CAJ | 학술논문

在数字签名中,由于签名因子或整个签名方案设计的不合理,使得攻击者很容易通过将签名验证等式进行变形,将其转换成一个同底的等式,并通过指数的相等伪造出签名数据.针对此问题,提出同底构造攻击的概念,并明确指出,在进行数字签名设计时,必须回避这种现象.通过实例说明了这些例子中签名协议设计的不安全性,并给出一些通用方法说明如何对这些签名方案进行改进.
재수자첨명중,유우첨명인자혹정개첨명방안설계적불합리,사득공격자흔용역통과장첨명험증등식진행변형,장기전환성일개동저적등식,병통과지수적상등위조출첨명수거.침대차문제,제출동저구조공격적개념,병명학지출,재진행수자첨명설계시,필수회피저충현상.통과실례설명료저사례자중첨명협의설계적불안전성,병급출일사통용방법설명여하대저사첨명방안진행개진.
This paper studied many digital signature schemes and had found them insecure because of the irrationality of these signature factors or the whole signature scheme, which made the attackers be able to transform the signature verification equation into a equation with the same base number and easily forge signature datum through the equation of the two exponents. The paper proposed a new concept: the attack based on identical base construction, and explicitly indicated that defects could be avoided in designing digital signature. Meanwhile, four examples were given to illustrate the insecurity in signature designing. Finally, some general ways to improve these signature schemes were provided