一种基于证书的数字签名方案

doi:10.3969/j.issn.1671-1122.2023.03.002

信息网络安全 ›› 2023, Vol. 23 ›› Issue (3): 13-21.doi: 10.3969/j.issn.1671-1122.2023.03.002

一种基于证书的数字签名方案

安浩杨¹^,², 何德彪¹^,²(), 包子健¹^,², 彭聪¹^,²

1.武汉大学国家网络安全学院，武汉 430072
2.武汉大学空天信息安全与可信计算教育部重点实验室，武汉 430072

收稿日期:2022-09-23 出版日期:2023-03-10 发布日期:2023-03-14
通讯作者: 何德彪 E-mail:hedebiao@163.com
作者简介:安浩杨（1997—），男，山西，博士研究生，主要研究方向为密码协议、区块链技术与应用|何德彪（1980—），男，湖北，教授，博士，主要研究方向为密码协议、信息安全、区块链技术与应用|包子健（1994—），男，安徽，博士研究生，主要研究方向为密码协议、区块链技术与应用|彭聪（1989—），男，湖北，副研究员，博士，主要研究方向为公钥密码学
基金资助:
国家重点研发计划(2021YFA1000600);中央高校基本科研业务费专项资金项目(2042022kf0045);国家自然科学基金(U21A20466);国家自然科学基金(61972294);国家自然科学基金(61932016)

A Certificate-Based Digital Signature Scheme

AN Haoyang¹^,², HE Debiao¹^,²(), BAO Zijian¹^,², PENG Cong¹^,²

1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
2. Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, China

Received:2022-09-23 Online:2023-03-10 Published:2023-03-14
Contact: HE Debiao E-mail:hedebiao@163.com

摘要/Abstract

摘要：

数字签名是实现数字认证的重要工具之一，具有身份合法性认证、抗抵赖、防伪造等特性，普遍应用于网络通信、电子商务等场景。基于证书签名是一种特殊的签名算法，该算法可以同时解决传统数字签名算法的证书验证问题和基于身份数字签名算法的密钥托管问题。文章提出一种基于证书的数字签名方案，证书颁发机构不需要将证书状态信息提供给整个系统，只需要联系证书持有者进行吊销和更新即可。文章所提方案由系统初始化算法、用户密钥生成算法、证书授权算法、签名算法和验证算法构成。文章在随机谕言机模型中证明该方案可以同时抵抗Type I敌手和Type II敌手，满足自适应选择消息攻击下的存在性不可伪造。与其他基于证书签名方案相比，文章所提方案在通信开销方面具有明显优势，更适用于通信资源有限的应用场景。

关键词: SM9数字签名算法, 基于证书签名, 双线性对

Abstract:

Digital signature is an important tool to realize digital authentication. It has the characteristics of identity authentication, anti-repudiation, and anti-forgery. Therefore, it is widely used in current network communication, e-commerce and other scenarios. Certificate-based signature is a special signature algorithm that can solve both the certificate verification problem in traditional signature algorithms and the key escrow problem in identity-based signature algorithms. This paper proposed a certificate-based digital signature scheme. The certificate authority did not need to provide certificate status information to the entire system, but only needed to contact the certificate holder for revocation and renewal. The scheme proposed in this paper consisted of system initialization algorithm, user key generation algorithm, certificate authorization algorithm, signature algorithm and verification algorithm, and it was proved in the random oracle model that the scheme can resist both Type I and Type II adversaries. The existence of unforgeability under adaptive chosen message attack was satisfied. Compared with other certificate-based signature schemes, the scheme proposed in this paper has obvious advantages in communication overhead and is more suitable for application scenarios with limited communication resources.

Key words: SM9 digital signature algorithm, certificate-based cryptosystem, bilinear pairings

中图分类号:

TP309

安浩杨, 何德彪, 包子健, 彭聪. 一种基于证书的数字签名方案[J]. 信息网络安全, 2023, 23(3): 13-21.

AN Haoyang, HE Debiao, BAO Zijian, PENG Cong. A Certificate-Based Digital Signature Scheme[J]. Netinfo Security, 2023, 23(3): 13-21.

