广州大学学报(自然科学版)
廣州大學學報(自然科學版)
엄주대학학보(자연과학판)
JOURNAL OF GUANGZHOU UNIVERSITY(NATURAL SCIENCE EDITION)
2008年
3期
13-21
,共9页
UDVS%基于身份的非交互UDVSP%双线性对%∑-协议
UDVS%基于身份的非交互UDVSP%雙線性對%∑-協議
UDVS%기우신빈적비교호UDVSP%쌍선성대%∑-협의
UDVS%non-interactive ID-based UDVSP%bilinear pairing%Σ-protocol
通用指定验证者签名证明(UDVSP)系统旨在保护签名拥有者的私有性,即从签名者得到有效签名的拥有者确信某个验证者他拥有有效签名,但是没有泄露签名的任何信息.与通用指定验证者签名相比,现有的UDVSP拥有指定的验证者不必预先建立自己的公私钥对的优点,以及如下缺点:①在签名拥有者和验证者之间存在一个交互协议;②签名拥有者不能验证指定验证者的身份.结果任意的攻击者都可以冒充指定验证者.文章给出了基于身份的非交互UDVSP和它的安全性定义.接着使用双线性对最早构造了基于身份的非交互UDVSP,该证明具有如下的优点:①指定验证者不需建立公私钥对;②证明是非交互的;③只有指定的验证者才能相信签名拥有者拥有签名者的有效签名.而且,在DLP,CDH,SDH和BPI是难的假设下,本系统是安全的.
通用指定驗證者籤名證明(UDVSP)繫統旨在保護籤名擁有者的私有性,即從籤名者得到有效籤名的擁有者確信某箇驗證者他擁有有效籤名,但是沒有洩露籤名的任何信息.與通用指定驗證者籤名相比,現有的UDVSP擁有指定的驗證者不必預先建立自己的公私鑰對的優點,以及如下缺點:①在籤名擁有者和驗證者之間存在一箇交互協議;②籤名擁有者不能驗證指定驗證者的身份.結果任意的攻擊者都可以冒充指定驗證者.文章給齣瞭基于身份的非交互UDVSP和它的安全性定義.接著使用雙線性對最早構造瞭基于身份的非交互UDVSP,該證明具有如下的優點:①指定驗證者不需建立公私鑰對;②證明是非交互的;③隻有指定的驗證者纔能相信籤名擁有者擁有籤名者的有效籤名.而且,在DLP,CDH,SDH和BPI是難的假設下,本繫統是安全的.
통용지정험증자첨명증명(UDVSP)계통지재보호첨명옹유자적사유성,즉종첨명자득도유효첨명적옹유자학신모개험증자타옹유유효첨명,단시몰유설로첨명적임하신식.여통용지정험증자첨명상비,현유적UDVSP옹유지정적험증자불필예선건립자기적공사약대적우점,이급여하결점:①재첨명옹유자화험증자지간존재일개교호협의;②첨명옹유자불능험증지정험증자적신빈.결과임의적공격자도가이모충지정험증자.문장급출료기우신빈적비교호UDVSP화타적안전성정의.접착사용쌍선성대최조구조료기우신빈적비교호UDVSP,해증명구유여하적우점:①지정험증자불수건립공사약대;②증명시비교호적;③지유지정적험증자재능상신첨명옹유자옹유첨명자적유효첨명.이차,재DLP,CDH,SDH화BPI시난적가설하,본계통시안전적.
The universal designated verifier signature proof(UDVSP) system aims to protect a signa- ture holder's privacy by allowing him to convince a verifier that he holds a valid signature from the signer without revealing the signature itself. Comparing with the universal designated verifier signature (UDVS), the existing UDVSP has the following advantage: the designated verifier does not have to set up a private/public key, and disadvantages: ① there exists an interactive protocol between the signature holder and the verifier; ② the signature holder can not verify the identity of the designated verifier, then arbitrary attacker may pretend to be the designated verifier. In this paper, we give the formal definitions of non-interactive ID-based NDVSP and its security. Then, we construct the first non-interactive ID-based UDVSP systems based on bilinear pairings, which have the following advantages: ① the designated verifier does not have to set up a private/pub- lic key; ② system is non-interactive; ③Only the designated verifier can believe that the signature holder holds a valid signature from the signer. Furthermore, we prove that our systems are secure un- der the assumption DLP, CDH, SDH and BPI are hard.
