Identity-Based Chameleon Signature Schemes over Lattices
-
摘要: 变色龙签名(CS)是一种比较理想的指定验证者签名,其采用变色龙哈希函数来实现签名的不可传递性,使得任意第三方不信任指定验证者所披露的内容,且避免了不可否认签名必须在线交互验证的缺陷。在满足不可传递性的同时,变色龙签名还要求满足不可伪造性以及签名者可拒绝性和不可抵赖性等。针对基于大整数分解或离散对数等数论难题的变色龙签名无法抵御量子计算机攻击,以及用户对公钥数字证书依赖的问题,该文给出了格上基于身份的变色龙签名(IBCS),新方案避免了已有方案存在的签名者无法拒绝指定验证者伪造的签名的安全性漏洞,并将最终签名的传输开销由平方级降为线性级;进一步地,针对变色龙签名在仲裁阶段不可传递性失效的问题,给出了格上抗消息暴露的基于身份的变色龙签名,新方案使得签名者能够在不暴露消息内容的条件下拒绝任意敌手伪造的变色龙签名。特别地,基于格上经典的小整数解问题,两个方案在随机预言机模型下是可证明安全的。Abstract: Chameleon Signature (CS) is an ideal designated verifier signature, it realizes non-transferability by using chameleon hash function, makes any third party distrust the content disclosed by a designated verifier, and avoids the shortcoming of online interactive verification of undeniable signature. In addition to non-transferability, CS also should satisfy unforgeability, deniability, non-repudiation for the signer, and so on. To solve the problems that cryptosystems based on the number theory problems such as integer factorization or discrete logarithm cannot resist quantum computing attacks and users rely on digital certificates, an Identity-Based Chameleon Signature (IBCS) over lattices is proposed, the new scheme avoids the security vulnerability that the signer cannot reject the forged signature of the designated verifier in the existing schemes, and reduces the transmission cost of the final signature from square to linear; Furthermore, to solve the failure problem of non-transferability in the arbitration phase, an IBCS scheme with exposure-freeness over lattices is proposed, the new scheme enables the signer to reject a forged signature of any adversary without exposing the real message. Particularly, based on the hardness of the small integer solution problem, both schemes can be proved secure in the random oracle model.
-
表 1 效率分析
方案 公共参数长度 签名长度 不可伪造性 不可传递性 可拒绝性 不可抵赖性 抗消息暴露性 安全模型 文献[12] $\tilde {\mathcal{O} }\left( { {n^2} } \right)$ $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \times $ $ \surd $ $ \times $ $ \surd $ $ \times $ 随机预言机 文献[13] $ \tilde {\mathcal{O}}\left( {{n^3}} \right) $ $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \surd $ $ \surd $ $ \times $ $ \surd $ $ \times $ 标准 文献[14] $ \tilde {\mathcal{O}}\left( {{k_0} \cdot {n^2}} \right) $ $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \surd $ $ \times $ $ - $ $ - $ $ - $ 标准 文献[15] $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \tilde {\mathcal{O}}\left( {{k_1} \cdot n} \right) $ $ \surd $ $ \surd $ $ \surd $ $ \surd $ $ \times $ 随机预言机 本文方案1 $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \tilde {\mathcal{O}}\left( n \right) $ $ \surd $ $ \surd $ $ \surd $ $ \surd $ $ \times $ 随机预言机 本文方案2 $ \tilde {\mathcal{O}}\left( {{n^2}} \right) $ $ \tilde {\mathcal{O}}\left( n \right) $ $ \surd $ $ \surd $ $ \surd $ $ \surd $ $ \surd $ 随机预言机 注:$ {k_0} $表示同态计算的数据集尺寸,$ {k_1} $表示有向无环图的内部顶点数;$ \times $表示不满足,$ \surd $表示满足,$ - $表示不考虑。 
下载: 导出CSV
-
