不含双线性对的无证书签密方案安全性分析与改进

计算机科学 ›› 2013, Vol. 40 ›› Issue (Z11): 203-209.

不含双线性对的无证书签密方案安全性分析与改进

王电钢,丁雪峰,黄昆

四川省电力公司智能电网信息技术实验室成都610041;四川大学信息管理中心成都610065;四川省电力公司智能电网信息技术实验室成都610041

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受四川省科技计划支撑项目(2013GZ0004),四川省科研计划项目(2012GZ0001)资助

Security Analysis and Improvement of Strongly Secure Certificateless Key Agreement Protocol

WANG Dian-gang,DING Xue-feng and HUANG Kun

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 无证书密码体制能同时解决传统公钥密码体制证书管理问题和基于身份密码体制中密钥分发的问题,而受到学者们的关注。基于双线性对的无证书签密,因需要大量开销用于双线性对运算而性能不佳。研究不基于双线性对的无证书签密方案,发现Selvi等人的不基于双线性对的无证书签密方案不是标准的无证书签密方案,因为用户在使用时必须先验证对方的公钥,这不仅与无证书公钥体制相背,而且增加了用户的开销。分析了其他3个不基于双线性对的无证书签密方案,发现这3个方案都不满足不可伪造性和机密性。为解决这些安全性问题,提出一个新的不基于双线性对的无证书签密方案,并在随机预言机模型下证明了其安全性。

关键词: 无证书公钥密码体制,签密,双线性对,椭圆曲线,随机预言机模型

Abstract: The certificateless public key cryptography (CLPKC) has attracted wide attention since it could solve the certificate management problem in the traditional public cryptography and the key escrow problem in the ID-based cryptography．Many certificateless signcryption (CLSC) schemes using pairing have been proposed．The pairing operation is a very complicated operation．So the performance of these schemes is not very good．In this paper,we study the CLSC schemes without pairing ,and find that Selvi et al．Is scheme is not a standard CLSC scheme since the user must verify the public key before using it．This not only inverses the thought of the CLPKS but also increases the user’s computational cost．To solve the problem,three new CLSC schemes without pairing have been proposed．In this paper,we will show the three CLSC schemes provide neither unforgeability property nor confidentiality property．To improve security,we also propose a new CLSC scheme without pairing and demonstrate it is provably secure in the random oracle model.

Key words: CLPKC signcryption scheme,Bilinear pairings,Elliptic curve,Random oracle model

王电钢,丁雪峰,黄昆. 不含双线性对的无证书签密方案安全性分析与改进[J]. 计算机科学, 2013, 40(Z11): 203-209. https://doi.org/

WANG Dian-gang,DING Xue-feng and HUANG Kun. Security Analysis and Improvement of Strongly Secure Certificateless Key Agreement Protocol[J]. Computer Science, 2013, 40(Z11): 203-209. https://doi.org/

参考文献

[1] Shamir A． Identity based cryptosystems and signature scheme[C]∥Crypto 1984,in:LNCS．Springer-Verlag,1984,196:47-53
[2] Al-Riyami S,Paterson K．Certificateless public key cryptography[C]∥Asiacrypt 2003．2003:452-473
[3] Zheng Y．Digital signcryption or how to achieve cost (signature and encryption) 6cost (signature)+cost(encryption)[C]∥Cryptology-Crypto 1997．1997:291-312
[4] An J H,Dodis Y,Rabin T．On the security of joint signature and encryption[C]∥Advances in Cryptology-Eurocrypt 2002．2002:83-107
[5] Malone-Lee J．Identity based signcryption．CryptologryePrint Archive,Report 2002/098．http://eprint.iacr.org/2002/098
[6] Barbosa M,Farshim P．Certificateless signcryption[C]∥Proc．ACM Symposium on Information,Computer and Communications Security (ASIACCS 2008)．2008:369-372
[7] Wu C,Chen Z．A new efficient certificateless signcryptionscheme[C]∥International Symposium on Information Science and Engieering,2008．ISISE’08．2008:661-664
[8] Selvi S S D,Vivek S S,Ragan C P．On the security of certificateless signcryption schemes．Cryptology ePrint Archive:Report 2009/298,Available from:http://eprint.iacr.org/2009/298
[9] Xie W,Zhang Z．Efficient and provably secure certificatelesssigncryption from bilinear maps．Cryptology ePrint Archive:Report 2009/578,Available from:http://eprmt.iacr.org/2009/578.pdf
[10] Selvi S S D,Vivek S S,Ragan C P．Security weaknesses in two certificateless signcryption schemes．Cryptology ePrint Archive:Report 2010/092,Available from:http://eprint.iacr.org/2010/092
[11] Liu Z,Hu Y,Zhang X,et al.Certificateless signcryption scheme in the standard model[J]．Information Sciences,2010,180(3):452-464
[12] Weng J,Yao G,Deng R H,et al.Cryptanalysis of a certificateless signcryption scheme in the standard model[J]．Information Sciences,2011,181(3):661-667
[13] Chen L,Cheng Z,Smart N．Identity-based key agreement protocols from pairings[J]．International Journal of Information Security,2007,6(2):213-241
[14] Cao X,Kou W．A Pairing-free Identity-based Authenticated Key Agreement Scheme with Minimal Message Exchanges[J]．Information Sciences,2010,180(6):2895-2903
[15] He D,Chen J,Hu J．An ID-based proxy signature schemes without bilinear pairings[J]．Annals of Telecommunications,2011,66(11/12):657-662
[16] Barreto P,Deusajute A,Cruz E,et al.Toward efficient certificateless signcryption from (and without) bilinear pairings．http://sbseg2008.inf.ufrgs.br/proceedings/data/pdf/st03_03_artigo.pdf
[17] Selvi S S D,Vivek S S,Ragan C P．Cryptanalysis of Certificateless Signcryption Schemes and an Efficient Construction Without Pairing[C]∥Inscrypt 2009．2010:75-92
[18] Xie W,Zhang Z．Certificateless Signcryption without Pairing”,Cryptology ePrint Archive:Report 2010/187．Available from:http://eprint.iacr.org/2010/187
[19] Zhu H,Li H,Wang Y．Certificateless Signcryption SchemeWithout Pairing[J]．Journal of Computer Research and Development,2010,47(9):1587-1594
[20] Liu W,Xu C．Certificateless Signcryption Scheme Without Bilinear Pairing[J]．Journal of Software,2011,22(8):1918-1926
[21] Jing X．Provably Secure Certificateless Signcryption Schemewithout Pairing[C]∥2011International Conference on Electronic & Mechanical Engineering and Information Technology．2011:4753-4756
[22] David P,Jacque S．Security Arguments for Digital Signaturesand Blind Signatures[J]．Journal of Cryptology,2000,13(3):361-396

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed