信息网络安全 ›› 2020, Vol. 20 ›› Issue (1): 26-32.doi: 10.3969/j.issn.1671-1122.2020.01.004

• 技术研究 • 上一篇    下一篇

抗量子本原格上高效的身份基消息恢复签名方案

张建航1,2(), 曹泽阳1, 宋晓峰2, 徐庆征2   

  1. 1. 空军工程大学防空反导学院,西安 710051
    2. 国防科技大学信息通信学院,西安 710106
  • 收稿日期:2019-08-26 出版日期:2020-01-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:张建航(1979—),男,陕西,讲师,博士研究生,主要研究方向为格密码与信息网络安全;曹泽阳(1967—),男,辽宁,教授,博士,主要研究方向为信息安全保障;宋晓峰(1980—),男,河南,副教授,博士,主要研究方向为信息安全;徐庆征(1980—),男,山东,讲师,博士,主要研究方向为网络安全。

  • 基金资助:
    国家自然科学基金[61872448];陕西省自然科学基金[2018JM6017];国家留学基金[201703170064]

Quantum-resistant Efficient Identity-based Signature Scheme with Message Recovery over Primitive Lattices

ZHANG Jianhang1,2(), CAO Zeyang1, SONG Xiaofeng2, XU Qingzheng2   

  1. 1. Air and Missile Defense College, Air Force Engineering University, Xi’an 710051, China
    2. Information and Communication College, National University of Defense Technology, Xi’an 710106, China
  • Received:2019-08-26 Online:2020-01-10 Published:2020-05-11

摘要:

随着量子算法的提出和量子计算机的快速发展,基于传统数论设计的各类数字签名方案受到严重的潜在威胁。基于格理论的身份基消息恢复签名方案是抗量子的网络信息安全认证的重要方法。然而,已有的两个格上身份基消息恢复签名方案的共同缺点是,在私钥提取阶段采用原像抽样算法,导致方案的整体运行效率较低。针对这一问题,文章在私钥提取阶段引入本原格上新的抽样算法,通过特殊的线性变换和矩阵分解简化抽样过程,并通过在身份签名阶段采用无陷门随机抽样技术,提出一个本原格上高效的身份基消息恢复签名方案。在随机预言机模型下,文章证明了方案在小整数解问题困难性条件下满足适应性选择身份和选择消息攻击下的存在性不可伪造性。理论分析表明,在保证安全性的前提下,方案在私钥提取阶段的抽样时间复杂度和抽样空间复杂度明显优于已有的两个格上身份基消息恢复签名方案,方案的整体运行效率更具有优势。

关键词: 数字签名, 消息恢复, 本原格, 原像抽样算法, 抗量子

Abstract:

With the development of quantum algorithms and quantum computers, all kinds of digital signature schemes based on the traditional number theory are seriously threatened. The signature scheme with message recovery using lattice-based theory is an important quantum-resistant method of network information security authentication. However, the two existing identity-based signature schemes with message recovery over lattices have a common drawback that these schemes are inefficient using the preimage sampleable algorithm in the private key extraction phase. To solve this problem, this paper proposes an efficient identity-based signature scheme with message recovery over the primitive lattices. In the new scheme, the private key is extracted by using a new sampling algorithm over the primitive lattices. The scheme describes a specific choice of linear transformations and matrix decompositions that simplifies the sampling process, and uses a random sampling technology without trapdoors in the identity signature stage. The scheme achieves existential unforgeability against adaptive chosen identity and message under the small integer solution assumption in the random oracle model. Compared with the prior two schemes from the lattice assumptions, the scheme has higher efficiency on the time complexity and space complexity of the sampling process in the private key extraction phase. So the scheme has the advantage of the high efficiency in the all running phase.

Key words: digital signature, message recovery, primitive lattices, preimage sampleable algorithm, quantum-resistant

中图分类号: