一种mIBS方案的分析与改进  

作　　者：陈明[1] 冷建华[1] Chen Ming;Leng Jianhua(School of Mathematics&Computer Science,Yichun University,Yichun Jiangxi 336000,China)

机构地区：[1]宜春学院数学与计算机科学学院,江西宜春336000

出　　处：《计算机应用研究》2022年第10期3136-3140,共5页Application Research of Computers

基　　金：国家自然科学基金资助项目(61662083)。

摘　　要：魏松杰等人提出一种基于安全仲裁SEM(security mediator)的mIBS(identity based signature)方案,利用SEM节点实现用户身份实时撤销。mIBS方案中,SEM持有部分用户私钥,与签名者共同完成签名。对mIBS方案进行了安全性分析,发现该方案存在严重安全缺陷,并给出一个具体的攻击实例。在攻击实例中,签名者通过与SEM的一次正常签名交互,窃取SEM持有的部分私钥,进而绕开SEM单独实施签名,使得SEM失效。提出一种改进的mIBS方案(记为mIBS_(G)),对SEM持有的部分私钥增加了随机性保护。进一步,建立了mIBS方案安全模型mEUF-CMIA(existential unforgeability under adaptive chosen message and identity attacks),重点讨论了其敌手模型。除传统IBS敌手外,mEUF-CMIA模型定义第二种类型敌手模拟一个恶意但合法的签名者,通过访问随机预言机,在没有SEM参与的情况下独立产生签名。在mEUF-CMIA模型下,mIBS_(G)方案的不可伪造性被归约为求解循环群上的CDH问题。对比分析表明,mIBS_(G)方案以较小的计算代价实现了可证明安全性。mIBS_(G)方案可用于构建基于IBC的跨域认证系统。Wei Songjie et al.proposed an identity-based signature scheme(mIBS),and used a security mediator(SEM)node to realize real-time revocation of entity identity in the mIBS scheme.The SEM held a part of the signature key,and gene-rated a signature by working collaboratively with a signer.This paper analyzed the security of the mIBS scheme,found it had serious security flaws,and presented a specific attack instance.In the attack instance,a signer could stole the key held by the SEM through once normal signature interaction with a SEM,and then bypassed the SEM to implement a signature independently.This paper proposed an improved signature scheme(mIBS_(G)).The mIBS_(G) scheme remedied the security flaws of the original scheme by randomizing the private key held by the SEM.Further,this paper established a security model for mIBS scheme,named mEUF-CMIA,and defined a new type of adversary that simulated malicious but legitimate signers.The new adversary had the power to generate a forged signature independently through asking random oracles.Based on the new security model,this paper deduced the unforgeability of the mIBS_(G) scheme as solving the CDH problem on a cyclic group.Comparative analysis show that the mIBS_(G) scheme achieves provable security with a small calculate efficiency loss.The mIBS_(G) scheme can be used to build an IBC-based cross-domain authentication system.

关 键 词：基于身份密码学 数字签名 计算DIFFIE-HELLMAN问题 随机预言机模型 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]