标准模型下可证明安全的基于身份多代理签名
|
摘要
基于身份多代理签名的2类主要形式化安全模型分别存在敌手攻击目标不准确和敌手分类不完备的问题,而且,目前仍缺乏真正可证明安全的有效方案.融合现有安全模型,重新定义了基于身份多代理签名的标准安全模型.新模型立足于改进现有模型存在的问题,采用更加完备的敌手分类标准,形式化定义各类敌手的行为和攻击目标,采用简单清晰的证明结构.在新安全模型框架下,提出一种基于身份的多代理签名方案,其安全性被规约为多项式时间敌手求解CDH问题.此外,着重分析了最近提出的一种基于身份多代理签名方案及其安全模型,指出其中的3个主要缺陷.对比分析表明,新的安全模型更加完备,新提出的多代理签名是一种真正的、在标准模型下可证明安全的基于身份密码方案.
Multi-proxy signature schemes are quite useful tools while a signer requires delegating his signing right to a group of proxy signers.There are two main types of formal security models of multiproxy signatures.However,they have deficiencies,respectively.One of them is complicated,and does not model the chosen warrant attacks;the other model does have the incomplete definition of adversary.Meanwhile,there is so far no provably secure identity-based multi-proxy signature scheme.In this paper,we give a formal security model of the identity-based multi-proxy signature schemes,and propose an identity-based multi-proxy signature scheme. Our security model compensates for deficiencies in existing models.It defines more powerful adversary capacity,formalizes the behaviors of the adversaries,and adopts simple and clear proof structure.The proposed identity-based multi-proxy signature scheme is based on the well-studied CDH(computational DiffieHellman)assumption,and is proven existentially unforgeable against chosen message/warrant attacks in our security model.In addition,we present that there are three security flaws in a recent proposed identity-based multi-proxy signature scheme and in its security model.Comparative analysis shows that the new security model is more complete,and the new multi-proxy signature scheme is a real and provably secure identity-based cryptosystem in the standard model.
Multi-proxy signature schemes are quite useful tools while a signer requires delegating his signing right to a group of proxy signers.There are two main types of formal security models of multiproxy signatures.However,they have deficiencies,respectively.One of them is complicated,and does not model the chosen warrant attacks;the other model does have the incomplete definition of adversary.Meanwhile,there is so far no provably secure identity-based multi-proxy signature scheme.In this paper,we give a formal security model of the identity-based multi-proxy signature schemes,and propose an identity-based multi-proxy signature scheme. Our security model compensates for deficiencies in existing models.It defines more powerful adversary capacity,formalizes the behaviors of the adversaries,and adopts simple and clear proof structure.The proposed identity-based multi-proxy signature scheme is based on the well-studied CDH(computational DiffieHellman)assumption,and is proven existentially unforgeable against chosen message/warrant attacks in our security model.In addition,we present that there are three security flaws in a recent proposed identity-based multi-proxy signature scheme and in its security model.Comparative analysis shows that the new security model is more complete,and the new multi-proxy signature scheme is a real and provably secure identity-based cryptosystem in the standard model.
