检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]四川师范大学基础教学学院,成都610068 [2]四川大学计算机学院,成都610065 [3]电子科技大学计算机科学与工程学院,成都610054 [4]西安电子科技大学ISN国家重点实验室,西安710071
出 处:《计算机科学》2012年第12期73-75,106,共4页Computer Science
基 金:国家自然科学基金项目(61003310;60970120);四川省教育厅科研项目(10ZB005);四川省科技创新苗子工程项目(2011-025;2011-005)资助
摘 要:Yang和Tan提出一个不需要双线性对的无证书密钥协商协议,并声称该协议满足前向安全性,即双方参与者的私钥和临时秘密信息不全部泄露,敌手就无法获得双方参与者协商的会话密钥。给出一种攻击方法:敌手只要得到一个参与者的私钥和另一个参与者的临时秘密信息,就可以获得双方已经协商的会话密钥。针对此缺陷,对协议做了改进,在改进协议中,双方参与者的私钥和临时秘密信息互相交织在一起,因而能抵抗上述攻击。Yang and Tan proposed a certificateless key agreement protocol without pairing,and claimed their scheme satisfies forward secrecy,which means no adversary could derive an established session key unless the full user secret information(including a private key and an ephemeral secret key) of both communication parties are compromised.However,we pointed out their protocol is actually not secure as claimed by presenting an attack launched by an adversary who has learned the private key of one party and the ephemeral secret key of the other,but not the full user secret keys of both parties.Furthermore,to make up this flaw,we also provided an revised protocol in which the private key and the ephemeral secret key are closely intertwined with each other for generating the session key,thus above attack can be efficiently resisted.
关 键 词:无证书的公钥密码系统 前向安全性 会话密钥
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229