摘要
在改进的多变量数字签名方案W-方案中,增加了一个仿射变换N替换仿射变换T,并使用公钥P2=N·Q·S参与签名验证,但由于N可以与T合成新的仿射变换,因此不能有效隐藏签名结构P1=T·Q·S。针对该方案存在的安全漏洞,通过刻画验证公钥P2与P1=T·Q·S之间的关系,利用h·T-1(v)=h·N-1(w)确定P1的结构,由此实现攻击,从中可知,增加仿射变换不能提高多变量数字签名方案的安全性。
In an improved multivariate signature scheme named W-scheme, alTme transformation N is used to replaed affine transformation T, and the public key P2 = N o Q o S to participate in verifying via replacing T with an affine transformation, but N can be turned to a new affine transformation with T, so the scheme can not hide the signature structure P1 = T o Q o S. Aiming at the security loop, by depicting the relationship of the public key P2 and P1 = T o Q o S, the structure of P1 can be determined by h o T-1 (v) = h o N 1 (w) , so that attack is realized, which proves that adding the secret affine transformation can not lift the level of security of multivariate public key scheme.
出处
《计算机工程》
CAS
CSCD
2012年第22期95-98,共4页
Computer Engineering
关键词
多变量公钥密码体制
HASH函数
数字签名
W-方案
量子计算机
秘密仿射变换
Multivariable Public Key Cryptography(MPKC)
hash function
digital signature
W-scheme
quantum computer
secret affme transformation
