几个签密方案的密码学分析与改进

摘要/Abstract

摘要：

对六个签密方案进行了安全性分析，指出它们都存在保密性的安全问题，其中两个方案还存在不可伪造性的安全问题。对每一个安全问题都给出了具体的攻击方法，并使用加密部分绑定发送者、签名部分绑定接收者、验证等式不含明文信息和部分私钥生成时绑定公钥的方法对每一个方案给出了改进措施。对改进后的方案给出了随机预言机模型下的安全性证明。安全分析表明，改进方案是安全的。最后提出了设计签密方案时必须注意的几个问题。

关键词: 签密, 基于身份的签密, 无证书签密, 公钥替换攻击, 双线性对

Abstract:

We analyze six signcryption schemes and find confidentiality problem in all of them and unforgeability problem in two of them. Then some concrete attacks are presented for these problems. We improve the six schemes using the following methods: binding the sender in the encryption part, binding the receiver in the signature part, verifying equation without plaintext information and binding public key when producing partial private key. These improved schemes are verified in the random oracle model, and security analysis shows that these improved schemes are secure. Finally we point out that some principles must be paid attention to when designing signcryption schemes.

Key words: signcryption, identitybased signcryption, certificateless signcryption, public key replacement attack, bilinear pairing

周才学. 几个签密方案的密码学分析与改进[J]. 计算机工程与科学.

ZHOU Caixue.

Cryptanalysis and improvement of

some signcryption schemes

[J]. Computer Engineering & Science.

参考文献

［1］Zheng Yuliang．Digital signcryption or how to achieve cost(signature ＆encryption) << cost(signature)+cost(encryption)［C］ ∥Proc of Crypto,1997:165179．

［2］Gamage C,Leiwo J,Zheng Y L.Encrypted message authentication by firewalls［C］ ∥Proc of Public Key Cryptography,1999:6981.

［3］Baek J,Steinfeld R,Zheng Yuliang.Formal proofs for the security of signcryption［C］ ∥Proc of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems，2002:8198．

［4］An J H,Dodis Y,Rabin T.On the security of joint signature and encryption［C］ ∥Proc of EuroCrypt’2002,2002:83107.

［5］MaloneLee J.Identitybased signcryption［EB/OL］.［20130614］.http:∥eprint.iacr.org/2002/098.pdf.

［6］Barbosa M, Farshim P. Certificateless signcryption ［C］ ∥Proc of the 2008 ACM Symposium on Information,Computer and Communications Security,2008:369372.

［7］Zhou Caixue. Improved certificateless hybrid signcryption scheme［J］.Application Research of Computers,2013,30(1):273277.(in Chinese)

［8］Han Yiliang,Yang Xiaoyuan.New ECDSAverifiable generalized signcryption［J］.Chinese Journal of Computers,2006,29(11):20032012.(in Chinese)

［9］Gamage C,Leiwo J,Zheng Y L.An efficient scheme for secure message transmission using proxysigncryption［C］∥Proc of the 22nd Australasian Computer Science Conference,1999:420431.

［10］Zhang Mingwu, Yang Bo, Zhang Wenzheng. Short signcryption scheme with forward security and ciphertext anonymity［J］.Journal of Beijing University of Posts and Telecommunications,2010,33(4):131134.(in Chinese)

［11］Liu Zhiyuan.Secure certificateless signcryption scheme［J］.Application Research of Computers,2013,30(5):15331535.(in Chinese)

［12］He Long,Peng Xinguang.Safe and efficient remote attestation protocol based on bilinear pairings signcryption［J］.

Journal of Computer Applications, 2013, 33(10):28542857.(in Chinese)

［13］Qi Mingping, Chen Jianhua, He Debiao. Sincryption scheme with public verifiability and forward security［J］.Application Research of Computers,2014,31(10):30933094.(in Chinese)

［14］Yu Huifang, Yang Bo.Provably secure certificateless hybrid signcryption［J］.Chinese Journal of Computers,2015,38(4):804813.(in Chinese)

［15］Gao Jianxin,Wu Xiaoping,Qin Yanlin,et al.Secure certificateless signcryption scheme without bilinear pairing［J］.Application Research of Computers,2014,31(4):11951198.(in Chinese)

［16］Zhou Xuanwu, Jin Zhigang, Fu Yan,et al.Efficient short signcryption from pairings in Internet of Things［J］.Journal of System Simulation,2014,26(7):15661569.(in Chinese)

［17］Pointcheval D,Stern J.Security arguments for digital signatures and blind signatures［J］.Journal of Cryptology,2000,13(3):361396.

