal attacks. Analysis shows that the proposed DA scheme not only overcome the key leakage problem in Fan et al.’s DA scheme, but also has better performance.     

Nyberg-Rueppel消息恢复盲签名的一般化和改进

给出Nyberg-Rueppel消息恢复签名方案的一般性盲化方法,由该方法可以得到其3个盲化方案,其中一个就是Camenisch等人的方案,另外两个则是新的。在这两个新的方案中,一个与已有方案效率相当,另一个因无需求逆运算而效率更高。使用填充技术和hash函数,得到在ROM(randomoraclemodel)和GM(genericgroupmodel)模型下抗适应性选择消息伪造的可证明安全的消息恢复盲签名方案。     

Security analysis and improvement of two attribute-based signature schemes

In order to overcome the drawbacks of current attribute-based signature (ABS) schemes in terms of security,efficiency and signing policy,Ma,et al.and Cao,et al.respectively proposed a threshold ABS with single attribute au-thority and a multi-authority ABS with signing policy supporting AND,OR,threshold gates,and presented the security proof of their schemes under computational Diffie-Hellman assumption.Both schemes were demonstrated have security pitfalls by presenting specified attacks against them.Specifically,their schemes are all vulnerable to forgery attack.Thus,they are not feasible for practical applications.In addition,the cause of the flaws in these ABS schemes are presented,as well as an improvement of Ma et al.'s scheme.     

一种新型的代理签名方案的改进

该文对谷利泽(2005)等人提出的一种新型的匿名代理签名方案进行密码分析,指出此方案是不安全的,它无法抵抗原始签名人的伪造攻击,并给出了4种攻击方法。针对此方案的缺陷,提出了两种改进方案,并证明改进后的方案是安全的,可抵抗原始签名人恶意的伪造攻击。