一种基于SM9的代理环签名方案

doi:10.3969/j.issn.1671-1122.2025.12.006

摘要/Abstract

摘要：

针对代理环签名在对用户身份信息保护要求较高场景中的应用需求，文章基于SM9数字签名算法，提出一种代理环签名方案，包括系统初始化、密钥提取、代理委托、代理验证、签名和验证6个步骤。密钥生成中心使用用户标识计算用户的密钥，原始签名者使用已知信息计算代理授权，然后将代理授权委托给代理签名者。代理签名者验证委托的真实性后，通过签名步骤产生代理环签名，产生的签名可以使用验证算法验证。该方案不仅实现了签名权利的委托，同时通过环签名的匿名性保护签名者的隐私，并在随机预言机模型下证明了其具有适应性选择消息攻击下的不可伪造性。通过效率分析表明，该方案效率较高，有较好的实用性。

关键词: SM9, 数字签名, 代理环签名

Abstract:

In view of the application requirements of proxy ring signature in scenarios requiring high user identity protection, this paper proposed a proxy ring signature scheme based on SM9 digital signature algorithm. The scheme included six steps: setup, extract, proxydelegation, verifyproxy, sign and verify. The Key Generation Center uses the user ID to calculate the user’s key, and the original signer used the known information to calculate the proxy authorization, and then delegated the proxy authorization to the proxy signer. After the proxy signer verified the authentiecity of the authorization, the proxy ring signature was generated through the signature step, and the generated signature can be verified by the authentication algorithm. The scheme not only realizes the entrustment of signature rights, but also protects the privacy of signers through the anonymity of ring signatures. It is also proved that the scheme is unforgeable under adaptive selective message attacks under random prophecy model. The efficiency analysis shows that the proposed scheme has higher efficiency and better practicability.

Key words: SM9, digital signature, proxy ring signature

中图分类号:

TP309

张雪锋, 王柯航. 一种基于SM9的代理环签名方案[J]. 信息网络安全, 2025, 25(12): 1901-1913.

ZHANG Xuefeng, WANG Kehang. A Proxy Ring Signature Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2025, 25(12): 1901-1913.

