基于多变量公钥密码系统的环机密交易协议  被引量：1

作　　者：洪璇[1,2] 袁梦玲 HONG Xuan;YUAN Mengling(College of Information,Mechanical and Electrical Engineering,Shanghai Normal University,Shanghai 200234,China;Shanghai Engineering Research Center of Intelligent Education and Bigdata,Shanghai Normal University,Shanghai 200234,China)

机构地区：[1]上海师范大学信息与机电工程学院,上海200234 [2]上海师范大学上海智能教育大数据工程技术研究中心,上海200234

出　　处：《计算机科学》2023年第S01期746-751,共6页Computer Science

基　　金：上海师范大学科研发展基金(309-C-9000-21-309203)。

摘　　要：与比特币类似,门罗币也是一种加密货币。最初的门罗币是基于CryptoNote协议,该协议使用环签名和一次密钥来隐藏交易双方的真实身份,但是具体的交易金额却暴露在区块链中,存在一定的安全风险。为了解决这个安全漏洞,Shen Noether提出了环机密交易协议(RingCT),利用一个随机数来隐藏真正的交易金额。目前门罗币社区使用的环机密交易协议是基于离散对数难题的。然而随着量子计算机的发展,基于传统数论问题的方案将变得不再安全,后量子方案是一个很好的替代选择。多变量公钥密码学是后量子密码的主要研究方向之一,并且相较于其他后量子密码方案,基于多变量的签名方案往往在签名和验证过程中计算速度快、所需计算资源少,具有很好的研究价值。在多变量环签名方案的基础上,设计了一个基于多变量的环机密交易协议。该协议利用多变量签名方案公钥的加法同态性实现了对交易金额的承诺,并对此承诺进行环签名,通过随机选择区块链中的用户公钥成环,来混淆交易中实际的交易参与者的身份。同时在交易产生过程中会利用交易者的私钥生成唯一一个key-image,并让其参与签名生成过程,成为签名的一部分,通过比对此部分可以有效防止交易双花。在随机预言机模型中证明了本文方案的安全性,并且相比基于格的后量子安全的环机密交易协议,所提方案在签名效率以及验证效率方面都更具优势。Similar to Bitcoin,Monero is also a cryptocurrency.The original Monero is based on the CryptoNote protocol,which uses ring signatures and one-time keys to hide the real identities of both parties to the transaction,but the specific transaction amount is exposed in the area.In the blockchain,there are certain security risks.To address this security hole,Shen Noether proposed ring confidential transactions(RingCT),which utilizes a random number to hide the real transaction amount.The ring confidential transaction protocol currently uses by the Monero community is based on the discrete logarithm problem.However,with the development of quantum computers,solutions based on traditional number theory problems will become no longer secure.Post-quantum solutions are a good alternative.Multivariate public key cryptography is one of the main research directions of post-quantum cryptography,and compared with other post-quantum cryptographic schemes,multivariate-based signature schemes tend to have faster computing speed and less computing resources in the process of signature and verification.It has good research va-lue.Based on the multivariable ring signature scheme,this paper designs a multivariable ring confidential transaction protocol.The protocol uses the additive homomorphism of the public key of the multivariable signature scheme to realize the commitment to the transaction amount,and performs a ring signature on the commitment.By randomly selecting the user public key in the blockchain to form a ring,the identity of the actual transaction participants in the transaction is confused.At the same time,during the transaction generation process,the trader’s private key will be used to generate a unique key-image,and it will participate in the signature generation process and become a part of the signature.By comparing this part,the transaction double-spending can be effectively prevented.The security of the proposed scheme is proved in the random oracle model,and compared with the lattice-based post-quantum secure rin

关 键 词：多变量公钥密码 后量子 环签名 环机密交易协议 同态承诺 

分 类 号：TN918[电子电信—通信与信息系统]