欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2008, Vol. 25 ›› Issue (5): 698-700.DOI: 10.7523/j.issn.2095-6134.2008.5.019

• 简报 • 上一篇    下一篇

一个无单向Hash函数的签名方案的安全性分析

郭丽峰1, 李 勇1,2,3,胡 磊1   

  1. 1中国科学院研究生院信息安全国家重点实验室,北京100049;2北京交通大学电子信息工程学院,北京100044;3北京交通大学通信与信息系统北京市重点实验室,北京100044
  • 收稿日期:1900-01-01 修回日期:1900-01-01 发布日期:2008-09-15

Cryptanalysis of a signature scheme without using one-way Hash functions

GUO Li-Feng1, LI Yong1,2,3, HU Lei1   

  1. 1State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences,
    Beijing 100049, China; 2 School of Electronics and Information Engineering,
    Beijing Jiaotong University, Beijing 100044, China; 3 Beijing Municipal Commission of Education, Key Laboratory of Communication & Information Systems, Beijing Jiaotong
    University, Beijing 100044, China
  • Received:1900-01-01 Revised:1900-01-01 Published:2008-09-15

摘要: 2004年,Chang等提出了一种不使用单向Hash函数和消息冗余度的数字签名方案。但是Zhang指出他们的方案存在伪造攻击。为了克服Zhang的攻击,Zhang等基于Chang的签名方案提出了一个改进方案,并且对改进的签名方案进行了安全性分析。然而,通过给出一种简单的攻击,指出Zhang等的方案仍是不安全的。为了抵抗这种攻击,Hash函数和消息冗余度可能仍旧需要作用。

关键词: 数字签名, 消息恢复, 冗余度, Hash函数

Abstract: In 2004, Chang, et al. proposed a digital signature scheme without
using one-way hash function and message redundancy schemes. But Zhang
showed that the scheme can be forged. In order to overcome Zhang’s attack, Zhang et al. demonstrated an improved signature scheme based on Chang et al.’s signature scheme and analyzed the security of the improved scheme. But
in this paper, we identify a simple attack to show Zhang, et al.’s scheme is still
not secure. To resist this attack, the hash function and message redundancy
schemes may be still used.

Key words: digital signature, message recovery, redundancy message, Hash
message