计算机应用 ›› 2015, Vol. 35 ›› Issue (2): 412-415.DOI: 10.11772/j.issn.1001-9081.2015.02.0412

• 信息安全 • 上一篇    下一篇

可证明安全的基于身份的聚合签密方案

王大星1, 滕济凯2   

  1. 1. 滁州学院 数学与金融学院, 安徽 滁州 239000;
    2. 中国科学院 信息工程研究所, 北京 100190
  • 收稿日期:2014-09-02 修回日期:2014-11-11 出版日期:2015-02-10 发布日期:2015-02-12
  • 通讯作者: 王大星
  • 作者简介:王大星(1980-),男,安徽桐城人,讲师,硕士,主要研究方向:密码学、网络安全; 滕济凯(1980-),男,江苏连云港人,讲师,博士,主要研究方向:密码协议。
  • 基金资助:

    国家自然科学基金资助项目(61303256);安徽高校自然科学基金资助项目(KJ2013B185);滁州学院自然科学基金资助项目(2012kj001Z)。

Provably secure identity-based aggregate signcryption scheme

WANG Daxing1, TENG Jikai2   

  1. 1. School of Mathematics and Finance, Chuzhou University, Chuzhou Anhui 239000, China;
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100190, China
  • Received:2014-09-02 Revised:2014-11-11 Online:2015-02-10 Published:2015-02-12

摘要:

为了更有效地保护网络信息的安全,需要同时实现消息的机密性和认证性。签密方案能够在一个逻辑步骤内同时实现对消息的签名和加密。为了提高当前已存在的签密方案的安全性和算法效率,结合聚合签名的思想,提出一种基于身份的聚合签密方案。在随机语言模型中证明了该方案具有适应性选择密文攻击下的不可区分性,在适应性选择消息攻击下是存在性不可伪造的,其安全性归约为计算椭圆曲线离散对数问题和双线性Diffie-Hellman问题的困难性。与目前效率较高、密文长度较短的几个方案进行比较的结果表明,新方案的签密和解签密过程分别仅需1次双线性对运算,具有计算成本低、密文长度短的优良特性。

关键词: 双线性对, 签密, 聚合签密, 随机预言模型, 可证明安全

Abstract:

In order to more effectively protect the security of network information, confidentiality and authentication of message need to be realized at the same time. Signcryption performs signature and encryption simultaneously in one logical step. In order to improve safety and efficiency of existing signcryption, an identity-based aggregate signcryption scheme was proposed by combining the ideas of aggregate signature. Under the random oracle model, the scheme was proved to be indistinguishable against adaptive chosen ciphertext attacks, and existentially unforgeable against adaptive chosen messages attacks. The security could be reduced to the elliptic curve discrete logarithm problem and computational bilinear paring Diffe-Hellman problem. Compared with serveral schemes with high efficiency and short key length, the analysis of results shows that the new scheme's signcryption and unsigncryption has only one pairing operation, thus has the excellent features with low computational cost and short length of ciphertext.

Key words: blinear pairing, signcryption, aggregate signcryption, random oracle model, provable security

中图分类号: