【论文】对一个高效无证书签名方案的安全性分析.pdfVIP

胡国政，韩兰胜，夏祥胜：对一个高效无证书签名方案的安全性分析 2011 ，47 （2 ） 19 对一个高效无证书签名方案的安全性分析 1 2 3 胡国政 ，韩兰胜 ，夏祥胜 1 2 3 HU Guozheng ，HAN Lansheng ，XIA Xiangsheng 1.武汉理工大学 理学院，武汉 430070 2.华中科技大学 计算机学院，武汉 430074 3.武汉工业学院 计算机系，武汉 430023 1.School of Science ，Wuhan University of Technology ，Wuhan 430070 ，China 2.School of Computer ，Huazhong University of Science and Technology ，Wuhan 430074 ，China 3.Department of Computer ，Wuhan Polytechnic University ，Wuhan 430023 ，China E-mail ：huguozheng@ HU Guozheng ，HAN Lansheng ，XIA Xiangsheng.Security analysis of efficient certificateless signature scheme.Computer Engineering and Applications ，2011 ，47 （2 ）：19-20. Abstract ：Recently ，Zhang et al. has proposed an efficient certificateless signature scheme and has given a formal security proof of the scheme.In this paper ，it shows that the proposed scheme is insecure against public key replacement attacks ，that is ，an adversary can forge a valid signature for any message of any user under public key replacement attacks and the at- tack method is showed in detail.It is also pointed out that there exist fatal proof flaws in its security proof ，and the security proof flaws is the adversary must know the secret key of the substituted public key in proving the security by the forking technique of Rafael and Ricardo.It is found that these flaws exist in other literature ，and the flaws reasons are analyzed and the improvement measures are put forward. Key words ：certificateless signature ；public key replacement attack ；forking technique ；bilinear pairing 摘 要：对张玉磊等提出的高效无证书签名方案和该方案的安全性证明进行分析，证明该方案在公钥替换攻击下是不安全的，指 出它的安全性证明存在严重缺陷。利用公钥替换攻击，敌手可以伪造任何用户对任意消息的签名，给出了详细的攻击方法。安 全性证明的缺陷是，在利用Rafael 和Ricardo 分叉技术证明无证书签名方案在公钥替换攻击下安全性时，要求敌手知道所替换公 钥对应的私钥。指出这种安全性证明缺陷在其他文献中也存在，分析了这种缺陷产生的原因，提出了改进措施。 关键词：无证书签名