An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm

doi:10.3969/j.issn.1671-1122.2024.06.007

Abstract

Abstract:

A deniable ring signature scheme allows a ring member to confirm the fact of signing or disavow the claim of signing via protocols without a trusted third party. It strikes a balance between privacy protection and controllable oversight. Combining deniable ring signature technology with identity-based cryptography can not only preserve the main features of the properties, but also overcome the complex problems of managing user public keys and certificates under the traditional public key infrastructure. This paper proposed an identity-based deniable ring signature scheme based on SM9 digital signature algorithm. The scheme realized the confirmation and disavowal of a ring signature. This paper formally proves that the proposed scheme is deemed to satisfy the correctness, unforgeability, anonymity, traceability, and non-frameability. Through experimental efficiency analysis, the proposed scheme demonstrates a clear advantage in both computational efficiency and communication costs.

Key words: SM9, ring signature, deniable ring signature, identity-based

CLC Number:

TP309

DING Yong, LUO Shidong, YANG Changsong, LIANG Hai. An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm[J]. Netinfo Security, 2024, 24(6): 893-902.

Figures/Tables 8

References 27

[1]	RIVEST R L, SHAMIR A, TAUMAN Y. How to Leak a Secret[C]// Springer. Advances in Cryptology—ASIACRYPT 2001: 7th International Conference on the Theory and Application of Cryptology and Information Security Gold Coast. Heidelberg: Springer, 2001: 552-565.
[2]	QIU Chi, ZHANG Shibin, CHANG Yan, et al. Electronic Voting Scheme Based on a Quantum Ring Signature[J]. International Journal of Theoretical Physics, 2021, 60: 1550-1555.
[3]	KOMANO Y, OHTA K, SHIMBO A, et al. Toward the Fair Anonymous Signatures: Deniable Ring Signatures[C]// Springer. Cryptographers’ Track at the RSA Conference. Heidelberg: Springer, 2006: 174-191.
[4]	WU Qianhong, SUSILO W, MU Yi, et al. Ad Hoc Group Signatures[C]// Springer. International Workshop on Security. Heidelberg: Springer, 2006: 120-135.
[5]	CAMENISCH J, MICHELS M. A Group Signature Scheme Based on an RSA-Variant[J]. BRICS Report Series, 1998, 5(27): 160-174.
[6]	BENALOH J, DE M M. One-Way Accumulators: A Decentralized Alternative to Digital Signatures[C]// Springer. Workshop on the Theory and Application of Cryptographic Techniques. Heidelberg: Springer, 1993: 274-285.
[7]	LIU D Y W, LIU J K, MU Yi, et al. Revocable Ring Signature[J]. Journal of Computer Science and Technology, 2007, 22: 785-794.
[8]	ZENG Shengke, JIANG Shaoquan, QIN Zhiguang. An Efficient Conditionally Anonymous Ring Signature in the Random Oracle Model[J]. Theoretical Computer Science, 2012, 461: 106-114.
[9]	ZENG Shengke, LI Qinyi, QIN Zhiguang, et al. Non-Interactive Deniable Ring Signature without Random Oracles[J]. Security and Communication Networks, 2016, 9(12): 1810-1819.
[10]	GAO Wen, CHEN Liqun, HU Yupu, et al. Lattice-Based Deniable Ring Signatures[J]. International Journal of Information Security, 2019, 18: 355-370.
[11]	PARK S, SEALFON A. It Wasn’t Me! Repudiability and Claimability of Ring Signatures[C]// Springer. Advances in Cryptology-CRYPTO 2019: 39th Annual International Cryptology Conference. Heidelberg: Springer, 2019: 159-190.
[12]	JIA Huiwen, TANG Chunming, ZHANG Yanhua. Lattice-Based Logarithmic-Size Non-Interactive Deniable Ring Signatures[J]. Entropy, 2021, 23(8): 980.
[13]	LIN Hao, WANG Mingqiang. Repudiable Ring Signature: Stronger Security and Logarithmic-Size[EB/OL]. (2022-03-01)[2024-04-15]. https://api.semanticscholar.org/CorpusID:207988596.
[14]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Advances in Cryptology:Proceedings of CRYPTO 84 4. Heidelberg: Springer, 1985: 47-53.
[15]	ZHANG Fangguo, KIM K. ID-Based Blind Signature and Ring Signature from Pairings[C]// Springer. Advances in Cryptology-ASIACRYPT 2002. Heidelberg: Springer, 2002: 533-547.
[16]	LIN C Y, WU T C. An Identity-Based Ring Signature Scheme from Bilinear Pairings[C]// IEEE. 18th International Conference on Advanced Information Networking and Applications. New York: IEEE, 2004: 182-185.
[17]	CHOW S S M, YIU S M, HUI L C K. Efficient Identity Based Ring Signature[C]// Springer. Applied Cryptography and Network Security. Heidelberg: Springer, 2005: 499-512.
[18]	AU M H, LIU J K, SUSILO W, et al. Constant-Size ID-Based Linkable and Revocable-iff-Linked Ring Signature[C]// Springer. Progress in Cryptology-INDOCRYPT 2006. Heidelberg: Springer, 2006: 364-378.
[19]	XIE Zongxiao, DONG Kunxiang, ZHEN Jie. International Standardization of Domestic Commercial Cryptographic Algorithms and Their Corresponding Relations[J]. China Quality and Standards Review, 2021(5): 20-23, 29.
	谢宗晓, 董坤祥, 甄杰. 国产商用密码算法的国际标准化及其对应关系[J]. 中国质量与标准导报, 2021(5): 20-23,29.
[20]	FAN Qing, HE Debiao, LUO Min, et al. Ring Signature Schemes Based on SM2 Digital Signature Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 710-723.
	范青, 何德彪, 罗敏, 等. 基于SM2数字签名算法的环签名方案[J]. 密码学报, 2021, 8(4):710-723.
[21]	PENG Cong, HE Debiao, LUO Min, et al. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734.
	彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4):724-734.
[22]	RAO Jintao, CUI Zhe. Secure E-Voting Protocol Based on SM9 Blind Signature and Ring Signature[J]. Computer Engineering, 2023, 49(6): 13-23, 33. doi: 10.19678/j.issn.1000-3428.0066576
	饶金涛, 崔喆. 基于SM9盲签名与环签名的安全电子选举协议[J]. 计算机工程, 2023, 49(6):13-23,33. doi: 10.19678/j.issn.1000-3428.0066576
[23]	AN Haoyang, HE Debiao, BAO Zijian, et al. Ring Signature Based on the SM9 Digital Signature and Its Application in Blockchain Privacy Protection[J]. Journal of Computer Research and Development, 2023, 60(11): 2545-2554.
	安浩杨, 何德彪, 包子健, 等. 基于SM9数字签名的环签名及其在区块链隐私保护中的应用[J]. 计算机研究与发展, 2023, 60(11):2545-2554.
[24]	BAO Zijian, HE Debiao, PENG Cong, et al. Deniable Ring Signature Scheme Based on SM2 Digital Signature Algorithm[J]. Journal of Cryptologic Research, 2023, 10(2): 264-275.
	包子健, 何德彪, 彭聪, 等. 基于SM2数字签名算法的可否认环签名[J]. 密码学报, 2023, 10(2):264-275.
[25]	HERRANZ J, SÁEZ G. Forking Lemmas for Ring Signature Schemes[C]// Springer. International Conference on Cryptology. Heidelberg: Springer, 2003: 266-279.
[26]	BARRETO P S L M, LIBERT B, MCCULLAGH N, et al. Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps[C]// Springer. Advances in Cryptology-ASIACRYPT 2005. Heidelberg: Springer, 2005: 515-532.
[27]	PEREIRA G C C F, SIMPLÍCIO J M A, NAEHRIG M, et al. A Family of Implementation-Friendly BN Elliptic Curves[J]. Journal of Systems and Software, 2011, 84(8): 1319-1326.

