Analysis and Improvement of Two Signcryption Schemes
-
摘要: 签密是能够在同一算法中提供认证性和机密性的密码方案,而所需要的计算量、通信成本和密文长度比先签名后加密的分开来实现要低,有较多的实际应用需求。多签密方案是多个签密者对同一明文执行签密操作。该文分析了两个签密方案:Li等(2006)提出的签密方案和Zhang等(2008)提出的多签密方案,并通过选择明文攻击证明二者不能不具有语义安全性,并在此基础上提出了改进的方案,采用隐藏消息明文方法抵抗选择明文攻击,采用多签密成员签名认证的方法防止多成员签密密文被篡改,可抵抗选择明文攻击和选择身份攻击,达到语义安全性。Abstract: Signcryption is a cryptographic primitive that simultaneously performs the functions of both digital signature and encryption in a way that is more efficient than signing and encrypting separately. Multi-signcryption is an extension of signcryption scheme for multi-signers performing together the signcryption operation on the same message. Two signcryption schemes, including signcryption proposed by Li et al.(2006), and multi-signcryption scheme by Zhang et al.(2008), are proved not to resist on chosen-plaintext attack and chosen-identity attack under the CPA adversary. Furthermore, the improved signcryption and multi-signcryption schemes are put forward that providing security properties including CPA, CCA2, and public verifiability, which deploy the message hidden method to resist on the chosen-plaintext attack, and multiple signer members authentication to protect the multi-signers ciphertexts not be interpolated.
-
Zheng Y. Digital signcryption or how to archieve cost(signature encryption) cost(signature) +cost(encryption)[C]. Advance in Cryptology- Crypto97, 1997,LNCS 1294: 165-179.[2] Malone-Lee J. Identity based signcryption[EB/OL].Cryptology ePrint Archieve, Report 2002/098, IACR, 2002.[3] Ma C. Efficient short signcryption with public verifiability[C].Indoscrypt06, 2006, LNCS 4318: 118-129.[4] Zhang J and Mao J. A novel identity-based multisigncryptionscheme[J]. Computer Communications, 2008,32(6): 14-18.[5] Zhang J, Yang Y, and Niu X. A novel identity-basedmulti-signcryption scheme[J]. International Journal ofDistributed Sensor Networks, 2009, 5(1): 28.[6] Duan S and Cao Z. Efficient and provably secure multireceiveridentity-based signcryption[C]. ACISP06, 2006,LNCS 4058: 195-206.[7] 张明武, 杨波, 祝胜林, 张文政. 保护协商证书隐私的策略签名方案[J]. 电子与信息学报, 2009, 31(1): 224-227.Zhang Ming-wu, Yang Bo, Zhu Sheng-lin, and ZhangWen-zheng. Protect negotiation privacy policy signaturescheme[J]. Journal of Electronics Information Technology,2009, 31(1): 224-227.[8] Selvi S S D, Vivek S S, and Gopalakrishnan R. Cryptanalysisof Mu et al.s and Li et al.s schemes and a provably secureID-based broadcast signcryption (IBBSC) scheme. WISA09,2009, LNCS 5379: 115-129.[9] Zhang J, Gao S, Chen H, and Geng Q. A novel ID-basedanonymous signcryption scheme. APWeb/WAIM 09, 2009,LNCS 5446: 604610.[10] Libert B and Quisquater J. A new identity basedsigncryption schemes from pairings[C]. Proceeding of the2003 IEEE Information Theory Workshop, Paris, France,2003: 155-158.[11] Barreto P S, Libert B, and McCullagh N, et al.. Efficient andprovably-secure identity-based signatures and signcryptionfrom bilinear maps[C]. AsiaCrypt2005, 2005, LNCS 3788:515-532.[12] 李发根, 胡予濮, 李刚. 一个高效的基于身份的签密方案[J].计算机学报, 2006, 26(9): 1641-1647.Li Fa-gen, Hu Yu-pu, and Li Gang. An efficientidentity-based signcryption scheme[J]. Chinese Journal ofComputers, 2006, 29(9): 1641-1647.[13] Baek J, Steinfeld R, and Zheng Y, et al.. Formal proofs forthe security of signcryption[J]. Journal of Cryptology, 2007,20(2): 203-235.
点击查看大图
计量
- 文章访问数: 2973
- HTML全文浏览量: 63
- PDF下载量: 874
- 被引次数: 0