签密的仲裁安全与仲裁安全的签密方案

签密能高效地同时完成数据加密与认证,可用于设计紧凑的安全通信协议.签密中的仲裁机制用于保护签密的不可抵赖性,但同时用于仲裁的信息可能危及协议安全.本文指出签密仲裁中存在仲裁者解密攻击和仲裁机制无法保护明文完整性两种安全隐患,归纳其原因并指出解决方法.提出一个可安全仲裁的安全混合签密方案SASC,并在随机预言机模型下证明SASC方案具有IND-CCA2和UF-CMA安全性;SASC基于明文仲裁,不仅能维护明完整性而且能抵抗仲裁者解密攻击.SASC方案不增加计算量和通信量,且对明文的长度没有限制.

Arbitral Security of Signcryptions and a Securely Arbitral Signcryption Scheme

Signcryption provides confidentiality and authenticity efficiently;it can be used to design compact communication protocol.Arbitration mechanism is used for settling disputes in signcryption,but the information that the judge gets also brings some security problems.This paper points out two problems:in some scheme,the arbitrator can decrypt all the signcryptions of a receiver while be gets some kinds of arbitration message;in another schemes,the arbitration mechanism cannot protect the integrity of plain- text.Analyze the two kinds of problems and concludes their reasons separately,we proposed a resolvent that can solve the two prob- lem by changing a secure arbitration message.Based on the attack and analysis,this paper proposes a secure arbitral signcryption (SASC)scheme and proves its IND-CCA2 security and UF-CMA security in random oracle model.Furthermore,SASC is a secure- ly arbitral signcryption scheme,it can protect the integrity of plaintexts by an arbitration message associated with plaintext;and the scheme can resist decryption attacks of arbitrator,even he gets the arbitration message.SASC does not increase computation nor communication overloads;it has no limitation to the length of plaintext,which makes SASC more convenient.Proofs and analysis show that SASC is an efficient and secure scheme.