摘要： 随机预言机模型下的可证明安全性不能保证数字签名方案在具体实现时的安全性，因此在标准模型下的可证明安全的数字签名方案更具有吸引力。针对在标准模型下可证安全的两个短签名方案，该文指出这两个方案在多用户环境下是不安全的，不能抵抗密钥替换攻击，即一个攻击者能够生成一个新公钥满足合法签名者生成的合法签名。

关键词: 密钥替换攻击, 短签名, 双线性对

Abstract: Digital signature schemes provably secure in the standard model attract a great interest, since a proof in the random oracle model can only serve as heuristic argument and can not imply the security in the implementation. This paper shows that the two short signature schemes provably secure in the standard model are all insecure against key substitution attacks under the multi-user setting, namely an adversary can generate a new public key satisfying legitimate signatures created by the legitimate signer.

Key words: key substitution attacks, short signatures, bilinear pairings

中图分类号: 

• TP918.1