摘要
为了简化证书的管理和密钥托管的问题,同时提高无证书签密方案的计算效率和安全性,陈虹等人提出一种可证安全的无证书签密机制,并在随机预言机下证明该机制满足机密性和不可伪造性。通过构造3种攻击算法,证明了陈虹等人所提出的安全机制不能抵抗用户公钥替换攻击、系统主密钥与用户部分公钥泄露攻击、合谋攻击,分析了这些漏洞产生的原因,并提出了改进的修补方案。
In order to simplify the management of certificates and keys,improve the computation efficiency and the security of the certificateless signcryption scheme at the same time,Chen Hong,et al.proposed a certificateless signcryption scheme of verifiable security without pairing and claimed that their scheme satisfied confidentiality and unforgeability in the random oracle model.Unfortunately,by constructing three types of attacks,the study indicated that Chen Hong’s et al.certificateless signcryption scheme could not resist the public-key substitute attack,the master key and partial private key exposures attack,and the collusion attack.Finally,the causes of the vulnerabilities were analyzed,and the improved scheme was proposed.
作者
左黎明
夏萍萍
林楠
Zuo Liming;Xia Pingping;Lin Nan(School of Science,East China Jiaotong University,Nanchang 330013,China;Institute of Systems Engineering and Cryptography,East China Jiaotong University,Nanchang 330013,China;State Grid Jiangxi Electric Power Co.,Ltd.,Electric Power Research Institute,Nanchang 330096,China)
出处
《华东交通大学学报》
2019年第4期119-123,共5页
Journal of East China Jiaotong University
基金
国家自然科学基金项目(11361024)
国网江西省电力有限公司科技项目(52182017001L)
江西省教育厅科技项目(GJJ161417,GJJ170386)
江西省交通运输厅科技项目(2017D0037)
关键词
签密
随机预言机
椭圆曲线
机密性
不可伪造性
signcryption
random oracle model
elliptic curve
confidentiality
unforgeability
