摘要
利用Hess的基于身份的数字签名方案,Gu和Zhu提出了一个基于身份的可验证加密签名协议,并认为该协议在随机预言模型下是可证明安全的,从而可以作为基本模块用于构建安全的基于身份的公平交换协议.文章对该协议的安全性进行了深入分析,结果表明该协议存在如下的安全缺陷:恶意的签名者可以很容易地构造出有效的可验证加密签名,但是指定的仲裁者却不能把它转化成签名者的普通签名,因此不能满足可验证加密签名协议的安全需求;而且该协议容易遭受合谋攻击.
Based on Hess's identity-based signature scheme, Gu and Zhu proposed an identitybased verifiably encrypted signature scheme in CISC 2005. The authors claim that their scheme is provably secure in the random oracle model and can be used as a primitive to construct identitybased optimistic fair exchange protocols. However, this paper shows that their protocol is insecure: A malicious signer can easily generate a valid verifiably encrypted signature, which can not be extracted into an ordinary signature by a designated adjudicator. Moreover, the protocol is also vulnerable to colluding attacks.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第9期1688-1693,共6页
Chinese Journal of Computers
基金
国家自然科学基金(60373039
90604018)
国家"九七三"重点基础研究发展规划项目基金(G1999035802)资助
