基于国产密码算法SM9的可追踪属性签名方案

唐飞; 凌国玮; 单进勇

doi:10.11999/JEIT210747

基于国产密码算法SM9的可追踪属性签名方案

doi: 10.11999/JEIT210747

唐飞^{1, 2, ,},
凌国玮¹,
单进勇³

1.
重庆邮电大学计算机科学与技术学院重庆 400065
2.
重庆邮电大学网络空间安全与信息法学院重庆 400065
3.
北京数牍科技有限公司北京 100083

基金项目: 国家自然科学基金(61702067)，重庆市自然科学基金(cstc2020jcyj-msxmX0343)

详细信息

作者简介:
唐飞：男，副教授，研究方向为公钥密码学、隐私计算、区块链等

凌国玮：男，硕士生，研究方向为公钥密码学、隐私计算等

单进勇：男，博士，研究方向为密码理论与应用、隐私计算等

通讯作者:
唐飞　tangfei@cqupt.edu.cn

中图分类号: TP309.7
计量
- 文章访问数: 1259
- HTML全文浏览量: 521
- PDF下载量: 168
- 被引次数: 8
出版历程
- 收稿日期: 2021-07-29
- 修回日期: 2022-01-02
- 录用日期: 2022-01-05
- 网络出版日期: 2022-02-01
- 刊出日期: 2022-10-19

Traceable Attribute Signature Scheme Based on Domestic Cryptographic SM9 Algorithm

TANG Fei^{1, 2
, ,},
LING Guowei¹,
SHAN Jinyong³

1.
College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
2.
School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
3.
Beijing Sudo Technology Co., LTD, Beijing 100083, China

Funds: The National Natural Science Foundation of China (61702067), The Chongqing Natural Science Foundations (cstc2020jcyj-msxmX0343)

摘要

摘要: 国产密码算法SM9是我国自主设计的标识密码方案，现已受到各界的广泛关注。为了解决现有属性签名(ABS)方案验签效率不高这一问题，该文基于国密SM9算法构造新的支持树形访问策略的属性签名方案，该方案的验签操作仅需1次双线性对映射和1次指数运算。此外，所提方案具有签名者身份可追踪功能，防止恶意签名者利用属性签名的匿名性进行非法签名操作，从而避免传统属性签名中无条件匿名性下的签名滥用问题。安全分析结果表明所提方案在随机谕言机模型下具有不可伪造性，同时也可抗合谋攻击。与现有的可追踪属性签名方案相比，所提方案的追踪算法效率更高，签名与验签开销也更低。实验结果表明，所提方案验签算法的计算复杂度与策略规模无关，完成1次验签算法仅需2 ms。
- 国产密码算法SM9 /
- 属性签名 /
- 可追踪 /
- 树形访问策略
Abstract: The domestic cryptographic SM9 algorithm is an identity-based cryptographic scheme independently designed by our nation, and has progressively attracted attention from all walks of life. In order to resolve the problem of inefficient verification of the existing Attribute-Based Signature(ABS) schemes, a new attribute-based signature scheme is constructed based on SM9 that supports the dendritic access structure strategy. The signature verification cost of the scheme only requires one bilinear pairing operation and one exponential operation. In addition, the proposed scheme has the function of tracking the identity of the signer, preventing the signer from using anonymity to sign illegally, and avoiding the problem of signature abuse under unconditional anonymity in the traditional attribute-based digital signature scheme. The security analysis results demonstrate that the proposed scheme is unforgeable in random oracle model and can withstand collusion attack. Compared with the existing traceable identity attribute-based signature scheme, the proposed scheme avoids complicated operations for identity tracking algorithm, and has lower signature and verification costs. The experimental results indicate that the computational complexity of the verification has nothing to do with the scale of strategy, and it only takes 2 ms to complete a verification.
- Domestic cryptographic SM9 /
- Attribute-Based Signature(ABS) /
- Traceable /
- Dendritic access strategy

HTML全文

表 1 与现有的ABS方案的功能对比

方案	访问策略	身份可追踪性
文献[20]	门限策略	否
文献[21]	树形策略	是
文献[22]	门限策略	是
文献[23]	树形策略	否
本文方案	树形策略	是

