一种基于无证书的多方合同签署协议的安全性分析与改进

杨小东; 李梅娟; 任宁宁; 田甜; 王彩芬

doi:10.11999/JEIT210878

一种基于无证书的多方合同签署协议的安全性分析与改进

doi: 10.11999/JEIT210878

1.
西北师范大学计算机科学与工程学院兰州 730070
2.
深圳技术大学大数据与互联网学院深圳 518118

基金项目: 国家自然科学基金(61662069，61562077)，中国博士后科学基金(2017M610817)，兰州市科技计划项目(2013-4-22)，西北师范大学青年教师科研能力提升计划(NWNU-LKQN-14-7)

详细信息

作者简介:
杨小东：男，博士后，教授，研究方向为应用密码学与信息安全

李梅娟：女，硕士生，研究方向为密码学与信息安全

任宁宁：女，硕士生，研究方向为车联网安全

田甜：女，硕士生，研究方向为可搜索加密

王彩芬：女，博士，教授，研究方向为信息安全协议与网络安全

通讯作者:
杨小东　y200888@163.com

中图分类号: TN918; TTP309.7
计量
- 文章访问数: 309
- HTML全文浏览量: 118
- PDF下载量: 75
- 被引次数: 0
出版历程
- 收稿日期: 2021-08-26
- 修回日期: 2022-03-07
- 录用日期: 2022-03-31
- 网络出版日期: 2022-04-08
- 刊出日期: 2022-10-19

Security Analysis and Improvement of a Multi-party Contract Signing Protocol Based on Certificateless

1.
College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070, China
2.
College of Big Data and Internet, Shenzhen Technology University, Shenzhen 518118, China

Funds: The National Natural Science Foundation of China (61662069, 61562077), China Postdoctoral Science Foundation (2017M610817), The Science and Technology Project of Lanzhou City (2013-4-22), The Foundation of the Young Teacher's Scientific Research Ability Promotion of Northwest Normal University (NWNU-LKQN-14-7)

摘要

摘要: 2019年，曹等人(doi: 10.11999/JEIT190166)提出了一个适用于多方合同签署环境中高效的无证书聚合签名方案，并证明了该方案在随机预言模型下存在不可伪造性。然而，通过安全性分析发现，该方案无法抵抗替换公钥攻击和内部签名者的联合攻击。为了解决上述安全缺陷，该文提出一个改进的无证书聚合签名方案。新方案不仅在随机预言模型下基于计算性Diffie-Hellman问题满足不可伪造性，同时也能够抵抗联合攻击。
- 无证书聚合签名 /
- 联合攻击 /
- 不可伪造性 /
- 合同签署
Abstract: In 2019, CAO et al. (doi: 10.11999/JEIT190166) proposed an efficient certificateless aggregate signature scheme which is suitable for multi-party contract signing environment. They demonstrated that their scheme is unforgeable under the random oracle model. However, by the security analysis, it is found that their scheme can not resist public key substitution attacks and coalition attacks of internal signers. In order to solve the above security defects, an improved certificateless aggregate signature scheme is proposed. The new scheme not only satisfies the unforgeability based on the computational Diffie-Hellman problem under the random oracle model, but also resists coalition attacks.
- Certificateless aggregate signature /
- Coalition attack /
- Unforgeability /
- Contract signing

HTML全文

图 1 几个方案的聚合签名验证时间开销比较

下载: 全尺寸图片幻灯片

表 1 几个无证书聚合签名方案的性能比较

	聚合签名长度	计算开销		安全性
	聚合签名长度	单个签名生成	聚合签名验证	抗类型Ⅰ攻击	抗类型Ⅱ攻击	抗联合攻击
文献[10]方案	$ (n + 1)\|{G_1}\| $	$ 3s $	$ 3e + 2ns $	是	是	否
文献[14]方案	$ (n + 1)\|{G_1}\| $	$ 3s $	$ 3e + 2ns $	是	是	否
文献[15]方案	$ (n + 1)\|{G_1}\| $	$ 4s $	$ 3e + 3ns $	是	否	否
文献[17]方案	$ (n + 1)\|{G_1}\| $	$ 3s $	$ 2ne + 3ns $	是	是	是
文献[19]方案	$ (n + 1)\|{G_1}\| $	$ 2s $	$ (n + 2)e + ns $	否	是	否
本文方案	$ (n + 1)\|{G_1}\| $	$ 2s $	$ 2ne + 2ns $	是	是	是

下载: 导出CSV

参考文献(20)

[1]	冯勃. 电子合同在当代合同管理中的应用优势及挑战[J]. 辽宁经济, 2020(3): 44–45. doi: 10.14041/j.cnki.1003-4617.2020.03.017 FENG Bo. The application advantages and challenges of electronic contracts in contemporary contract management[J]. Liaoning Economy, 2020(3): 44–45. doi: 10.14041/j.cnki.1003-4617.2020.03.017
[2]	蒲天豪, 陈浩天, 李林峻, 等. 基于区块链技术的电子合同应用研究[J]. 网络安全技术与应用, 2021(2): 27–29. PU Tianhao, CHEN Haotian, LI Linjun, et al. Research on the application of electronic contracts based on blockchain technology[J]. Network Security Technology &Application, 2021(2): 27–29.
[3]	沈笑天. 电子签章技术下合同证据的真实性分析[J]. 老字号品牌营销, 2020(7): 62–63. SHEN Xiaotian. The authenticity analysis of contract evidence under electronic signature technology[J]. Time-honored brand marketing, 2020(7): 62–63.
[4]	高莹, 吴进喜. 基于区块链的高效公平多方合同签署协议[J]. 密码学报, 2018, 5(5): 556–567. doi: 10.13868/j.cnki.jcr.000265 GAO Ying and WU Jinxi. Efficient multi-party fair contract signing protocol based on blockchains[J]. Journal of Cryptologic Research, 2018, 5(5): 556–567. doi: 10.13868/j.cnki.jcr.000265
[5]	AL-RIYAMI S S and PATERSON K G. Certificateless public key cryptography[C]. The 9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, China, 2003: 452–473.
[6]	MEI Qian, ZHAO Yanan, and XIONG Hu. A new provably secure certificateless signature with revocation in the standard model[J]. Informatica, 2019, 30(4): 711–728. doi: 10.15388/Informatica.2019.226
[7]	YU Huifang and LI Wen. A certificateless signature for multi-source network coding[J]. Journal of Information Security and Applications, 2020, 55: 102655. doi: 10.1016/J.JISA.2020.102655
[8]	张振超, 刘亚丽, 殷新春, 等. 无证书签名方案的分析及改进[J]. 密码学报, 2020, 7(3): 389–403. doi: 10.13868/j.cnki.jcr.000375 ZHANG Zhenchao, LIU Yali, YIN Xinchun, et al. Analysis and improvement of certificateless signature schemes[J]. Journal of Cryptologic Research, 2020, 7(3): 389–403. doi: 10.13868/j.cnki.jcr.000375
[9]	BONEH D, GENTRY C, LYNN B, et al. Aggregate and verifiably encrypted signatures from bilinear maps[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, 2003: 416–432.
[10]	WU Libing, XU Zhiyan, HE Debiao, et al. New certificateless aggregate signature scheme for healthcare multimedia social network on cloud environment[J]. Security and Communication Networks, 2018, 2018: 2595273. doi: 10.1155/2018/2595273
[11]	XU Zhiyan, HE Debiao, KUMAR N, et al. Efficient certificateless aggregate signature scheme for performing secure routing in VANETs[J]. Security and Communication Networks, 2020, 2020: 5276813. doi: 10.1155/2020/5276813
[12]	张玉磊, 李臣意, 王彩芬, 等. 无证书聚合签名方案的安全性分析和改进[J]. 电子与信息学报, 2015, 37(8): 1994–1999. doi: 10.11999/JEIT141635 ZHANG Yulei, LI Chenyi, WANG Caifen, et al. Security analysis and improvements of certificateless aggregate signature schemes[J]. Journal of Electronics &Information Technology, 2015, 37(8): 1994–1999. doi: 10.11999/JEIT141635
[13]	罗敏, 孙腾, 张静茵, 等. 两个无证书聚合签名方案的安全性分析[J]. 电子与信息学报, 2016, 38(10): 2695–2700. doi: 10.11999/JEIT151350 LUO Min, SUN Teng, ZHANG Jingyin, et al. Security analysis on two certificateless aggregate signature schemes[J]. Journal of Electronics &Information Technology, 2016, 38(10): 2695–2700. doi: 10.11999/JEIT151350
[14]	LI Jiguo, YUAN Hong, and ZHANG Yichen. Cryptanalysis and improvement for certificateless aggregate signature[J]. Fundamenta Informaticae, 2018, 157(1/2): 111–123. doi: 10.3233/FI-2018-1620
[15]	王大星, 滕济凯. 车载网中可证安全的无证书聚合签名算法[J]. 电子与信息学报, 2018, 40(1): 11–17. doi: 10.11999/JEIT170340 WANG Daxing and TENG Jikai. Probably secure cetificateless aggregate signature algorithm for vehicular ad hoc network[J]. Journal of Electronics &Information Technology, 2018, 40(1): 11–17. doi: 10.11999/JEIT170340
[16]	ZHANG Futai, SHEN Limin, and GE Wu. Notes on the security of certificateless aggregate signature schemes[J]. Information Sciences, 2014, 287: 32–37. doi: 10.1016/j.ins.2014.07.019
[17]	杨小东, 麻婷春, 陈春霖, 等. 面向车载自组网的无证书聚合签名方案的安全性分析与改进[J]. 电子与信息学报, 2019, 41(5): 1265–1270. doi: 10.11999/JEIT180571 YANG Xiaodong, MA Tingchun, CHEN Chunlin, et al. Security analysis and improvement of certificateless aggregate signature scheme for vehicular Ad hoc networks[J]. Journal of Electronics &Information Technology, 2019, 41(5): 1265–1270. doi: 10.11999/JEIT180571
[18]	谢永, 李香, 张松松, 等. 一种可证安全的车联网无证书聚合签名改进方案[J]. 电子与信息学报, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184 XIE Yong, LI Xiang, ZHANG Songsong, et al. An improved provable secure certificateless aggregation signature scheme for vehicular Ad hoc NETworks[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184
[19]	曹素珍, 王斐, 郎晓丽, 等. 基于无证书的多方合同签署协议[J]. 电子与信息学报, 2019, 41(11): 2691–2698. doi: 10.11999/JEIT190166 CAO Suzhen, WANG Fei, LANG Xiaoli, et al. Multi-party contract signing protocol based on certificateless[J]. Journal of Electronics &Information Technology, 2019, 41(11): 2691–2698. doi: 10.11999/JEIT190166
[20]	俞惠芳, 杨波. 可证安全的无证书混合签密[J]. 计算机学报, 2015, 38(4): 804–813. doi: 10.3724/SP.J.1016.2015.00804 YU Huifang and YANG Bo. Provably secure certificateless hybrid signcryption[J]. Chinese Journal of Computers, 2015, 38(4): 804–813. doi: 10.3724/SP.J.1016.2015.00804