图/表 9

图1

图2

表1

表2

表3

表4

表5

图3

图4

参考文献 23

[1]	DIFFIE W, HELLMAN M E. New Directions in Cryptography[J]. IEEE Transactions on Information Theory, 1976, 22(6): 644-654. doi: 10.1109/TIT.1976.1055638 URL
[2]	RIVEST R L, SHAMIR A, ADLEMAN L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems[J]. Communications of the ACM, 1978, 21(2): 120-126. doi: 10.1145/359340.359342 URL
[3]	MAMBO M, USUDA K, OKAMOTO E. Proxy Signatures for Delegating Signing Operation[C]// ACM.The 3rd ACM Conference on Computer and Communications Security. New York: ACM,1996: 48-57.
[4]	RIVEST R L, SHAMIR A, TAUMAN Y. How to Leak a Secret[C]// Springer.Advances in Cryptology—ASIACRYPT 2001: The 7th International Conference on the Theory and Application of Cryptology and Information Security Gold Coast. Heidelberg:Springer, 2001: 552-565.
[5]	ZHANG Fangguo, SAFAVI-NAINI R, LIN C Y. New Proxy Signature, Proxy Blind Signature and Proxy Ring Signature Schemes from Bilinear Pairing[EB/OL].(2003-11-02) [2025-03-01]. https://eprint.iacr.org/2003/104.pdf.
[6]	CHENG Wenqing, LANG Weimin, YANG Zongkai, et al. An Identity-Based Proxy Ring Signature Scheme from Bilinear Pairings[C]// IEEE. The 9th International Symposium on Computers and Communications. New York: IEEE, 2004: 424-429.
[7]	YU Yong, YANG Bo, LI Fagen, et al. An Efficient Proxy Ring Signature Scheme[J]. Journal of Beijing University of Posts and Telecommunications, 2007, 30(3):23-26. doi: 10.13190/jbupt.200703.23.yuy
	禹勇, 杨波, 李发根, 等. 一个有效的代理环签名方案[J]. 北京邮电大学学报, 2007, 30(3):23-26. doi: 10.13190/jbupt.200703.23.yuy
[8]	CHEN Ke, MIAO Fuyou, XIONG Yan. RSA-Based Proxy Ring Signature Scheme[J]. Computer Science, 2009, 36(2):132-136.
	陈珂, 苗付友, 熊焰. 基于RSA的代理环签名方案[J]. 计算机科学, 2009, 36(2):132-136.
[9]	ASAAR M R, SALMASIZADEH M, SUSILO W. A Provably Secure Identity‐Based Proxy Ring Signature Based on RSA[J]. Security and Communication Networks, 2015, 8(7): 1223-1236. doi: 10.1002/sec.v8.7 URL
[10]	XU Zhang, YANG Xiaoyuan, WEI Kang. Identity-Based Proxy Ring Signature on Lattice in the Standard Model[J]. Journal of Shandong University (Natural Science), 2015, 50(11):40-46.
	许章, 杨晓元, 魏康. 在标准模型下格上基于身份的代理环签名[J]. 山东大学学报(理学版), 2015, 50(11):40-46.
[11]	LIU Lianhai, WANG Yujue, ZHANG Jingwei, et al. Efficient Proxy Ring Signature for VANET[J]. The Journal of Engineering, 2019(9): 5449-5454.
[12]	YUAN Yuqi, LIU Ning, ZHANG Yanshuo. Design of Identity-Based Proxy Ring Signature Scheme on ISRSAC[J]. Journal of Beijing Electronic Science and Technology Institute, 2023, 31(3):62-77.
	袁煜淇, 刘宁, 张艳硕. ISRSAC上基于身份的代理环签名方案设计[J]. 北京电子科技学院学报, 2023, 31(3):62-77.
[13]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer.Cryptology-CRYPTO 1984. Heidelberg:Springer, 1984: 47-53.
[14]	GM/T0044-2016 Information Security Technology-Identity Based Cryptographic Algorithms SM9[S]. Beijing: Standards Press of China, 2016.
	GM/T0044-2016 SM9标识密码算法[S]. 北京: 中国标准出版社, 2016.
[15]	CHENG Zhaohui. Security Analysis of SM9 Key Agreement and Encryption[C]// Springer.Information Security and Cryptology:The 14th International Conference. Heidelberg:Springer, 2019: 3-25.
[16]	PENG Cong, HE Debiao, LUO Min, et al. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4):724-734.
	彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4):724-734.
[17]	LAI Jianchang, HUANG Xinyi, HE Debiao, et al. An Efficient Identity-Based Signcryption Scheme Based on SM9[J]. Journal of Cryptologic Research, 2021, 8(2):314-329.
	赖建昌, 黄欣沂, 何德彪, 等. 基于商密SM9的高效标识签密[J]. 密码学报, 2021, 8(2):314-329. doi: 10.13868/j.cnki.jcr.000440
[18]	ZHANG Chao, PENG Changgen, DING Hongfa, et al. Searchable Encryption Scheme Based on China State Cryptography Standard SM9[J]. Computer Engineering, 2022, 48(7): 159-167. doi: 10.19678/j.issn.1000-3428.0062771
	张超, 彭长根, 丁红发, 等. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022, 48(7):159-167. doi: 10.19678/j.issn.1000-3428.0062771
[19]	DING Yong, LUO Shidong, YANG Changsong, et al. An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm[J]. Netinfo Security, 2024, 24(6):893-902.
	丁勇, 罗世东, 杨昌松, 等. 基于SM9标识密码算法的可否认环签名方案[J]. 信息网络安全, 2024, 24(6):893-902.
[20]	SHAO Qing, ZHANG Leijun. Transaction Privacy Protection Scheme for Consortium Blockchain Utilizing SM9 and Blind Signature[J]. Journal of Chinese Computer Systems, 2025, 46(1):217-224.
	邵清, 张磊军. 结合SM9和盲签名的联盟链交易隐私保护方案[J]. 小型微型计算机系统, 2025, 46(1):217-224.
[21]	HERRANZ J, SAEZ G. Forking Lemmas for Ring Signature Schemes[C]// Springer.International Conference on Cryptology (Indocrypt' 03). Heidelberg: Springer, 2003: 266-279.
[22]	BARRETO P S L M, LIBERT B, MCCULLAGH N, et al. Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps[C]// Springer. The 11th International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg:Springer, 2005: 515-532.
[23]	YUAN Sen. Research on Signature Scheme Based on SM Cryptographic Algorithm and Its Application[D]. Lanzhou: Northwest Normal University, 2022.
	袁森. 基于国密算法的签名方案及应用研究[D]. 兰州: 西北师范大学, 2022.

