Security Analysis and Improvement of a Multi-party Contract Signing Protocol Based on Certificateless
-
摘要: 2019年,曹等人(doi: 10.11999/JEIT190166)提出了一个适用于多方合同签署环境中高效的无证书聚合签名方案,并证明了该方案在随机预言模型下存在不可伪造性。然而,通过安全性分析发现,该方案无法抵抗替换公钥攻击和内部签名者的联合攻击。为了解决上述安全缺陷,该文提出一个改进的无证书聚合签名方案。新方案不仅在随机预言模型下基于计算性Diffie-Hellman问题满足不可伪造性,同时也能够抵抗联合攻击。Abstract: In 2019, CAO et al. (doi: 10.11999/JEIT190166) proposed an efficient certificateless aggregate signature scheme which is suitable for multi-party contract signing environment. They demonstrated that their scheme is unforgeable under the random oracle model. However, by the security analysis, it is found that their scheme can not resist public key substitution attacks and coalition attacks of internal signers. In order to solve the above security defects, an improved certificateless aggregate signature scheme is proposed. The new scheme not only satisfies the unforgeability based on the computational Diffie-Hellman problem under the random oracle model, but also resists coalition attacks.
-
表 1 几个无证书聚合签名方案的性能比较
聚合签名长度 计算开销 安全性 单个签名生成 聚合签名验证 抗类型Ⅰ攻击 抗类型Ⅱ攻击 抗联合攻击 文献[10]方案 $ (n + 1)|{G_1}| $ $ 3s $ $ 3e + 2ns $ 是 是 否 文献[14]方案 $ (n + 1)|{G_1}| $ $ 3s $ $ 3e + 2ns $ 是 是 否 文献[15]方案 $ (n + 1)|{G_1}| $ $ 4s $ $ 3e + 3ns $ 是 否 否 文献[17]方案 $ (n + 1)|{G_1}| $ $ 3s $ $ 2ne + 3ns $ 是 是 是 文献[19]方案 $ (n + 1)|{G_1}| $ $ 2s $ $ (n + 2)e + ns $ 否 是 否 本文方案 $ (n + 1)|{G_1}| $ $ 2s $ $ 2ne + 2ns $ 是 是 是 -
[1] 冯勃. 电子合同在当代合同管理中的应用优势及挑战[J]. 辽宁经济, 2020(3): 44–45. doi: 10.14041/j.cnki.1003-4617.2020.03.017FENG Bo. The application advantages and challenges of electronic contracts in contemporary contract management[J]. Liaoning Economy, 2020(3): 44–45. doi: 10.14041/j.cnki.1003-4617.2020.03.017 [2] 蒲天豪, 陈浩天, 李林峻, 等. 基于区块链技术的电子合同应用研究[J]. 网络安全技术与应用, 2021(2): 27–29.PU Tianhao, CHEN Haotian, LI Linjun, et al. Research on the application of electronic contracts based on blockchain technology[J]. Network Security Technology &Application, 2021(2): 27–29. [3] 沈笑天. 电子签章技术下合同证据的真实性分析[J]. 老字号品牌营销, 2020(7): 62–63.SHEN Xiaotian. The authenticity analysis of contract evidence under electronic signature technology[J]. Time-honored brand marketing, 2020(7): 62–63. [4] 高莹, 吴进喜. 基于区块链的高效公平多方合同签署协议[J]. 密码学报, 2018, 5(5): 556–567. doi: 10.13868/j.cnki.jcr.000265GAO Ying and WU Jinxi. Efficient multi-party fair contract signing protocol based on blockchains[J]. Journal of Cryptologic Research, 2018, 5(5): 556–567. doi: 10.13868/j.cnki.jcr.000265 [5] AL-RIYAMI S S and PATERSON K G. Certificateless public key cryptography[C]. The 9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, China, 2003: 452–473. [6] MEI Qian, ZHAO Yanan, and XIONG Hu. A new provably secure certificateless signature with revocation in the standard model[J]. Informatica, 2019, 30(4): 711–728. doi: 10.15388/Informatica.2019.226 [7] YU Huifang and LI Wen. A certificateless signature for multi-source network coding[J]. Journal of Information Security and Applications, 2020, 55: 102655. doi: 10.1016/J.JISA.2020.102655 [8] 张振超, 刘亚丽, 殷新春, 等. 无证书签名方案的分析及改进[J]. 