摘要： 分析Zhou-Du方案和Zhao方案，指出这2个基于身份的聚合签名方案是不安全的。在Zhou-Du方案中，单个签名和聚合签名是可伪造的；在Zhao方案中，攻击者可利用单个签名获得签名者的私钥，进而实现任何攻击。对2个方案进行改进，改进的Zhou-Du方案满足不可伪造性，改进的Zhao方案可避免私钥泄露。同时，改进的Zhou-Du方案效率优于原方案，改进的Zhao方案的效率与原方案相同。

关键词: 基于身份的签名, 聚合签名, 双线性对

Abstract: The analysis of the ID-based aggregate signature schemes proposed by Zhou-Du and Zhao respectively reveals that they are insecure. The partial and aggregate signatures in Zhou-Du’s scheme can be fabricated. Likewise, in Zhao’s scheme, the adversary can utilize the partial signature to gain access to the signer’s private key for any attacks. The schemes are modified respectively. The modified scheme of Zhou-Du achieves non-forgeability while the modified scheme of Zhao succeeds to avoid the private key leakage. The modified scheme of Zhou-Du is more efficient than the original one, the modified scheme of Zhao works as efficiently as the original one.

Key words: ID-based signature, aggregate signature, bilinear pairing

中图分类号: 

• TP309

• TP393