引文
[1]Mambo M,Usuda K,Okamoto E.Proxy signature for delegating signing operation[C]//Proc of the 3rd ACM Conf on Computer and Communications Security.New York:ACM,1996:48-57
[2]Hwang S J,Shi C H.A simple multi-proxy signature scheme for electronic commerce[C]//Proc of the 10th National Conf on Information Security.[S.1]:ROC,2000:134-138
[3]Yi Lijiang,Bai Guoqiang,Xiao Guozhen.Proxy multisignature scheme:A new type of proxy signature scheme[J].Electronics Letters,2000,36(6):527-528
[4]Hwang S J,Chen C C.New multi-proxy multi-signature schemes[J].Applied Mathematics and Computation,2004,147(1):57-67
[5]Ji Jiahui,Li Daxing,Wang Mingqiang.New proxy multisignature,multi-proxy signature and multi-proxy multisignature schemes from bilinear pairings[J].Chinese Journal of Computers,2004,27(10):1429-1435(in Chinese)(纪家慧,李大兴,王明强.来自双线性配对的新的代理多签名、多代理签名和多代理多签名体制[J].计算机学报,2004,27(10):1429-1435)
[6]Lu Rongxing,Cao Zhenfu,Zhou Yuan.Proxy blind multisignature scheme without a secure channel[J].Applied Mathematics and Computation,2005,164(1):179-187
[7]Zhang Fangguo,Safavi-Naini R,Lin C Y.New proxy signature,proxy blind signature and proxy ring signature schemes from bilinear pairing[EB/OL].IACR Cryptology ePrint Archive,2003[2015-02-17].http://eprint.iacr.org/2003/104.pdf
[8]Gu Ke,Jia Weijia,Jiang Chunlin.A group proxy signature scheme based on sub-secret evolution[J].Journal of Computer Research and Development,2012,49(5):962-973(in Chinese)(谷科,贾维嘉,姜春林.一种子秘密演化的群体代理签名方案[J].计算机研究与发展,2012,49(5):962-973)
[9]Kim S,Park S,Won D.Proxy signatures,revisited[G]//LNCS 1334:Proc of ICICS'97.Berlin:Springer,1997:223-232
[10]Lee B,Kim H,Kim K.Strong proxy signature and its applications[C/OL]//Proc of the Symp on Cryptography and Information Security.2001[2014-12-30].http://cris.joongbu.ac.kr/publication/sps-SCIS2001.pdf
[11]Boldyreva A,Palacio A,Warinschi B.Secure proxy signature schemes for delegation of signing rights[J].Journal of Cryptology,2012,25(1):57-115
[12]Shamir A.Identity-based cryptosystems and signature schemes[G]//LNCS 196:Proc of CRYPTO 1984.Berlin:Springer,1985:47-53
[13]Boneh D,Franklin M.Identity-based encryption from the weil pairing[G]//LNCS 2139:Proc of the CRYPTO 2001.Berlin:Springer,2001:213-229
[14]Zhang Fangguo,Kim K.Efficient ID-based blind signature and proxy signature from bilinear pairings[C]//Proc of the8th Conf on Information Security and Privacy.Berlin:Springer,2003:312-323
[15]Chen Xiaofeng,Zhang Fangguo,Kim K.ID-based multiproxy signature and blind multi-signature from bilinear pairings[C/OL]//Proc of KIISC,2003[2014-12-30].http://caislab.kaist.ac.kr/publication/paper_files/2003/CISC2003/ID-based-proxymultisignature%20and%20multiblindsig.pdf
[16]Li Xiangxue,Chen Kefei.ID-based multi-proxy signature,proxy multi-signature and multi-proxy multi-signature schemes from bilinear pairings[J].Applied Mathematics and Computation,2005,169(1):437-450
[17]Cao Feng,Cao Zhenfu.A secure identity-based multi-proxy signature scheme[J].Computers&Electrical Engineering,2009,35(1):86-95
[18]Xiong Hu,Hu Jianbin,Chen Zhong,et al.On the security of an identity based multi-proxy signature scheme[J].Computers&Electrical Engineering,2011,37(2):129-135
[19]Mishra S,Sahu R A,Padhye S,et al.Efficient ID-based multi-proxy signature scheme from bilinear pairing based on k-plus problem[G]//CCIS 165:Proc of INTECH 2011.Berlin:Springer,2011:113-122
[20]Sahu R A,Padhye S.Provable secure identity-based multiproxy signature scheme[J].International Journal of Communication Systems,2015,28(3):497-512
[21]Gu Ke,Jia Weijia,Li Chaoliang,et al.Identity-based group proxy signature scheme in the standard model[J].Journal of Computer Research and Development,2013,50(7):1370-1386(in Chinese)(谷科,贾维嘉,李超良,等.标准模型下基于身份的群代理签名方案[J].计算机研究与发展,2013,50(7):1370-1386)