[1] CHAUM D and VAN ANTWERPEN H. Undeniable signatures[C]. The Conference on the Theory and Application of Cryptology, Santa Barbara, USA, 1989: 212–216. [2] JAKOBSSON M, SAKO K, and IMPAGLIAZZO R. Designated verifier proofs and their applications[C]. The International Conference on the Theory and Applications of Cryptographic Techniques, Saragossa, Spain, 1996: 143–154. [3] KRAWCZYK H and RABIN T. Chameleon hashing and signatures[OL]. http://eprint.iacr.org/1998/10.1998.3. [4] SHAMIR A. Identity-based cryptosystems and signature schemes[C]. The Workshop on the Theory and Application of Cryptographic Techniques, Santa Barbara, USA, 1984: 47–53. [5] ATENIESE G and DE MEDEIROS B. Identity-based chameleon hash and applications[C]. The 8th International Conference on Financial Cryptography, Key West, USA, 2004: 164–180. [6] XIE Zhikang, SHEN Qingni, LI Cong, et al. Identity-based chameleon hash without random oracles and application in the mobile internet[C]. ICC 2021-IEEE International Conference on Communications, Montreal, Canada, 2021: 1–6. [7] WU Chunhui, KE Lishan, and DU Yusong. Quantum resistant key-exposure free chameleon hash and applications in redactable blockchain[J]. Information Sciences, 2021, 548: 438–449. doi: 10.1016/j.ins.2020.10.008. [8] LI Cong, SHEN Qingni, XIE Zhikang, et al. Efficient identity-based chameleon hash for mobile devices[C]. ICASSP 2022-2022 IEEE International Conference on Acoustics, Speech and Signal Processing, Singapore, 2022: 3039–3043. [9] NIST. PQC standardization process: Announcing four candidates to be standardized, plus fourth round candidates[EB/OL]. https://csrc.nist.gov/news/2022/pqc-candidates-to-be-standardized-and-round-4, 2022. [10] JOSEPH D, MISOCZKI R, MANZANO M, et al. Transitioning organizations to post-quantum cryptography[J]. Nature, 2022, 605(7909): 237–243. doi: 10.1038/s41586-022-04623-2. [11] CASH D, HOFHEINZ D, KILTZ E, et al. Bonsai trees, or how to delegate a lattice basis[C]. The 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Riviera, French, 2010: 523–552. [12] 谢璇, 喻建平, 王廷, 等. 基于格的变色龙签名方案[J]. 计算机科学, 2013, 40(2): 117–119. doi: 10.3969/j.issn.1002-137X.2013.02.026.XIE Xuan, YU Jianping, WANG Ting, et al. Chameleon signature scheme based on lattice[J]. Computer Science, 2013, 40(2): 117–119. doi: 10.3969/j.issn.1002-137X.2013.02.026. [13] NOH G and JEONG I R. Strong designated verifier signature scheme from lattices in the standard model[J]. Security and Communication Networks, 2016, 9(18): 6202–6214. doi: 10.1002/sec.1766. [14] XIE Dong, PENG Haipeng, LI Lixiang, et al. Homomorphic signatures from chameleon hash functions[J]. Information Technology and Control, 2017, 46(2): 274–286. doi: 10.5755/j01.itc.46.2.14320. [15] THANALAKSHMI P, ANITHA R, ANBAZHAGAN N, et al. A hash-based quantum-resistant chameleon signature scheme[J]. Sensors, 2021, 21(24): 8417. doi: 10.3390/s21248417. [16] GENTRY C, PEIKERT C, and VAIKUNTANATHAN V. Trapdoors for hard lattices and new cryptographic constructions[C]. The 40th Annual ACM Symposium on Theory of Computing, Victoria, Canada, 2008: 197–206. [17] AJTAI M. Generating hard instances of lattice problems (extended abstract)[C]. The 28th Annual ACM Symposium on Theory of Computing, Philadelphia, USA, 1996: 99–108. [18] ALWEN J and PEIKERT C. Generating shorter bases for hard random lattices[J]. Theory of Computing Systems, 2011, 48(3): 535–553. doi: 10.1007/s00224-010-9278-3. [19] MICCIANCIO D and PEIKERT C. Trapdoors for lattices: Simpler, tighter, faster, smaller[C]. The 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, 2012: 700–718. [20] AGRAWAL S, BONEH D, and BOYEN X. Lattice basis delegation in fixed dimension and shorter-Ciphertext hierarchical IBE[C]. The 30th Annual Cryptology Conference, Santa Barbara, USA, 2010: 98–115. -
表(1)
计量
- 文章访问数: 598
- HTML全文浏览量: 246
- PDF下载量: 110
- 被引次数: 0
下载:
