基于变色龙哈希函数的代理签名方案李艳楠，倪剑兵，禹勇电子科技大学计算机科学与工程学院，成都611731摘要：代理签名是实现数字签名授权的有效密码工具。本文提出了一个新颖、有效的基于DL假设的代理签名方案。新方案在授权阶段使用了抗密钥泄露的变色龙哈希函数，使得代理签名者只需要找到一个变色龙Hash碰撞即可生成有效的代理签名，从而大大降低了代理签名人的计算成本。分析表明，新方案实现了安全代理签名方案应具备的所有安全性质。关键词：信息安全；代理签名；变色龙哈希：TP309AnewconstructionofproxysignatureusingchameleonhashfunctionLiYannan,Ni激anbing,YuYongSchoolofComputerScienceandEngineering,UniversityofElectronicScienceandTechnologyofChina,Chengdu611731Abstract:Proxysignatureisapowerfulcryptographicprimitivefordelegatingthesigningpowers.Inthispaper,weproposeanewconstructionofproxysignature,inwhichtheproxysigningishighlyefficient.Specifically,wedescribeanewandefficientproxysignatureschemefromDLassumption.Ourconstructionmakesuseaexposurefreechameleonhashfunctioninthedelegationphaseandtheproxysignerneedsonlytofindacollisiontogenerateavalidproxysignature,whichdramaticallyreducesthecomputationcostoftheproxysigner.Ouranalysisdemonstratethatthenewschemeachievesallthedesirablepropertiesthatasecureproxysignatureschemeshouldprovide.Keywords:informationsecurity;proxysignature;chameleonhash0IntroductionMamboetal.[1]introducedtheconceptofproxysignatureforthefirsttime,whichallowsanentity,calledthedesignatorororiginalsigner,todelegateanotherentity,calledaproxy基金项目：theNationalResearchFoundationfortheDoctoralProgramofHigherEducationofChina(20100185120012)作者简介：LiYannan（1991-），female，undergraduatestudent，majorresearchdirection：Cryptography.Email:287605558@qq.Ni激anbing（1988-），male，graduatestudent，majorresearchdirection：Cloudcomputing---本文来源于网络，仅供参考，勿照抄，如有侵权请联系删除---security.Email:nimengze@126.Correspondenceauthor：YuYong（1980-），male，associateprofessor，majorresearchdirection：Cryptographytheoryandtechnology.Email:yyucd2012@gmail.---本文来源于网络，仅供参考，勿照抄，如有侵权请联系删除---signer,tosignmessagesonitsbehalf,incaseoftemporalabsence,lackoftimeorlimitedcom-putationalpower,etc.Thiskindofcryptographicprimitivehasfoundnumerousapplicationsintherealworld,particularlyindistributedcomputingenvironmentswheredelegationofrightsisquitecommon.Wecanlistsomepracticalapplicationssuchasdistributedsystems,mobileagentapplications,andmobilecommunications.Sincetheinventionofthisusefulprimitive,proxysignaturehasenjoyedaconsiderableamountofinterestfromthecryptographicresearchcommunitiesandtheimportanceofproxysignaturehasbeenrepeatedlyhighlightedbyappliedcryptographers.Somenewschemesandtheirvariants[2,3,4,5,6]wereproposed,andsomeoldproposalswerebroken,followedbymoreconstructions[7,8,9,10,11,12,13,14].Theconceptoftrapdoorhashfunctionwasoriginallyderivedfromtrapdoorcommitments.Inessence,atrapdoorhashfunctionisacollision-resistanthashfunctionwithatrapdoortofindcollisions.Chameleonhashfunctionisakindoftrapdoorhashfunction,whichpreventanythirdpartyexcepttheownerofthetrapdoorfromfindingthecollisionsofarandominput.KrawczykandRabin[15]madeuseofchameleonhashtoconstructanon-interactivenon-transferablesignaturecallchameleonsignatureunderthehash-and-signparadigm.ThereisakeyexposureproblemintheconstructionduetoKrawczyketal.[15].Specifically,acollisionof...