基于弱签名方案的可否认消息传输认证子.docVIP

基于弱签名方案的可否认消息传输认证子 田海博 信息科学与技术学院, 中山大学, 广州 ,510275 摘要：本文展示如何在可否认认证中使用签名方案。可否认认证意思是消息接收人 R 不能使 第三方相信它从某个消息发送人 S 那里接收到了一个消息 m，即使它确实从 S 接收了消息 m。显然，选择性不可伪造的签名体制并不适合这样的可否认属性。然而，如果签名方案只是 选择性可伪造的，我们可以构造一个可否认认证协议。该协议在 Raimondo 等人的扩展模型中 给出，是一个可否认的消息传输认证子。 关键词：认证, 数字签名, 隐私增强技术 中图分类号： TP309 Deniable Message Transmission Authenticator Based on Weak Signature Schemes Tian Haibo School of Information Science and Technology, Sun Yat-Sen University, GuangZhou, 510275 Abstract: This paper shows how to use signature schemes for deniable authentication. Deniable authentication means that a message receiver R, although received a message m from a sender S, cannot convince a third party that the sender S has sent R the message m. Obviously, signature schemes secure against existential forgery are unsuitable for such a deniability property. However, if signature schemes are just secure against selective forgery, we can construct a deniable authentication protocol. The protocol is presented in the extension framework of Raimondo et al. as a deniable message transmission (MT) authenticator. Key words: Authentication; Digital Signatures; Privacy-Enhancing Technologies 0 Introduction An authentication protocol enables a message receiver to make sure that it is communi- cating with an intended sender, even in the presence of an adversary who controls the com- munication channel. A deniable authentication protocol [1] enables the receiver to identify the sender but leaves no evidence to prove the sender taking part in a particular protocol run. It is a privacy property which can be used in the design of Internet Key Exchange (IKE) [2] protocols, or to provide freedom from coercion in electronic voting systems. 基 金 项 目： Specialized Research Fund for the Doctoral Program of Higher Education for New Teachers (No. 20090171120006) 作者简介： Tian Haibo(1979-),male,Lecture,major research direction:cryptographic protocols. -1- The are some constructions of deniable-authentication protocols based on encr