| 关于一个前向安全电子货币系统的两点注记 |
| |
| 作者姓名: | 曹正军 |
| |
| 作者单位: | 中国科学院数学与系统科学研究院系统所 数学机械化重点实验室 |
| |
| 摘 要: | 文1]提出的一个前向安全电子货币系统有两点疏漏:(1)在系统公共参数生成阶段, 公共模数 的素因子p1, p2没有公布, 使得用户和银行在提取阶段无法作出有效签名.(2)商家必须从安全途径直接获得支付过程中所需的(h, h1, h2, h3), 而不是从某个用户U提供的签名中获得这些数据, 否则攻击者可以在支付阶段伪造签名, 从而, 用户提供的签名(z, a, b, r, j, h, h1, h2, h3)中有四个是冗余数据.
|
| 关 键 词: | 前向安全 电子现金 离散对数问题 盲签名 冗余数据 |
Two Remarks on a Forword-Secure E-cash System |
| |
| Authors: | Cao Zheng-Jun |
| |
| Institution: | Key Laboratory of Mathematics Mechanization, Institute of Systems Science, ;Academy of Mathematics and Systems Science, Chinese Academy of Sciences. Beijing, China. 100080 ; |
| |
| Abstract: | The paper shows that there are two errors in the E-cash system 1]. (1) In the setup phase, the factors p1, p2 of modulus n are not published. This makes the user and the bank cannot make valid signatures in the withdraw phase. (2) The shop M must directly obtain those data (h, h1, h2, h3) used in payment phase in a secure way, instead of receiving them from a signature offered by a user U. Otherwise, the adversary can forge signatures in the payment phase. Therefore, there are four redundant data among the signature (z, a, b, r, j, h, h1, h2, h3) offered by a user. |
| |
| Keywords: | forward-secure electronic cash discrete logarithm problem blind signature redundant data |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