[22]Asaar M R,Salmasizadeh M,Susilo W.Security pitfalls of a provably secure identity-based multi-proxy signature scheme[EB/OL].IACR Cryptology ePrint Archive,2014[2015-02-17].https://eprint.iacr.org/2014/496.pdf
[23]Bellare M,Rogaway P.Random oracles are practical:A paradigm for designing efficient protocols[C]//Proc of the1st ACM Conf on Computer and Communications Security.New York:ACM,1993:62-73
[24]Boldyreva A,Palacio A,Warinschi B.Secure proxy signature schemes for delegation of signing rights[EB/OL].IACR Cryptology ePrint Archive,2003[2014-12-17].https://eprint.iacr.org/2003/096.pdf
[25]Wang Qin,Cao Zhenfu,Wang Shengbao.Formalized security model of multi-proxy signature schemes[C]//Proc CIT'05.Los Alamitos,CA:IEEE Computer Society,2005:668-672
[26]Schdult J C,Matsuura K,Paterson K G.Proxy signatures secure against proxy key exposure[G]//LNCS 4939:Proc of PKC 2008.Berlin:Springer,2008:344-359
[27]Malkin T,Obana S,Yung M.The hierarchy of key evolving signatures and a characterization of proxy signatures[C]//Proc of Cryptology-EUROCRYPT 2004.Berlin:Springer,2004:306-322
[28]Huang X Y,Susilo W,Mu Y,et al.Proxy signature without random oracles[G]//LNCS 4325:Proc of the 2nd Int Conf on Mobile Ad-hoc and Sensor Networks(MSN2006).Berlin:Springer,2006:473-484
[29]Yu Y,Sun Y,Yang B,et al.Multi-proxy signature without random oracles[J].Chinese Journal of Electronics,2008,17(3):475-480
[30]Liu Zhenhua,Hu Yupu,Zhang Xiangsong,et al.Provably secure multi-proxy signature scheme with revocation in the standard model[J].Computer Communications,2011,34(3):494-501
[31]Sun Ying,Xu Chunxiang,Yu Yong,et al.Improvement of a proxy multi-signature scheme without random oracles[J].Computer Communications,2011,34(3):257-263
[32]Paterson K G,Schuldt J C N.Efficient identity-based signatures secure in the standard model[G]//LNCS 4058:Proc of ACISP 2006.Berlin:Springer,2006:207-222
[2]Hwang S J,Shi C H.A simple multi-proxy signature scheme for electronic commerce[C]//Proc of the 10th National Conf on Information Security.[S.1]:ROC,2000:134-138
[3]Yi Lijiang,Bai Guoqiang,Xiao Guozhen.Proxy multisignature scheme:A new type of proxy signature scheme[J].Electronics Letters,2000,36(6):527-528
[4]Hwang S J,Chen C C.New multi-proxy multi-signature schemes[J].Applied Mathematics and Computation,2004,147(1):57-67
[5]Ji Jiahui,Li Daxing,Wang Mingqiang.New proxy multisignature,multi-proxy signature and multi-proxy multisignature schemes from bilinear pairings[J].Chinese Journal of Computers,2004,27(10):1429-1435(in Chinese)(纪家慧,李大兴,王明强.来自双线性配对的新的代理多签名、多代理签名和多代理多签名体制[J].计算机学报,2004,27(10):1429-1435)
[6]Lu Rongxing,Cao Zhenfu,Zhou Yuan.Proxy blind multisignature scheme without a secure channel[J].Applied Mathematics and Computation,2005,164(1):179-187
[7]Zhang Fangguo,Safavi-Naini R,Lin C Y.New proxy signature,proxy blind signature and proxy ring signature schemes from bilinear pairing[EB/OL].IACR Cryptology ePrint Archive,2003[2015-02-17].http://eprint.iacr.org/2003/104.pdf
[8]Gu Ke,Jia Weijia,Jiang Chunlin.A group proxy signature scheme based on sub-secret evolution[J].Journal of Computer Research and Development,2012,49(5):962-973(in Chinese)(谷科,贾维嘉,姜春林.一种子秘密演化的群体代理签名方案[J].计算机研究与发展,2012,49(5):962-973)
[9]Kim S,Park S,Won D.Proxy signatures,revisited[G]//LNCS 1334:Proc of ICICS'97.Berlin:Springer,1997:223-232
[10]Lee B,Kim H,Kim K.Strong proxy signature and its applications[C/OL]//Proc of the Symp on Cryptography and Information Security.2001[2014-12-30].http://cris.joongbu.ac.kr/publication/sps-SCIS2001.pdf
[11]Boldyreva A,Palacio A,Warinschi B.Secure proxy signature schemes for delegation of signing rights[J].Journal of Cryptology,2012,25(1):57-115
