西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (2): 161-168.doi: 10.19665/j.issn1001-2400.2023.02.016

• 网络空间安全与其他 • 上一篇    下一篇

格上身份基可追踪环签名方案

叶青1(),陈晴晴1(),豆永鹏2(),张静1,汤永利1()   

  1. 1.河南理工大学 软件学院,河南 焦作 454003
    2.陆军装备部驻西安军事代表局驻西安地区第七军事代表室,陕西 西安 710065
  • 收稿日期:2022-07-28 出版日期:2023-04-20 发布日期:2023-05-12
  • 作者简介:叶 青(1981—),女,副教授,E-mail:504112472@qq.com;|陈晴晴(1995—),女,河南理工大学硕士研究生,E-mail:18839136082@163.com;|豆永鹏(1982—),男,高级工程师,E-mail:296812083@qq.com;|汤永利(1972—),男,教授,E-mail:yltang@hpu.edu.cn
  • 基金资助:
    国家自然科学基金(61802117);河南省高校科技创新团队支持计划(20IRTSTHN013);河南理工大学青年骨干教师资助计划(2018XQG-10)

Identity-based traceable ring signature scheme on lattice

YE Qing1(),CHEN Qingqing1(),DOU Yongpeng2(),ZHANG Jing1,TANG Yongli1()   

  1. 1. School of Software,Henan Polytechnic University,Jiaozuo 454003,China
    2. The Seventh Military Representative Office of the Military Representative Bureau of the Army Equipment Department in Xi’an,Xi’an 710065,China
  • Received:2022-07-28 Online:2023-04-20 Published:2023-05-12

摘要:

环签名是一种可为签名者提供无条件匿名保护的特殊数字签名。而可追踪环签名是环签名的一种变体,旨在防止签名者滥用环签名的匿名性,即可追踪环签名为签名者提供的匿名性不是无条件的,在签名者的某些行为下会导致其身份被泄露。可追踪环签名在电子投票系统和电子现金系统中扮演重要角色。针对目前格上可追踪环签名方案基于PKI体制构造,存在复杂的数字证书管理负担,文中将基于身份密码学与格上可追踪环签名相结合,提出第一个格上身份基可追踪环签名方案。与以往可追踪环签名方案不同,所提方案依据Baum等格上可链接环签名方案的框架,采用原像取样和拒绝采样等技术构造,避免使用臃肿的零知识证明技术。随机预言模型下,所提方案可被证明满足标签可链接性、匿名性以及抗陷害性,方案的安全性可规约至SIS和ISIS问题。另外,与相关方案相比,所提方案在时间开销和存储开销上也具有一定优势。

关键词: 格, 基于身份密码学, 可追踪环签名, 小整数解问题

Abstract:

The ring signature is a special digital signature that can provide unconditional anonymous protection for signers,and a traceable ring signature is a variant of the ring signature,which aims to prevent signers from abusing the anonymity of the ring signature,that is,the anonymity provided by the traceable ring signature for signers is not unconditional,which will lead to the identity of signers being disclosed under certain behaviors of the signer.The traceable ring signature plays an important role in an electronic voting system and an electronic cash system.Aiming at the present situation that traceable ring signature schemes on lattice are based on the PKI system and have a complex burden of digital certificate management,this paper combines identity-based cryptography with the traceable ring signature on lattice and proposes the first identity-based traceable ring signature scheme on the lattice.Different from the previous traceable ring signature schemes,the proposed scheme is constructed according to the framework of Baum et al.’s linkable ring signature scheme on lattice and based on the techniques of preimage sampling and reject sampling,etc.,thus avoiding the use of cumbersome zero-knowledge proofs.Under the random oracle model,it is proved that the proposed scheme can meet the tag-linkability,anonymity and exculpability,and that the security can be reduced to SIS and ISIS problems.In addition,compared with the related schemes,the proposed scheme also has some advantages in time overhead and storage overhead.

Key words: lattice, identity-based cryptography, traceable ring signature, small integer solution problem

中图分类号: 

  • TP309