利用环上容错学习问题构造可链接环签名方案  被引量：2

作　　者：叶青[1] 王文博 李莹莹[1] 秦攀科 赵宗渠[1] 王永军 YE Qing;WANG Wenbo;LI Yingying;QIN Panke;ZHAO Zongqu;WANG Yongjun(College of Computer Science and Technology,Henan Polytechnic University,Jiaozuo,Henan 454000,China)

机构地区：[1]河南理工大学计算机科学与技术学院,河南焦作454000

出　　处：《计算机科学与探索》2020年第7期1164-1172,共9页Journal of Frontiers of Computer Science and Technology

基　　金：国家自然科学基金No.61802117;“十三五”国家密码发展基金No.MMJJ20170122;河南省科技厅项目No.182102310923;河南省教育厅项目Nos.18A413001,19A520025;河南理工大学自然科学基金资助项目No.T2018-1;河南理工大学青年骨干教师资助计划No.2018XQG-10。

摘　　要：针对格上可链接环签名方案中存在密钥较大、效率较低的问题,基于环上容错学习(RLWE)难题,依据"同态承诺→∑-协议→Fiat-Shamir转化"的技术路线,重新构造一个格上可链接环签名方案。首先构造一个基于RLWE难题的多项式环上的同态承诺方案,然后基于承诺方案设计一个∑-协议,并利用Fiat-Shamir转化方法将该∑-协议转化为可链接环签名方案,最后基于该可链接环签名方案提出一个简易的数字货币模型。安全分析表明,由于所提方案基于RLWE困难问题构建,方案的安全性可规约至格上困难问题,抵抗量子计算机攻击。效率分析表明,与以往格上可链接环签名方案相比,由于方案中环元素取自小多项式,所提方案具有更短的密钥尺寸和更高的计算效率,且方案描述更简单。In order to solve the problem of large key size and low efficiency in the linkable ring signature scheme on lattice,this paper reconstructs the linkable ring signature scheme from lattice based on the ring learning with errors(RLWE)problem,according to the technical route of“homomorphic commitment→Σ-protocol→Fiat-Shamir transformation”.This paper first constructs a homomorphic commitment scheme over a polynomial ring based on the RLWE problem,and then designs aΣ-protocol based on the commitment scheme,and transforms theΣ-protocol into a linkable ring signature scheme using the Fiat-Shamir transformation methods.Finally,this paper proposes a simple digital currency model based on the linkable ring signature scheme.Security analysis shows since the proposed scheme is constructed based on the problem of RLWE,its security can reduce to the lattice-based difficult problem and resist the quantum computer attack.Efficiency analysis shows compared with the previous linkable ring signature schemes on lattice,since the ring elements in the scheme are taken from small polynomials,the proposed scheme has shorter key size and higher computational efficiency,and the description of the scheme is simpler.

关 键 词：承诺方案 零知识证明 环上容错学习问题(RLWE) 可链接环签名 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]