标准模型下可撤销的基于身份的代理重签名方案  被引量：3

作　　者：杨小东 李雨潼 王晋利 麻婷春 王彩芬 YANG Xiaodong;LI Yutong;WANG Jinli;MA Tingchun;WANG Caifen(College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070,China;State Key Laboratory of Cryptology, Beijing 100878,China)

机构地区：[1]西北师范大学计算机科学与工程学院,甘肃兰州730070 [2]密码科学技术国家重点实验室,北京100878

出　　处：《通信学报》2019年第5期153-162,共10页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61662069;No.61562077);中国博士后科学基金资助项目(No.2017M610817);兰州市科技计划基金资助项目(No.2013-4-22);西北师范大学青年教师科研能力提升计划基金资助项目(No.NWNULKQN-14-7)~~

摘　　要：用户撤销是基于身份的代理重签名方案在应用中必须解决的重要问题。针对目前基于身份的代理重签名方案不支持用户撤销的问题,引入了可撤销的基于身份代理重签名密码体制,并给出了相应的形式化定义和安全模型。基于代理重签名方案和二叉树结构,构造了一个可撤销的基于身份的代理重签名方案。在所构造的方案中,用户的签名密钥由秘密密钥和更新密钥两部分组成。通过安全信道传输的秘密密钥是固定的,但利用公开信道广播的更新密钥是周期性变化的。只有未被撤销的用户才能获得更新密钥,并使秘密密钥随机化,更新密钥生成当前时间段的签名密钥。在标准模型下证明了所构造的方案在适应性选择身份和消息攻击下是存在不可伪造的,并满足双向性、多用性和抗签名密钥泄露攻击性。分析结果表明,所构造的方案高效地实现了用户的撤销与密钥的更新,具有良好的延展性。User revocation is necessary to the practical application of identity-based proxy re-signature scheme. To solve the problem that the existing identity-based proxy re-signature schemes cannot provide revocation functionality, the no- tion of revocable identity-based proxy re-signature was introduced. Furthermore, the formal definition and security model of revocable identity-based proxy re-signature were presented. Based on proxy re-signature scheme and binary tree structure, a revocable identity-based proxy re-signature scheme was proposed. In the proposed, scheme, the user's signing key consists of two parts, a secret key and an update key. The secret key transmitted over the secure channel is fixed, but the update key broadcasted by the public channel is periodically changed. Only the user who has not been revoked can obtain the update key, and then randomize the secret key and update the key to generate the corresponding signature key of the current time period. In the standard model, the proposed scheme is proved to be existentially unforgeable against adaptive chosen-identity and chosen-message attacks. In addition, the proposed scheme has properties of bidirectionality and multi-use, and can resist signing key exposure attacks. The analysis results show that the proposed scheme can effi- ciently revoke the user and update the user’s key, and thus it has good scalability.

关 键 词：基于身份的代理重签名 用户撤销 标准模型 签名密钥泄露 二叉树 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]