The improved QV signature scheme based on conic curves over Z_n  被引量：1

作　　者：WANG Biao FANG YingJue LIN HongGang LI Yi 

机构地区：[1]Department of Information Sciece and Technology, University of International Relations, Beijing 100091, China [2]College of Mathematics and Computational Science, Shenzhen University, Shenzhen 518060, China [3]Department of Network Engineering, Chengdu University of Information Technology, Chengdu 610225, China

出　　处：《Science in China(Series F)》2009年第4期602-608,共7页中国科学（F辑英文版）

基　　金：Supported by the National Natural Science Foundation of China (Grant No. 10128103)

摘　　要：The classical RSA is vulnerable to low private exponent attacks （LPEA） and has homomorphism. KMOV based on elliptic curve En（a,b） over Zn can resist LPEA but still has homomorphism. QV over En（a,b） not only can resist LPEA but also has no homomorphism. However, QV over En（a,b） requires the existence of points whose order is Mn= 1cm{#Ep（a,b）, #Eq（a,b）}. This requirement is impractical for all general elliptic curves. Besides, the computation over En（a,b） is quite complicated. In this paper, we further study conic curve Cn（a,b） over Zn and its corresponding properties, and advance several key theorems and corollaries for designing digital signature schemes, and point out that Cn（a,b） always has some points whose order is Mn： 1cm{#Ep（a,b）,#Eq（a,b））. Thereby we present an improved QV signature over Cn（a,b）, which inherits the property of non-homomorphism and can resist the Wiener attack. Furthermore, under the same security requirements, the improved QV scheme is easier than that over En（a,b）, with respect plaintext embedding, inverse elements computation, points computation and points＇ order calculation. Especially, it is applicable to general conic curves, which is of great significance to the application of QV schemes.The classical RSA is vulnerable to low private exponent attacks （LPEA） and has homomorphism. KMOV based on elliptic curve En（a,b） over Zn can resist LPEA but still has homomorphism. QV over En（a,b） not only can resist LPEA but also has no homomorphism. However, QV over En（a,b） requires the existence of points whose order is Mn= 1cm{#Ep（a,b）, #Eq（a,b）}. This requirement is impractical for all general elliptic curves. Besides, the computation over En（a,b） is quite complicated. In this paper, we further study conic curve Cn（a,b） over Zn and its corresponding properties, and advance several key theorems and corollaries for designing digital signature schemes, and point out that Cn（a,b） always has some points whose order is Mn： 1cm{#Ep（a,b）,#Eq（a,b））. Thereby we present an improved QV signature over Cn（a,b）, which inherits the property of non-homomorphism and can resist the Wiener attack. Furthermore, under the same security requirements, the improved QV scheme is easier than that over En（a,b）, with respect plaintext embedding, inverse elements computation, points computation and points＇ order calculation. Especially, it is applicable to general conic curves, which is of great significance to the application of QV schemes.

关 键 词：conic curve over Zn digital signature RSA low exponent attacks KMOV QV 

分 类 号：O182.1[理学—数学] TP393.08[理学—基础数学]