图/表 4

图1

表1

表2

表3

参考文献 21

[1]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Workshop on the Theory and Application of Cryptographic Techniques. Berlin:Springer, 1984: 47-53.
[2]	GENTRY C. Certificate-Based Encryption and the Certificate Revocation Problem[C]// Springer. International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2003: 272-293.
[3]	KANG B G, PARK J H, HAHN S G. A Certificate-Based Signature Scheme[C]// Springer. Cryptographers’ Track at the RSA Conference. Berlin:Springer, 2004: 99-111.
[4]	LI Jiguo, HUANG Xinyi, MU Yi, et al. Certificate-Based Signature: Security Model and Efficient Construction[C]// Springer. European Public Key Infrastructure Workshop. Berlin:Springer, 2007: 110-125.
[5]	WU Wei, MU Yi, SUSILO W, et al. Certificate-Based Signatures: New Definitions and a Generic Construction from Certificateless Signatures[C]// Springer. International Workshop on Information Security Applications(WISA) 2008. Berlin:Springer, 2008: 99-114.
[6]	HUANG Rufen, HUANG Zhenjie, CHEN Qunshan. A Generic Conversion from Proxy Signatures to Certificate-Based Signatures[J]. Journal of Internet Technology, 2021, 22(1): 209-217.
[7]	WU Libing, ZHANG Yubo, REN Yongjun, et al. Efficient Certificate-Based Signature Scheme for Electronic Commerce Security Using Bilinear Pairing[J]. Journal of Internet Technology, 2017, 18(5): 1159-1166.
[8]	MA Xinxin, SHAO Jun, ZUO Cong, et al. Efficient Certificate-Based Signature and Its Aggregation[C]// Springer. Information Security Practice and Experience(ISPEC) 2017. Berlin:Springer, 2017: 391-408.
[9]	LIU J K, BAEK J, SUSILO W, et al. Certificate-Based Signature Schemes Without Pairings or Random Oracles[C]// Springer. International Conference on Information Security. Berlin:Springer, 2008: 285-297.
[10]	ZHANG Jianhong. On the Security of a Certificate-Based Signature Scheme and Its Improvement with Pairings[C]// Springer. Information Security Practice and Experience(ISPEC). Berlin:Springer, 2008: 285-297.
[11]	LU Yang, LI Jiguo. Improved Certificate‐Based Signature Scheme Without Random Oracles[J]. IET Information Security, 2016, 10(2): 80-86. doi: 10.1049/ise2.v10.2 URL
[12]	ZHOU Caixue, CUI Zongmin. Certificate‐Based Signature Scheme in the Standard Model[J]. IET Information Security, 2017, 11(5): 256-260. doi: 10.1049/ise2.v11.5 URL
[13]	WANG Guoqiang, CAO Yanmei. An Efficient Certificate-Based Signature Scheme in the Standard Model[C]// Springer. International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2021: 313-329.
[14]	AU M H, LIU J K, SUSILO W, et al. Certificate Based (Linkable) Ring Signature[C]// Springer. International Conference on Information Security Practice and Experience. Berlin:Springer, 2007: 79-92.
[15]	YUAN Feng, CHENG Zhaohui. Overview on SM9 Identity-Based Cryptographic Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 1008-1027.
[16]	ZHANG Chao, PENG Changgen, DING Hongfa, et al. SM9-Based Searchable Encryption Scheme[J]. Computer Engineering, 2022(7): 159-167.
	张超, 彭长根, 丁红发, 等. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022(7): 159-167.
[17]	PENG Cong, HE Debiao, LUO Min, et al. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734. doi: 10.13868/j.cnki.jcr.000473
	彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4):724-734.
[18]	ZHANG Xuefeng, PENG Hua. Blind Signature Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2019, 19(8): 61-67.
[19]	ZHANG Yu, SUN Guangmin, LI Yu. Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2021, 21(4): 1-9.
[20]	LIU J K, BAO Feng, ZHOU Jianying. Short and Efficient Certificate-Based Signature[C]// Springer. International Conference on Research in Networking. Berlin: Springer, 2011: 167-178.
[21]	PEREIRA G C C F, SIMPLICIO J M A, NAEHRIG M, et al. A Family of Implementation-Friendly BN Elliptic Curves[J]. Journal of Systems and Software, 2011, 84(8): 1319-1326. doi: 10.1016/j.jss.2011.03.083 URL

方案	安全模型	公共参数		用户公钥		签名长度		证书长度
方案	安全模型	理论分析	大小 /bit	理论分析	大小 /bit	理论分析	大小/bit	理论分析	大小/bit
文献[6]方案	随机谕言机模型	$2\left\| G \right\|$	2048	$\left\| G \right\|$	1024	$\left\| G \right\|$	1024	$\left\| G \right\|$	1024
文献[8]方案	随机谕言机模型	$2\left\| G \right\|$	2048	$\left\| G \right\|$	1024	$2\left\| G \right\|$	2048	$2\left\| G \right\|$	2048
文献[12]方案	标准模型	$\left( n+3 \right)\left\| G \right\|$	265216	$4\left\| G \right\|$	4096	$3\left\| G \right\|$	3072	$2\left\| G \right\|$	2048
文献[13]方案	标准模型	$3\left\| {{G}_{1}} \right\|+5\left\| {{G}_{2}} \right\|$	6656	$2\left\| {{G}_{2}} \right\|$	2048	$3\left\| {{G}_{1}} \right\|$	1536	$2\left\| {{G}_{1}} \right\|$	1024
本文方案	随机谕言机模型	$2\left\| {{G}_{1}} \right\|+2\left\| {{G}_{2}} \right\|$	3072	$\left\| {{G}_{2}} \right\|$	1024	$\left\| \mathbf{Z}_{q}^{*} \right\|+\left\| {{G}_{1}} \right\|$	768	$\left\| {{G}_{1}} \right\|$	512

