对新近提出的两个高效无证书签名方案进行安全性分析,指出这两个签名方案都能受到替换公钥攻击。任意攻击者都可以通过替换签名人的公钥从而达到对任意选择的消息成功伪造签名,分析这两个签名方案能受到替换公钥攻击的根本原因。最后通过这两个攻击总结分析了无证书签名方案设计过程需要注意的要点,这对无证书签名方案的设计具有借鉴意义。%We analyse the security of two efficient certificateless signature schemes presented recently, and point out that they can all suffer from the public-key replacement attack.Any attacker can forge valid signature successfully on the message optionally selected by replacing the keys of the singers.We also analyse the primary reason of the public-key replacement attack against these two signature schemes.Finally, through these two attacks we summarise and analyse some key points that have to pay attention to in the process of certificateless signature schemes design, which is of referential significance to the design of the certificateless signature schemes.
展开▼