CAJ | 학술논문

分析了Singh等( SINGH H, VERMA G. ID-based proxy signature scheme with message recovery. The Journal of Systems and Software,2012,85：209-214)提出的基于身份的具有消息恢复功能的代理签名方案,发现该方案是不安全的,并给出了一种伪造攻击,当攻击者获得一个有效的代理签名后,在不知道代理密钥的前提下,就可以对任何消息进行签名。为了克服该方案存在的安全缺陷,对其方案进行了改进,改进的方案可以有效抵抗这种伪造攻击,即当攻击者获得一个有效的代理签名后,在不知道代理密钥的前提下,也不可以对任何消息进行签名。与之前方案相比,效率更高,安全性更强,适用范围更广。
분석료Singh등( SINGH H, VERMA G. ID-based proxy signature scheme with message recovery. The Journal of Systems and Software,2012,85：209-214)제출적기우신빈적구유소식회복공능적대리첨명방안,발현해방안시불안전적,병급출료일충위조공격,당공격자획득일개유효적대리첨명후,재불지도대리밀약적전제하,취가이대임하소식진행첨명。위료극복해방안존재적안전결함,대기방안진행료개진,개진적방안가이유효저항저충위조공격,즉당공격자획득일개유효적대리첨명후,재불지도대리밀약적전제하,야불가이대임하소식진행첨명。여지전방안상비,효솔경고,안전성경강,괄용범위경엄。
The security of the ID-based proxy signature scheme with message recovery proposed by Singh et al. ( SINGH H, VERMA G. ID-based proxy signature scheme with message recovery. The Journal of Systems and Software, 2012, 85:209-214) was analyzed, and the scheme was found insecure. Meanwhile, a forgery attack on this scheme was given, when a valid proxy signature was obtained by the attacker, and on the premise of the proxy signing key was unknown, the proxy signature was generated for any message. In order to overcome the weakness of this scheme, this scheme was improved, and this improved scheme can efficiently resist the forgery attack, that is to say, when a valid proxy signature was obtained by the attacker, and on the premise the proxy signing key was unknown, the signature was not generated for any message. Compared with the previous scheme, this improved scheme is more efficient, secure, and has a wide application range.