一种改进的代理多重签名方案

周等人提出的一种代理多重签名方案由于执行效率高、实现相对简单,因而有着广泛的应用.通过对该方案进行安全性分析,指出该方案容易受到内外两种伪造攻击,因此在安全性上有所欠缺,同时文中给出了相应的攻击方法.最后提出一种新的改进方案,通过加入公钥验证和签名参数处理机制,从而能够有效抵抗内外两种伪造攻击.     

一个无双线性对的无证书签密方案的安全性分析及改进

对周等人发表在"计算机科学"上的一个改进的无双线性对的无证书签密方案进行了安全性分析,指出了该签密方案至少能受到两种攻击,给出了具体的攻击方法并分析了存在这种攻击的根本原因.最后,给出了克服这种攻击的改进方法.给出的攻击和改进方法对于同类签密方案的设计具有借鉴意义.     

对一个无证书盲签名方案的攻击与改进

对黄茹芬等提出的一个高效的无证书盲签名方案进行了安全性分析,指出方案不能抵抗公钥替换攻击.为此,提出了一个改进方案.改进方案在随机预言模型和计算Diffie-Hellman(CDH)问题、q-强Diffie-Hellman(q-SDH)问题及逆计算Diffie-Hellman(inv-CDH)问题困难的假设下对适应性选择消息和身份攻击是存在不可伪造的.     

改进的基于ECDLP的无证书部分盲签名机制

对邵国金等人(四川大学学报(工程科学版),2012年第1期)提出的基于椭圆曲线离散对数难题(ECDLP)的无双线性对运算的部分盲签名方案进行安全性分析,发现方案不能抵抗公钥替换攻击.为此,提出了一个改进方案.在随机谕言模型下证明了改进方案对自适应选择消息和身份攻击是存在性不可伪造性的.将所提方案与部分现有的无证书部分盲签名方案的计算性能进行了比较,结果显示改进方案具有较高的运算效率.     

两个无证书签名方案的分析与改进

无证书密码体制结合了基于身份密码体制和传统公钥密码体制的优点,受到了密码和信息安全研究者的极大关注.对梁景玲等提出的消息可恢复的无证书签名方案和侯红霞等提出的无证书短签名方案进行安全性分析,发现两个方案都不能抵抗公钥替换攻击.通过修改签名者密钥生成算法,增加对用户公钥的有效性验证,提高了梁等方案的安全性.通过在签名阶段将用户公钥绑定进HaSh函数,弥补了侯等方案的安全缺陷.     

两个无对的无证书代理环签名方案的替换公钥攻击及改进

无证书公钥密码系统是当前最先进的公钥密码系统,无证书签名是当前的研究热点之一分别对王等人和张等人提出的无双线性对的无证书代理环签名方案分别进行了安全性分析,发现这两个签名方案存在替换公钥攻击的威胁,分别给出了具体的攻击方法并分析了存在这种攻击的根本原因,最后给出了克服这种攻击的改进方法,所给出的攻击和改进方法对于同类代理环签名方案的设计具有借鉴意义.     

一个高效基于证书聚合签名方案的两种攻击方法及改进

对刘云芳等人新近发表在《计算机应用》上的高效可证明安全的基于证书聚合签名方案进行了安全性分析,指出CA可以对任何消息成功伪造签名,给出了两种攻击方法并分析了存在该攻击的具体原因.最后,为了克服上述攻击,给出了具体的改进方法.     

可证明安全的基于证书聚合签名方案

对刘云芳等人提出的基于证书聚合签名方案进行安全性分析,指出方案不能抵抗类型Ⅱ敌手攻击,并给出两种攻击方法,在此基础上提出了一个新的可证安全的基于证书聚合签名方案,利用Diffie-Hellman困难问题,在随机预言模型下证明了新方案是存在性不可伪造的.另外,新方案的聚合签名长度是固定常数,与签名者的数量无关,在签名验证中只需要4个对运算和n个标量乘运算,因此,新方案的签名验证效率得到很大提高.     

对称正定Toeplitz型方程组的混合预处理

本文提出一个新的预条件子,用共轭梯度法求解对称正定的Teoplitz型线性方程组.该预处理子构造简单,易于实施快速傅里叶变换.理论和数值实验显示,我们的预处理子与T.Chan预处理子收敛性相近.     

基于随机前沿分析的三阶段DEA改进模型分析

针对传统三阶段DEA模型第二阶段存在部分投入值调整幅度过大的问题,提出了一种改进的三阶段DEA模型.该方法引入环境影响因子的概念,采用一个合适的统计方法来识别环境影响的重要性,进而提出一个新的调整公式,最后通过算例证明了传统三阶段DEA模型存在的不足以及所提出的模型的可行性与有效性.     

Weakness and improvement on Wang–Li–Tie’s user-friendly remote authentication scheme

In an open network environment, the remote authentication scheme using smart cards is a very practical solution to validate the legitimacy of a remote user. In 2003, Wu and Chieu presented a user-friendly remote authentication scheme using smart cards. Recently, Wang, Li, and Tie found that Wu–Chieu’s scheme is vulnerable to the forged login attack, and then presented an improvement to eliminate this vulnerability. In our opinion, the smart card plays an important role in those schemes. Therefore, we demonstrate that Wang–Li–Tie’s scheme is not secure under the smart card loss assumption. If an adversary obtains a legal user’s smart card even without the user’s corresponding password, he can easily use it to impersonate the user to pass the server’s authentication. We further propose an improved scheme to overcome this abuse of the smart card.     