符号	描述	时间/ms
${{E}_{1}}$	群${{G}_{1}}$中的点乘运算	1.730
${{E}_{2}}$	群${{G}_{2}}$中的点乘运算	5.190
${{E}_{G}}$	群$G$中的取幂运算	0.370
${{E}_{{{G}_{T}}}}$	群${{G}_{T}}$中的取幂运算	19.070
$B{{P}_{1}}$	Type 1双线性对运算	7.410
$B{{P}_{2}}$	Type 3双线性对运算	62.340
$P{{A}_{G}}$	群$G$中的点加运算	0.020
$P{{A}_{1}}$	群${{G}_{1}}$中的点加运算	0.010
$P{{A}_{2}}$	群${{G}_{2}}$中的点加运算	0.020
${{M}_{{{G}_{T}}}}$	群${{G}_{T}}$中的模乘运算	0.040
${{M}_{Inv1}}$	Type 1双线性对中域$\mathbf{Z}_{q}^{*}$上的模逆运算	0.030
${{M}_{Inv2}}$	Type 3双线性对中域$\mathbf{Z}_{q}^{*}$上的模逆运算	0.002

方案	证书生成		签名		验证
方案	理论分析	时间/ms	理论分析	时间/ms	理论分析	时间/ms
文献[6]方案	E_G	0.370	E_G+M_Inv₁	0.400	E_G+PA_G+2BP₁	15.210
文献[8]方案	2E_G	0.740	4E_G+3PA_G	1.540	E_G+PA_G+4BP₁	30.030
文献[12]方案	(n+1)PA_G+3E_G	11.370	4E_G+PA_G	1.500	(n+3)PA_G+7BP₁	62.170
文献[13]方案	2E₁	3.460	3PA₁+5E₁	8.680	4PA₂+M_GT+ 3E₂+3BP₂	202.710
本文方案	E₁	1.730	2E₁+E_GT+ BP₂+2M_Inv₂	84.874	M_GT+E_GT+ 2BP₂+PA₂	143.810

一种基于证书的数字签名方案

A Certificate-Based Digital Signature Scheme

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 21

相关文章 13

编辑推荐

Metrics

本文评价

[1]	郭瑞, 陈宇霜, 郑东. 无线医疗传感网络中基于区块链的高效无证书聚合签名方案[J]. 信息网络安全, 2020, 20(10): 6-18.
[2]	刘全明, 冯杰, 李尹楠, 苏莎莎. 区分身份所在层数的HIBE方案[J]. 信息网络安全, 2019, 19(11): 14-23.
[3]	黎琳, 张旭霞. zk-snark的双线性对的国密化方案[J]. 信息网络安全, 2019, 19(10): 10-15.
[4]	程庆丰, 阮展靖, 张瑞杰. 对三个无双线性对的密钥协商协议分析[J]. 信息网络安全, 2019, 19(1): 16-26.
[5]	王越, 程相国, 王戌琦. 基于双线性对的密钥隔离群签名方案研究[J]. 信息网络安全, 2018, 18(6): 61-66.
[6]	陈亚萌, 程相国, 王硕, 高明. 基于双线性对的无证书群签名方案研究[J]. 信息网络安全, 2017, 17(3): 53-58.
[7]	唐春明, 高隆. 区块链系统下的多方密钥协商协议[J]. 信息网络安全, 2017, 17(12): 17-21.
[8]	矢敏, 叶伟伟, 欧庆于. 不需双线性对的基于身份的认证密钥协商协议[J]. 信息网络安全, 2016, 16(10): 21-27.
[9]	赵洋, 陈阳, 熊虎, 任化强. 云环境下一种可撤销授权的数据拥有性证明方案[J]. 信息网络安全, 2015, 15(8): 1-7.
[10]	秦志光, 包文意, 赵洋, 熊虎. 云计算里的一种无双线性对的模糊关键字加密方式[J]. 信息网络安全, 2015, 15(11): 1-6.
[11]	李舜鹏;张明武. 基于双线性对签名的安全移动客户端[J]. , 2013, 13(5): 0-0.
[12]	李伟;吕克伟. 类背包DH问题的比特安全性研究[J]. , 2013, 13(10): 0-0.
[13]	李发根;王超;熊虎. 基于双线性对的具有已知签名人的门限代理签名方案[J]. , 2009, 9(3): 0-0.