作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于离散对数的数字签名标准对比研究

冯泽宇 a,巩博儒 b,赵运磊 a   

  1. (复旦大学 a.软件学院; b.计算机科学技术学院,上海 201203)
  • 收稿日期:2014-11-10 出版日期:2016-01-15 发布日期:2016-01-15
  • 作者简介:冯泽宇(1991-),男,硕士研究生,主研方向为密码学、信息安全;巩博儒,博士研究生;赵运磊,教授、博士生导师。
  • 基金资助:
    国家自然科学基金资助项目(61472084,61272012);中科院信工所信息安全国家重点实验室开放课题基金资助项目。

Comparative Study of Digital Signature Standards Based on Discrete Logarithm

FENG Zeyu  a,GONG Boru  b,ZHAO Yunlei  a   

  1. (a.Software School; b.School of Computer Science,Fudan University,Shanghai 201203,China)
  • Received:2014-11-10 Online:2016-01-15 Published:2016-01-15

摘要: 在国家密码管理局公开征集下一代商密公钥密码算法标准的背景下,从效率和安全性方面,对基于离散对数问题(DLP)或椭圆曲线DLP的ISO/IEC 14888-3中7种数字签名标准及国密SM2标准进行对比分析。结果表明,数字签名算法(DSA)是Schnorr和ElGamal签名算法的结合,其应用广泛,现已发展为EC-DSA,且安全性高于SM2。Pointcheval/Vaudenay算法是可证明安全的,KCDSA和EC-KCDSA的效率及安全性均较高,EC-RDSA和EC-GDSA的签名生成过程较快。给出针对EC-RDSA的攻击方法,证明其在自适应性选择消息攻击下不是强存在性不可伪造的。上述研究结果对我国下一代商密公钥密码算法标准的设计和制定具有参考作用。

关键词: 离散对数问题, 椭圆曲线离散对数问题, 数字签名标准, 随机谕示模型, SM2算法

Abstract: As Chinese state encryption administration is seeking the next generation of Digital Signature Standard(DSS),this paper analyzes and compares seven DSS listed in ISO/IEC 14888-3 and SM2 which are based on Discrete Logarithm Problem(DLP) or Elliptic Curve Discrete Logarithm Problem(ECDLP).Results show that the widely used Digital Signature Algorithm(DSA) is a combination of Schnorr and ElGamal signature algorithm and it becomes Elliptic Curve Digital Signature Algorithm (EC-DSA).SM2 may be more vulnerable than EC-DSA.Moreover,the Pointcheval/Vaudenay algorithm is provably secure.The Korean Certificate-based Digital Signature Algorithm(KCDSA) and its elliptic curve version Elliptic Curve Korean Certificate-based Digital Signature Algorithm(EC-KCDSA) performs better both in security and efficiency issues.The signature algorithms of Elliptic Curve Russia Digital Signature Algorithm(EC-RDSA) and Elliptic Curve Germany Digital Signature Algorithm(EC-GDSA) are faster.It is worth noting that an attack against EC-RDSA is proposed,implying that EC-RDSA is not strongly existential unforgeability under the adaptive chosen-message attack.The comparative results is helpful for the research,as well as for the finalization of the next generation of DSS.

Key words: Discrete Logarithm Problem(DLP), Elliptic Curve Discrete Logarithm Problem(ECDLP), Digital Signature Standard(DSS), Random Oracle Model(ROM), SM2 algorithm

中图分类号: