ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (2): 305-312.doi: 10.7544/issn1000-1239.2017.20150887

• 信息安全 • 上一篇    下一篇

新的基于格的可验证加密签名方案

张彦华,胡予濮   

  1. (综合业务网理论与关键技术国家重点实验室(西安电子科技大学) 西安 710071) (yhzhangxidian@163.com)
  • 出版日期: 2017-02-01
  • 基金资助: 
    国家自然科学基金项目(61472309)

A New Verifiably Encrypted Signature Scheme from Lattices

Zhang Yanhua, Hu Yupu   

  1. (State Key Laboratory of Integrated Service Networks (Xidian University), Xi'an 710071)
  • Online: 2017-02-01

摘要: 可验证加密签名(verifiably encrypted signature, VES)能够有效地保证互联网上交易过程的公平性.VES的核心思想是:签名者利用仲裁者的公钥对自己所签发的一个普通数字签名进行加密,随后证明密文中确实包含一个普通签名,任何验证者都可以利用仲裁者的公钥来验证其真实性,但在没有签名者或仲裁者的帮助下无法从中提取出普通签名;当争议发生时,验证者可以要求仲裁者从可验证加密签名中恢复出签名者的普通签名.利用Agrawal等人在美密2010上给出的固定维数的格基委派技术、格上原像抽样算法和差错学习问题的非交互零知识证明,该文构造出一个新的格上可验证加密签名方案,并在随机预言机模型下严格证明了其安全性.与已有的可验证加密签名方案相比,该方案要求签名者根据仲裁者公钥生成签名者公私钥对,构造简单,公私钥和签名尺寸更短,效率更高,并且能够抵抗量子攻击.

关键词: 可验证加密签名(VES), 固定维数, 格, 随机预言机模型, 差错学习问题

Abstract: Verifiably encrypted signatures (VES) can ensure the fairness of the Internet exchange process effectively. In a VES system, a signer can generate an ordinary signature on a given message using the secret key of the signer and then encrypt it under the public key of the adjudicator. A verifier should be able to verify that this encrypted signature is indeed an encryption of the ordinary signature of the signer, but the verifier cannot be able to extract the ordinary signature. The ordinary signature can only be recovered by the adjudicator from this encrypted signature. Using the technique of basis delegation in fixed dimension suggested by Agrawal et al in CPYPTO 2010, the lattice-based preimage sampling algorithm and a non-interactive zero-knowledge proof for the learning with errors (LWE) problem, this paper constructs a new verifiably encrypted signature scheme from lattices, and based on the hardness of the short integer solution (SIS) problem and the LWE problem, this proposed construction is provably strong unforgeable in the random oracle model. Compared with current verifiably encrypted signature schemes, this scheme needs that the public-private key pair of the signer should be generated according to the public key of the adjudicator, and this scheme can resist quantum attacks and enjoy simpler constructions, shorter public-private keys, smaller signature size and higher efficiency.

Key words: verifiably encrypted signature (VES), fixed dimension, lattice, random oracle model, the learning with errors

中图分类号: