A Deniable Ring Signcryption Scheme Based on SM9

doi:10.3969/j.issn.1671-1122.2026.04.004

Abstract

Abstract:

The identity-based signcryption system eliminates certificates and avoids certificate management problems in traditional public key cryptosystems, but it can’t guarantee the anonymity of the user’s identity. The deniable ring signature enables ring members to confirm or deny the act of signing and avoid defamation of non-signers, but it can’t guarantee the confidentiality of the message. The ring signcryption system features signature and encryption techniques and guarantees the anonymity of the user’s identity based on ring signature, but its application is limited in liability tracing scenarios due to the lack of deniability. For this reason, this article proposed a deniable ring signcryption scheme based on SM9, which enables ring members to confirm or deny the act of signcrypting, effectively balancing the privacy protection, communication security and computational efficiency. The article proved that the scheme satisfies correctness, indistinguishability, unforgeability, anonymity, traceability, and defamation by formal proofs.

Key words: SM9, deniability, ring signcryption, security, deniable ring signcryption

CLC Number:

TP309

ZHANG Yanshuo, KONG Jiayin, ZHOU Xingyu, QIN Xiaohong, HU Ronglei. A Deniable Ring Signcryption Scheme Based on SM9[J]. Netinfo Security, 2026, 26(4): 552-565.

