International Conference on Research in Security Standardisation

Security Standardisation Research pp 140-153 | Cite as

Security of the SM2 Signature Scheme Against Generalized Key Substitution Attacks

  • Zhenfeng Zhang
  • Kang Yang
  • Jiang Zhang
  • Cheng Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)

Abstract

Though existential unforgeability under adaptively chosen-message attacks is well-accepted for the security of digital signature schemes, the security against key substitution attacks is also of interest, and has been considered for several practical digital signature schemes such as DSA and ECDSA. In this paper, we consider generalized key substitution attacks where the base element is considered as a part of the public key and can be substituted. We first show that the general framework of certificate-based signature schemes defined in ISO/IEC 14888-3 is vulnerable to a generalized key substitution attack. We then prove that the Chinese standard SM2 signature scheme is existentially unforgeable against adaptively chosen-message attacks in the generic group model if the underlying hash function h is uniform and collision-resistant and the underlying conversion function f is almost-invertible, and the SM2 digital signature scheme is secure against the generalized key substitution attacks if the underlying hash functions H and h are modeled as non-programmable random oracles (NPROs).

Keywords

Digital signatures Key substitution attacks Provable security 

Notes

Acknowledgements

We would like to thank Hui Guo and the anonymous reviewers for their helpful comments.

References

  1. 1.
    ISO/IEC 1st CD 14888–3 - Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanismsGoogle Scholar
  2. 2.
    GM/T 0003.2-2012, Public Key Cryptographic Algorithm SM2 based on Elliptic Curves - Part 2: Digital Signature Algorithm (2010). http://www.oscca.gov.cn/UpFile/2010122214822692.pdf
  3. 3.
    Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the Station-to-Station (STS) Protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154–170. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  4. 4.
    Bohli, J.-M., Røhrich, S., Steinwandt, R.: Key substitution attacks revisited: taking into account malicious signers. Int. J. Inf. Secur. 5(1), 30–36 (2006)CrossRefGoogle Scholar
  5. 5.
    Brown, D.R.L.: Generic groups, collision resistance, and ECDSA. Des. Codes Crypt. 35(1), 119–152 (2005)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Geiselmann, W., Steinwandt, R.: A Key Substitution Attack on SFLASH\(^{v3}\). Cryptology ePrint Archive, Report 2003/245 (2003). http://eprint.iacr.org/
  8. 8.
    Goldwasser, S., Micali, S., Rivest, R.L.: A paradoxical solution to the signature problem. In: Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science, pp. 441–448. IEEE (1984)Google Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Trusted Computing Group. TCG TPM specification 2.0. (2013) http://www.trustedcomputinggroup.org/resources/tpm_library_specification
  11. 11.
    ISO/IEC 11889:2015. Information technology - Trusted Platform Module Library (2015)Google Scholar
  12. 12.
    Menezes, A., Smart, N.: Security of signature schemes in a multi-user setting. Des. Codes Crypt. 33(3), 261–274 (2004)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  14. 14.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  15. 15.
    Tan, C.H.: Key substitution attacks on some provably secure signature schemes. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E87–A(1), 226–227 (2004)Google Scholar
  16. 16.
    Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  17. 17.
    Vaudenay, S.: Digital signature schemes with domain parameters. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 188–199. Springer, Heidelberg (2004) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Zhenfeng Zhang
    • 1
  • Kang Yang
    • 1
  • Jiang Zhang
    • 2
  • Cheng Chen
    • 1
  1. 1.Laboratory of Trusted Computing and Information AssuranceInstitute of Software, Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of CryptologyBeijingChina

Personalised recommendations