在已有的k次匿名认证方案中,尚存在2个未解决问题:1)如何实现允许服务供应商为每个用户设置不同的访问次数上界,同时不能以损失用户的匿名性作为代价; 2)如何防止恶意用户发动大规模的克隆攻击.为此提出一个改进方案.新方案的构造过程使用了多项关键技术,包括关于“一个被承诺元素小于另一个被承诺元素”的知识证明,动态累加器和基于n次可展示令牌的克隆攻击检测方法等.对Teranishi等人的安全性模型做出修改,并且证明新方案在该模型下满足可证安全.此外,新方案的成员注册协议是并发安全的,因而适合于在实际的异步网络环境(如互联网)下进行部署.%In previous works of it-times anonymous authentication,two problems have not been properly solved: 1) how to allow application providers to assign different maximal numbers of access for each user without weakened anonymity,and 2) how to protect against massive clone attacks mounted by malicious users. To overcome these obstacles,a revised scheme was proposed. It incorporated several crucial tools including the proof that a committed value is less than another committed value,dynamic accumulator,the method of cloning detection based on n-times show e-tokens,etc. The new scheme is proven secure in a new security model which was obtained by modifying the security model of Teranishi et al. Moreover,the registration protocol of the new scheme is concurrently-secure,so it is fit for the deployment in realistic asynchronous network setting (e.g.,Internet).
展开▼
