高级检索
    张彦华, 胡予濮. 新的基于格的可验证加密签名方案[J]. 计算机研究与发展, 2017, 54(2): 305-312. DOI: 10.7544/issn1000-1239.2017.20150887
    引用本文: 张彦华, 胡予濮. 新的基于格的可验证加密签名方案[J]. 计算机研究与发展, 2017, 54(2): 305-312. DOI: 10.7544/issn1000-1239.2017.20150887
    Zhang Yanhua, Hu Yupu. A New Verifiably Encrypted Signature Scheme from Lattices[J]. Journal of Computer Research and Development, 2017, 54(2): 305-312. DOI: 10.7544/issn1000-1239.2017.20150887
    Citation: Zhang Yanhua, Hu Yupu. A New Verifiably Encrypted Signature Scheme from Lattices[J]. Journal of Computer Research and Development, 2017, 54(2): 305-312. DOI: 10.7544/issn1000-1239.2017.20150887

    新的基于格的可验证加密签名方案

    A New Verifiably Encrypted Signature Scheme from Lattices

    • 摘要: 可验证加密签名(verifiably encrypted signature, VES)能够有效地保证互联网上交易过程的公平性.VES的核心思想是:签名者利用仲裁者的公钥对自己所签发的一个普通数字签名进行加密,随后证明密文中确实包含一个普通签名,任何验证者都可以利用仲裁者的公钥来验证其真实性,但在没有签名者或仲裁者的帮助下无法从中提取出普通签名;当争议发生时,验证者可以要求仲裁者从可验证加密签名中恢复出签名者的普通签名.利用Agrawal等人在美密2010上给出的固定维数的格基委派技术、格上原像抽样算法和差错学习问题的非交互零知识证明,该文构造出一个新的格上可验证加密签名方案,并在随机预言机模型下严格证明了其安全性.与已有的可验证加密签名方案相比,该方案要求签名者根据仲裁者公钥生成签名者公私钥对,构造简单,公私钥和签名尺寸更短,效率更高,并且能够抵抗量子攻击.

       

      Abstract: Verifiably encrypted signatures (VES) can ensure the fairness of the Internet exchange process effectively. In a VES system, a signer can generate an ordinary signature on a given message using the secret key of the signer and then encrypt it under the public key of the adjudicator. A verifier should be able to verify that this encrypted signature is indeed an encryption of the ordinary signature of the signer, but the verifier cannot be able to extract the ordinary signature. The ordinary signature can only be recovered by the adjudicator from this encrypted signature. Using the technique of basis delegation in fixed dimension suggested by Agrawal et al in CPYPTO 2010, the lattice-based preimage sampling algorithm and a non-interactive zero-knowledge proof for the learning with errors (LWE) problem, this paper constructs a new verifiably encrypted signature scheme from lattices, and based on the hardness of the short integer solution (SIS) problem and the LWE problem, this proposed construction is provably strong unforgeable in the random oracle model. Compared with current verifiably encrypted signature schemes, this scheme needs that the public-private key pair of the signer should be generated according to the public key of the adjudicator, and this scheme can resist quantum attacks and enjoy simpler constructions, shorter public-private keys, smaller signature size and higher efficiency.

       

    /

    返回文章
    返回