CAJ | 학술논문

为了抵抗适应性选择消息攻击、提高签名生成效率、加强秘密共享，提出一种新的RSA—TBOS广义签密方案．与韩益亮的广义签密方案相比，本方案是基于RSA大整数分解的困难性，且密钥长度的下限为160bits，能够实现短签密．其计算量大小介于韩益亮的方案和J．Malone—Lee的方案之间．同时，由于方案的签名是两部分消息经过随机化填充后的连接，因此，可以抵抗中间相遇攻击．经过证明，方案IND-CCA2是安全的．
위료저항괄응성선택소식공격、제고첨명생성효솔、가강비밀공향，제출일충신적RSA—TBOS엄의첨밀방안．여한익량적엄의첨밀방안상비，본방안시기우RSA대정수분해적곤난성，차밀약장도적하한위160bits，능구실현단첨밀．기계산량대소개우한익량적방안화J．Malone—Lee적방안지간．동시，유우방안적첨명시량부분소식경과수궤화전충후적련접，인차，가이저항중간상우공격．경과증명，방안IND-CCA2시안전적．
To resist adaptive chosen ciphertext attack, improve efficiency of the signcryption generation and strengthen the possibility to share secret, a publicly verifiable generalized signcryption scheme is put forword. Compared with Han Yi-liang＇s our scheme ismainly based on the difficulty of the decomposition of RSA biginteger, and the length of the secret key in the scheme is not more than 160 bites and it can realize short signcryption. The computational complexity of our scheme is between that of Han yi-liang＇s and Malone-Lee＇s. Because the signature in the new scheme is the linkage of two information after padding at random, it can resist the middle meeting attack. Finally, parts of IND-CCA2 security of the new seheme is proved.