基于双线性配对的适配器签名方案  被引量：1

作　　者：王子瑞 张驰[1] 魏凌波 WANG Zi-Rui;ZHANG Chi;WEI Ling-Bo(School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230022,China;China Nanhu Academy of Electronics and Information Technology,Jiaxing 314002,China)

机构地区：[1]中国科学技术大学网络空间安全学院,合肥230022 [2]中国电子科技南湖研究院,嘉兴314002

出　　处：《密码学报》2022年第4期686-697,共12页Journal of Cryptologic Research

基　　金：国家自然科学基金(62072426,U19B2023,61871362);安徽省重点研究与开发计划(202104b11020029)。

摘　　要：适配器签名作为近几年出现的密码学原语,因其在区块链中具有重要的应用而受到密码学研究者的关注.适配器签名允许用户生成一个隐含困难关系声明的预签名,只有利用困难关系见证才可以将预签名转换为一个验证合法的全签名,而使用预签名和相应的全签名可以提取困难关系见证.这两个性质使得适配器签名技术可被用于众多的区块链场景中,例如支付通道、跨链原子交换等.然而,当前可供选择的适配器签名方案依然较少,不利于适配器签名技术在更多的应用场景和区块链系统中使用.本文通过在BLS签名中引入随机性,构造了一个可证明安全的概率型数字签名方案.在此基础上,首次构造出一个基于双线性配对的适配器签名方案.基于计算Diffie-Hellman困难问题假设,在随机预言机模型下证明了该方案是安全的,从而解决了区块链研究中的一个开放问题:即基于双线性配对的数字签名可以扩展为适配器签名.实验结果表明本文所提出的适配器签名方案的性能开销与区块链的主流适配器签名方案相当,但基于双线性配对的优良性质可以提供丰富的扩展功能,从而极大地拓展了适配器签名在区块链系统的应用范围.As a novel cryptographic primitive,adaptor signatures have attracted much attention of cryptography researchers due to their important applications in blockchains.Adaptor signatures allow users to create a pre-signature with a statement of a hard relation.A pre-signature can be transformed into a valid full signature by the witness of the hard relation.The witness can be extracted through a pre-signature and its corresponding full signature.Therefore,adaptor signatures have been used in many blockchain scenarios,such as payment channels and cross-chain atomic swaps.However,there are limited adaptor signature schemes available,which will restrict the use of adaptor signatures in blockchain scenarios.This paper constructs a probabilistic digital signature scheme by adding randomness to the BLS signature and then designs an adaptor signature scheme from bilinear pairings.The proposed adaptor signature scheme is proved to be secure based on the hardness assumption of the computational Diffie-Hellman problem.Therefore,the open problem of whether an adaptor signature scheme from bilinear pairings exists for blockchains is solved.The experimental results show that the performance costs of the proposed scheme are comparable to those of the mainstream signature schemes utilized in current blockchains.In addition,the proposed scheme can provide more functionalities brought by algebraic properties of bilinear pairings,and therefore can greatly expand the application fields of adaptor signatures in blockchains.

关 键 词：数字签名 适配器签名 双线性配对 随机预言机 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]