密码学报, 2020, 7(3): 389–403. doi: 10.13868/j.cnki.jcr.000375ZHANG Zhenchao, LIU Yali, YIN Xinchun, et al. Analysis and improvement of certificateless signature schemes[J]. Journal of Cryptologic Research, 2020, 7(3): 389–403. doi: 10.13868/j.cnki.jcr.000375 [9] BONEH D, GENTRY C, LYNN B, et al. Aggregate and verifiably encrypted signatures from bilinear maps[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, 2003: 416–432. [10] WU Libing, XU Zhiyan, HE Debiao, et al. New certificateless aggregate signature scheme for healthcare multimedia social network on cloud environment[J]. Security and Communication Networks, 2018, 2018: 2595273. doi: 10.1155/2018/2595273 [11] XU Zhiyan, HE Debiao, KUMAR N, et al. Efficient certificateless aggregate signature scheme for performing secure routing in VANETs[J]. Security and Communication Networks, 2020, 2020: 5276813. doi: 10.1155/2020/5276813 [12] 张玉磊, 李臣意, 王彩芬, 等. 无证书聚合签名方案的安全性分析和改进[J]. 电子与信息学报, 2015, 37(8): 1994–1999. doi: 10.11999/JEIT141635ZHANG Yulei, LI Chenyi, WANG Caifen, et al. Security analysis and improvements of certificateless aggregate signature schemes[J]. Journal of Electronics &Information Technology, 2015, 37(8): 1994–1999. doi: 10.11999/JEIT141635 [13] 罗敏, 孙腾, 张静茵, 等. 两个无证书聚合签名方案的安全性分析[J]. 电子与信息学报, 2016, 38(10): 2695–2700. doi: 10.11999/JEIT151350LUO Min, SUN Teng, ZHANG Jingyin, et al. Security analysis on two certificateless aggregate signature schemes[J]. Journal of Electronics &Information Technology, 2016, 38(10): 2695–2700. doi: 10.11999/JEIT151350 [14] LI Jiguo, YUAN Hong, and ZHANG Yichen. Cryptanalysis and improvement for certificateless aggregate signature[J]. Fundamenta Informaticae, 2018, 157(1/2): 111–123. doi: 10.3233/FI-2018-1620 [15] 王大星, 滕济凯. 车载网中可证安全的无证书聚合签名算法[J]. 电子与信息学报, 2018, 40(1): 11–17. doi: 10.11999/JEIT170340WANG Daxing and TENG Jikai. Probably secure cetificateless aggregate signature algorithm for vehicular ad hoc network[J]. Journal of Electronics &Information Technology, 2018, 40(1): 11–17. doi: 10.11999/JEIT170340 [16] ZHANG Futai, SHEN Limin, and GE Wu. Notes on the security of certificateless aggregate signature schemes[J]. Information Sciences, 2014, 287: 32–37. doi: 10.1016/j.ins.2014.07.019 [17] 杨小东, 麻婷春, 陈春霖, 等. 面向车载自组网的无证书聚合签名方案的安全性分析与改进[J]. 电子与信息学报, 2019, 41(5): 1265–1270. doi: 10.11999/JEIT180571YANG Xiaodong, MA Tingchun, CHEN Chunlin, et al. Security analysis and improvement of certificateless aggregate signature scheme for vehicular Ad hoc networks[J]. Journal of Electronics &Information Technology, 2019, 41(5): 1265–1270. doi: 10.11999/JEIT180571 [18] 谢永, 李香, 张松松, 等. 一种可证安全的车联网无证书聚合签名改进方案[J]. 电子与信息学报, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184XIE Yong, LI Xiang, ZHANG Songsong, et al. An improved provable secure certificateless aggregation signature scheme for vehicular Ad hoc NETworks[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184 [19] 曹素珍, 王斐, 郎晓丽, 等. 基于无证书的多方合同签署协议[J]. 电子与信息学报, 2019, 41(11): 2691–2698. doi: 10.11999/JEIT190166CAO Suzhen, WANG Fei, LANG Xiaoli, et al. Multi-party contract signing protocol based on certificateless[J]. Journal of Electronics &Information Technology, 2019, 41(11): 2691–2698. doi: 10.11999/JEIT190166 [20] 俞惠芳, 杨波. 可证安全的无证书混合签密[J]. 计算机学报, 2015, 38(4): 804–813. doi: 10.3724/SP.J.1016.2015.00804YU Huifang and YANG Bo. Provably secure certificateless hybrid signcryption[J]. Chinese Journal of Computers, 2015, 38(4): 804–813. doi: 10.3724/SP.J.1016.2015.00804