ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (10): 2244-2254.doi: 10.7544/issn1000-1239.2017.20170422

• 信息安全 • 上一篇    下一篇

基于强变色龙Hash函数的紧致安全签名通用构造

李飞1,2,高伟1,2,王贵林3,谢冬青2,唐春明2   

  1. 1(鲁东大学数学与统计科学学院 山东烟台 264025); 2(广东省信息安全技术重点实验室(广州大学) 广州 510006); 3(华为新加坡研究所谢尔德实验室 新加坡 117674) (miss_lifei@163.com)
  • 出版日期: 2017-10-01
  • 基金资助: 
    国家自然科学基金项目(61202475);广东省信息安全技术重点实验室开放课题(GDXXAQ2016-02);山东省统计科研重点课题(KT16022);鲁东大学博士人才科研基金项目(2017)

Generic Tightly Secure Signature Schemes from Strong Chameleon Hash Functions

Li Fei1,2, Gao Wei1,2, Wang Guilin3, Xie Dongqing2, Tang Chunming2   

  1. 1(School of Mathematics and Statistics, Ludong University, Yantai, Shandong 264025); 2(Guangdong Provincial Key Laboratory of Information Security Technology (Guangzhou University), Guangzhou 510006); 3(Shield Laboratory, Singapore Research Center of Huawei, Singapore 117674)
  • Online: 2017-10-01

摘要: 可证明安全性已经成为构造和分析密码方案的一个基本要求.研究可证明安全密码学领域的一个经典问题,即如何在随机预言模型下构造可证明安全的数字签名方案,而且其安全性可紧致地规约为某个基础数学问题的困难性.首先提出一种新密码原型,称作强变色龙Hash函数;然后基于强变色龙Hash函数,给出紧致安全数字签名方案的一般化构造框架及其变形,分别对应带状态和无状态2种情形;接着证明了这2种通用方案的安全性均可规约为底层强变色龙Hash函数的抗碰撞性.利用 RSA,CDH,IF等具体假设下的强变色龙Hash函数,通过所提出的一般化构造技术,可以模块化地构造相应的具体的紧致安全签名方案.2类经典的紧致安全签名方案构造范式,即Fiat-Shamir(FS)类和Full-Domain-Hash(FDH)类,可大致统一在所提出的构造框架中,而且本框架可将FDH类紧致安全签名方案解释为相应FS类紧致签名方案的优化形式.

关键词: 数字签名, 可证明安全, 紧致安全性, 随机预言模型, 变色龙Hash函数, 全域Hash签名

Abstract: Provable security has become one basic requirement for constructing and analyzing cryptographic schemes. This paper studies the classical issue in the field of provable security, namely how to construct provably secure digital signature schemes with tight security reduction from certain basic mathematical hard problems in the random oracle model. This paper first proposes a new cryptographic primitive called a strong chameleon Hash function. Based on a strong chameleon Hash function, we present a generic framework and its variant respectively for constructing a stateful and stateless digital signature scheme with tight security. We prove that these generic digital signature schemes are both secure under the assumption that the underlying chameleon Hash function is collision resistant in the random oracle model. By applying these generic construction methods to some concrete chameleon Hash functions under common mathematical assumptions such as RSA, CDH and IF (integer factorization), the corresponding digital signature schemes with tight security can be modularly obtained. The two existing classic paradigms to generically construct tightly secure signature schemes, i.e. Fiat-Shamir signatures and Full-Domain-Hash signatures, can be roughly unified by our generic frameworks. Furthermore, under our generic frameworks, a tightly secure signature scheme following the Fiat-Shamir methodology can be seen as the optimized variant of the corresponding tightly secure signature scheme following the Full-Domain-Hash framework.

Key words: digital signature, provable security, tight security, random oracle model, chameleon Hash function, full domain Hash signature

中图分类号: