ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (7): 1510-1524.doi: 10.7544/issn1000-1239.2017.20160427

• 信息安全 • 上一篇    下一篇

基于格的前向安全无证书数字签名方案

徐潜,谭成翔,冯俊,樊志杰,朱文烨   

  1. (同济大学电子与信息工程学院计算机科学与技术系 上海 201804) (1062842783@qq.com)
  • 出版日期: 2017-07-01
  • 基金资助: 
    国家重点研发计划项目(2017YFB0802302)

Lattice-Based Forward Secure and Certificateless Signature Scheme

Xu Qian, Tan Chengxiang, Feng Jun, Fan Zhijie, Zhu Wenye   

  1. (Department of Computer Science and Technology, College of Electronics and Information Engineering, Tongji University, Shanghai 201804)
  • Online: 2017-07-01

摘要: 无证书签名方案利用密钥生成中心与用户共同生成签名密钥的方式,解决了传统的基于身份的数字签名方案中存在的密钥托管问题.目前,针对无证书签名方案的研究还存在3点可以改进的地方:1)已有的基于随机格构建的无证书签名方案,虽然具有后量子安全性,但都是建立在随机预言模型下,尚无针对标准模型的相关研究;2)已有的格基无证书签名方案大多只考虑外部敌手,缺乏抵御不诚实用户攻击的能力;3)已有的无证书签名方案均需要保证用户密钥是绝对安全的,无法解决密钥泄露问题.针对这3点不足,在随机预言模型下的前向安全的无证书格基签名方案的基础上,首次提出了标准模型下可证明安全的基于随机格的前向安全无证书数字签名方案,并在不引入第三方代理的前提下同时解决了密钥泄露和密钥托管问题.在面对不诚实的用户和恶意密钥生成中心2类强敌手的情况下,利用小整数解SIS假设证明了所提出的方案具有适应性选择消息、选择身份攻击下的前向安全强不可伪造性.

关键词: 格基数字签名, 无证书, 前向安全, 随机预言模型, 标准模型

Abstract: Certificateless signature scheme has solved key escrow problems existing in traditional identity-based signature schemes. The secret key of the user in certificateless signature scheme consists of two parts, one is partial secret key, which is generated by key generation centre, and the other is secret value from user itself. However, there are still three points to be improved in such scheme. Firstly, although some lattice-based certificateless signature schemes based on the random oracle model have been proposed in order to achieve the post-quantum security, their standard model counterparts remain unrealized. Secondly, most of the existing lattice-based certificateless signature schemes only consider the outside attacker and neglect the threats from semi-trusted user. Thirdly, the existing certificateless signature schemes all rely on the security of the secret key, which cannot be satisfied due to the key exposure problem. In this paper, based on the forward secure and certificateless signature scheme in the random oracle model, we propose the first lattice-based certificateless signature scheme which is provably secure in the standard model to eliminate key exposure and key escrow problems without introducing a third party proxy. With the help of the small integer solution problem, we have proved that our schemes can guarantee the forward secure and strongly existential unforgeability against the adaptive chosen message and adaptive chosen identity attack.

Key words: lattice-based signature scheme, certificateless, forward secure, random oracle model, standard model

中图分类号: