信息网络安全 ›› 2024, Vol. 24 ›› Issue (6): 893-902.doi: 10.3969/j.issn.1671-1122.2024.06.007

• 密码专题 • 上一篇    下一篇

基于SM9标识密码算法的可否认环签名方案

丁勇1,2, 罗世东1,2, 杨昌松1,2(), 梁海1,2   

  1. 1.桂林电子科技大学广西密码学与信息安全重点实验室,桂林 541004
    2.桂林电子科技大学工业互联网安全与区块链广西工程研究中心,桂林 541004
  • 收稿日期:2024-04-20 出版日期:2024-06-10 发布日期:2024-07-05
  • 通讯作者: 杨昌松 csyang@guet.edu.cn
  • 作者简介:丁勇(1975—),男,重庆,教授,博士,CCF高级会员,主要研究方向为密码学及其应用、网络空间安全、人工智能、区块链及其应用|罗世东(1996—),男,江西,硕士研究生,主要研究方向为密码学及其应用|杨昌松(1989—),男,广西,副教授,博士,主要研究方向为云计算及其数据安全、应用密码学、网络安全、深度学习及其应用|梁海(1982—),男,广西,副教授,硕士,主要研究方向为区块链及其应用、网络安全、软件项目管理
  • 基金资助:
    国家自然科学基金(62172119);国家自然科学基金(62362013);国家重点研发计划(2023YFB3107301);广西省自然科学基金(2024GXNSFAA010453);广西省自然科学基金(2024GXNSFDA010064)

An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm

DING Yong1,2, LUO Shidong1,2, YANG Changsong1,2(), LIANG Hai1,2   

  1. 1. Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China
    2. Guangxi Engineering Research Center of Industrial Internet Security and Blockchain, Guilin University of Electronic Technology, Guilin 541004, China
  • Received:2024-04-20 Online:2024-06-10 Published:2024-07-05

摘要:

可否认环签名是环签名的拓展,允许环成员无需依赖可信第三方的情况下,能够在必要时通过特定协议确认或者否认自己的签名行为。可否认环签名具有追踪性,兼顾了隐私保护和可控监管的需求。将可否认环签名技术与基于标识的密码体系相结合,既能保留可否认环签名的主要特性,又能克服传统公钥基础设施下用户公钥和证书管理复杂的问题。文章基于SM9数字签名算法,提出一种身份标识的可否认环签名方案,能够实现对环签名的确认和否认,同时避免了公钥证书管理的问题。文章证明了所提方案在随机预言模型下满足正确性、不可伪造性、匿名性、可追踪性和不可诽谤性。通过模拟实验对通信和计算开销进行分析,所提方案仅需常数次的双线性配对操作,且在计算效率和通信成本方面均具有显著优势。

关键词: SM9, 环签名, 可否认环签名, 基于身份标识

Abstract:

A deniable ring signature scheme allows a ring member to confirm the fact of signing or disavow the claim of signing via protocols without a trusted third party. It strikes a balance between privacy protection and controllable oversight. Combining deniable ring signature technology with identity-based cryptography can not only preserve the main features of the properties, but also overcome the complex problems of managing user public keys and certificates under the traditional public key infrastructure. This paper proposed an identity-based deniable ring signature scheme based on SM9 digital signature algorithm. The scheme realized the confirmation and disavowal of a ring signature. This paper formally proves that the proposed scheme is deemed to satisfy the correctness, unforgeability, anonymity, traceability, and non-frameability. Through experimental efficiency analysis, the proposed scheme demonstrates a clear advantage in both computational efficiency and communication costs.

Key words: SM9, ring signature, deniable ring signature, identity-based

中图分类号: