一种新的格上基于身份的可链接环签名方案  被引量：1

作　　者：曹成堂 游林[1] 胡耿然 CAO Cheng-Tang;YOU Lin;HU Geng-Ran(School of Cyberspace Security,Hangzhou Dianzi University,Hangzhou 310018,China;Foundation Department of Guizhou Industry Polytechnic College,Guiyang 550008,China)

机构地区：[1]杭州电子科技大学网络空间安全学院,杭州310018 [2]贵州工业职业技术学院基础部,贵阳550008

出　　处：《密码学报》2022年第6期969-981,共13页Journal of Cryptologic Research

基　　金：浙江省自然科学基金重点项目(LZ17F020002);国家自然科学基金(61772166)。

摘　　要：本文构建了一种新的格上基于身份的可链接环签名方案(identity-based linkable ring signature scheme on lattices,L_IBLRS),基于身份的可链接环签名是基于身份的环签名中加入链接属性得到的签名方案.现有的可链接环签名方案的链接性是通过判断链接标签是否相等而得到两个合法签名是否具有链接性.而本文构建的基于身份的可链接环签名方案的链接性判断与此不同,是通过判断两个集合中相同元素的个数是否达到一定数量作为判断条件.文中方案的签名算法构造中利用环成员的公钥与真实签名者的私钥作为Hash函数输入而得到的输出代替其它方案中选择的服从于离散高斯分布的向量.由于签名输出中包含公钥与真实签名者的私钥作为Hash函数输入而得到的输出作为判断链接性的重要条件,这使得文中构建的基于身份的可链接环签名方案不是无条件匿名的,在获得环中所有成员私钥的情况下,就可以在签名输出中确定环成员中真实签名者的身份.此外,文中给出了L_IBLRS安全模型的形式化定义,在随机谕言模型下将不可伪造性归约到小整数解问题并利用统计距离定义及其性质给出匿名性的证明.This paper constructs a new identity-based linkable ring signature scheme on lattices(L_IBLRS).Identity-based linkable ring signature is a signature scheme obtained by adding the link attribute to an identity-based ring signature.The conclusion of whether two legal signatures are linkable is drawn from judging whether the link labels are equal in existing linkable ring signature schemes.Different from this approach,the identity-based linkable ring signature scheme constructed in this paper judges whether the number of common elements in the two sets reaches a certain value.In the signature algorithm of the proposed scheme,the public key of the ring members and the private key of the real signer are both used as the input of a Hash function to obtain the output instead of the vector obeying the discrete Gaussian distribution selected in other schemes.The signature output contains the public key and the private key of the real signer as the input of the Hash function to obtain the output as an important condition for judging the linkability,which breachs the unconditional anonymity of the identity-based linkable ring signature scheme constructed in this paper.When the private keys of all ring members are obtained,the identity of the real signer in the ring member can be determined in the signature output.In addition,a formal definition of L_IBLRS security model is given.Under the random oracle model,the unforgeability is reduced to the problem of small integer solution,and the anonymity is proved by using the definition of statistical distance and its properties.

关 键 词：小整数解问题 基于身份的环签名 可链接性 格 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]