A new modified remote user authentication scheme using smart cards

In 2000, a remote user authentication scheme using smart cards was proposed and the masquerade attacks were proved successful on this scheme. Recently, Kumar has suggested the idea of check digits to overcome the above attacks with a new scheme that removes these threats well. In this paper it is pointed out that the weakness still exists in Kumar＇s scheme, and the intruder can login to the remote system through having some information. A new scheme which can overcome these attacks and appears more secure and efficient than Kumar＇s is presented.     

Improvement on Hwang et al.’s generalization of proxy signature schemes based on elliptic curves

Hwang et al. proposed their generalization of proxy signature schemes based on elliptic curves. However, two attacks are proposed to show that their schemes have serious security flaws. By the first attack, an adversary can forge an illegal proxy signature that verifiers cannot actually find out the original signers of proxy signatures. The second attack is used to change proxy signatures into multi-signatures belonging to the group that actually generates the proxy signatures. To overcome these flaws, our improvement on Hwang et al.’s scheme is also proposed.     

Security of a key agreement protocol based on chaotic maps

Kacorev et al. proposed new public key encryption scheme using chaotic maps. Subsequently, Bergamo et al. has broken Kacorev and Tasev’s encryption scheme and then applied the attack on a key agreement protocol based on Kacorev et al.’s system. In order to address Bergamo et al.’ attack, Xiao et al. proposed a novel key agreement protocol. In this paper, we will present two attacks on Xiao et al.’s key agreement protocol using chaotic maps. Our new attack method is different from the one that Bergamo et al. developed. The proposed attacks work in a way that an adversary can prevent the user and the server from establishing a shared session key even though the adversary cannot get any private information from the user and the server’s communications.     

一种灵活的基于身份的签名方案

在基于身份的密钥提取过程中,使密钥生成器在私钥中嵌入随机数,从而使得密钥提取具有较好的灵活性,使得用户对一个身份可具备多个私钥,这无疑会增加密钥使用的安全性;基于这种新的密钥提取思路,给出一个基于身份的签名体制,新的密钥提取方式使得它具有更好的安全性和灵活性;新的基于身份的签名体制中具有最少对运算,因此,与类似的方案相比,其具备较好的计算效率;新签名体制的安全性依赖于k-合谋攻击问题(k-CAAP)的困难性,其在适应性选择消息和ID攻击下具备强不可伪造性,并且其安全性证明具有紧规约性.     

Efficient password authenticated key agreement using bilinear pairings

For providing a secure distributed computer environment, efficient and flexible user authentication and key agreement is very important. In addition to user authentication and key agreement, identity privacy is very useful for users. In this paper, we propose an efficient and flexible password authenticated key agreement scheme using bilinear pairings. The main merits include: (1) there is no need for any password or verification table in the server; (2) users can choose or change his own password freely; (3) both the server and a user can authenticate each other; (4) it can protect the user’s privacy; (5) the user and the server can generate a session key; (6) it does not have a serious synchronization-clock problem; (7) even if the secret information stored in a smart card is compromised, it can prevent the offline dictionary attack.     

Multiround Unconditionally Secure Authentication

Authentication codes are used to protect communication against a malicious adversary. In this paper we investigate unconditionally secure multiround authentication schemes. In a multiround scheme a message is authenticated by passing back and forth several codewords between the sender and receiver. We define a multiround authentication model and show how to calculate the probability of a successful attack for this model. We prove the security for a 3-round scheme and give a construction for the 3-round scheme based on Reed-Solomom codes. This construction has a very small key size for even extremely large messages. Furthermore, a secure scheme for an arbitrary number of rounds is given. We give a new upper bound for the keys size of an n-round scheme.     

Comment: A new blind signature based on the discrete logarithm problem for untraceability

In 2004, Lee et al. [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press] proposed a new untraceable blind signature based on DLP in order to overcome the “security limits” of Carmenisch et al.’s scheme. However, we show there are two mistakes in [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press]: 1. The Carmenisch et al.’s scheme does meet the requirement of untraceability and the cryptanalysis proposed by Lee et al. is not correct; 2. Though Lee et al.’s scheme is untraceable, the proof of its untraceability in [C.C. Lee, M.S. Hwang, W.P. Yang, A new blind signature based on the discrete logarithm problem for untraceability, Appl. Math. Comput., in press] is wrong (in this paper we also give the correct proof of its untraceability). So Lee et al.’s scheme does not have any advantage and it is unpractical since the cost of the scheme is higher compared with Carmenisch et al.’s scheme.     

Certificateless signature: a new security model and an improved generic construction

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.A conventional certificateless signature scheme only achieves Girault’s Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification. A preliminary version of the extended abstract of partial results appeared in ACISP 2006 [9].     

Breaking a modified substitution–diffusion image cipher based on chaotic standard and logistic maps

Recently, an image encryption scheme based on chaotic standard and logistic maps was proposed by Patidar et al. It was later reported by Rhouma et al. that an equivalent secret key can be reconstructed with only one known/chosen-plaintext and the corresponding ciphertext. Patidar et al. soon modified the original scheme and claimed that the modified scheme is secure against Rhouma et al.’s attack. In this paper, we point out that the modified scheme is still insecure against the same known/chosen-plaintext attack. In addition, some other security defects existing in both the original and the modified schemes are also reported.