下载: 导出CSV

表 2 与现有的ABS方案的效率对比

方案	${{\rm{TASig}}}$	${{\rm{TAVer}}}$
文献[20]	$(2{S_{\boldsymbol{\varUpsilon}} } + 2)\exp$	$2{S_{\boldsymbol{\varUpsilon}} }{E} + \xi \exp$
文献[21]	$(7{S_{\boldsymbol{\varUpsilon}} } + 14)\exp$	$(2{S_{\boldsymbol{\varUpsilon}} } + 6)\exp + 4{E}$
文献[22]	$12\exp$	$({S_{\boldsymbol{\varUpsilon}} } + 5)\exp + 4{E}$
文献[23]	$(2{S_{\boldsymbol{\varUpsilon}} } + d + 2)\exp$	$({S_{\boldsymbol{\varUpsilon}} } + 2){E}$
本文方案	$\|{S_{\boldsymbol{\varUpsilon}} }\|{ {{\rm{sca}}} _1} + \exp$	${E} + \exp$

下载: 导出CSV

表 3 基本运算效率对比(ms)

运算	效率
${ {{\rm{sca}}} _1}$	0.102
${ {{\rm{sca}}} _2}$	0.347
$\exp$	0.755
${ {{E} } }$	0.842

下载: 导出CSV

表 4 本文所提方案实验结果(ms)

${\text{\|} }{S_{\boldsymbol{\varUpsilon}} }{\text{\|} }$	${\text{Setup}}$	${\text{KeyGen}}$	${{\rm{TASig}}}$	${\text{TAVer}}$
5	1.126	0.987	1.297	1.962
10	1.124	1.488	1.816	1.968
15	1.119	1.997	2.313	1.951
20	1.125	2.736	2.830	1.949
25	1.128	3.122	3.356	1.962

下载: 导出CSV

表 5 与现有的ABS方案的通信与存储对比

方案	系统参数	主私钥	用户私钥	签名
文献[20]	$3\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$(2{S_{\boldsymbol{\varUpsilon}} } + 1)\left\| {{G_1}} \right\|$	$(2{S_{\boldsymbol{\varUpsilon}} } + 2)\left\| {{G_1}} \right\|$
文献[21]	$4\left\| {{G_1}} \right\| + 2\left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$4{S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\|$	$3\left\| {{G_T}} \right\| + 4\left\| {{Z_N}} \right\|$
文献[22]	$2\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$2\left\| {{Z_N}} \right\|$	$3{S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\|$	$4\left\| {{G_1}} \right\|$
文献[23]	$3\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$(2{A_{{\rm{ID}}} } + 1)\left\| { {G_1} } \right\|$	$({S_{\boldsymbol{\varUpsilon}} } + 2)\left\| {{G_1}} \right\|$
本文方案	$\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	${S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\|$	${S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\| + \left\| {{Z_N}} \right\|$

下载: 导出CSV

参考文献(27)

