摘要: |
无证书密码体制是在传统的基于证书的公钥密码体制和身份基的密码体制的基础上提出的一种新的密码体制。无证书密码体制不仅克服了传统公钥密码体制中的证书管理问题,更是解决了身份基的密码体制中的密钥托管问题,在巧妙地克服两者缺点的同时,将两者的优势相结合。在实际应用中,高效和安全是大家设计方案所需要追求的目标,因此如何设计出安全高效的无证书密码算法一直是大家关注的焦点。多重签名用于证明一组签名者已对给定消息进行了签名,其签名长度与签名者数量无关。在区块链等共识场景中,使用多重签名算法是一种兼顾安全和效率的解决方案。目前,多重签名被越来越多地应用在区块链等共识场景下,其优点在于减少区块的存储消耗、正确性验证时间等。然而在共识场景下应用的多重签名方案中默认签名者为诚实实体,因此当存在“Byzantine节点”时,无法保证多重签名的安全有效。为了将无证书密码体制以及多重签名的优势结合起来,并提高多重签名方案在共识场景下的鲁棒性,本文提出了一种基于无证书的子分组多重签名方案。该方案中允许群中任意合法子分组代表群产生多重签名,并在签名聚合前验证所有单个签名的有效性。在本文中,我们定义了方案的鲁棒性,并给出了相应的证明;在随机预言机模型下,我们证明了本文方案在适应性选择消息攻击下具有不可伪造性。最后,由效率分析和仿真实验表明,本文方案中的多重签名生成效率较高。 |
关键词: 无证书 子分组 多重签名 鲁棒性 CDH假设 |
DOI:10.19363/J.cnki.cn10-1380/tn.2024.09.03 |
投稿时间:2023-01-18修订日期:2023-04-20 |
基金项目:本文受国家自然科学基金项目(No.62372245)、2022年信息安全国家重点实验室开放课题项目(No.2022-MS-5)、江苏省研究生科研与实践创新计划项目(No.KYCX22_0987)资助。 |
|
A Certificateless Subgroup Multi-Signature Scheme |
WANG Yuhang,XU Zheqing,WANG Zhiwei,LIU Feng |
School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China |
Abstract: |
The certificateless cryptosystem is a new cryptosystem proposed on the basis of traditional certificate based public key cryptosystems and identity based cryptosystems. The certificateless cryptosystem not only overcomes the certificate management problem in traditional public key cryptosystems, but also solves the key escrow problem in identity-based cryptosystems. While cleverly overcoming the shortcomings of the two, it combines their advantages. In practical applications, efficiency and security are the goals that everyone needs to pursue when designing solutions, so how to design secure and efficient certificateless password algorithms has always been a focus of attention. Multi-signatures are used to prove that a group of signers have signed a given message, and their signature length is independent of the number of signers. In consensus scenarios such as blockchain, using multi-signature algorithms is a solution that balances security and efficiency. Currently, multi-signature is increasingly being applied in consensus scenarios such as blockchain, with the advantages of reducing block storage consumption and correctness verification time. However, in the multi-signature scheme applied in consensus scenarios, the default signer is an honest entity, so when there is a “Byzantine node”, the security and effectiveness of the multi-signature cannot be guaranteed. In order to combine the advantages of certificateless cryptography and multi-signature, and improve the robustness of multi-signature schemes in consensus scenarios, this paper proposes a sub group multi-signature scheme based on certificateless. In this scheme, any legitimate subgroup within the group is allowed to generate multi-signatures on behalf of the group, and the validity of all individual signatures is verified before signature aggregation. In this article, we define the robustness of the scheme and provide corresponding proof; under the random oracle machine model, we prove that the scheme in this paper is unforgeable under the adaptive selection message attack. Finally, efficiency analysis and simulation experiments show that the multi-signature generation efficiency in this scheme is relatively high. |
Key words: certificateless subgroups multi-signature robustness Computational Diffie-Hellman(CDH) assumption |