一个安全的广义指定验证者签名证明系统

陈国敏; 陈晓峰

doi:10.3724/SP.J.1146.2007.01585

一个安全的广义指定验证者签名证明系统

doi: 10.3724/SP.J.1146.2007.01585

基金项目:

国家自然科学基金(60503006)和中韩国际合作研究基金(60611140543)资助课题

计量
- 文章访问数: 3354
- HTML全文浏览量: 98
- PDF下载量: 811
- 被引次数: 0
出版历程
- 收稿日期: 2007-09-29
- 修回日期: 2008-04-14
- 刊出日期: 2009-02-19

A New Secure Universal Designated Verifier Signature Proof System

摘要

摘要: 广义指定验证者签名(UDVS) 可以实现任意的签名持有者能向任意的验证者证明签名者确实签署了该签名，而且验证者没有能力向第三方证明该签名是有效的。这种签名方案可以保护签名持有者的隐私信息，因而在证书系统中有着重要的应用。然而，UDVS需要签名持有者(designator)与指定的验证者(designated-verifier)通过签名者(signer)的公钥体系来生成自己的密钥对，这在现实情况下是不合理的。最近，Baek等人(2005)在亚洲密码会提出UDVSP (Universal Designated Verifier Signature Proof)来解决这个问题。该文首先指出Baek等人所给出的UDVSP协议存在一个安全性缺陷，即不满足UDVS系统中的不可传递性(non-transferability)，然后提出一种新的UDVSP协议，并证明该方案满足所定义的安全属性。
- 广义指定验证者签名证明;双线性对;承诺协议
Abstract: The notion of Universal Designated Verifier Signature (UDVS) allows any holder of a signature to convince any designated verifier that the signer indeed generated the signature without revealing the signature itself, while the verifier can not transfer the proof to convince anyone else of this fact. Such signature schemes can protect the privacy of signature holders and have applications to certification systems. However, they require the designated verifier to create a public key using the signers public key parameter and have it certified to ensure the resulting public key is compatible with the setting that the signer provided. This is unrealistic in some situations. Very recently, Baek et al introduced the concept of Universal Designated Verifier Signature Proof (UDVSP) to solve this problem in Asiacrypt 2005. In this paper, it is first showed that there exits a security flaw in this UDVSP, i.e., it does not satisfy the non-transferability. A new secure UDVSP system is proposed and the system is proved to achieve the desired security notions.

HTML全文

参考文献(1)

Chaum D and Antwerpen H. Undeniable signatures. Crypto1989, Springer-Verlag, 1990, LNCS 435: 212-216.[2]Jakobsson M, Sako K, and Impagliazzo R. Designated verifierproofs and their applications. Cryptology-Eurocrypt 1996,Springer- Verlag, 1996, LNCS 1070: 143-154.[3]Huang X, Susilo W, Mu Y, and Zhang F. Short (identity-based) strong designated verifier signature schemes.Information Security Practice and Experience (ISPEC 2006),Springer-Verlag, 2006, LNCS 3903: 214-225.[4]Kurosawa K and Heng S. Relations among security notionsfor undeniable signature schemes. Security and cryptographyfor networks (SCN 2006), Springer-Verlag, 2006, LNCS 4116:34-48.[5]Kurosawa K and Takagi T. New approach for selectivelyconvertible undeniable signature schemes. ASIACRYPT 2006,Springer-Verlag, 2006, LNCS 4284: 428-443.[6]Monnerat J and Vaudenay S. Short 2-move undeniablesignatures. VIETCRYPT 2006, Springer-Verlag, 2006, LNCS4341: 19-36.[7]Laguillaumie F, Libert B, and Quisquater J. Universaldesignated verifier signatures without random oracles ornon-black box assumptions. Security and Cryptography forNetworks (SCN 2006), Springer-Verlag, 2006, LNCS 4116:63-77.[8]Steinfeld R, Bull L, Wang H, and Pieprzyk J. Universaldesignated-verifier signatures. Cryptology Asiacrypt 2003,Springer-Verlag, 2003, LNCS 2894: 523-542.[9]Baek J, Safavi-Naini R, and Susilo. Universal designatedverifier signature proof (or How to efficiently proveknowledge of a signature). Cryptology-Asiacrypt 2005,Springer-Verlag, 2005, LNCS 3788: 644-661.[10]Fiat A and Shamir A. How to prove yourself: Practicalsolutions of identification and signature problems.Cryptology-Crypto 1986, Springer-Verlag, 1986, LNCS 263:186-194.[11]Schneier B. Applied Cryptography-Protocols, Algorithms,and Source Code in C. John Wiley and Sons inc., Part I,Chapter 4, 1996.[12]Boneh D and Franklin M. Identity-based encryption from theweil pairing. Cryptology-Crypto 2001, Springer-Verlag, 2001,LNCS 2139: 213-229.[13]Bellare M, Namprempre C, Pointcheval D, and Semanko M.The power RSA inversion oracles and the security of chaumsRSA-based blind signature scheme. FC 2001, Springer-Verlag,2002, LNCS 2339: 319-338.[14]Goldwasser S, Micali S, and Rivest R. A digital signaturescheme secure against adaptive chosen-message attack[J].SIAMJournal on Computing.1988, 17(2):281-308[15]Boneh D, Lynn B, and Shacham H. Short Signatures from theWeil Pairing. Advances in Asiacrypt 2001, Springer-Verlag,2001, LNCS 2248: 566-582.

施引文献

资源附件(0)

访问统计