对一种基于身份的已知签名人的门限代理签名方案的分析
doi: 10.3724/SP.J.1146.2006.01218
Cryptanalysis of an Identity-Based Threshold Proxy Signature Scheme with Known Signers
-
摘要: 在TAMC'06上,Bao等人以双线性对为工具,首次提出了一种基于身份的已知签名人的门限代理签名方案(以下标记为BCW方案),并得出了满足强不可伪造性以及原始签名人发送签名了的授权证书时并不需要安全信道等安全性结论。本文对BCW方案进行了安全性分析,成功地给出了一种攻击,攻击者通过公开渠道获得一个合法的原始签名人发送给代理签名人的签名了的授权证书以及代理签名人已经生成的一个有效的代理签名后,能够伪造出一个新的对相同消息的代理签名,而原始签名人变为攻击者自己。由于验证者并不能验证代理签名人到底是代表谁生成了代理签名, 这样,攻击者就获得了与合法原始签名人相同的权益。为了避免这种攻击,本文提出了改进的措施,分析表明,改进措施能有效地弥补了该方案的安全缺陷。Abstract: In TAMC' 06, Bao et al. proposed a new identity-based threshold proxy signature with known signers from the bilinear pairings (denoted as BCW scheme) for the first time. As for the security, they claimed their scheme satisfies the security requirements of proxy signature such as strong unforgeability and their scheme need not the secure channel for the delivery of the signed warrant and etc.. In this paper, however, an attack against their scheme is presented. That is, based on the proxy signature generated by proxy signers on a message on behalf of an original signer, an attacker can forge a valid threshold proxy signature on the same message which seemed generated by proxy signers on behalf of this attacker himself. After production a forged proxy signature, the attacker has the same authority with the original signer to the proxy signer, and the verifier cannot distinguish that which one is the real original signer. To thwart this attack, an improvement measure is further proposed, which can resolve the security problem existing in this scheme.
-
Mambo M,Usuda K and Okamoto E. Proxy signature: Delegation to sign messages. IEICE Trans. on Fundatamentals, 1996, E79-A(9): 1338-1354.[2]Lal S and Awasthi A K. Proxy blind signature scheme. Available at http:/eprint.iacr. org /2003.[3]Yi Lijiang, Bai Guoqiang, and Xiao Guozhen. Proxy multi- signature scheme[J].Electron.Lett.2000, 36(6):527-528[4]Zhang K. Threshold proxy signature schemes[J].In: Proc of the 1st Intl Information Security Workshop (ISW97), Springer- Verlag.1997, LNCS 1396:191-197[5]Shamir A. How to share a secret[J].Communication of the ACM.1979, 22(11):612-613[6]Boneh D and Franklin M. Identity-based encryption from the Weil pairing, Advances in Cryptology-Crypto01, Springer- Verlag, 2001, LNCS 2139: 213-229.[7]Bao Haiyong, Cao Zhenfu, and Wang Shengbao. Indentity- based threshold proxy signature scheme with knows signers[J].The 3nd Annual Conference in Theory and Applications of Models of Computation-TAM06, Springer-Verlag.2006, LNCS 3959:538-546[8]Boneh D, Lynn B, and Shacham H. Short signatures from the Weil pairing[J].In: Boyd C. ed.. Advances in Cryptology- Asiacrypt2001. Springer-Verlag.2001, LNCS 2248:514-532 -
计量
- 文章访问数: 3239
- HTML全文浏览量: 60
- PDF下载量: 956
- 被引次数: 0
下载:
