ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (10): 2300-2309.doi: 10.7544/issn1000-1239.2021.20210619

所属专题: 2021密码学与网络空间安全治理专题

• 信息安全 • 上一篇    下一篇

SOTS:一个基于哈希函数更短的后量子数字签名方案

卫宏儒,黄靖怡   

  1. (北京科技大学数理学院 北京 100083) (weihr@ustb.edu.cn)
  • 出版日期: 2021-10-01
  • 基金资助: 
    国家自然科学基金项目(61873026);广东省重点领域研发计划项目(2020B0909020001)

SOTS: A Hash Function-Based Shorter Post-Quantum Digital Signature Scheme

Wei Hongru Huang Jingyi   

  1. (School of Mathematics and Physics, University of Science and Technology Beijing, Beijing 100083)
  • Online: 2021-10-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61873026) and the Key-Area Research and Development Program of Guangdong Province (2020B0909020001).

摘要: 在后量子数字签名方案中,基于哈希函数的签名方案是高效和可证明安全的.然而,过长的密钥和签名是基于哈希函数的签名方案最主要的问题.在已有签名方案的基础上,提出一个新的一次签名方案,该方案不仅减少了签名的数量,同时减少了每个签名的长度.和Winternitz OTS方案相比,新的方案在密钥和签名尺寸上分别减少了77%和82%,和WOTS+方案相比,在密钥和签名尺寸上分别减少了60.7%和60.5%.在签名长度上,新方案与近2年提出的NOTS,SDS-OTS和WOTS-S方案相比,分别减少了17%,24.5%和48.1%.另外,证明了新的方案在选择明文攻击(Chosen-Plaintext Attack, CPA)下是存在不可伪造的,安全性可规约为底层哈希函数的单向性.除此之外,实验证实了与WOTS+方案相比,在密钥生成、签名生成和签名验证所需时间上,新的方案分别减少了71.4%,47.7%和60.9%.

关键词: 基于哈希函数的数字签名方案, 一次签名, 后量子密码学, 信息安全, 分布式账本

Abstract: In the post-quantum digital signature schemes, the Hash-based signature schemes are efficient and provably secure. However, one major drawback of Hash-based signature schemes is the large size of the key and the signature. In this study, based on existing digital signature schemes, a new One-Time Signature (OTS) scheme, which reduces both the number of the signatures and the size of each signature, has been proposed. Under the same post-quantum security level, the proposed scheme reduces the key and the signature sizes by 77% and 82.0% respectively as compared with the Winternitz OTS scheme. And it also reduces the key and the signature sizes by 60.7% and 60.5% respectively as compared with WOTS+. In terms of the signature size, compared with the NOTS, SDS-OTS and WOTS-S schemes proposed in the past two years, this proposed novel scheme has reduced by 17%, 24.5% and 48.1% respectively. Furthermore, this novel scheme is existentially unforgeable under the Chosen-Plaintext Attack (CPA) model. The security of this scheme is a security reduction of the onewayness of the underlying Hash function. Moreover, compared with WOTS+, the proposed signature scheme reduces the time of generating keys, creating signatures and verifying signatures by 71.4%, 47.7%, and 60.9% respectively.

Key words: Hash function-based digital signature, one-time signature, post-quantum cryptography, information security, distributed ledger

中图分类号: