SOTS:一个基于哈希函数更短的后量子数字签名方案  被引量：7

作　　者：卫宏儒[1] 黄靖怡 Wei Hongru;Huang Jingyi(School of Mathematics and Physics,University of Science and Technology Beijing,Beijing 100083)

机构地区：[1]北京科技大学数理学院,北京100083

出　　处：《计算机研究与发展》2021年第10期2300-2309,共10页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61873026);广东省重点领域研发计划项目(2020B0909020001)。

摘　　要：在后量子数字签名方案中,基于哈希函数的签名方案是高效和可证明安全的.然而,过长的密钥和签名是基于哈希函数的签名方案最主要的问题.在已有签名方案的基础上,提出一个新的一次签名方案,该方案不仅减少了签名的数量,同时减少了每个签名的长度.和Winternitz OTS方案相比,新的方案在密钥和签名尺寸上分别减少了77%和82%,和WOTS+方案相比,在密钥和签名尺寸上分别减少了60.7%和60.5%.在签名长度上,新方案与近2年提出的NOTS,SDS-OTS和WOTS-S方案相比,分别减少了17%,24.5%和48.1%.另外,证明了新的方案在选择明文攻击(Chosen-Plaintext Attack,CPA)下是存在不可伪造的,安全性可规约为底层哈希函数的单向性.除此之外,实验证实了与WOTS+方案相比,在密钥生成、签名生成和签名验证所需时间上,新的方案分别减少了71.4%,47.7%和60.9%.In the post-quantum digital signature schemes,the Hash-based signature schemes are efficient and provably secure.However,one major drawback of Hash-based signature schemes is the large size of the key and the signature.In this study,based on existing digital signature schemes,a new One-Time Signature(OTS)scheme,which reduces both the number of the signatures and the size of each signature,has been proposed.Under the same post-quantum security level,the proposed scheme reduces the key and the signature sizes by 77% and 82.0% respectively as compared with the Winternitz OTS scheme.And it also reduces the key and the signature sizes by 60.7% and 60.5% respectively as compared with WOTS+.In terms of the signature size,compared with the NOTS,SDS-OTS and WOTS-S schemes proposed in the past two years,this proposed novel scheme has reduced by 17%,24.5% and 48.1% respectively.Furthermore,this novel scheme is existentially unforgeable under the Chosen-Plaintext Attack(CPA)model.The security of this scheme is a security reduction of the onewayness of the underlying Hash function.Moreover,compared with WOTS+,the proposed signature scheme reduces the time of generating keys,creating signatures and verifying signatures by 71.4%,47.7%,and 60.9% respectively.

关 键 词：基于哈希函数的数字签名方案 一次签名 后量子密码学 信息安全 分布式账本 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]