论文部分内容阅读
针对已有隐藏签名认证方案中,由于用户证书完全由CA签发,CA很容易获取用户向服务提供商请求的服务这一安全漏洞,提出一种新的改进方案.该方案仍然采用单CA模式,且分2个阶段执行:a.证书申请阶段,同已有方案不同的是CA为用户签发部分证书,最终证书是通过增加用户秘密值产生;b.服务请求阶段,用户通过计算证书承诺向服务提供商请求服务,该阶段即使CA(或其他攻击者)能正确地猜测出用户的最终证书,要想正确地计算出用户的证书承诺,须要求解离散对数困难问题.本方案不仅解决了已有方案的安全问题,且与同类改进方案相比,其安全性和效率都有明显的提高.
In view of the existing hidden signature authentication scheme, because the user certificate is completely issued by the CA, the CA can easily obtain the security vulnerability of the service requested by the user from the service provider and propose a new improved scheme, which still adopts the single CA mode, And is divided into two stages: a. At the stage of certificate application, different from the existing scheme, the CA issues a part of the certificate for the user and the final certificate is generated by increasing the user secret value. B. In the service request phase, the user promises to service Provider request service, this phase even if CA (or other attackers) can correctly guess the user’s final certificate, in order to correctly calculate the user’s certificate commitment, need to solve the discrete logarithm difficult problem.This program not only solved There has been a program of security issues, and compared with similar improvements, its safety and efficiency have been significantly improved.