基于格的分层无证书代理签名方案  

作　　者：农强 张棒棒[1,2] 欧阳玉豪 NONG Qiang;ZHANG Bangbang;OUYANG Yuhao(School of Computer Science,Minnan Normal University,Zhangzhou Fujian 363000,China;Key Laboratory of Data Science and Intelligence Application,Fujian Province University(Minnan Normal University),Zhangzhou Fujian 363000,China)

机构地区：[1]闽南师范大学计算机学院,福建漳州363000 [2]数据科学与智能应用福建省高等学校重点实验室(闽南师范大学),福建漳州363000

出　　处：《计算机应用》2023年第1期154-159,共6页journal of Computer Applications

基　　金：福建省自然科学基金资助项目(2019J01750)。

摘　　要：现有基于经典数论问题假设的无证书代理签名方案无法抵御量子计算机攻击,在应用于有大量用户的系统时会存在单点失效和不易扩展等局限。针对这些问题,提出一种基于格的分层无证书代理签名方案。首先,采用拒绝采样技术和无陷门技术提高密钥生成的计算效率;其次,不同层级的原始签名人和代理签名人通过交换随机选取的矩阵进行互认证,实现代理授权;最后,在随机预言机模型下的小整数解(SIS)困难问题假设下证明了该方案的安全性。相较于现有的代理签名方案,所提方案允许签名人来自不同层级且隶属于不同密钥生成中心(KGC)。性能评价实验结果表明,该方案的公钥尺寸是一个常数,代理签名和验证开销与层级无关,且代理密钥和签名尺寸非层级的线性量。因此,该方案可更好地满足大规模分布式异构网络对均衡负载的需求,是高效可行的。Existing certificateless proxy signature schemes based on classical number theory problem assumptions cannot resist to quantum computer attacks, and when these schemes are applied to systems with a large number of users, there are limitations such as single point of failure and low scalability. Aiming at these problems, a lattice-based hierarchical certificateless proxy signature scheme was proposed. Firstly, the rejection sampling technology and trapdoor-free technology were used to improve the computational efficiency of key generation. Secondly, the mutual authentication was performed by the original signers and proxy signers at different levels by exchanging randomly selected matrices, and then the proxy authorization was realized. Finally, the security of this scheme was proved under the of the Small Integer Solution(SIS) hard problem assumption in the random oracle model. Compared with the existing proxy signature schemes, the proposed scheme allows signers coming from different levels and belonging to different Key Generation Centers(KGCs). The performance evaluation experimental results show that in the proposed scheme, the public key size is a constant, the overhead of proxy signature and verification is independent of the level, and the proxy key size and the signature size are not hierarchical linear quantities, so that this scheme can better meet the needs of large-scale distributed heterogeneous networks for load balancing, and is efficient and feasible.

关 键 词：分层 无证书 代理签名 格 单点失效 拒绝采样 无陷门 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]