J4 ›› 2014, Vol. 41 ›› Issue (2): 71-78.doi: 10.3969/j.issn.1001-2400.2014.02.012

• 研究论文 • 上一篇    下一篇



  1. (西安电子科技大学 综合业务网理论及关键技术国家重点实验室,陕西 西安  710071)
  • 收稿日期:2012-11-25 出版日期:2014-04-20 发布日期:2014-05-30
  • 通讯作者: 王明伟
  • 作者简介:王明伟(1986-),女,硕士,E-mail:ychmingwei007@163.com.
  • 基金资助:


Forward and backward secure signature scheme

WANG Mingwei;HU Yupu   

  1. (State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an  710071, China)
  • Received:2012-11-25 Online:2014-04-20 Published:2014-05-30
  • Contact: WANG Mingwei


基于多变量公钥的困难性假设——有限域上求解二次多变量难题,构造了一种新的签名方案,满足性质: (1)前向安全性,保证在当前密钥泄露时对之前的签名不会造成危害; (2)后向安全性,保证当前密钥的泄露不会对未来的密钥造成影响,即不必每次检测出密钥泄露就撤销当前的密钥系统而重建新的密钥系统.通过零知识证明技术和多变量公钥密码理论,提出了基于身份识别方案的改进模型的密钥更新算法,可在满足前向安全性的基础上获得后向安全性.最后给出了该方案在随机预言机模型下的安全性证明.

关键词: 有限域上求解二次多变量难题, 零知识, 身份认证, 前向安全, 后向安全, 数字签名, 随机预言机模型


A new signature scheme based solely on the MQ-problem is presented, which satisfies the following properties:(1) Forward security, which means that a compromise of a key now does not necessarily expose old traffic. (2) Backward security, which means that a compromise of a key now does not necessarily expose future traffic. We do not have to revoke our public key and re-issue a new key system everytime we detect a key leak. We use two fundamental tools, such as zero knowledge proof and mulitivariate public crypto. Our basic model is Koichi Sakumoto's identifcation scheme which is transformed by parallel processing and Fiat-Shamir transforming. What is novel about our approach is the key updating algortithm, which makes our scheme preserve backward security besides the forward property. Finally, we prove that our scheme satisfies the security under the random oracle model.

Key words: MQ-problem, zero knowledge, identification scheme, forward securrity, backward security, digital signature, random oracle model


  • TP309