一种mIBS方案的分析与改进

魏松杰等人提出一种基于安全仲裁SEM（security mediator）的mIBS（identity based signature）方案，利用SEM节点实现用户身份实时撤销。mIBS方案中，SEM持有部分用户私钥，与签名者共同完成签名。对mIBS方案进行了安全性分析，发现该方案存在严重安全缺陷，并给出一个具体的攻击实例。在攻击实例中，签名者通过与SEM的一次正常签名交互，窃取SEM持有的部分私钥，进而绕开SEM单独实施签名，使得SEM失效。提出一种改进的mIBS方案（记为mIBSG），对SEM持有的部分私钥增加了随机性保护。进一步，建立了mIBS方案安全模型mEUF-CMIA（existential unforgeability under adaptive chosen message and identity attacks），重点讨论了其敌手模型。除传统IBS敌手外，mEUF-CMIA模型定义第二种类型敌手模拟一个恶意但合法的签名者，通过访问随机预言机，在没有SEM参与的情况下独立产生签名。在mEUF-CMIA模型下，mIBSG方案的不可伪造性被归约为求解循环群上的CDH问题。对比分析表明，mIBSG方案以较小的计算代价实现了可证明安全性。mIBSG方案可用于构建基于IBC的跨域认证系统。

Analysis and improvement of an mIBS scheme

Wei Songjie et al. proposed an identity-based signature scheme(mIBS), and used a security mediator(SEM) node to realize real-time revocation of entity identity in the mIBS scheme. The SEM held a part of the signature key, and generated a signature by working collaboratively with a signer. This paper analyzed the security of the mIBS scheme, found it had serious security flaws, and presented a specific attack instance. In the attack instance, a signer can stole the key held by the SEM through once normal signature interaction with a SEM, and then bypassed the SEM to implement a signature independently. This paper proposed an improved signature scheme(mIBSG). The mIBSG scheme remedied the security flaws of the original scheme by randomizing the private key held by the SEM. Further, this paper established a security model for mIBS scheme, named mEUF-CMIA, and defined a new type of adversary that simulated malicious but legitimate signers. The new adversary had the power to generate a forged signature independently through asking random oracles. Based on the new security model, this paper deduced the unforgeability of the mIBSG scheme as solving the CDH problem on a cyclic group. Comparative analysis show that the mIBSG scheme achieves provable security with a small calculate efficiency loss. The mIBSG scheme can be used to build an IBC-based cross-domain authentication system.