格上基于身份的群签名方案  被引量：2

作　　者：汤永利[1] 李元鸿 张晓航 叶青[1] Tang Yongli;Li Yuanhong;Zhang Xiaohang;Ye Qing(School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo,Henan 454003;Henan College of Industry&Information Technology,Jiaozuo,Henan 454003)

机构地区：[1]河南理工大学计算机科学与技术学院,河南焦作454003 [2]河南工业和信息化职业学院,河南焦作454003

出　　处：《计算机研究与发展》2022年第12期2723-2734,共12页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61802117);河南省高校科技创新团队支持计划项目(20IRTSTHN013);河南理工大学青年骨干教师资助计划项目(2018XQG-10)。

摘　　要：现有的格上群签名方案,虽然能够有效抵抗量子计算的攻击,但是难以避免用户公钥证书复杂的管理问题.基于格基委派、拒绝采样等技术,将基于身份的加密体制与格上群签名相结合,构造了随机预言模型下的格上基于身份的群签名.首先通过陷门生成算法生成系统主密钥;然后通过格基委派技术提取用户身份信息并获取用户密钥;最后在签名阶段不使用零知识证明,而是采用了拒绝采样算法生成签名,并使用LPR加密算法保证群管理员能够通过追溯密钥打开群签名.安全性分析表明,该方案满足完全匿名性、不可伪造性和完全可追溯性,且能够规约到RSIS和RLWE困难假设.与现有的格上群签名相比,该方案实现了基于身份的功能,并且在存储开销方面具有一定的优势,其中密钥开销减小了约79.6%,签名开销减小了约39.9%.Although the existing group signature schemes on lattice can effectively resist the attacks of quantum computing,it is difficult to avoid the complicated management problem of user s public key certificate.Based on techniques such as rejection sampling and lattice basis delegation,this paper combines the identity-based encryption with the group signature on lattice to construct an identity-based group signature on lattice in the random oracle model.First of all,the system master key is obtained from the trapdoor generation algorithm;Then,the lattice delegation technology extracts the user s identity information and obtains the user s private key.Finally,the signature is generated by using the rejection sampling algorithm instead of the zero-knowledge proof system in the signing stage.Meanwhile,this paper uses the LPR encryption algorithm proposed to ensure that the signature can be opened for group administrator by the traceability key.Security analysis shows that the full anonymity,unforgeability and full traceability of the proposed scheme in this paper can be reduced to the hardness assumptions of RSIS and RLWE.Compared with other group signatures on lattice,the proposed scheme is based on identity-based encryption and has certain advantages in storage overhead.Specifically,the overhead of key and signature are decreased roughly by 79.6%,39.9%,respectively.

关 键 词：基于身份加密 格 群签名 环上小整数解 环上容错学习 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]