A Certificate-Based Digital Signature Scheme

doi:10.3969/j.issn.1671-1122.2023.03.002

Abstract

Abstract:

Digital signature is an important tool to realize digital authentication. It has the characteristics of identity authentication, anti-repudiation, and anti-forgery. Therefore, it is widely used in current network communication, e-commerce and other scenarios. Certificate-based signature is a special signature algorithm that can solve both the certificate verification problem in traditional signature algorithms and the key escrow problem in identity-based signature algorithms. This paper proposed a certificate-based digital signature scheme. The certificate authority did not need to provide certificate status information to the entire system, but only needed to contact the certificate holder for revocation and renewal. The scheme proposed in this paper consisted of system initialization algorithm, user key generation algorithm, certificate authorization algorithm, signature algorithm and verification algorithm, and it was proved in the random oracle model that the scheme can resist both Type I and Type II adversaries. The existence of unforgeability under adaptive chosen message attack was satisfied. Compared with other certificate-based signature schemes, the scheme proposed in this paper has obvious advantages in communication overhead and is more suitable for application scenarios with limited communication resources.

Key words: SM9 digital signature algorithm, certificate-based cryptosystem, bilinear pairings

CLC Number:

TP309

AN Haoyang, HE Debiao, BAO Zijian, PENG Cong. A Certificate-Based Digital Signature Scheme[J]. Netinfo Security, 2023, 23(3): 13-21.

Figures/Tables 4

References 21

[1]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Workshop on the Theory and Application of Cryptographic Techniques. Berlin:Springer, 1984: 47-53.
[2]	GENTRY C. Certificate-Based Encryption and the Certificate Revocation Problem[C]// Springer. International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2003: 272-293.
[3]	KANG B G, PARK J H, HAHN S G. A Certificate-Based Signature Scheme[C]// Springer. Cryptographers’ Track at the RSA Conference. Berlin:Springer, 2004: 99-111.
[4]	LI Jiguo, HUANG Xinyi, MU Yi, et al. Certificate-Based Signature: Security Model and Efficient Construction[C]// Springer. European Public Key Infrastructure Workshop. Berlin:Springer, 2007: 110-125.
[5]	WU Wei, MU Yi, SUSILO W, et al. Certificate-Based Signatures: New Definitions and a Generic Construction from Certificateless Signatures[C]// Springer. International Workshop on Information Security Applications(WISA) 2008. Berlin:Springer, 2008: 99-114.
[6]	HUANG Rufen, HUANG Zhenjie, CHEN Qunshan. A Generic Conversion from Proxy Signatures to Certificate-Based Signatures[J]. Journal of Internet Technology, 2021, 22(1): 209-217.
[7]	WU Libing, ZHANG Yubo, REN Yongjun, et al. Efficient Certificate-Based Signature Scheme for Electronic Commerce Security Using Bilinear Pairing[J]. Journal of Internet Technology, 2017, 18(5): 1159-1166.
[8]	MA Xinxin, SHAO Jun, ZUO Cong, et al. Efficient Certificate-Based Signature and Its Aggregation[C]// Springer. Information Security Practice and Experience(ISPEC) 2017. Berlin:Springer, 2017: 391-408.
[9]	LIU J K, BAEK J, SUSILO W, et al. Certificate-Based Signature Schemes Without Pairings or Random Oracles[C]// Springer. International Conference on Information Security. Berlin:Springer, 2008: 285-297.
[10]	ZHANG Jianhong. On the Security of a Certificate-Based Signature Scheme and Its Improvement with Pairings[C]// Springer. Information Security Practice and Experience(ISPEC). Berlin:Springer, 2008: 285-297.
[11]	LU Yang, LI Jiguo. Improved Certificate‐Based Signature Scheme Without Random Oracles[J]. IET Information Security, 2016, 10(2): 80-86. doi: 10.1049/ise2.v10.2 URL
[12]	ZHOU Caixue, CUI Zongmin. Certificate‐Based Signature Scheme in the Standard Model[J]. IET Information Security, 2017, 11(5): 256-260. doi: 10.1049/ise2.v11.5 URL
[13]	WANG Guoqiang, CAO Yanmei. An Efficient Certificate-Based Signature Scheme in the Standard Model[C]// Springer. International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2021: 313-329.
[14]	AU M H, LIU J K, SUSILO W, et al. Certificate Based (Linkable) Ring Signature[C]// Springer. International Conference on Information Security Practice and Experience. Berlin:Springer, 2007: 79-92.
[15]	YUAN Feng, CHENG Zhaohui. Overview on SM9 Identity-Based Cryptographic Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 1008-1027.
[16]	ZHANG Chao, PENG Changgen, DING Hongfa, et al. SM9-Based Searchable Encryption Scheme[J]. Computer Engineering, 2022(7): 159-167.
	张超, 彭长根, 丁红发, 等. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022(7): 159-167.
[17]	PENG Cong, HE Debiao, LUO Min, et al. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734. doi: 10.13868/j.cnki.jcr.000473
	彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4):724-734.
[18]	ZHANG Xuefeng, PENG Hua. Blind Signature Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2019, 19(8): 61-67.
[19]	ZHANG Yu, SUN Guangmin, LI Yu. Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm[J]. Netinfo Security, 2021, 21(4): 1-9.
[20]	LIU J K, BAO Feng, ZHOU Jianying. Short and Efficient Certificate-Based Signature[C]// Springer. International Conference on Research in Networking. Berlin: Springer, 2011: 167-178.
[21]	PEREIRA G C C F, SIMPLICIO J M A, NAEHRIG M, et al. A Family of Implementation-Friendly BN Elliptic Curves[J]. Journal of Systems and Software, 2011, 84(8): 1319-1326. doi: 10.1016/j.jss.2011.03.083 URL

