高级检索

    支持一般电路的高效安全基于属性签名

    Efficient and Secure Attribute-Based Signatures for General Circuits

    • 摘要: 基于属性签名(attribute-based signature,ABS)是一种重要的密码原语,具有广泛的应用背景,得到众多学者的关注,是密码学的研究热点.为了提高基于属性签名的安全性、表达力和效率,使用多线性映射作为工具,提出一个支持一般电路的具有完善隐私性的基于属性签名方案.引入节点权重概念并采用“从上到下”递归,显著减少生成签名的计算开销;利用左右孩子节点的对称性,缩短门节点的密钥长度.所提出的方案将不可伪造性从“选定消息且选定属性攻击下存在不可伪造”提升到更强的“自适应选择消息但选定属性攻击下存在不可伪造”;将访问结构从特殊电路拓展到一般电路,可以支持任意访问结构,达到任意的访问控制粒度;在保持签名仅为1个群元素的前提下,显著缩短主公钥、主私钥和签名钥的大小和显著降低签名密钥生成、签名生成和验证的计算开销.分析表明:所提出的方案在性能和效率方面均有明显优势,是一个实用的方案.

       

      Abstract: Attribute-based signature is an important cryptographic primitive and has attracted the attention of many scholars. Because of its good properties, attribute-based signature has found significant applications in many fields, such as message delivery, anonymous authentication, leaking secrets, trust negotiations, private access control, anonymous credentials, etc. To improve the security, expressiveness, and efficiency of attribute-based signature, an efficient and secure attribute-based signature scheme with perfect privacy for general circuits is proposed by using multi-linear mapping. By introducing the concept of node weight and adopting the "top-down" recursive, the computation cost of signature generation is reduced. The sizes of the keys of the gate nodes are reduced by using the symmetry of the left and right child nodes. Compared with the previous scheme, the proposed scheme improves the unforgeability from "existential unforgeable under selective message and selective attribute attack" to "existential unforgeable under adaptive chosen message but selective attribute attack." The proposed scheme extends the access structure from special circuits to general circuits, which can support arbitrary access structures and achieve arbitrary access control granularity. The proposed scheme keeps the signature as only one group element, shortens the sizes of the master public key, master private key, and signing key markedly, and reduces the computation overheads of signing key generation, signature generation, and signature verification significantly. The analysis shows that the proposed scheme has obvious advantages in performance and efficiency and is practical.

       

    /

    返回文章
    返回