附中文参考文献：

［7］周才学.改进的无证书混合签密方案［J］.计算机应用研究,2013,30(1):273277.

［8］韩益亮,杨晓元．ECDSA可公开验证广义签密［J］．计算机学报,2006,29(11):20032012．

［10］张明武,杨波,张文政.密文匿名的高效前向安全短签密方案［J］.北京邮电大学学报,2010,33(4):131134.

［11］刘志远.一个安全的无证书签密方案［J］.计算机应用研究，2013,30(5):15331535.

［12］何龙,彭新光.基于双线性对签密的安全高效远程证明协议［J］.计算机应用,2013,33(10):28542857.

［13］戚明平,陈建华,何德彪.具有前向安全性的可公开验证的签密方案［J］.计算机应用研究,2014,31(10):30933094.

［14］俞惠芳,杨波.可证安全的无证书混合签密［J］.计算机学报,2015,38(4):804813.

［15］高键鑫,吴晓平,秦艳琳,等.无双线性对的无证书安全签密方案［J］.计算机应用研究,2014,31(4):11951198.

［16］周宣武,金志刚,付燕,等.适用于物联网环境的椭圆曲线短签密方案［J］.系统仿真学报,2014,26(7):15661569.

[1]	程玉胜, 曹天成, 王一宾, 郑伟杰. 基于负相关性增强的不平衡多标签学习算法[J]. 计算机工程与科学, 2021, 43(09): 1700-1710.
[2]	刘祥震1，张玉磊1，郎晓丽1，骆广萍1，王彩芬2. 可证安全的隐私保护多接收者异构聚合签密方案[J]. 计算机工程与科学, 2020, 42(03): 441-448.
[3]	张玉磊1，刘祥震1，张永洁2，骆广萍1，陈文娟1，王彩芬1. 可证安全的CLPKC-to-IDPKC在线/离线异构签密方案[J]. 计算机工程与科学, 2019, 41(05): 813-820.
[4]	牛淑芬，李振彬，王彩芬. 适用于车载网的匿名异构聚合签密方案[J]. 计算机工程与科学, 2019, 41(01): 80-87.
[5]	曹素珍1，戴文洁1，王彩芬1，王秀娅1，孙晗1,左为平2. 基于身份部分盲签名方案的分析与改进[J]. 计算机工程与科学, 2018, 40(12): 2193-2197.
[6]	牛淑芬,牛灵,王彩芬,杨喜艳,贾向东. 可实现隐私保护的多接收者异构聚合签密方案[J]. 计算机工程与科学, 2018, 40(05): 805-812.
[7]	左黎明1,2，张婷婷1,2，郭红丽1,2，陈祚松1,2. 对一个基于身份的部分盲签名方案的攻击与改进[J]. 计算机工程与科学, 2017, 39(10): 1832-1836.
[8]	王云1,芦殿军2. 基于自认证的并行多重签密方案[J]. 计算机工程与科学, 2017, 39(04): 684-688.
[9]	杨小东，高国娟，李亚楠，鲁小勇，王彩芬. 抗合谋攻击的服务器辅助验证签名方案[J]. J4, 2016, 38(07): 1350-1355.
[10]	周明,王箭. 一个可证安全的高效的代理盲签名方案[J]. J4, 2015, 37(09): 1643-1651.
[11]	王云1,芦殿军2. 自认证签密方案的安全性研究[J]. J4, 2015, 37(07): 1280-1283.
[12]	陈明. 标准模型下基于身份的多接收者签密密钥封装[J]. J4, 2015, 37(04): 719-725.
[13]	邓宇乔. 基于动态属性的加密方案[J]. J4, 2014, 36(06): 1083-1087.
[14]	王云. 两个自认证签密方案的攻击及改进[J]. J4, 2014, 36(05): 856-859.
[15]	邓伦治，王祥斌，瞿云云. 高效的基于身份的签密方案[J]. J4, 2014, 36(03): 441-445.