{"title":"基于paillier的阈值代理签名方案安全性分析","authors":"Minghui Zheng, Yongquan Cui, Liang Chen","doi":"10.1109/TrustCom.2013.83","DOIUrl":null,"url":null,"abstract":"A (t, n)-threshold proxy signature scheme allows an original signer to delegate the signing capability to a group of n proxy members in such a way that any t or more than t proxy signers can generate a valid signature on behalf of the original signer. Recently, Ting et al. [1] proposed the first threshold proxy signature scheme from Paillier cryptosystem, and claimed that their construction is existentially unforgeable against chosen-message attacks and chosen-warrant attacks in the random oracle model. In this paper, however, we show that their scheme is insecure against a type II adversary who can access the secret key of the original signer, i.e., not only the proxy signers but also the original signer can generate a valid proxy signature. In addition, we analyze the causes of the attack and further discuss the possibility of avoiding the attack by improving the Ting et al.'s scheme.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Security Analysis of a Paillier-Based Threshold Proxy Signature Scheme\",\"authors\":\"Minghui Zheng, Yongquan Cui, Liang Chen\",\"doi\":\"10.1109/TrustCom.2013.83\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A (t, n)-threshold proxy signature scheme allows an original signer to delegate the signing capability to a group of n proxy members in such a way that any t or more than t proxy signers can generate a valid signature on behalf of the original signer. Recently, Ting et al. [1] proposed the first threshold proxy signature scheme from Paillier cryptosystem, and claimed that their construction is existentially unforgeable against chosen-message attacks and chosen-warrant attacks in the random oracle model. In this paper, however, we show that their scheme is insecure against a type II adversary who can access the secret key of the original signer, i.e., not only the proxy signers but also the original signer can generate a valid proxy signature. In addition, we analyze the causes of the attack and further discuss the possibility of avoiding the attack by improving the Ting et al.'s scheme.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.83\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.83","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Analysis of a Paillier-Based Threshold Proxy Signature Scheme
A (t, n)-threshold proxy signature scheme allows an original signer to delegate the signing capability to a group of n proxy members in such a way that any t or more than t proxy signers can generate a valid signature on behalf of the original signer. Recently, Ting et al. [1] proposed the first threshold proxy signature scheme from Paillier cryptosystem, and claimed that their construction is existentially unforgeable against chosen-message attacks and chosen-warrant attacks in the random oracle model. In this paper, however, we show that their scheme is insecure against a type II adversary who can access the secret key of the original signer, i.e., not only the proxy signers but also the original signer can generate a valid proxy signature. In addition, we analyze the causes of the attack and further discuss the possibility of avoiding the attack by improving the Ting et al.'s scheme.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
