一种支持并行密钥隔离的无证书聚合签名方案  被引量：1

作　　者：杨忆欧 彭长根[1,2,3] 丁红发 许德权[1,2] YANG Yi-ou;PENG Chang-gen;DING Hong-fa;XU De-quan(School of Computer Science and Technology,Guizhou University,Guiyang 550025,China;State Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China;Institute of Cryptography and Data Security,Guizhou University,Guiyang 550025,China;School of Information,Guizhou University of Finance and Economics,Guiyang 550025,China)

机构地区：[1]贵州大学计算机科学与技术学院,贵州贵阳550025 [2]贵州大学公共大数据国家重点实验室,贵州贵阳550025 [3]贵州大学密码学与数据安全研究所,贵州贵阳550025 [4]贵州财经大学信息学院,贵州贵阳550025

出　　处：《计算机技术与发展》2022年第11期106-114,共9页Computer Technology and Development

基　　金：国家自然科学基金项目(1836205);贵州省科技计划基金项目(黔科合平台人才[2020]5017);贵州省教育厅自然科学项目(黔教合KY[2021]140)。

摘　　要：聚合签名已成为数据安全认证领域重要的密码原语,其证书及密钥管理开销可通过引入无证书密码体制加以缩减。然而,密钥泄漏仍是聚合签名体制所面临的主要安全挑战,对于面向多用户的聚合签名,敌手可通过某个用户泄露的密钥破坏有此用户参与生成的聚合签名。鉴于此问题,提出一种支持并行密钥隔离的无证书聚合签名方案。首先,采用并行密钥隔离机制分时间片段更新密钥的思想,从而定时更新签名参与用户的密钥,在确保密钥前向安全及后向安全的前提下可支持较频繁的临时签名密钥更新操作;其次,利用无证书椭圆曲线密码技术实现方案构造,在降低了密码运算复杂度的同时,聚合签名长度也维持在常数量级;最后,基于随机预言模型给出该方案的形式化安全模型,证明其可以达到抵御适应性选择消息存在性伪造的安全目标。性能分析表明,该方案相较于其他方案在运算开销及签名传输通信成本方面占优。Aggregate signature has become an important cryptographic primitive in the field of data security authentication,and its certificate and key management overhead can be reduced by introducing a certificateless cryptosystem.However,key leakage is still the main security challenge faced by the aggregated signature system.For multi-user-oriented aggregated signatures,an adversary can destroy the aggregated signature generated by a user through the key leaked by this user.In view of this problem,a certificateless aggregated signature scheme that supports parallel key isolation is proposed.Firstly,the parallel key-isolated mechanism is used to update the key in time segments,so as to regularly update the keys of the users participating in the signature,which can support more frequent temporary signature key updates under the premise of ensuring the forward security and backward security of the keys.Secondly,the scheme construction is realized by using certificateless elliptic curve cryptography,which reduces the complexity of cryptographic operations while maintaining the length of the aggregate signature at a constant level.Finally,a formalized security model of the scheme is given based on the random oracle model,which proves that it can achieve the security goal of resisting adaptive selection message existence forgery.The performance analysis shows that the scheme is superior in computing overhead and communication cost of signature compared with other schemes.

关 键 词：聚合签名 并行密钥隔离 无证书密码体制 随机预言模型 可证安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]