| A server-aided verification signature(SAV signature)scheme consists of a digital signature scheme and a server-aided verification protocol(SAV protocol).With the SAV protocol,some computational tasks for a signature verification are carried out by a server,which is generally untrusted,while the verifier with Less computationally efficient,such as power-constrained smart terminal,only needs to do a few simple calculations.therefore,the SAV signature is very useful for low-power computational devices.This paper studies the SAV signature schemes from the following three aspects:Firstly,the cryptanalysis of the YYG-SAVS proposed by Yang X D,Yang M M,et.al.and the YLG-SAVPRS proposed by Yang X D,Li Y N,et.al.reveals that both schemes can not resist collusion attacks.The SAV protocols for both schemes do not have the security requirement of soundness.Secondly,based on the analysis of the reasons why the existing schemes can't resist collusion attack,it is found that there are some deficiencies in their security model,and they can't find and solve the cheating behavior of collusion attacker,acted by malicious server,in the execution of SAV protocol.Thus,the security model of identity-based serverassisted verification signature scheme is discussed.In the collusion attack game,the concept of server assisted verification protocol under the collusion attack is introduced.Even if the malicious server cheats in aided verification,the soundness of SAV protocol can be guaranteed.Thirdly,based on the Kwon signature scheme,a new ID-based server-aided verification is designed,which is provably secure under standard model.Using the proposed security model,it is proved that,the new scheme is existentially unforgeable against adaptive chosen message identity,message and verification attacks,and the SAV protocol is sound against adaptive chosen identity and verification attacks under collusion. |
PDF Full Text Request