检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:张跃宇[1] 陈杰[1] 苏万力[1] 王育民[1]
机构地区:[1]西安电子科技大学计算机网络与信息安全教育部重点实验室,西安710071
出 处:《计算机学报》2007年第10期1865-1871,共7页Chinese Journal of Computers
基 金:国家"八六三"高技术研究发展计划项目基金(2007AA01Z435);国家自然科学基金(60473072);陕西省自然科学基础计划项目基金(2007F37)资助.~~
摘 要:基于线性假设下的Cramer-Shoup加密方案和SDH假设,提出一种新的SDH问题的零知识证明协议,并基于此协议构造了一种在Bellare-Micciancio-Warinshi模型下可证明安全的短群签名方案.该方案具有IND-CCA2完全匿名性,允许攻击者在攻击完全匿名性时提问打开预言机.签名的长度仅为1704bits.In CRYPTO 2004, a short group signature is proposed by Boneh, Boyen ancl Shacham, which is based on strong Diffie-Hellman(SDH) assumption and Decision Linear assumption. Thereafter it is denoted BBS. Only chosen plaintext attack(CPA) full-anonymity is achieved in BBS short group signature for CPA secure in linear encryption. In this case, adversary could not query an open oracle. However, when adversaries try to break the notion of chosen ciphertext attack(IND-CCA2) full-anonymity, they have the ability to query an open oracle in the current and strongest security model for group signatures. Hence adversaries can obtain the signer identity of the queried signature. This paper presents a new zero-knowledge protocol for SDH, which based on Cramer-Shoup encryption from the linear assumption. Using this protocol as a building block, a new short group signature is constructed in this paper, which is provable secure in the Bellare-Micciancio-Warinshi model. The scheme is of IND-CCA2-full-anonymity, which allows adversary querying open oracle when trying to attack the anonymity notion. And the signature is only 1704 bits in size.
关 键 词:群签名 完全匿名性 线性Cramer-Shoup加密 IND-CCA2安全 判定线性假设
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.90
