基于格的前向安全无证书数字签名方案  被引量：9

作　　者：徐潜[1] 谭成翔[1] 冯俊[1] 樊志杰[1] 朱文烨 

机构地区：[1]同济大学电子与信息工程学院计算机科学与技术系,上海201804

出　　处：《计算机研究与发展》2017年第7期1510-1524,共15页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2017YFB0802302)~~

摘　　要：无证书签名方案利用密钥生成中心与用户共同生成签名密钥的方式,解决了传统的基于身份的数字签名方案中存在的密钥托管问题.目前,针对无证书签名方案的研究还存在3点可以改进的地方:1)已有的基于随机格构建的无证书签名方案,虽然具有后量子安全性,但都是建立在随机预言模型下,尚无针对标准模型的相关研究;2)已有的格基无证书签名方案大多只考虑外部敌手,缺乏抵御不诚实用户攻击的能力;3)已有的无证书签名方案均需要保证用户密钥是绝对安全的,无法解决密钥泄露问题.针对这3点不足,在随机预言模型下的前向安全的无证书格基签名方案的基础上,首次提出了标准模型下可证明安全的基于随机格的前向安全无证书数字签名方案,并在不引入第三方代理的前提下同时解决了密钥泄露和密钥托管问题.在面对不诚实的用户和恶意密钥生成中心2类强敌手的情况下,利用小整数解SIS假设证明了所提出的方案具有适应性选择消息、选择身份攻击下的前向安全强不可伪造性.Certificateless signature scheme has solved identity-based signature schemes. The secret key of key escrow problems existing in traditional the user in certificateless signature scheme consists of two parts, one is partial secret key, which is generated by key generation centre, and the other is secret value from user itself. However, there are still three points to be improved in such scheme. Firstly, although some lattice-based certificateless signature schemes based on the random oracle model have been proposed in order to achieve the post-quantum security, their standard model counterparts remain unrealized. Secondly, most of the existing lattice-based certificateless signature schemes only consider the outside attacker and neglect the threats from semi-trusted user. Thirdly, the existing eertificateless signature schemes all rely on the security of the secret key, which cannot be satisfied due to the key exposure problem. In this paper, based on the forward secure and certificateless signature scheme in the random oracle model, we propose the first lattice-based certificateless signature scheme which is provably secure in the standard model to eliminate key exposure and key escrow problems without introducing a third party proxy. With the help of the small integer solution problem, we have proved that our schemes can guarantee the forward secure and strongly existential unforgeability against the adaptive chosen message and adaptive chosen identity attack.

关 键 词：格基数字签名 无证书 前向安全 随机预言模型 标准模型 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]