[12]Shamir A.Identity-based cryptosystems and signature schemes[G]//LNCS 196:Proc of CRYPTO 1984.Berlin:Springer,1985:47-53
[13]Boneh D,Franklin M.Identity-based encryption from the weil pairing[G]//LNCS 2139:Proc of the CRYPTO 2001.Berlin:Springer,2001:213-229
[14]Zhang Fangguo,Kim K.Efficient ID-based blind signature and proxy signature from bilinear pairings[C]//Proc of the8th Conf on Information Security and Privacy.Berlin:Springer,2003:312-323
[15]Chen Xiaofeng,Zhang Fangguo,Kim K.ID-based multiproxy signature and blind multi-signature from bilinear pairings[C/OL]//Proc of KIISC,2003[2014-12-30].http://caislab.kaist.ac.kr/publication/paper_files/2003/CISC2003/ID-based-proxymultisignature%20and%20multiblindsig.pdf
[16]Li Xiangxue,Chen Kefei.ID-based multi-proxy signature,proxy multi-signature and multi-proxy multi-signature schemes from bilinear pairings[J].Applied Mathematics and Computation,2005,169(1):437-450
[17]Cao Feng,Cao Zhenfu.A secure identity-based multi-proxy signature scheme[J].Computers&Electrical Engineering,2009,35(1):86-95
[18]Xiong Hu,Hu Jianbin,Chen Zhong,et al.On the security of an identity based multi-proxy signature scheme[J].Computers&Electrical Engineering,2011,37(2):129-135
[19]Mishra S,Sahu R A,Padhye S,et al.Efficient ID-based multi-proxy signature scheme from bilinear pairing based on k-plus problem[G]//CCIS 165:Proc of INTECH 2011.Berlin:Springer,2011:113-122
[20]Sahu R A,Padhye S.Provable secure identity-based multiproxy signature scheme[J].International Journal of Communication Systems,2015,28(3):497-512
[21]Gu Ke,Jia Weijia,Li Chaoliang,et al.Identity-based group proxy signature scheme in the standard model[J].Journal of Computer Research and Development,2013,50(7):1370-1386(in Chinese)(谷科,贾维嘉,李超良,等.标准模型下基于身份的群代理签名方案[J].计算机研究与发展,2013,50(7):1370-1386)
[22]Asaar M R,Salmasizadeh M,Susilo W.Security pitfalls of a provably secure identity-based multi-proxy signature scheme[EB/OL].IACR Cryptology ePrint Archive,2014[2015-02-17].https://eprint.iacr.org/2014/496.pdf
[23]Bellare M,Rogaway P.Random oracles are practical:A paradigm for designing efficient protocols[C]//Proc of the1st ACM Conf on Computer and Communications Security.New York:ACM,1993:62-73
[24]Boldyreva A,Palacio A,Warinschi B.Secure proxy signature schemes for delegation of signing rights[EB/OL].IACR Cryptology ePrint Archive,2003[2014-12-17].https://eprint.iacr.org/2003/096.pdf
[25]Wang Qin,Cao Zhenfu,Wang Shengbao.Formalized security model of multi-proxy signature schemes[C]//Proc CIT'05.Los Alamitos,CA:IEEE Computer Society,2005:668-672
[26]Schdult J C,Matsuura K,Paterson K G.Proxy signatures secure against proxy key exposure[G]//LNCS 4939:Proc of PKC 2008.Berlin:Springer,2008:344-359
[27]Malkin T,Obana S,Yung M.The hierarchy of key evolving signatures and a characterization of proxy signatures[C]//Proc of Cryptology-EUROCRYPT 2004.Berlin:Springer,2004:306-322
[28]Huang X Y,Susilo W,Mu Y,et al.Proxy signature without random oracles[G]//LNCS 4325:Proc of the 2nd Int Conf on Mobile Ad-hoc and Sensor Networks(MSN2006).Berlin:Springer,2006:473-484
[29]Yu Y,Sun Y,Yang B,et al.Multi-proxy signature without random oracles[J].Chinese Journal of Electronics,2008,17(3):475-480
[30]Liu Zhenhua,Hu Yupu,Zhang Xiangsong,et al.Provably secure multi-proxy signature scheme with revocation in the standard model[J].Computer Communications,2011,34(3):494-501
[31]Sun Ying,Xu Chunxiang,Yu Yong,et al.Improvement of a proxy multi-signature scheme without random oracles[J].Computer Communications,2011,34(3):257-263
[32]Paterson K G,Schuldt J C N.Efficient identity-based signatures secure in the standard model[G]//LNCS 4058:Proc of ACISP 2006.Berlin:Springer,2006:207-222