Traceable Attribute Signature Scheme Based on Domestic Cryptographic SM9 Algorithm
-
摘要: 国产密码算法SM9是我国自主设计的标识密码方案,现已受到各界的广泛关注。为了解决现有属性签名(ABS)方案验签效率不高这一问题,该文基于国密SM9算法构造新的支持树形访问策略的属性签名方案,该方案的验签操作仅需1次双线性对映射和1次指数运算。此外,所提方案具有签名者身份可追踪功能,防止恶意签名者利用属性签名的匿名性进行非法签名操作,从而避免传统属性签名中无条件匿名性下的签名滥用问题。安全分析结果表明所提方案在随机谕言机模型下具有不可伪造性,同时也可抗合谋攻击。与现有的可追踪属性签名方案相比,所提方案的追踪算法效率更高,签名与验签开销也更低。实验结果表明,所提方案验签算法的计算复杂度与策略规模无关,完成1次验签算法仅需2 ms。Abstract: The domestic cryptographic SM9 algorithm is an identity-based cryptographic scheme independently designed by our nation, and has progressively attracted attention from all walks of life. In order to resolve the problem of inefficient verification of the existing Attribute-Based Signature(ABS) schemes, a new attribute-based signature scheme is constructed based on SM9 that supports the dendritic access structure strategy. The signature verification cost of the scheme only requires one bilinear pairing operation and one exponential operation. In addition, the proposed scheme has the function of tracking the identity of the signer, preventing the signer from using anonymity to sign illegally, and avoiding the problem of signature abuse under unconditional anonymity in the traditional attribute-based digital signature scheme. The security analysis results demonstrate that the proposed scheme is unforgeable in random oracle model and can withstand collusion attack. Compared with the existing traceable identity attribute-based signature scheme, the proposed scheme avoids complicated operations for identity tracking algorithm, and has lower signature and verification costs. The experimental results indicate that the computational complexity of the verification has nothing to do with the scale of strategy, and it only takes 2 ms to complete a verification.
-
表 2 与现有的ABS方案的效率对比
方案 ${{\rm{TASig}}}$ ${{\rm{TAVer}}}$ 文献[20] $(2{S_{\boldsymbol{\varUpsilon}} } + 2)\exp $ $2{S_{\boldsymbol{\varUpsilon}} }{E} + \xi \exp $ 文献[21] $(7{S_{\boldsymbol{\varUpsilon}} } + 14)\exp $ $(2{S_{\boldsymbol{\varUpsilon}} } + 6)\exp + 4{E} $ 文献[22] $12\exp $ $({S_{\boldsymbol{\varUpsilon}} } + 5)\exp + 4{E} $ 文献[23] $(2{S_{\boldsymbol{\varUpsilon}} } + d + 2)\exp $ $({S_{\boldsymbol{\varUpsilon}} } + 2){E} $ 本文方案 $|{S_{\boldsymbol{\varUpsilon}} }|{ {{\rm{sca}}} _1} + \exp$ ${E} + \exp $ 表 3 基本运算效率对比(ms)
运算 效率 ${ {{\rm{sca}}} _1}$ 0.102 ${ {{\rm{sca}}} _2}$ 0.347 $\exp $ 0.755 ${ {{E} } }$ 0.842 表 4 本文所提方案实验结果(ms)
${\text{|} }{S_{\boldsymbol{\varUpsilon}} }{\text{|} }$ ${\text{Setup}}$ ${\text{KeyGen}}$ ${{\rm{TASig}}}$ ${\text{TAVer}}$ 5 1.126 0.987 1.297 1.962 10 1.124 1.488 1.816 1.968 15 1.119 1.997 2.313 1.951 20 1.125 2.736 2.830 1.949 25 1.128 3.122 3.356 1.962 表 5 与现有的ABS方案的通信与存储对比
方案 系统参数 主私钥 用户私钥 签名 文献[20] $3\left| {{G_1}} \right| + \left| {{G_T}} \right|$ $\left| {{Z_N}} \right|$ $(2{S_{\boldsymbol{\varUpsilon}} } + 1)\left| {{G_1}} \right|$ $(2{S_{\boldsymbol{\varUpsilon}} } + 2)\left| {{G_1}} \right|$ 文献[21] $4\left| {{G_1}} \right| + 2\left| {{G_T}} \right|$ $\left| {{Z_N}} \right|$ $4{S_{\boldsymbol{\varUpsilon}} }\left| {{G_1}} \right|$ $3\left| {{G_T}} \right| + 4\left| {{Z_N}} \right|$ 文献[22] $2\left| {{G_1}} \right| + \left| {{G_T}} \right|$ $2\left| {{Z_N}} \right|$ $3{S_{\boldsymbol{\varUpsilon}} }\left| {{G_1}} \right|$ $4\left| {{G_1}} \right|$ 文献[23] $3\left| {{G_1}} \right| + \left| {{G_T}} \right|$ $\left| {{Z_N}} \right|$ $(2{A_{{\rm{ID}}} } + 1)\left| { {G_1} } \right|$ $({S_{\boldsymbol{\varUpsilon}} } + 2)\left| {{G_1}} \right|$ 本文方案 $\left| {{G_1}} \right| + \left| {{G_2}} \right| + \left| {{G_T}} \right|$ $\left| {{Z_N}} \right|$ ${S_{\boldsymbol{\varUpsilon}} }\left| {{G_1}} \right| + \left| {{G_2}} \right|$ ${S_{\boldsymbol{\varUpsilon}} }\left| {{G_1}} \right| + \left| {{G_2}} \right| + \left| {{Z_N}} \right|$ -
