高级检索

    格上基于身份的群签名方案

    Identity-Based Group Signatures Scheme on Lattice

    • 摘要: 现有的格上群签名方案,虽然能够有效抵抗量子计算的攻击,但是难以避免用户公钥证书复杂的管理问题.基于格基委派、拒绝采样等技术,将基于身份的加密体制与格上群签名相结合,构造了随机预言模型下的格上基于身份的群签名.首先通过陷门生成算法生成系统主密钥;然后通过格基委派技术提取用户身份信息并获取用户密钥;最后在签名阶段不使用零知识证明,而是采用了拒绝采样算法生成签名,并使用LPR加密算法保证群管理员能够通过追溯密钥打开群签名.安全性分析表明,该方案满足完全匿名性、不可伪造性和完全可追溯性,且能够规约到RSIS和RLWE困难假设.与现有的格上群签名相比,该方案实现了基于身份的功能,并且在存储开销方面具有一定的优势,其中密钥开销减小了约79.6%,签名开销减小了约39.9%.

       

      Abstract: Although the existing group signature schemes on lattice can effectively resist the attacks of quantum computing, it is difficult to avoid the complicated management problem of user’s public key certificate. Based on techniques such as rejection sampling and lattice basis delegation, this paper combines the identity-based encryption with the group signature on lattice to construct an identity-based group signature on lattice in the random oracle model. First of all, the system master key is obtained from the trapdoor generation algorithm; Then, the lattice delegation technology extracts the user’s identity information and obtains the user’s private key. Finally, the signature is generated by using the rejection sampling algorithm instead of the zero-knowledge proof system in the signing stage. Meanwhile, this paper uses the LPR encryption algorithm proposed to ensure that the signature can be opened for group administrator by the traceability key. Security analysis shows that the full anonymity, unforgeability and full traceability of the proposed scheme in this paper can be reduced to the hardness assumptions of RSIS and RLWE. Compared with other group signatures on lattice, the proposed scheme is based on identity-based encryption and has certain advantages in storage overhead. Specifically, the overhead of key and signature are decreased roughly by 79.6%, 39.9%, respectively.

       

    /

    返回文章
    返回