[1]	中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32918.4-2016 信息安全技术 SM2椭圆曲线公钥密码算法第4部分: 公钥加密算法[S]. 北京: 中国标准出版社, 2016. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32918.4-2016. Information security technology-public key cryptographic algorithm SM2 based on elliptic curves-Part 4: Public key encryption algorithm[S]. Beijing: China Standards Press, 2016.
[2]	中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32905-2016 信息安全技术 SM3密码杂凑算法[S]. 北京: 中国标准出版社, 2016. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32905-2016 Information security techniques-SM3 cryptographic hash algorithm[S]. Beijing: China Standards Press, 2016.
[3]	中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32907-2016 信息安全技术 SM4分组密码算法[S]. 北京: 中国标准出版社, 2016. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32907-2016 Information security technology-SM4 block cipher algorithm[S]. Beijing: China Standards Press, 2016.
[4]	国家市场监督管理总局, 国家标准化管理委员会. GB/T 38635.2-2020 信息安全技术 SM9标识密码算法第2部分: 算法[S]. 北京: 中国标准出版社, 2020. State Administration of Market Supervision and State Standardization Administration Committee. GM/T 38635.2-2020 Information security technology—Identity-based cryptographic algorithms SM9—Part 2: Algorithms[S]. Beijing: China Standards Press, 2020.
[5]	ELGAMAL T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469–472. doi: 10.1109/TIT.1985.1057074
[6]	杨亚涛, 蔡居良, 张筱薇, 等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6): 1692–1704. doi: 10.13328/j.cnki.jos.005745 YANG Yatao, CAI Juliang, ZHANG Youwei, et al. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm[J]. Journal of Software, 2019, 30(6): 1692–1704. doi: 10.13328/j.cnki.jos.005745
[7]	马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571–2579. doi: 10.3969/j.issn.0372-2112.2018.11.002 MA Xiaoting, MA Wenping, and LIU Xiaoxue. A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica, 2018, 46(11): 2571–2579. doi: 10.3969/j.issn.0372-2112.2018.11.002
[8]	林超, 何德彪, 谢翔, 等. 基于SM9数字签名算法的范围证明协议设计[J]. 软件学报, http://www.jos.org.cn/1000-9825/0000.htm. LIN Chao, HE Debiao, XIE Xiang, et al. The design of digital signature-based range proof protocols[J]. Journal of Software, http://www.jos.org.cn/1000-9825/0000.htm.
[9]	MU Yongheng, XU Haixia, LI Peili, et al. Secure two-party SM9 signing[J]. Science China Information Sciences, 2020, 63: 189101. doi: 10.1007/s11432-018-9589-x
[10]	涂彬彬, 王现方, 张立廷. 两种分布式SM2/9算法应用[J]. 密码学报, 2020, 7(6): 826–838. doi: 10.13868/j.cnki.jcr.000409 TU Binbin, WANG Xianfang, and ZHANG Liting. Two distributed applications of SM2 and SM9[J]. Journal of Cryptologic Research, 2020, 7(6): 826–838. doi: 10.13868/j.cnki.jcr.000409
[11]	魏荣, 郑昉昱, 林璟锵. 支持国密算法的JavaScript通用密码库的实现[J]. 密码学报, 2020, 7(5): 594–604. doi: 10.13868/j.cnki.jcr.000392 WEI Rong, ZHENG Fangyu, and LIN Jingqiang. Implementation of a general-purpose cryptography library supporting domestic algorithm with JavaScript[J]. Journal of Cryptologic Research, 2020, 7(5): 594–604. doi: 10.13868/j.cnki.jcr.000392
[12]	赖建昌, 黄欣沂, 何德彪. 一种基于商密SM9的高效标识广播加密方案[J]. 计算机学报, 2021, 44(5): 897–907. doi: 10.11897/SP.J.1016.2021.00897 LAI Jianchang, HUANG Xinyi, and HE Debao. An efficient identity-based broadcast encryption scheme based on SM9[J]. Chinese Journal of Computers, 2021, 44(5): 897–907. doi: 10.11897/SP.J.1016.2021.00897
[13]	赖建昌, 黄欣沂, 何德彪, 等. 基于商密SM9的高效标识签密[J]. 密码学报, 2021, 8(2): 314–329. doi: 10.13868/j.cnki.jcr.000440 LAI Jianchang, HUANG Xinyi, HE Debao, et al. An efficient identity-based signcryption scheme based on SM9[J]. Journal of Cryptologic Research, 2021, 8(2): 314–329. doi: 10.13868/j.cnki.jcr.000440
[14]	JI Honghan, ZHANG Hongjie, SHAO Lisong, et al. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud[J]. Connection Science, 2021, 33(4): 1094–1115. doi: 10.1080/09540091.2020.1858757
[15]	BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. 2007 IEEE symposium on security and privacy (SP'07), Berkeley, USA, 2007: 321–334.
[16]	MAJI H K, PRABHAKARAN M, and ROSULEK M. Attribute-based signatures[C]. Cryptographers’ track at the RSA conference. San Francisco, USA, 2011: 376–392.
[17]	LI Youhuizi, CHEN Xu, YIN Yuyu, et al. SDABS: A flexible and efficient multi-authority hybrid attribute-based signature scheme in edge environment[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(3): 1892–1906. doi: 10.1109/TITS.2020.3038910
[18]	SHI Wenbo. A provable secure sealed‐bid multi‐attribute auction scheme under semi‐honest model[J]. International Journal of Communication Systems, 2014, 27(12): 3738–3747. doi: 10.1002/dac.2571
[19]	GUO Rui, SHI Huixian, ZHAO Qinglan, et al. Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems[J]. IEEE Access, 2018, 6: 11676–11686. doi: 10.1109/ACCESS.2018.2801266
[20]	SU Jinshu, CAO Dan, ZHAO Baokang, et al. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things[J]. Future Generation Computer Systems, 2014, 33: 11–18. doi: 10.1016/j.future.2013.10.016
[21]	CUI Hui, DENG R H, and WANG Guilin. An attribute-based framework for secure communications in vehicular ad hoc networks[J]. IEEE/ACM Transactions on Networking, 2019, 27(2): 721–733. doi: 10.1109/TNET.2019.2894625
[22]	SU Qianqian, ZHANG Rui, XUE Rui, et al. Revocable attribute-based signature for blockchain-based healthcare system[J]. IEEE Access, 2020, 8: 127884–127896. doi: 10.1109/ACCESS.2020.3007691
[23]	LI Jin, AU M H, SUSILO W, et al. Attribute-based signature and its applications[C]. The 5th ACM Symposium on Information, Computer and Communications Security, New York, USA, 2010: 60–69.
[24]	BONEH D and FRANKLIN M. Identity-based encryption from the Weil pairing[C]. 21st Annual International Cryptology Conference, Santa Barbara, USA, 2001: 213–229.
[25]	BONEH D and BOYEN X. Short signatures without random oracles[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Switzerland, Interlaken, 2004: 56–73.
[26]	ESCALA A, HERRANZ J, and MORILLO P. Revocable attribute-based signatures with adaptive security in the standard model[C]. 4th International conference on cryptology in Africa, Dakar, Senegal, 2011: 224–241.
[27]	SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612–613. doi: 10.1145/359168.359176