Figures/Tables 6

References 25

[1]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Advances in Cryptology. Heidelberg: Springer, 1985: 47-53.
[2]	GB/T 38635.1—2020 Information Security Technology—Identity-Based Cryptographic Algorithms SM9: Part 1: General[S]. Beijing: Standards Press of China, 2020.
	GB/T38635.1—2020信息安全技术SM9标识密码算法第1部分:总则[S]. 北京: 中国标准出版社, 2020.
[3]	GB/T 38635.2—2020 Information Security Technology—Identity-Based Cryptographic Algorithms SM9: Part 2: Algorithms[S]. Beijing: Standards Press of China, 2020.
	GB/T38635.2—2020信息安全技术SM9标识密码算法第2部分:算法[S]. 北京: 中国标准出版社, 2020.
[4]	GB/T41389—2022InformationSecurityTechnology—SM9CryptographicAlgorithmApplicationSpecification[S]. Beijing: Standards Press of China, 2022.
	GB/T41389—2022信息安全技术SM9密码算法使用规范[S]. 北京: 中国标准出版社, 2022.
[5]	KOMANO Y, OHTA K, SHIMBO A, et al. Toward the Fair Anonymous Signatures: Deniable Ring Signatures[C]// Springer. Topics in Cryptology- CT(RSA 2006). Heidelberg: Springer, 2006: 174-191.
[6]	BAO Zijian, HE Debiao, PENG Cong, et al. Deniable Ring Signature Scheme Based on SM2 Digital Signature Algorithm[J]. Journal of Cryptologic Research, 2023, 10(2): 264-275.
	包子健, 何德彪, 彭聪, 等. 基于SM2数字签名算法的可否认环签名[J]. 密码学报, 2023, 10(2): 264-275.
[7]	DING Yong, LUO Shidong, YANG Changsong, et al. An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm[J]. Netinfo Security, 2024, 24(6): 893-902.
	丁勇, 罗世东, 杨昌松, 等. 基于SM9标识密码算法的可否认环签名方案[J]. 信息网络安全, 2024, 24(6): 893-902.
[8]	ZHENG Yuliang. Digital Signcryption or How to Achieve Cost (Signature & Encryption) << Cost(Signature) + Cost(Encryption)[C]// Springer. Advances in Cryptology (CRYPTO '97). Heidelberg: Springer, 1997: 165-179.
[9]	LAI Jianchang, HUANG Xinyi, HE Debiao, et al. An Efficient Identity-Based Signcryption Scheme Based on SM9[J]. Journal of Cryptologic Research, 2021, 8(2): 314-329.
	赖建昌, 黄欣沂, 何德彪, 等. 基于商密SM9的高效标识签密[J]. 密码学报, 2021, 8(2): 314-329.
[10]	HUANG Xinyi, SUSILO W, MU Yi, et al. Identity-Based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in the Ubiquitous World[C]// IEEE. The 19th International Conference on Advanced Information Networking and Applications (AINA’05) Volume 1 (AINA Papers). New York: IEEE, 2005: 649-654.
[11]	HUANG Xinyi, ZHANG Futai, WU Wei. An Identity-Based Ring Signcryption Scheme[J]. Acta Electronica Sinica, 2006, 34(2): 263-266.
	黄欣沂, 张福泰, 伍玮. 一种基于身份的环签密方案[J]. 电子学报, 2006, 34(2): 263-266.
[12]	GUO Zhenzhou, LI Mingchu, FAN Xinxin. Attribute-Based Ring Signcryption Scheme[J]. Security and Communication Networks, 2013, 6(6): 790-796.
[13]	ZHU Zhenchao, ZHANG Yuqing, WANG Fengjiao. An Efficient and Provable Secure Identity-Based Ring Signcryption Scheme[J]. Computer Standards & Interfaces, 2009, 31(6): 1092-1097.
[14]	SHARMILA DEVA SELVI S, SREE VIVEK S, PANDU RANGAN C. On the Security of Identity Based Ring Signcryption Schemes[C]// Springer. Information Security. Heidelberg: Springer, 2009: 310-325.
[15]	BAO Jiabin. Identity-Based Ring Signcryption Scheme Based on SM9 Algorithm[D]. Wuhan: Wuhan University, 2022.
	包嘉斌. 基于SM9标识密码算法的环签密方案设计及其应用研究[D]. 武汉: 武汉大学, 2022.
[16]	CAI Ying, ZHANG Hao, FANG Yuguang. A Conditional Privacy Protection Scheme Based on Ring Signcryption for Vehicular Ad Hoc Networks[J]. IEEE Internet of Things Journal, 2021, 8(1): 647-656.
[17]	DU Hongzhen, WEN Qiaoyan, ZHANG Shanshan, et al. An Improved Conditional Privacy Protection Scheme Based on Ring Signcryption for VANETs[J]. IEEE Internet of Things Journal, 2023, 10(20): 17881-17892.
[18]	LUO Ming, ZHAN Qibang, QIU Minrong. A Heterogeneous Cross-Domain Conditional Privacy Protection Ring Signcryption Scheme for V2I Communication[J]. Netinfo Security, 2024, 24(7): 993-1005.
	罗铭, 詹骐榜, 邱敏蓉. 面向V2I通信的异构跨域条件隐私保护环签密方案[J]. 信息网络安全, 2024, 24(7): 993-1005.
[19]	WANG Zizheng. Research on Heterogeneous Ring Signcryption Scheme in Internet of Vehicles[D]. Nanchang: Nanchang University, 2024.
	王子正. 面向车联网的异构环签密方案研究[D]. 南昌: 南昌大学, 2024.
[20]	BONEH D, BOYEN X. Short Signatures without Random Oracles[C]// Springer. Advances in Cryptology-EUROCRYPT 2004. Heidelberg:Springer, 2004: 56-73.
[21]	BONEH D, BOYEN X, GOH E J. Hierarchical Identity Based Encryption with Constant Size Ciphertext[C]// Springer. Advances in Cryptology- EUROCRYPT 2005. Heidelberg:Springer, 2005: 440-456.
[22]	TANG Jiayi, HUANG Xiaofang, WANG Licheng, et al. Identity-Based Linkable Ring Signcryption on NTRU Lattice[J]. Computer Science, 2025, 52(9): 396-404.
	唐嘉一, 黄晓芳, 王励成, 等. NTRU格上基于身份的可链接环签密[J]. 计算机科学, 2025, 52(9): 396-404.
[23]	HERRANZ J, SÁEZ G. Forking Lemmas for Ring Signature Schemes[C]// Springer. Progress in Cryptology-INDOCRYPT 2003. Heidelberg:Springer, 2003: 266-279.
[24]	PENG Cong, HE Debiao, LUO Min, et al. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734.
	彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4): 724-734.
[25]	YU Huifang, LYU Zhirui. Identity Ring SignCryption Based on Consortium Blockchain[J]. Journal of Electronics & Information Technology, 2023, 45(3): 865-873.
	俞惠芳, 吕芝蕊. 基于联盟链的身份环签密方案[J]. 电子与信息学报, 2023, 45(3): 865-873.

