格上无证书代理重签名  被引量：1

作　　者：范祯 欧海文[2] 裴焘 FAN Zhen;OU Hai-Wen;PEI Tao(CSIC No.722 Research Insititue,Wuhan 430079,China;Beijing Electronic Science and Technology Institute,Beijing 100071,China)

机构地区：[1]中船重工集团公司第七二二研究所,武汉430079 [2]北京电子科技学院,北京100071

出　　处：《密码学报》2020年第1期15-25,共11页Journal of Cryptologic Research

摘　　要：代理重签名作为一种特殊的数字签名,在电子认证和电子商务方面越来越重要.格密码作为抵抗量子攻击密码体制的代表之一,具有更高的安全性和更高的计算效率,因此基于格出现了一系列代理重签名方案.Tian M M给出了拥有较高效率的身份基代理重签名方案,但该方案中代理重密钥需要委托者和受托者的私钥才能生成,且需要基于身份密钥托管.本文针对这两点不足进行改进,利用无抽样技术和格上的陷门生成算法、原像取样算法,构造了效率较高的格上无证书代理重签名方案.在随机预言机模型下证明了新方案的正确性,并且基于小整数解问题SIS的困难性证明了新方案对外部攻击和内部攻击在选择身份和选择消息下是存在不可伪造的.与已有格上的代理重签名相比,该方案能抵抗中间人攻击,具有更好的安全性和较高的效率.As a special digital signature,proxy re-signature schemes are becoming more and more important in electronic authentication and e-commerce.As one of the cryptosystems having resistance against quantum attack,lattice-based ciphers have high security and computational efficiency,therefore,a number of proxy re-signature schemes based on lattice have been designed.An identity-based proxy re-signature scheme with high efficiency was proposed by Tian M M.In Tian's scheme,the generation of the proxy key requires to use the private key of the assignor and that of the trustee,and needs the identity-based key escrow.This study improves these two deficiencies and proposes a certificateless proxy re-signature scheme.The new scheme utilizes the technique of rejection samplings,as well as the algorithm of trapdoor generation and original image sampling on lattice.The correctness of the proposed scheme is proved in the random oracle model.Based on the hardness of the small integer solution(SIS)problem,it is proved that this scheme is unforgeable for external and internal attacks under the adaptive chosen-message and adaptive chosen-identity models.Compared with the existing agent re-signature schemes,this scheme can resist man-in-the-middle attack,with better security and higher efficiency.

关 键 词：格 小整数解问题 无证书代理重签名 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]