施引文献

期刊类型引用(5)

1.	赵永威, 李弼程, 柯圣财. 基于弱监督E2LSH和显著图加权的目标分类方法. 电子与信息学报. 2016(01): 38-46 . 本站查看
2.	曹玉东, 刘艳洋, 贾旭, 王冬霞. 基于改进的局部敏感哈希算法实现图像型垃圾邮件过滤. 计算机应用研究. 2016(06): 1693-1696 . 百度学术
3.	许喆, 陈福才, 李邵梅, 李星. 基于多探寻局部敏感哈希和单词映射链投票的图像检索方法. 计算机科学. 2014(05): 82-85+106 . 百度学术
4.	李红梅, 郝文宁, 陈刚. 基于精确欧氏局部敏感哈希的协同过滤推荐算法. 计算机应用. 2014(12): 3481-3486 . 百度学术
5.	高毫林, 徐旭, 李弼程. 近似最近邻搜索算法——位置敏感哈希. 信息工程大学学报. 2013(03): 332-340 . 百度学术

其他类型引用(3)

资源附件(0)

访问统计

表(5)

计量

文章访问数: 1259
HTML全文浏览量: 521
PDF下载量: 168
被引次数: 8

姓名
邮箱
手机号码
标题
留言内容
验证码

方案	系统参数	主私钥	用户私钥	签名
文献[20]	$3\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$(2{S_{\boldsymbol{\varUpsilon}} } + 1)\left\| {{G_1}} \right\|$	$(2{S_{\boldsymbol{\varUpsilon}} } + 2)\left\| {{G_1}} \right\|$
文献[21]	$4\left\| {{G_1}} \right\| + 2\left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$4{S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\|$	$3\left\| {{G_T}} \right\| + 4\left\| {{Z_N}} \right\|$
文献[22]	$2\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$2\left\| {{Z_N}} \right\|$	$3{S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\|$	$4\left\| {{G_1}} \right\|$
文献[23]	$3\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	$(2{A_{{\rm{ID}}} } + 1)\left\| { {G_1} } \right\|$	$({S_{\boldsymbol{\varUpsilon}} } + 2)\left\| {{G_1}} \right\|$
本文方案	$\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{Z_N}} \right\|$	${S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\|$	${S_{\boldsymbol{\varUpsilon}} }\left\| {{G_1}} \right\| + \left\| {{G_2}} \right\| + \left\| {{Z_N}} \right\|$

留言板

基于国产密码算法SM9的可追踪属性签名方案

doi: 10.11999/JEIT210747

作者简介:
唐飞：男，副教授，研究方向为公钥密码学、隐私计算、区块链等

凌国玮：男，硕士生，研究方向为公钥密码学、隐私计算等

单进勇：男，博士，研究方向为密码理论与应用、隐私计算等

通讯作者:
唐飞　tangfei@cqupt.edu.cn

计量

Traceable Attribute Signature Scheme Based on Domestic Cryptographic SM9 Algorithm

期刊类型引用(5)

其他类型引用(3)

计量

目录

留言板

基于国产密码算法SM9的可追踪属性签名方案

doi: 10.11999/JEIT210747

作者简介: 唐飞：男，副教授，研究方向为公钥密码学、隐私计算、区块链等 凌国玮：男，硕士生，研究方向为公钥密码学、隐私计算等 单进勇：男，博士，研究方向为密码理论与应用、隐私计算等

通讯作者: 唐飞 tangfei@cqupt.edu.cn

计量

出版历程

Traceable Attribute Signature Scheme Based on Domestic Cryptographic SM9 Algorithm

期刊类型引用(5)

其他类型引用(3)

计量

出版历程

目录

作者简介:
唐飞：男，副教授，研究方向为公钥密码学、隐私计算、区块链等

凌国玮：男，硕士生，研究方向为公钥密码学、隐私计算等

单进勇：男，博士，研究方向为密码理论与应用、隐私计算等

通讯作者:
唐飞　tangfei@cqupt.edu.cn