符号	定义
${{G}_{\text{1}}},{{G}_{2}}$	$N$阶加法循环群
${{G}_{T}}$	$N$阶乘法群
${{P}_{1}},{{P}_{2}}$	${{G}_{\text{1}}},{{G}_{2}}$的生成元
$hid$	私钥生成函数识别符
$k$	签密主私钥
${{P}_{pub-s}},{{P}_{pub-e}}$	签密主公钥对
$I{{D}_{i}}$	用户身份
$d{{s}_{i}},d{{e}_{i}}$	签密私钥对
${{U}_{n}}$	身份集合
$M$	消息
$SE$	签密密文
${{H}_{1}}(Z,N)$	密码函数，输入为比特串$Z$和整数$N$，输出为整数${{h}_{1}}\in Z_{N}^{\text{*}}$
${{H}_{2}}(Z,N)$	密码函数，需要调用密码杂凑函数，输入为比特串$Z$和整数$N$，输出为整数${{h}_{2}}\in Z_{N}^{\text{*}}$
${{H}_{3}}(Z,len)$	密码函数，输入为比特串$Z$和长度值$len$，输出为长度$len$的比特串

方案	发送方
文献[6]	$(n+1){{T}_{h}}+(4n-1){{T}_{pm}}+(2n-2){{T}_{pa}}+{{T}_{inv}}$
文献[9]	$3{{T}_{h}}+3{{T}_{pm}}+{{T}_{pa}}+{{T}_{bp}}+{{T}_{me}}$
文献[24]	$n{{T}_{h}}+(3n-1){{T}_{pm}}+(n-1){{T}_{pa}}+n{{T}_{bp}}+(n-1){{T}_{me}}$
文献[7]	${{T}_{h}}+(n+7){{T}_{pm}}+2{{T}_{pa}}+4{{T}_{bp}}$
文献[25]	$(n+1){{T}_{h}}+n{{T}_{pm}}+n{{T}_{pa}}+{{T}_{bp}}$
本文方案	$(n+2){{T}_{h}}+(n+4){{T}_{pm}}+2{{T}_{pa}}+2{{T}_{bp}}+{{T}_{me}}$

方案	接收方
文献[6]	$(n+1){{T}_{h}}+4n{{T}_{pm}}+2n{{T}_{pa}}$
文献[9]	$3{{T}_{h}}+{{T}_{pm}}+{{T}_{pa}}+3{{T}_{bp}}+{{T}_{me}}$
文献[24]	$n{{T}_{h}}+2n{{T}_{pm}}+n{{T}_{pa}}+n{{T}_{bp}}+n{{T}_{me}}$
文献[7]	${{T}_{h}}+3{{T}_{pm}}+{{T}_{pa}}+2{{T}_{bp}}+{{T}_{me}}$
文献[25]	$(n+1){{T}_{h}}+3{{T}_{bp}}$
本文方案	$(n+2){{T}_{h}}+n{{T}_{pm}}+n{{T}_{pa}}+3{{T}_{bp}}+{{T}_{me}}$

方案	不可区分性	不可伪造性	匿名性	可追踪性	不可诽谤性
文献[6]	×	√	√	√	√
文献[9]	√	√	×	×	×
文献[24]	×	√	√	×	×
文献[7]	×	√	√	√	√
文献[25]	√	√	√	×	×
本文方案	√	√	√	√	√

方案	通信开销
文献[9]	$2\|{{G}_{1}}\|+\|m\|$
文献[16]	$(n+1)\|{{G}_{1}}\|+2\|m\|$
文献[24]	$n\|{{G}_{1}}\|$
文献[7]	$n\|{{G}_{1}}\|+\|{{G}_{T}}\|$
本我方案	$\|h\|+(n+1)\|{{G}_{1}}\|+\|m\|$