标准模型下格上基于身份的盲签名方案
|
摘要
随机预言模型下的盲签名方案都依赖于随机预言假设,即使方案被证明安全,在实际应用时未必安全。构造了一个标准模型下格上基于身份的盲签名方案。该方案中引入一个短格基派生算法,根据用户的身份产生对应的私钥,并利用Gentry等人提出的原像抽样陷门单向函数产生消息的签名。在标准模型下依据Juels和Pointcheval等人提出的安全模型,基于小整数解问题(small integer solutions,SIS)的困难性,证明了该方案满足one-more不可伪造性。分析表明,与同类方案相比,该方案密钥长度和签名长度有所减小,效率更高。
The blind signature scheme in the random oracle model relies on the random oracle assumption. The scheme is proven to be secure in theory, but it may not be secure in practice. This paper constructs an identity-based blind signature scheme with lattice in the standard model. A short basis delegation algorithm is introduced to generate the private key. The signature of the message is generated by the forward sampling algorithm proposed by Gentry et al.Under the standard hardness assumption of the small integer solutions problem(SIS), the new scheme is proven to be one-more unforgeable based on Juels and Pointcheva's security model in the standard model. The comparison results show that the key length and signature length are shorter, and the efficiency is higher.
The blind signature scheme in the random oracle model relies on the random oracle assumption. The scheme is proven to be secure in theory, but it may not be secure in practice. This paper constructs an identity-based blind signature scheme with lattice in the standard model. A short basis delegation algorithm is introduced to generate the private key. The signature of the message is generated by the forward sampling algorithm proposed by Gentry et al.Under the standard hardness assumption of the small integer solutions problem(SIS), the new scheme is proven to be one-more unforgeable based on Juels and Pointcheva's security model in the standard model. The comparison results show that the key length and signature length are shorter, and the efficiency is higher.
引文
[1]Chaum D.Blind signatures for untraceable payments[M]//Advances in Cryptology.Boston:Springer US,1983:199-203.
[2]Shamir A.Identity-based cryptosystems and signature schemes[C]//LNCS 196:Proceedings of CRYPTO 1984,Santa Barbara,USA,Aug 19-22,1984.Berlin,Heidelberg:Springer,1985:47-53.
[3]Zhang Fangguo,Kim K.Efficient ID-based blind bignature and proxy signature from bilinear pairings[C]//LNCS 2727:Proceedings of the 8th Australasian Conference on Information Security and Privacy,Wollongong,Australia,Jul 9-11,2003.Berlin,Heidelberg:Springer,2003:312-323.
[4]Shor P W.Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer[J].SIAMJournal on Computing,1997,26(5):1484-1509.
[5]Ajtai M.Generating hard instances of lattice problems[C]//Proceedings of the 28th Annual ACM Symposium on Theory of Computing,Philadelphia,USA,May 22-24,1996.New York:ACM,1996:99-108.
[6]Wang Xiaoyun,Liu Mingjie.Survey of lattice-based cryptography[J].Journal of Cryptologic Research,2014,1(1):13-27.
[7]Gentry C,Peikert C,Vaikuntanathan V.Trapdoors for lattices and new cryptographic constructions[C]//Proceedings of the40th Annual ACM Symposium on Theory of Computing,Victoria,Canada,May 17-20,2008.New York:ACM,2008:197-206.
[8]Rückert M.Lattice-based blind signatures[C]//LNCS 6477:Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security,Singapore,Dec 5-9,2010.Berlin,Heidelberg:Springer,2010:413-430.
[9]Rückert M.Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles[C]//LNCS 6061:Proceedings of the 3rd International Conference on Post-Quantum Cryptography,Darmstadt,Germany,May 25-28,2010.Berlin,Heidelberg:Springer,2010:182-200.
[10]Tian Miaomiao,Huang Liusheng.Identity-based signatures from lattices:simpler,faster,shorter[J].Fundamental Information,2014,145(2):171-187.
[11]Liu Zhenhua,Zhang Xiangsong,Hu Yupu.Revocable and strongly unforgeable identity-based signature scheme in the standard model[J].Security and Communication Networks,2016,9(14):2422-2433.
[12]Gu Chunxiang,Chen Li,Zheng Yonghui.ID-based signatures from lattices in the random oracle model[C]//LNCS7529:Proceedings of the 2012 International Conference on Web Information Systems and Mining,Chengdu,China,Oct26-28,2012.Berlin,Heidelberg:Springer,2012:222-230.
[13]Agrawal S,Boneh D,Boyen X.Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE[C]//LNCS 6223:Proceedings of the 30th Annual Cryptology Conference on Advances in Cryptology,Santa Barbara,USA,Aug 15-19,2010.Berlin,Heidelberg:Springer,2010:98-115.
[14]Wang Fenghe,Hu Yupu,Wang Chunxiao.Lattice-based blind signature schemes[J].Geomatices and Information Science of Wuhan University,2010,35(5):550-553.
[15]Juels A,Luby M,Ostrovsky R.Security of blind digital signatures(extended abstract)[C]//LNCS 1294:Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology,Santa Barbara,USA,Aug 17-21,1997.Berlin,Heidelberg:Springer,1997:150-164.
[16]Pointcheval D,Stern J.Security arguments for digital signatures and blind signatures[J].Journal of Cryptology,2000,13(3):361-396.
[17]Zhang Lili,Song Yongxuan.Proxy blind signature scheme from lattice basis delegation[J].International Journal of Advancements in Computing Technology,2012,4(21):99-104.
[18]Zhang Lili,Ma Yanqin.A lattice-based identity-based proxy blind signature scheme in the standard model[J].Mathematical Problems in Engineering,2014:307637.
[19]Micciancio D,Regev O.Worst-case to average-case reductions based on Gaussian measures[J].SIAM Journal on Computing,2007,37(1):267-302.
[6]王小云,刘明洁.格密码学研究[J].密码学报,2014,1(1):13-27.
[14]王凤和,胡予濮,王春晓.基于格的盲签名方案[J].武汉大学学报:信息科学版,2010,35(5):550-553.
[2]Shamir A.Identity-based cryptosystems and signature schemes[C]//LNCS 196:Proceedings of CRYPTO 1984,Santa Barbara,USA,Aug 19-22,1984.Berlin,Heidelberg:Springer,1985:47-53.
[3]Zhang Fangguo,Kim K.Efficient ID-based blind bignature and proxy signature from bilinear pairings[C]//LNCS 2727:Proceedings of the 8th Australasian Conference on Information Security and Privacy,Wollongong,Australia,Jul 9-11,2003.Berlin,Heidelberg:Springer,2003:312-323.
[4]Shor P W.Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer[J].SIAMJournal on Computing,1997,26(5):1484-1509.
[5]Ajtai M.Generating hard instances of lattice problems[C]//Proceedings of the 28th Annual ACM Symposium on Theory of Computing,Philadelphia,USA,May 22-24,1996.New York:ACM,1996:99-108.
[6]Wang Xiaoyun,Liu Mingjie.Survey of lattice-based cryptography[J].Journal of Cryptologic Research,2014,1(1):13-27.
[7]Gentry C,Peikert C,Vaikuntanathan V.Trapdoors for lattices and new cryptographic constructions[C]//Proceedings of the40th Annual ACM Symposium on Theory of Computing,Victoria,Canada,May 17-20,2008.New York:ACM,2008:197-206.
[8]Rückert M.Lattice-based blind signatures[C]//LNCS 6477:Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security,Singapore,Dec 5-9,2010.Berlin,Heidelberg:Springer,2010:413-430.
[9]Rückert M.Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles[C]//LNCS 6061:Proceedings of the 3rd International Conference on Post-Quantum Cryptography,Darmstadt,Germany,May 25-28,2010.Berlin,Heidelberg:Springer,2010:182-200.
[10]Tian Miaomiao,Huang Liusheng.Identity-based signatures from lattices:simpler,faster,shorter[J].Fundamental Information,2014,145(2):171-187.
[11]Liu Zhenhua,Zhang Xiangsong,Hu Yupu.Revocable and strongly unforgeable identity-based signature scheme in the standard model[J].Security and Communication Networks,2016,9(14):2422-2433.
[12]Gu Chunxiang,Chen Li,Zheng Yonghui.ID-based signatures from lattices in the random oracle model[C]//LNCS7529:Proceedings of the 2012 International Conference on Web Information Systems and Mining,Chengdu,China,Oct26-28,2012.Berlin,Heidelberg:Springer,2012:222-230.
[13]Agrawal S,Boneh D,Boyen X.Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE[C]//LNCS 6223:Proceedings of the 30th Annual Cryptology Conference on Advances in Cryptology,Santa Barbara,USA,Aug 15-19,2010.Berlin,Heidelberg:Springer,2010:98-115.
[14]Wang Fenghe,Hu Yupu,Wang Chunxiao.Lattice-based blind signature schemes[J].Geomatices and Information Science of Wuhan University,2010,35(5):550-553.
[15]Juels A,Luby M,Ostrovsky R.Security of blind digital signatures(extended abstract)[C]//LNCS 1294:Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology,Santa Barbara,USA,Aug 17-21,1997.Berlin,Heidelberg:Springer,1997:150-164.
[16]Pointcheval D,Stern J.Security arguments for digital signatures and blind signatures[J].Journal of Cryptology,2000,13(3):361-396.
[17]Zhang Lili,Song Yongxuan.Proxy blind signature scheme from lattice basis delegation[J].International Journal of Advancements in Computing Technology,2012,4(21):99-104.
[18]Zhang Lili,Ma Yanqin.A lattice-based identity-based proxy blind signature scheme in the standard model[J].Mathematical Problems in Engineering,2014:307637.
[19]Micciancio D,Regev O.Worst-case to average-case reductions based on Gaussian measures[J].SIAM Journal on Computing,2007,37(1):267-302.
[6]王小云,刘明洁.格密码学研究[J].密码学报,2014,1(1):13-27.
[14]王凤和,胡予濮,王春晓.基于格的盲签名方案[J].武汉大学学报:信息科学版,2010,35(5):550-553.