NTRU格上高效的身份基线性同态签名方案  被引量：1

作　　者：张建航 曹泽阳[1] 徐庆征 宋晓峰 ZHANG Jianhang;CAO Zeyang;XU Qingzheng;SONG Xiaofeng(Air and Missile Defense College,Air Force Engineering University,Xi′an 710051,China;Information and Communication College,National University of Defense Technology,Xi′an 710106,China)

机构地区：[1]空军工程大学防空反导学院,西安710051 [2]国防科技大学信息通信学院,西安710106

出　　处：《电讯技术》2020年第5期502-510,共9页Telecommunication Engineering

基　　金：国家自然科学基金资助项目(61305083,61872448);陕西省自然科学基金项目(2018JM6017);国家留学基金项目(201703170064)。

摘　　要：针对现有的格上身份基线性同态签名方案密钥存储量大、结构复杂导致方案实际运行效率相对偏低的问题,提出了一个NTRU(Number Theory Research Unit)格上高效的身份基线性同态签名方案。首先在密钥生成阶段利用NTRU密钥生成算法产生主密钥,接着采用格基委派算法给出身份签名私钥,最后运行NTRU格上原像抽样算法产生出线性同态签名。对方案的安全性证明与性能分析结果表明,新方案满足正确性,具有弱内容隐私性。在随机预言机模型下,该方案在小整数解问题困难性条件下满足适应性选择身份和选择消息的存在性不可伪造性。同时,由于采用NTRU格的特殊结构,新方案在密钥量与运行效率方面与已有方案相比较均具有显著的优势,这对于计算资源受限环境的同态认证中具有重要的应用价值。The existing identity-based linearly homomorphic signature schemes are inefficient due to their large key storage and complex structure.In order to solve the problem,an identity-based linearly homomorphic signature scheme over number theory research unit( NTRU) lattices is proposed. Firstly,the master keys are generated by using NTRU key generation algorithm in the key generation phase.Secondly,the signature private key is obtained by using lattice basis delegation algorithm.Finally,the linearly homomorphic signature is generated by using the preimage sampleable algorithm over NTRU lattices.According to the security proof and performance analysis of the scheme,the new scheme is correct and satisfies the weak context hiding property.And it achieves existential unforgeability against adaptively chosen identity and message under the small integer solution assumption in the random oracle model.At the same time,because of the special structure of NTRU lattices,the new scheme has significant advantages compared with the existing scheme in terms of key quantity and operation efficiency,which has important application value for linearly homomorphic authentication in the environment of limited computing resources.

关 键 词：抗量子计算密码 线性同态签名 NTRU格 小整数解问题 原像抽样算法 

分 类 号：TN918[电子电信—通信与信息系统]