Resistance to Misuse Ciphertext of Signcryption Scheme
-
摘要:
对签密密文的滥用是指恶意的接收者利用收到的密文伪造新的密文,使之具有不同的接收者,现有EUF-CMA(Existential UnForgeability against adaptive Chosen Messages Attack)模型不能有效模拟签密方案的密文滥用性,一些签密方案也不能抵抗对密文的滥用攻击。该文通过对EUF-CMA模型中敌手的能力进行增强,实现了模拟签密密文滥用攻击。以新近提出的几种异构签密方案为例,描述方案中存在的针对签密密文滥用的攻击实例,分析形成攻击的原因,并提出相应的改进方法。最后,以其中一种改进方案作为实例,演示采用增强的EUF-CMA模型分析签密方案密文滥用性的过程,表明该文中针对EUF-CMA模型的增强,以及对签密方案的改进方法是合理和有效的。
Abstract:The misuse of signcryption ciphertext means that the malicious recipient uses the received signcryption ciphertext to forge a new ciphertext that has a different recipient. It is found that the Existential UnForgeability against adaptive Chosen Message Attack (EUF-CMA) model can not simulate misuse attacks on signcryption schemes, and many of the existing signcryption schemes, claimed provable secure, can not resist the misuse attack. By enhancing the capabilities of adversaries in the EUF-CMA model, an extended EUF-CMA model is defined which captures the security associated with the resistance to misuse attacks on signcryption schemes. This paper describes the misuse attack instances in several newly proposed heterogeneous signcryption schemes, analyzes the reasons for the attacks and proposes improvement approaches. Finally, using the enhanced EUF-CMA model, the unforgeability of an improved heterogeneous signcryption scheme is analyzed, and the procedure of simulating the misuse attack is demonstrated. The results indicate that the enhanced EUF-CMA model and the improvement approaches for signcryption schemes are reasonable and effective.
-
表 1 改进前后方案的对比
签密方案 机密性 签名不可伪造性 签密不可滥用性 计算开销 ZYL方案 √ √ × 2E+3M+1P+2Hi+1H1-2/1E+2M+2P+2Hi+1H1-2 ZYL-G方案 √ √ √ 2E+3M+1P+2Hi+1H1-2*/1E+2M+2P+2Hi+1H1-2* ZYL-LJW方案 √ √ × 2E+1M+1P+2Hi+1H5/2E+1P+2Hi+1H5 ZYL-LJW-G方案 √ √ √ 2E+1M+1P+2Hi+1H5*/2E+1P+2Hi+1H5* -
ZHENG Yuliang. Digital signcryption or how to achieve cost (signature & encryption)<<cost(signature)+ cost(encryption)[C]. Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1997: 165–179. SUN Yinxia and LI Hui. Efficient signcryption between TPKC and IDPKC and its multi-receiver construction[J]. Science China Information Sciences, 2010, 53(3): 557–566 doi: 10.1007/s11432-010-0061-5 LI Fagen, ZHANG Hui, and TAKAGI T. Efficient signcryption for heterogeneous systems[J]. IEEE Systems Journal, 2013, 7(3): 420–429 doi: 10.1109/JSYST.2012.2221897 FU Xiaotong, LI Xiaowei, and LIU Wen. IDPKC-to-TPKC construction of multi-receiver signcryption[C]. Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, Xi'an, China, 2013: 335–339. 刘景伟, 张俐欢, 孙蓉. 异构系统下的双向签密方案[J]. 电子与信息学报, 2016, 38(11): 2948–2953 doi: 10.11999/JEIT160056LIU Jingwei, ZHANG Lihuan, and SUN Rong. Mutual signcryption schemes under heterogeneous systems[J]. Journal of Electronics &Information Technology, 2016, 38(11): 2948–2953 doi: 10.11999/JEIT160056 张玉磊, 张灵刚, 张永洁, 等. 匿名CLPKC-TPKI异构签密方案[J]. 电子学报, 2016, 44(10): 2432–2439 doi: 10.3969/j.issn.0372-2112.2016.10.022ZHANG Yulei, ZHANG Linggang, ZHANG Yongjie, et al. CLPKC-to-TPKI heterogeneous signcryption scheme with anonymity[J]. Acta Electronica Sinica, 2016, 44(10): 2432–2439 doi: 10.3969/j.issn.0372-2112.2016.10.022 路秀华, 温巧燕, 王励成. 格上的异构签密[J]. 电子科技大学学报, 2016, 45(3): 458–462 doi: 10.3969/j.issn.1001-0548.2016.02.025LU Xiuhua, WEN Qiaoyan, and WANG Licheng. A lattice-based heterogeneous signcryption[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(3): 458–462 doi: 10.3969/j.issn.1001-0548.2016.02.025 王彩芬, 李亚红, 张玉磊, 等. 标准模型下高效的异构签密方案[J]. 电子与信息学报, 2017, 39(4): 881–886 doi: 10.11999/JEIT160662WANG Caifen, LI Yahong, ZHANG Yulei, et al. Efficient heterogeneous signcryption scheme in the standard model[J]. Journal of Electronics &Information Technology, 2017, 39(4): 881–886 doi: 10.11999/JEIT160662 张玉磊, 张灵刚, 王彩芬, 等. 可证安全的IDPKC-to-CLPKC异构签密方案[J]. 电子与信息学报, 2017, 39(9): 2127–2133 doi: 10.11999/JEIT170062ZHANG Yulei, ZHANG Linggang, WANG Caifen, et al. Provable secure IDPKC-to-CLPKC heterogeneous signcryption scheme[J]. Journal of Electronics &Information Technology, 2017, 39(9): 2127–2133 doi: 10.11999/JEIT170062 王彩芬, 刘超, 李亚红, 等. 基于PKI和IBC的双向匿名异构签密方案[J]. 通信学报, 2017, 38(10): 10–17WANG Caifen, LIU Chao, LI Yahong, et al. Two-way and anonymous heterogeneous signcryption scheme between PKI and IBC[J]. Journal on Communications, 2017, 38(10): 10–17 张玉磊, 王欢, 刘文静, 等. 异构双向签密方案的安全性分析和改进[J]. 电子与信息学报, 2017, 39(12): 3045–3050 doi: 10.11999/JEIT170203ZHANG Yulei, WANG Huan, LIU Wenjing, et al. Security analysis and improvement of mutual signcryption schemes under heterogeneous systems[J]. Journal of Electronics &Information Technology, 2017, 39(12): 3045–3050 doi: 10.11999/JEIT170203 AN J H, DODIS Y, and RABIN T. On the security of joint signature and encryption[C]. Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, Amsterdam, Netherlands, 2002: 83–107. doi: 10.1007/3-540-46035-7_6. YU Yong, YANG Bo, SUN Ying, et al. Identity based signcryption scheme without random oracles[J]. Computer Standards & Interfaces, 2009, 31(1): 56–62 doi: 10.1016/j.csi.2007.10.014 GALBRAITH S D, PATERSON K G, and SMART N P. Pairings for cryptographers[J]. Discrete Applied Mathematics, 2008, 156(16): 3113–3121 doi: 10.1016/j.dam.2007.12.010 BONEH D and BOYEN X. Short signatures without random oracles[C]. Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 56–73. POINTCHEVAL D and STERN J. Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000, 13(3): 361–396 doi: 10.1007/s001450010003
计量
- 文章访问数: 1693
- HTML全文浏览量: 409
- PDF下载量: 47
- 被引次数: 0