@techreport{oai:ipsj.ixsq.nii.ac.jp:00237284,
 author = {藤田, 祐輝 and 坂井, 祐介 and 山下, 恭佑 and 花岡, 悟一郎 and Yuuki, Fujita and Yusuke, Sakai and Kyosuke, Yamashita and Goichiro, Hanaoka},
 issue = {78},
 month = {Jul},
 note = {鍵代替攻撃とは，ある署名に対して検証で受理されるようなメッセージと公開鍵の組を 2 通り与える攻撃である．本稿では Boldyreva ら (CCS’ 07) が提案した順序付きマルチ署名 (以下BGOY OMS) に関して検討を行う．まず，順序付きマルチ署名では検証に用いる公開鍵の組の中での鍵の順序を保証する必要があるという点を踏まえ，強い鍵代替不可能性と弱い鍵代替不可能性を定義する．本稿では，この定義に基づいて BGOY OMS が弱い鍵代替不可能性を満たさないことを示し，更に BGOY OMS を修正した構成方式を提案し，この方式がランダムオラクルモデルにおいて DBP 仮定の下でこの弱い安全性を満たすことを示す．, The key substitution attack is an attack in which given a signature, a malicious party creates two messages and sequences of public keys that are accepted by the verification algorithm. We investigate the possibility of key substitution attacks against the ordered multisignature ( BGOY OMS ) proposed by Boldyreva et al. ( CCS’ 07 ). First, we observe that the order of public keys in a sequence of public keys must be guaranteed in ordered mulsignatures. We introduce two security notions: (i) strong non-key substitutability that means the security against any key substitution attack and (ii) weak non-key substitutability that means the security against targeted key substitution attacks. We then show that BGOY OMS does not satisfy weak non-key substitutability. Furthermore, we propose a modified construction of BGOY OMS and prove that the modified BGOY OMS satisfies weak non-key substitutability under the DBP assumption in the random oracle model.},
 title = {順序付きマルチ署名に対する鍵代替攻撃の検討},
 year = {2024}
}