安全的无证书聚合签名方案  被引量：21

作　　者：陈虎[1] 魏仕民[1] 朱昌杰[1] 杨忆[1] 

机构地区：[1]淮北师范大学计算机科学与技术学院,安徽淮北235000

出　　处：《软件学报》2015年第5期1173-1180,共8页Journal of Software

基　　金：国家自然科学基金(61472309;61173151;60673070;60773121);安徽省自然科学基金(1208085MF108);安徽省高校自然科学基金(KJ2012B157)

摘　　要：无证书密码系统既解决了密钥托管问题,又不涉及公钥证书;而聚合签名可以有效地减少计算代价和通信开销.结合二者的优点构造无证书聚合签名是很有意义的.尽管无证书聚合签名方案的构造已经取得了重要进展,但是现有的方案仍然不能同时达到既可抵抗两类超级攻击者又具有运算的高效性.使用双线性映射并引入状态信息来设计具有强安全性的无证书聚合签名方案.在随机预言模型中,该状态信息被用于嵌入给定困难问题的部分信息.结果显示,该方案的安全性基于计算Diffie-Hellman问题的困难性并可以抵抗超级攻击者的攻击.同时,由于充分利用公开信息和双线性映射的性质,它在个体签名和聚合签名验证过程只需4个双线性映射.另外,在该方案中,用户知道状态信息后可独立完成个体签名而无需交换信息,所以它允许用户动态地加入聚合签名.故它可应用于多对一的通信系统中.Certificateless public key cryptography can solve the key escrow problem without any digital certificates to bind users and their public keys. Meanwhile, aggregate signature can efficiently lower the cost of computations and communications. Hence it is of interest to construct a certificateless aggregate signature scheme by taking advantages of the two methods. Though great progress has been made in this area, certificateless aggregate signature schemes available today cannot simultaneously achieve the objectives of being secure against both types of super adversaries and being efficient in operation. This paper puts forward a construction of certificateless aggregate signature scheme with stronger security by using pairings and introducing state information. The state information is used to hold partial information on a given hard problem in the random oracle model. The results show that the presented scheme, based on the infeasibility of the computational Diffie-Hellman （CDH） problem, is secure against both super adversaries. At the same time, the new scheme needs only four pairings during the： processes of individual signature and verification for an aggregate signature by making good use of public information and the properties of bilinear maps. Furthermore, after knowing the same state information, a user in the scheme can perform individual signature operations in a non-interactive manner, which allows any users in the system to join dynamically for generating an aggregate signature. As a result, it can have practical applications in many-to-one communications.

关 键 词：无证书密码系统 聚合签名 计算DIFFIE-HELLMAN问题 双线性映射 随机预言模型 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]