In1976, Diffie and Hellman first proposed the concept of public key cryptography. Depending on diffierent way to access the key, public key cryptography can be divided into traditional pubic key cryptography, identity-based public key cryptography and certificateless public key cryptography. In certificateless public key cryptography, the user’s full private key is generated by the key generation center (KGC) and himself. KGC supply each user with a partial private key through a secure channel. The user aslo hold a secret value which is chosen by himself. Then, the user combins his partial private key with secret value to generate actual private key. This private key is not available to the KGC. Certificateless public key is similar to the intermediate product between certificate-based public key cryptosystem and identity-based public key cryptosystem. It avoid complex generation and management of the network certificate, and it also solve the key escrow problem. However, certificateless public key cryptosystem can not resist the malicious dishonesty key generation center’s attack, certificateless digital signature system is the same. KGC can select a new secret value to generate effective public and private key pairs which is different from the user’s. Then KGC have the ability to generate "legal" signature. The security of the system can only reach the second level, which is lower than certificate-based public key cryptosystem. In this paper, using Gap Diffie-Hellman groups, we propose two certificateless signature schemes which can trace a malicious KGC through binding public key with user’s partially private key. The main results are as follows:(1) The two new signature schemes are proved to be secure. We will give the security proof of the two signature schemes which is safe under adaptive chosen message attack in random oracle model to make sure the unforgeability of these two digital signature in theory.(2) Low operation cost. The previous scheme has three bilinear operations, which has a higher efficiency than other similar signature scheme. While the second scheme avoid using bilinear pairing.(3) Security level is high. Using Gap Diffie-Hellman groups, the user’s public key is binding with his partially private key. Once a user find KGC’s effective signature, he can submit corresponding information to a third part to prove that his own private and public key pair is the only legitimate. So once a new "legitimate" key pair turn out in system, KGC must be malicious dishonest. |