特性	文献[7]	文献[16]	文献[19]	文献[23]	本文方案
可验证性	√	√	√	√	√
不可伪造性	√	√	√	√	√
可代理	√	×	×	√	√
匿名性	√	√	√	×	√

符号	定义
$\|{{G}_{1}}\|$	群${{G}_{1}}$中元素的大小
$\|{{G}_{2}}\|$	群${{G}_{2}}$中元素的大小
$\|{{G}_{T}}\|$	群${{G}_{T}}$中元素的大小
$\|Z_{N}^{*}\|$	$Z_{N}^{*}$中元素的大小
$\|G\|$	群$G$中元素的大小
$\|{{Z}_{q}}\|$	${{Z}_{q}}$中元素的大小
$n$	环成员数量

方案	代理委托	签名长度/bit
文献[7]	$\|Z_{N}^{*}\|+\|{{G}_{1}}\|$	$\|Z_{N}^{*}\|+2\|{{G}_{1}}\|$
文献[16]	—	$\|Z_{N}^{*}\|+n\|{{G}_{1}}\|$
文献[19]	—	$\|Z_{N}^{*}\|+n\|{{G}_{1}}\|+\|{{G}_{T}}\|$
文献[23]	$2\|{{G}_{1}}\|+3\|{{G}_{T}}\|$	$\|Z_{N}^{*}\|+\|{{G}_{1}}\|+\|{{G}_{T}}\|$
本文方案	$2\|{{G}_{1}}\|$	$\|Z_{N}^{*}\|+n\|{{G}_{1}}\|+\|{{G}_{T}}\|$

符号	定义	运行时间/$\text{ms}$
$BP$	双线性对运算	12.5270
${{M}_{{{G}_{1}}}}$	群${{G}_{1}}$中的点乘运算	0.0242
${{M}_{{{G}_{2}}}}$	群${{G}_{2}}$中的点乘运算	0.0357
${{M}_{{{G}_{T}}}}$	群${{G}_{T}}$中的乘法运算	3.9232
${{E}_{{{G}_{T}}}}$	群${{G}_{T}}$中的幂运算	1.3327
$H$	哈希操作	10.1442
$n$	环成员数量	—

方案	代理委托	代理验证	签名	验证
文献[7]	—	—	(3n+1)M_G₁+(n-1)H	nM_G₁+2BP+nH
文献[16]	—	—	(n+1)M_G₁+ (n-1)M_G₂+(n-1)M_GT+ nBP+(n-1)E_GT+ (2n-1)H	nM_G₂+nM_GT+ nBP+2nH
文献[19]	—	—	(n+4)M_G₁+M_G₂+ 2M_GT+4BP+H	2M_G₁+M_G₂+4M_GT+ 4BP+3E_GT+2H
文献[23]	2M_G₁+3E_GT+ 2H	M_G₁+M_G₂+ 2BP+E_GT+2H	M_G₁+E_GT+H	2M_G₁+M_GT+ BP+E_GT+4H
本文方案	3M_G₁+E_GT+ H	M_G₂+M_GT+ BP+E_GT	(n+2)M_G₁+2M_G₂+ 3M_GT+3BP+E_GT+H	2M_G₁+M_G₂+4M_GT+ 2BP+2E_GT+H