• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2013, Vol. 35 ›› Issue (8): 69-76.

• 论文 • 上一篇    下一篇

几个无证书签密方案的密码分析与改进

周才学   

  1. (九江学院信息科学与技术学院,江西 九江 332005)
  • 收稿日期:2012-03-27 修回日期:2012-08-13 出版日期:2013-08-25 发布日期:2013-08-25
  • 基金资助:

    江西省教育厅科技项目(GJJ12614)

Cryptanalysis and improvement of
some certificateless signcryption schemes

ZHOU Caixue   

  1. (School of Information Science and Technology,University of Jiujiang,Jiujiang 332005,China)
  • Received:2012-03-27 Revised:2012-08-13 Online:2013-08-25 Published:2013-08-25

摘要:

无证书密码体制既能避免基于身份的密码体制中存在的密钥托管问题,又能简化公钥证书的管理,具有巨大的优越性。对四个无证书签密方案进行了密码分析,指出有两个方案存在保密性攻击,有三个方案存在伪造性攻击。使用签名部分绑定接收者、加密部分绑定发送者和增加随机数的方法,分别对它们进行了改进。在随机预言机模型中,对改进方案进行了安全性证明,表明改进方案是安全的。

关键词: 无证书签密, 保密性攻击, 伪造性攻击, 公钥替换攻击, 随机预言机模型

Abstract:

Certificateless cryptography eliminates the key escrow problem inherent in identity based cryptosystems, and simplifies the certificate management in the traditional public key cryptosystem, which has great superiority. Four certificateless signcryption schemes were analyzed, which shows there exist confidentiality attacks in two schemes and forgeability attacks in three schemes. The four schemes were improved by using the methods of binding receiver in signature part, binding sender in encryption part and including random number in signcryption part respectively. Finally, the improved schemes were proved in the random oracle model, and it shows the improved schemes are secure.

Key words: certificateless signcryption;confidentiality attacks;forgeability attacks;public key replacement attacks;random oracle model