改进的前向安全的认证加密方案.pdfVIP

第37卷增刊(I) 东南大学学报(自然科学版) Vo1．37 Sup(I) 2007年9月 JOURNAL OF SOUTHEAST UNIVERSITY(Natural Science Edition) Sept．2007 改进的前向安全的认证加密方案 李艳平 张京良 王育民 ( 西安电子科技大学ISN国家重点实验室，西安710071) ( 陕西师范大学数学与信息科学学院，西安710062) 摘要：多数基于离散对数问题的认证加密方案不满足前向安全性，证明了Huang—Chang方案不满 足前向安全和语义安全，且易受已知明文攻击．基于循环群z。上离散对数困难问题以及单向hash 函数的不可逆性，利用可证安全的短签名方案(SDSS)，设计了一个新的能弥补Huang Chang方案 安全隐患的认证加密方案．理论分析证明了新方案的安全性：即不可伪造性、可公开验证性、语义 安全性和前向安全性．复杂性分析表明新方案是高效的． 关键词：认证加密方案；公开可验证性；前向安全；语义安全性 中图分类号：TP918．1 文献标识码：A 文章编号：1001—0505(2007)增刊(I)-0020-04 Improvement of forward-secure authenticated encryption scheme Li Yanping ’ Zhang Jingliang Wang Yumin ( State Key Laboratory of Integrated Service Networks，Xidian University，Xi’an 710071，China) ( College of Mathematics and Information Science，Shanxi Normal University，Xi’an 710062，China) Abstract：Many authenticated encryption schemes based on the discrete logarithm problem(DLP)do not satisfy forward security．It is demonstrated that the scheme presented by Huang and Chang cannot resist the known—plaintext attack，and cannot provide semantic security and forward security．Based On the DLP on cyclic group Zp and the intractability of reversing a one—way hash function，an improved scheme is pro— posed with all the desired security requirements through adopting a provably secure shortened signature scheme(SDSS)．Security properties of the new scheme are proved theoretically，including unforgeability， public verifiability，semantic security and forward security．And the results of complexity analysis show that the new scheme iS e伍cient． Key words：authenticated encryption scheme；public verifiability；forward security；semantic security 认证加密是消息可恢复签名和有向签名的结合．消息可恢复的签名方案本质是签名(r，s)，在验证签