无证书公钥密码体制消除了公钥基础设施中的证书,同时解决了基于身份的公钥密码体制中的密钥托管问题.最近,樊睿等人在一个无证书签名方案的基础上提出了一个无证书代理签名方案,并声称该方案满足无证书代理签名方案的所有安全性质.可是,通过对该无证书代理签名方案进行分析,证明了该方案对于无证书密码体制中两种类型的攻击即公钥替换攻击和恶意KGC(Key Generating Centre)攻击都是不安全的.给出了攻击方法,分析了其中的原因并提出了相应的防止措施.%Certificateless cryptography eliminates the need of certificates in the Public Key Infrastructure (PKI) and solves the inherent key escrow problem. Recently, Fan Rui et al. proposed a certificateless proxy signature scheme based on a certificateless signature scheme. They claimed that their scheme satisfied the security requirements of certificateless proxy signature schemes. However, the analysis of their scheme showed that it was insecure against the two kinds of attacks in certificateless cryptosystems, i.e. public key replacement attacks and malicious Key Generating Centre (KGC) attacks. The attack methods and the defensive measures were presented.
展开▼
