高级检索

    前向安全的高效属性基可净化签名方案

    Efficient and Forward-Secure Attribute-Based Sanitizable Signature Scheme

    • 摘要: 在属性基签名(attribute-based signature, ABS)方案中,签名者密钥由不同的属性生成,只有当所拥有的属性满足给定的签名策略时才能够产生有效签名.验证者不需要知道签名者真实身份就能判断签名是否有效.所以ABS因其匿名性而受到广泛关注.在ABS方案中,一旦密钥发生泄露,那么获得密钥的攻击者就可以生成一个有效签名.原始消息中往往包含一些敏感信息,例如在电子医疗或电子金融场景中,个人的医疗记录或交易记录中包含个人隐私信息,若未经脱敏处理将会导致个人敏感信息泄露.为了解决密钥泄露和敏感信息泄露问题,提出了一种前向安全的高效属性基可净化签名(forward-secure attribute-based sanitizable signature, FABSS)方案.基于η-DHE(η-Diffie-Hellman exponent)困难问题假设,在标准模型下证明了该方案的安全性.提出的方案不仅可以抵抗密钥泄露,保护签名者隐私,同时还具有敏感信息隐藏功能.此外,提出的方案具有固定签名长度,并且在验证阶段只需要计算常数个配对运算.实验分析表明提出方案的性能是高效的.

       

      Abstract: In the attribute-based signature (ABS) scheme, the secret key of the signer is generated by attribute authority with different attributes, and the signature can be generated successfully only when the attributes meet the given signing policy. The verifier does not need to know the identity of the signer to determine whether the signature is valid. As a result, ABS has attracted wide attention due to its anonymity and fine-grained access control. In ABS scheme, once the key leakage occurs, the attacker can use the leaked key to generate a valid signature. The original message often contains some sensitive information. For example, in e-health or electronic finance scenario, personal privacy information is contained in personal medical records or transaction records. If the original message is not desensitized, sensitive personal information will be leaked. In order to solve the problems of key leakage and sensitive information leakage, an efficient and forward-secure attribute-based sanitizable signature (FABSS) scheme is proposed. The security of FABSS is reduced to the \eta -DHE ( \eta -Diffie-Hellman exponent) assumption problem under the standard model. The proposed scheme not only protects signer privacy and supports fine-grained access control, but also has the ability to hide sensitive information and resist key leakage. In addition, the length of signature is constant, and only a constant number of pairing operations need to be calculated in the verification stage. Experimental analysis shows that the performance of the proposed scheme is efficient.

       

    /

    返回文章
    返回