[1] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32918.4-2016 信息安全技术 SM2椭圆曲线公钥密码算法 第4部分: 公钥加密算法[S]. 北京: 中国标准出版社, 2016.General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32918.4-2016. Information security technology-public key cryptographic algorithm SM2 based on elliptic curves-Part 4: Public key encryption algorithm[S]. Beijing: China Standards Press, 2016. [2] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32905-2016 信息安全技术 SM3密码杂凑算法[S]. 北京: 中国标准出版社, 2016.General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32905-2016 Information security techniques-SM3 cryptographic hash algorithm[S]. Beijing: China Standards Press, 2016. [3] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. GB/T 32907-2016 信息安全技术 SM4分组密码算法[S]. 北京: 中国标准出版社, 2016.General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration. GB/T 32907-2016 Information security technology-SM4 block cipher algorithm[S]. Beijing: China Standards Press, 2016. [4] 国家市场监督管理总局, 国家标准化管理委员会. GB/T 38635.2-2020 信息安全技术 SM9标识密码算法 第2部分: 算法[S]. 北京: 中国标准出版社, 2020.State Administration of Market Supervision and State Standardization Administration Committee. GM/T 38635.2-2020 Information security technology—Identity-based cryptographic algorithms SM9—Part 2: Algorithms[S]. Beijing: China Standards Press, 2020. [5] ELGAMAL T. A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31(4): 469–472. doi: 10.1109/TIT.1985.1057074 [6] 杨亚涛, 蔡居良, 张筱薇, 等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6): 1692–1704. doi: 10.13328/j.cnki.jos.005745YANG Yatao, CAI Juliang, ZHANG Youwei, et al. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm[J]. Journal of Software, 2019, 30(6): 1692–1704. doi: 10.13328/j.cnki.jos.005745 [7] 马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571–2579. doi: 10.3969/j.issn.0372-2112.2018.11.002MA Xiaoting, MA Wenping, and LIU Xiaoxue. A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica, 2018, 46(11): 2571–2579. doi: 10.3969/j.issn.0372-2112.2018.11.002 [8] 林超, 何德彪, 谢翔, 等. 基于SM9数字签名算法的范围证明协议设计[J]. 软件学报, http://www.jos.org.cn/1000-9825/0000.htm.LIN Chao, HE Debiao, XIE Xiang, et al. The design of digital signature-based range proof protocols[J]. Journal of Software, http://www.jos.org.cn/1000-9825/0000.htm. [9] MU Yongheng, XU Haixia, LI Peili, et al. Secure two-party SM9 signing[J]. Science China Information Sciences, 2020, 63: 189101. doi: 10.1007/s11432-018-9589-x [10] 涂彬彬, 王现方, 张立廷. 两种分布式SM2/9算法应用[J]. 密码学报, 2020, 7(6): 826–838. doi: 10.13868/j.cnki.jcr.000409TU Binbin, WANG Xianfang, and ZHANG Liting. Two distributed applications of SM2 and SM9[J]. Journal of Cryptologic Research, 2020, 7(6): 826–838. doi: 10.13868/j.cnki.jcr.000409 [11] 魏荣, 郑昉昱, 林璟锵. 支持国密算法的JavaScript通用密码库的实现[J]. 密码学报, 2020, 7(5): 594–604. doi: 10.13868/j.cnki.jcr.000392WEI Rong, ZHENG Fangyu, and LIN Jingqiang. Implementation of a general-purpose cryptography library supporting domestic algorithm with JavaScript[J]. Journal of Cryptologic Research, 2020, 7(5): 594–604. doi: 10.13868/j.cnki.jcr.000392 [12] 赖建昌, 黄欣沂, 何德彪. 一种基于商密SM9的高效标识广播加密方案[J]. 计算机学报, 2021, 44(5): 897–907. doi: 10.11897/SP.J.1016.2021.00897LAI Jianchang, HUANG Xinyi, and HE Debao. An efficient identity-based broadcast encryption scheme based on SM9[J]. Chinese Journal of Computers, 2021, 44(5): 897–907. doi: 10.11897/SP.J.1016.2021.00897 [13] 赖建昌, 黄欣沂, 何德彪, 等. 基于商密SM9的高效标识签密[J]. 密码学报, 2021, 8(2): 314–329. doi: 10.13868/j.cnki.jcr.000440LAI Jianchang, HUANG Xinyi, HE Debao, et al. An efficient identity-based signcryption scheme based on SM9[J]. Journal of Cryptologic Research, 2021, 8(2): 314–329. doi: 10.13868/j.cnki.jcr.000440 [14] JI Honghan, ZHANG Hongjie, SHAO Lisong, et al. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud[J]. Connection Science, 2021, 33(4): 1094–1115. doi: 10.1080/09540091.2020.1858757 [15] BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. 2007 IEEE symposium on security and privacy (SP'07), Berkeley, USA, 2007: 321–334. [16] MAJI H K, PRABHAKARAN M, and ROSULEK M. Attribute-based signatures[C]. Cryptographers’ track at the RSA conference. San Francisco, USA, 2011: 376–392. [17] LI Youhuizi, CHEN Xu, YIN Yuyu, et al. SDABS: A flexible and efficient multi-authority hybrid attribute-based signature scheme in edge environment[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(3): 1892–1906. doi: 10.1109/TITS.2020.3038910 [18] SHI Wenbo. A provable secure sealed‐bid multi‐attribute auction scheme under semi‐honest model[J]. International Journal of Communication Systems, 2014, 27(12): 3738–3747. doi: 10.1002/dac.2571 [19] GUO Rui, SHI Huixian, ZHAO Qinglan, et al. Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems[J]. IEEE Access, 2018, 6: 11676–11686. doi: 10.1109/ACCESS.2018.2801266 [20] SU Jinshu, CAO Dan, ZHAO Baokang, et al. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things[J]. Future Generation Computer Systems, 2014, 33: 11–18. doi: 10.1016/j.future.2013.10.016 [21] CUI Hui, DENG R H, and WANG Guilin. An attribute-based framework for secure communications in vehicular ad hoc networks[J]. IEEE/ACM Transactions on Networking, 2019, 27(2): 721–733. doi: 10.1109/TNET.2019.2894625 [22] SU Qianqian, ZHANG Rui, XUE Rui, et al. Revocable attribute-based signature for blockchain-based healthcare system[J]. IEEE Access, 2020, 8: 127884–127896. doi: 10.1109/ACCESS.2020.3007691 [23] LI Jin, AU M H, SUSILO W, et al. Attribute-based signature and its applications[C]. The 5th ACM Symposium on Information, Computer and Communications Security, New York, USA, 2010: 60–69. [24] BONEH D and FRANKLIN M. Identity-based encryption from the Weil pairing[C]. 21st Annual International Cryptology Conference, Santa Barbara, USA, 2001: 213–229. [25] BONEH D and BOYEN X. Short signatures without random oracles[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Switzerland, Interlaken, 2004: 56–73. [26] ESCALA A, HERRANZ J, and MORILLO P. Revocable attribute-based signatures with adaptive security in the standard model[C]. 4th International conference on cryptology in Africa, Dakar, Senegal, 2011: 224–241. [27] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612–613. doi: 10.1145/359168.359176
表(5)
计量
- 文章访问数: 1107
- HTML全文浏览量: 438
- PDF下载量: 166
- 被引次数: 0