计算机科学
匿名
云计算
方案(数学)
架空(工程)
密码分析
密码原语
计算机安全
签名(拓扑)
集合(抽象数据类型)
密码学
密码协议
数学
操作系统
数学分析
程序设计语言
几何学
作者
Zhen-jie Huang,Zhiwei Lin
标识
DOI:10.1016/j.jisa.2021.103066
摘要
Attribute-based signature (ABS) is an attractive cryptographic primitive, but it is unsuitable for resource-constrained scenarios because of its high computational cost. Server-Aided Attribute-Based Signature (SAABS) was introduced to overcome this shortcoming by using cloud computing technology. In this paper, we perform cryptanalysis on Xiong et al. (2020) and Cui et al. (2018). We show that Xiong et al.’s scheme is incorrect and forgeable. Neither of these two schemes achieves anonymity. In both schemes, an adversary can collude with the server to replace the attribute set and make the verifier accept an invalid signature. Our attacks imply that the previous definitions of unforgeability and anonymity are not conforming to the actual cloud-assisted scenarios. Then, we present more accurate security models for SAABS. We define a stronger definition for unforgeability, a stronger notion called perfect anonymity, and a new notion called server-aided verification security. Finally, we propose a new idea to prevent the server from attacking anonymity and an improved scheme to fix our attacks. Our scheme achieves all the security properties, supports expressive access structure, reduces the computational overhead to a low level, and is especially suitable for cloud-assisted systems.
科研通智能强力驱动
Strongly Powered by AbleSci AI