高级检索

    格上可追溯的匿名单点登录方案

    Traceable Anonymous Single Sign on Scheme on Lattice

    • 摘要: 单点登录(single sign on,SSO)方案能够避免认证模块冗余带来的资源浪费、信息泄露问题,而具有匿名性的单点登录能够在保护个人隐私的情况下实现匿名认证与授权,但现有的匿名单点登录方案未考虑因用户匿名而出现的欺诈行为追责问题. 针对此问题,首先提出一个格上可追溯的匿名单点登录方案. 所提方案采用格上基于身份的密码体制缓解公钥证书管理问题,通过授权认证标签和假名实现对用户的匿名认证;然后使用强指定验证者技术实现用户服务请求的定向验证;同时引入受信任机构,通过公钥恢复出用户身份并进行追责;最后在安全模型下证明方案具有不可链接性、不可伪造性与可追溯性. 安全性与性能分析结果表明方案在PARMS II和PARMS III这2组参数下,分别运行大约75 ms和108 ms便可为用户生成可供4次服务请求的访问服务票据,并可达到230 b和292 b的量子安全强度.

       

      Abstract: The single sign on (SSO) scheme can avoid the waste of resources and information leakage caused by the redundancy of authentication module, and the anonymous single sign on can realize anonymous authentication and authorization under the condition of protecting personal privacy. However, the existing anonymous single sign on schemes do not consider the accountability of fraud caused by the anonymity of users. For this problem, a traceable anonymous single sign on scheme on lattice is proposed. The proposed scheme uses the identity-based cryptosystem on lattice to alleviate the problem of public key certificate management, and realizes the anonymous authentication of the user through the authorized authentication tag and pseudonym. Then, the strong designated verifier technology is used to realize the directional verification of user service requests. And the trusted organization is introduced to recover the user's identity and pursue responsibility through the public key. The proposed scheme is proved to have unlinkability, unforgeability and traceability under the security model. The security and performance analysis results show that under PARMS II and PARMS III, our scheme can generate the access service tickets for 4 service requests by running for about 75 ms and 108 ms respectively. And it can reach the quantum security strength of 230 b and 292 b.

       

    /

    返回文章
    返回