The distinguishing characteristic of identity-based signatures is that only the identity with no certificate of a signer is involved in the verification of a signature, which simplifies the key management procedures dramatically. A novel identity-based signature scheme that can be proven secure in the standard model was given by Paterson and Schuldt in 2006. Unfortunately, the scheme is not efficient in computation. An improvement due to Gu, et al. was proposed recently to improve the computational efficiency, and it was claimed as being provably secure in the standard model and more efficient than the known schemes in the same flavor. However, this paper shows that the new scheme by Gu, et al. is insecure by demonstrating two concrete attacks in which an adversary can not only forge the private key of an identity but also forge signatures on arbitrary message. The study also identifies a flaw in their security proofs, i.e., the view of the adversary in the security reduction is not independent of the event that the simulation succeeds.%基于身份的数字签名方案最显著的特点是,只需要签名人的身份信息而无需签名人的证书来验证签名的有效性,这极大地简化了密钥管理.2006年,Paterson和Schuldt构造了标准模型下可证明安全的基于身份的数字签名方案,但计算效率不高.谷科等人提出了新型的改进方案来提高效率,并声称新方案在标准模型下可证明安全且比同类方案更高效.然而,新方案并不具备不可伪造性.给出了两种具体的攻击:敌手可以伪造用户的密钥或者敌手可以直接伪造任何消息的签名.进一步指出安全性证明中的缺陷,即,敌手的view与安全模拟成功的事件不独立.
展开▼
