机构地区: 西安电子科技大学通信工程学院综合业务网理论与关键技术国家重点实验室
出 处: 《西安电子科技大学学报》 2005年第6期920-921,952,共3页
摘 要: 最近,C.C.Chang和Y.F.Chang提出了一个具有消息可恢复功能的数字签名方案,为提高运算效率,该方案摈弃了传统方案中所需要的单向hash函数和用于检验被恢复消息正确性的消息冗余方案.然而,通过密码学分析发现,正是由于缺少了单向hash函数和消息冗余方案,使得该签名方案并不像作者所宣称的那样是安全的.该文针对该方案给出两类伪造攻击,使得任意攻击者能够通过随机参数的选择而伪造可受攻击者控制的消息的有效签名.从而证明了Chang等人的签名方案不具备不可伪造性. Recently, C. C. Chang and Y. F. Chang have proposed a new digital signature scheme with message recovery. Neither one-way hash functions nor message redundancy schemes are used in their scheme in order to reduce the computational cost. However, it is found that their signature scheme is not as secure as they clamied, in fact. In this paper, two kinds of forgery attacks are proposed to show that an attacker can forge valid signatures on any uncontrolled messages. To overcome these attacks, the one-way hash functions and the message redundancy schemes may still be used.