符号	说明
p, N	大素数
$Z_{k}^{*}$	整数集合{1,2,…, k}
${{G}_{1}}$,${{G}_{2}}$	加法循环群
${{G}_{T}}$	乘法循环群
e	双线性映射
${{P}_{1}}$,${{P}_{2}}$	分别是群${{G}_{1}}$和${{G}_{2}}$的生成元
$H\left( * \right)$	哈希运算
${{P}_{pub-s}}$	签名主公钥
$I{{D}_{i}}$	用户身份标识
${{U}_{n}}$	用户身份标识集合
M, σ	消息及其签名值
[a]P	群中的乘法：P的a倍点
$\alpha \|\|\beta $	$\alpha $与$\beta $拼接

符号	说明
$\|{{G}_{1}}\|$	群${{G}_{1}}$中元素的大小
$\|{{G}_{2}}\|$	群${{G}_{2}}$中元素的大小
$\|{{G}_{T}}\|$	群${{G}_{T}}$中元素的大小
$\|{{Z}_{N}}\|$	${{Z}_{N}}$中元素的大小
$\|G\|$	群$G$中元素的大小
$\|{{Z}_{q}}\|$	${{Z}_{q}}$中元素的大小
$\|z\|$	z的比特数
v	方案[24]中否认算法运行的轮数

方案	签名	确认	否认
本文方案	$\|{{Z}_{N}}\|+n\|{{G}_{1}}\|+\|{{G}_{T}}\|$	$\|{{Z}_{N}}\|+\|{{G}_{1}}\|$	$\|{{Z}_{N}}\|+\|{{G}_{1}}\|$
文献[21]方案	$\|{{Z}_{N}}\|+n\|{{G}_{1}}\|$	—	—
文献[23]方案	$8\|{{Z}_{N}}\|+6\|{{G}_{1}}\|+2\|{{G}_{T}}\|$	—	—
文献[24]方案	$(n+2)\|{{Z}_{q}}\|+\|G\|$	$3\|{{Z}_{q}}\|+\|G\|$	$(4\|{{Z}_{q}}\|+2\|G\|+\|z\|)v$

符号	说明
BP	双线性映射操作
${{M}_{{{G}_{*}}}}$	群${{G}_{*}}$中元素的乘法
${{E}_{{{G}_{T}}}}$	群${{G}_{T}}$中元素的幂运算
${{I}_{N}}$	$Z_{N}^{*}$上的模逆运算
HTP	哈希点运算

方案	签名	验证	确认	否认
本文方案	(n+4)M_G₁+4BP+ M_G₂+2M_GT	2BP+M_G₂+ E_GT+2M_GT	2M_G₁+4BP+ M_G₂+3M_GT+ 2E_GT	2M_G₁+4BP+M_G₂+ 3M_GT+2E_GT
文献[21] 方案	2nM_G₁+nBP+ (n-1)M_G₂+ (n-1)M_GT+ (n-1)E_GT	(n+1)BP+nM_G₂+ nM_GT+nE_GT	—	—
文献[23] 方案	14M_G₁+2BP+ 4M_GT+6E_GT	9M_G₁+5BP+ 8M_GT+10E_GT	—	—
文献[24] 方案	(4n-2)M_G+ HTP+I_q	4nM_G+HTP	8M_G	v(10+z/2)M_G