A Quantum-Resistant Threshold Signature Scheme for Database Audit Logs

CHEN Dajiang; ZHANG Yiwen; JIAO Lihua; WANG Baizheng; CHEN Ruidong

doi:10.11999/JEIT251320

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2026 >

CHEN Dajiang, ZHANG Yiwen, JIAO Lihua, WANG Baizheng, CHEN Ruidong. A Quantum-Resistant Threshold Signature Scheme for Database Audit Logs[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251320

Citation:

CHEN Dajiang, ZHANG Yiwen, JIAO Lihua, WANG Baizheng, CHEN Ruidong. A Quantum-Resistant Threshold Signature Scheme for Database Audit Logs[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251320

Citation:

PDF( 1497 KB)

A Quantum-Resistant Threshold Signature Scheme for Database Audit Logs

doi: 10.11999/JEIT251320 cstr: 32379.14.JEIT251320

University of Electronic Science and Technology of China, Chengdu 610054, China

Funds: National Key Research and Development Program of China (No. 2023YFB3106402), Natural Science Foundation of Sichuan Province (No. 2024NSFJQ0030, No. 24NSFSC1771)

Accepted Date: 2026-03-24
Rev Recd Date: 2026-03-24

Available Online: 2026-04-19

Abstract

Abstract

Objective The rapid development of quantum computing has raised critical security concerns for current database audit-logging systems that still rely on classical public-key signature algorithms such as RSA and ECDSA. These schemes are vulnerable to Shor’s algorithm, which breaks integer-factorization- and discrete-logarithm-based cryptography in polynomial time. Grover’s algorithm further amplifies the risks by reducing the brute-force complexities of hash-based and symmetric primitives, undermining the long-term reliability of existing audit-log protection mechanisms in large-scale cloud and data-intensive infrastructures. Database audit logs serve as foundational evidence for ensuring data integrity, accountability, and traceability across distributed systems. Their security degradation under quantum-capable adversaries could impose severe operational, compliance, and forensic consequences. To address these challenges, this work aims to design a quantum-resistant audit-logging framework that simultaneously satisfies practical constraints on efficiency, real-time verification, scalable deployment, and distributed trust management. The objective is to provide a robust cryptographic foundation for next-generation database auditing systems capable of maintaining unforgeability and tamper-resistance against quantum threats.Methods To achieve these goals, the proposed framework integrates multiple post-quantum cryptographic primitives and distributed-security mechanisms. First, a hybrid hash-based signature layer is constructed by combining FORS and XMSS-T. FORS provides fast few-time signatures suitable for high-frequency log events, while XMSS-T organizes authentication paths in a Merkle-tree hierarchy to enable scalable state management. Their combination yields a high-security, multi-level quantum-resistant signing structure. Second, the design introduces a Shamir (r,n) threshold-sharing mechanism to decentralize the signing key into multiple fragments managed by independent audit agents. This avoids single points of failure, supports collaborative attestation workflows, and ensures that no individual party possesses complete signing authority. Third, a chained-hash structure is incorporated to bind consecutive log entries via one-way linkability, thereby providing strong tamper evidence and chronological integrity. Fourth, the framework defines a complete set of system algorithms—setup, key distribution, partial-signature generation, signature aggregation, log-chain update, and verification—that operate efficiently under distributed execution. To formally analyze security, the system is modeled under the quantum random-oracle model, and adversarial capabilities are described through UF-CMA, IND-CCA, and IND-CKA2 games, capturing quantum-capable forgery attempts, decryption misuse, and index indistinguishability attacks. A prototype implementation is developed and benchmarked on realistic multi-node settings to evaluate its performance across log scales, message sizes, interval configurations, and threshold ratios. Results and Discussions Experimental evaluations demonstrate that the proposed scheme achieves a favorable balance between quantum-resistant security and system performance. When handling large-scale logs, the average signing latency exhibits linear scalability with respect to log volume, validating the efficiency of the chain-hash structure (Table 2). Compared with traditional PQC signatures such as Dilithium and SPHINCS+, the integration of threshold signing reduces peak computational load on individual nodes while maintaining robust security guarantees. Performance tests further show that the proposed mechanism sustains a stable throughput of approximately 2,000 operations per second. The message-size sensitivity analysis indicates that latency grows linearly with log size, while remaining manageable even for messages exceeding 4 KB (Fig. 2b). Additionally, varying the threshold parameters ((r/n)) reveals a measurable but moderate impact on system latency; higher thresholds enhance security resistance against collusion at the cost of a slight delay increase (Fig. 2e). The interval-based chained signing strategy effectively reduces signature-generation frequency, thereby improving system throughput without sacrificing log-integrity guarantees. These results confirm that the proposed mechanism is well-suited for cloud and distributed database environments that demand real-time auditing and high-volume log processing. Conclusions This work presents a quantum-resistant database audit-logging mechanism that integrates hash-based signatures, threshold secret sharing, and chained log-integrity protection. The scheme provides strong security assurances in the post-quantum setting, including provable unforgeability, confidentiality, and tamper-resistance, supported by rigorous proofs in the QROM framework. Experimental results demonstrate that the mechanism maintains high signing and verification efficiency under large-scale deployment conditions, with excellent scalability across diverse log sizes, message lengths, and threshold configurations. Owing to its distributed trust model and future-proof cryptographic foundations, the proposed scheme provides a practical and secure solution for next-generation database audit systems in cloud computing, big-data analytics, and compliance-critical infrastructures.
- Post-quantum signature,
- Database audit logs,
- Threshold secret sharing,
- Data security

FullText(HTML)

References(17)

References

[1]	ISLAM M S and RAHMAN M S. LogStamping: A blockchain-based log auditing approach for large-scale systems[EB/OL]. https://arxiv.org/abs/2505.17236, 2025.
[2]	马金花, 黄欣沂, 许俊鹏, 等. 公开可审计的可修订签名方案[J]. 电子与信息学报, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836. MA Jinhua, HUANG Xinyi, XU Junpeng, et al. Public accountable redactable signature scheme[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836.
[3]	SERENGIL S and OZPINAR A. LightDSA: A python-based hybrid digital signature library and performance analysis of RSA, DSA, ECDSA and EdDSA in variable configurations, elliptic curve forms and curves[EB/OL]. https://arxiv.org/abs/2505.23773, 2025.
[4]	BARRAL D, CARDAMA J, DÍAZ-CAMACHO G, et al. Review of distributed quantum computing: From single QPU to high performance quantum computing[J]. Computer Science Review, 2025, 57: 100747. doi: 10.1016/j.cosrev.2025.100747.
[5]	CHEN Lidong, JORDAN S P, LIU Yikai, et al. Report on post-quantum cryptography[R]. Gaithersburg, MD, USA: National Institute of Standards and Technology, 2016.
[6]	JOSEPH D, MISOCZKI R, MANZANO M, et al. Transitioning organizations to post-quantum cryptography[J]. Nature, 2022, 605(7909): 237–243. doi: 10.1038/s41586-022-04623-2.
[7]	AIKATA A, MERT A C, IMRAN M, et al. KaLi: A crystal for post-quantum security using Kyber and Dilithium[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2023, 70(2): 747–758. doi: 10.1109/TCSI.2022.3219555.
[8]	JACKSON K A, MILLER C A, and WANG Daochen. Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model[C]. Proceedings of the 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Zurich, Switzerland, 2024: 418–446. DOI: 10.1007/978-3-031-58751-1_15.
[9]	严迎建, 常雅静, 朱春生, 等. 基于循环密文的格密码模板攻击方法[J]. 电子与信息学报, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164. YAN Yingjian, CHANG Yajing, ZHU Chunsheng, et al. A lattice cipher template attack method based on recurrent cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164.
[10]	BUCHMANN J, DAHMEN E, and HÜLSING A. XMSS-a practical forward secure signature scheme based on minimal security assumptions[C]. Proceedings of the 4th International Workshop on Post-Quantum Cryptography, Taipei, China, 2011: 117–129. doi: 10.1007/978-3-642-25405-5_8.
[11]	BERNSTEIN D J, HOPWOOD D, HÜLSING A, et al. SPHINCS: Practical stateless hash-based signatures[C]. Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 368–397. doi: 10.1007/978-3-662-46800-5_15.
[12]	YASUDA T and SAKURAI K. A multivariate encryption scheme with rainbow[C]. Proceedings of the 17th International Conference on Information and Communications Security, Beijing, China, 2015: 236–251. doi: 10.1007/978-3-319-29814-6_19.
[13]	BERNSTEIN D J. Post-quantum cryptography[M]. JAJODIA S, SAMARATI P, YUNG M. Encyclopedia of Cryptography, Security and Privacy. Cham, Switzerland: Springer, 2025: 1846–1847. doi: 10.1007/978-3-030-71522-9_386.
[14]	BORGES F, REIS P R, and PEREIRA D. A comparison of security and its performance for key agreements in post-quantum cryptography[J]. IEEE Access, 2020, 8: 142413–142422. doi: 10.1109/ACCESS.2020.3013250.
[15]	GUR K D, KATZ J, and SILDE T. Two-round threshold lattice-based signatures from threshold homomorphic encryption[C]. Proceedings of the 15th International Workshop on Post-Quantum Cryptography, Oxford, UK, 2024: 266–300. Doi: 10.1007/978-3-031-62746-0_12.
[16]	李凤华, 李晖, 牛犇, 等. 数据要素流通与安全的研究范畴与未来发展趋势[J]. 通信学报, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106. LI Fenghua, LI Hui, NIU Ben, et al. Research category and future development trend of data elements circulation and security[J]. Journal on Communications, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106. [17] HUELSING A, BUTIN D, GAZDAG S, et al. XMSS: eXtended Merkle signature scheme[R]. RFC 8391, 2018. (查阅网上资料,本条文献包含两条文献,请确认).
[17]	BUCHMANN J, DAHMEN E, and HÜLSING A. XMSS-a practical forward secure signature scheme based on minimal security assumptions[C]. Proceedings of the 4th International Workshop on Post-Quantum Cryptography, Taipei, China, 2011: 117–129. doi: 10.1007/978-3-642-25405-5_8. (查阅网上资料,本条文献与第10条文献重复,请确认).