关于数字签名方案的测试??

大致要求过程:1 设计一个随机函数f生成一些随机数si

2 对于每一个si有 f(si)=Fs(0)

3 公开公钥以便校验者校验,这里共钥.
4 G是一个哈希函数的集合,随机的从G中取一个哈希函Gh,计算Gh(si),寻找两个相的值,以形成签名(si,sj),

5 校验者得到签名后,利用公钥检验签名.

这就是大致方案.第四步是难点.

以下是英文大致过程: Signature Generation
To sign a message m, the signer first computes the hash h = H( m ). The signer then computes the hash function Gh (as we describe at the beginning of this section) to all the SEALs s1, &ldots;, st. The signer looks for a two-way collision of two SEALs: Gh(si) = Gh(sj), with si ≠sj. The pair si, sj forms the signature. Figure 1 shows an example. It is now clear why the BiBa acronym stands for Bins and Balls signature: the bins correspond to the range of the hash function Gh, and the balls correspond to the SEALs.



Figure 1: Basic BiBa scheme



We exploit the asymmetric property that the signer has more SEALs than the adversary, and hence the signer can easily generate the BiBa signature with high probability. On the other hand, an adversary only knows the few disclosed SEALs and hence has a low probability to find a valid BiBa signature

Signature Verification
The verifier receives message M and the BiBa signature si, sj . We assume for now that the verifier has an efficient method to authenticate the SEALs si, sj. To verify the BiBa signature the verifier computes h=H(m), checks that si ≠sj, and Gh( si ) = Gh(sj).

Note that the verification is very light-weight: Without considering the SEAL authentication, the verification only requires one hash function computation and two hash function computations.

算法是biba算法 一个美国教授搞的,不知道怎么用c++模拟,高手给个思路 ,或者帮帮忙啊