方案	安全模型	公共参数		用户公钥		签名长度		证书长度
方案	安全模型	理论分析	大小 /bit	理论分析	大小 /bit	理论分析	大小/bit	理论分析	大小/bit
文献[6]方案	随机谕言机模型	$2\left\| G \right\|$	2048	$\left\| G \right\|$	1024	$\left\| G \right\|$	1024	$\left\| G \right\|$	1024
文献[8]方案	随机谕言机模型	$2\left\| G \right\|$	2048	$\left\| G \right\|$	1024	$2\left\| G \right\|$	2048	$2\left\| G \right\|$	2048
文献[12]方案	标准模型	$\left( n+3 \right)\left\| G \right\|$	265216	$4\left\| G \right\|$	4096	$3\left\| G \right\|$	3072	$2\left\| G \right\|$	2048
文献[13]方案	标准模型	$3\left\| {{G}_{1}} \right\|+5\left\| {{G}_{2}} \right\|$	6656	$2\left\| {{G}_{2}} \right\|$	2048	$3\left\| {{G}_{1}} \right\|$	1536	$2\left\| {{G}_{1}} \right\|$	1024
本文方案	随机谕言机模型	$2\left\| {{G}_{1}} \right\|+2\left\| {{G}_{2}} \right\|$	3072	$\left\| {{G}_{2}} \right\|$	1024	$\left\| \mathbf{Z}_{q}^{*} \right\|+\left\| {{G}_{1}} \right\|$	768	$\left\| {{G}_{1}} \right\|$	512

符号	描述	时间/ms
${{E}_{1}}$	群${{G}_{1}}$中的点乘运算	1.730
${{E}_{2}}$	群${{G}_{2}}$中的点乘运算	5.190
${{E}_{G}}$	群$G$中的取幂运算	0.370
${{E}_{{{G}_{T}}}}$	群${{G}_{T}}$中的取幂运算	19.070
$B{{P}_{1}}$	Type 1双线性对运算	7.410
$B{{P}_{2}}$	Type 3双线性对运算	62.340
$P{{A}_{G}}$	群$G$中的点加运算	0.020
$P{{A}_{1}}$	群${{G}_{1}}$中的点加运算	0.010
$P{{A}_{2}}$	群${{G}_{2}}$中的点加运算	0.020
${{M}_{{{G}_{T}}}}$	群${{G}_{T}}$中的模乘运算	0.040
${{M}_{Inv1}}$	Type 1双线性对中域$\mathbf{Z}_{q}^{*}$上的模逆运算	0.030
${{M}_{Inv2}}$	Type 3双线性对中域$\mathbf{Z}_{q}^{*}$上的模逆运算	0.002

方案	证书生成		签名		验证
方案	理论分析	时间/ms	理论分析	时间/ms	理论分析	时间/ms
文献[6]方案	E_G	0.370	E_G+M_Inv₁	0.400	E_G+PA_G+2BP₁	15.210
文献[8]方案	2E_G	0.740	4E_G+3PA_G	1.540	E_G+PA_G+4BP₁	30.030
文献[12]方案	(n+1)PA_G+3E_G	11.370	4E_G+PA_G	1.500	(n+3)PA_G+7BP₁	62.170
文献[13]方案	2E₁	3.460	3PA₁+5E₁	8.680	4PA₂+M_GT+ 3E₂+3BP₂	202.710
本文方案	E₁	1.730	2E₁+E_GT+ BP₂+2M_Inv₂	84.874	M_GT+E_GT+ 2BP₂+PA₂	143.810