摘要: |
通用累加器作为一种具有数据压缩性质的重要密码学元件,其多应用于隐私保护相关的区块链系统、身份认证系统以及各类权限管理系统。研究发现目前已有的基于小整数解(SIS)问题困难性假设的通用累加器内部计算效率不高,且更新效率低。因此,本文设计并实现了首个基于环小整数解(Ring-SIS)问题困难性假设的高效通用累加器,其更新开销在平均意义上远低于以往方案,更加适用于更新操作频繁,成员数量更庞大的应用场景。另外针对Ring-SIS通用累加器内的所有成员,本文基于Schnorr-like协议框架提出了首个单轮次执行合理性错误可忽略的被累加值的零知识证明协议。 |
关键词: 通用累加器 知识的零知识证明 |
DOI:10.19363/J.cnki.cn10-1380/tn.2021.07.06 |
投稿时间:2019-07-24修订日期:2019-09-12 |
基金项目:本课题得到国家自然科学基金项目(No.61772521);中科院前沿科学重点研究项目,CAS(No.QYZDB-SSW-SYS035);密码科学技术国家重点实验室开放项目资助。 |
|
Lattice-Based Efficient Universal Accumulator and Zero-Knowledge Proofs of an Accumulated Value |
Tan Zixin,Deng Yi,Ma Li |
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;State Key Laboratory of Cryptology, Beijing 100878, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 101408, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 101408, China |
Abstract: |
As an important cryptographic primitive with data compression property, the universal accumulator is mostly used in block chain system, identity authentication system and various privilege management system related to privacy protection. It is found that the existing universal accumulator based on the assumption of the difficulty of solving small integer solution problem(SIS) is inefficient to compute and update. So this paper designs and implements the first universal accumulator based on the hypothesis that there is a difficulty in solving ring small integer solution(Ring-SIS) problem to realize a more efficient universal accumulator, whose update overhead is much lower on average than previous schemes, and it is more suitable for application scenarios where update operations are frequent and the member size is larger. In addition, aiming at all of the members of the Ring-SIS universal accumulator, this paper proposes the first protocol of zero-knowledge proofs of an accumulated value, which is based on Schnorr-like framework and has negligible soundness error in a single round. |
Key words: universal accumulator zero-knowledge proofs |