具有强指定验证者的属性基可净化签名方案  

作　　者：李继国 朱留富 沈剑 陆阳[4] 张亦辰 LI Ji-Guo;ZHU Liu-Fu;SHEN Jian;LU Yang;ZHANG Yi-Chen(College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117;Fujian Provincial Key Laboratory of Network Security and Cryptology,Fuzhou 350117;School of Information Science and Engineering,Zhejiang Sci-Tech University,Hangzhou 310018;School of Computer and Electronic Information/School of Artificial Intelligence,Nanjing Normal University,Nanjing 210023;Key Laboratory of Analytical Mathematics and Applications(Ministry of Education),Fuzhou 350117)

机构地区：[1]福建师范大学计算机与网络空间安全学院,福州350117 [2]福建省网络安全与密码技术重点实验室(福建师范大学),福州350117 [3]浙江理工大学信息科学与工程学院,杭州310018 [4]南京师范大学计算机与电子信息学院/人工智能学院,南京210023 [5]分析数学及应用教育部重点实验室(福建师范大学),福州350117

出　　处：《计算机学报》2023年第9期1806-1819,共14页Chinese Journal of Computers

基　　金：国家自然科学基金项目(62072104,61972095,U21A20465,61922045,62172292,61877034);福建省自然科学基金项目(2020J01159)资助。

摘　　要：属性基签名(Attribute-Based Signature,ABS)利用一组属性代替用户身份从而实现签名者匿名性,并且提供了细粒度访问控制功能.生成的签名可以被任何人公开验证,确保了签名的真实性和有效性.但在一些特定的应用场景中,比如电子投票,电子投标或软件销售许可中,签名者希望签名只能被指定的验证者验证从而防止数字签名恶意传播.同时,当签名消息中包含一些敏感信息时,若未执行脱敏操作也会导致数据隐私泄露.因此,为了实现用户隐私保护以及数据中敏感信息隐藏,本文提出了具有强指定验证者的属性基可净化签名方案.基于双线性Diffie-Hellman(BDH)困难问题假设,在标准模型下证明了方案的安全性.提出的方案不但具有匿名性保护用户身份隐私,而且方案通过对消息进行脱敏操作来保护敏感信息的安全.同时,通过指定验证者验证签名的合法性,使第三方无法判断签名是否由原始签名者生成,因为指定验证者也能产生合法的签名,从而达到控制数字签名/版权恶意传播的目的.进一步,分析了方案的通信开销和计算开销,基于虚拟机Ubuntu 18.4,在Charm0.5框架下实现了提出的方案,实验分析表明提出的方案具有可行性.Attribute-based signature(ABS)uses a set of attributes to replace user’s identity to achieve anonymity,which can provide data integrity,authentication and non-repudiation,and the fine-grained access control function.In attribute-based signature scheme,the signature generated by the original signer can be publicly verified by anyone to ensure the authenticity and validity of the signature.However,in some specific application scenarios,such as electronic voting,electronic bidding or software sales license,the original signer only wants the signature to be verified by the designated verifier to prevent the malicious spread of the digital signature.Even if the designated verifier discloses its secret information,he/she cannot make other people believe the original signer’s signature behavior.In addition,the signature message may contain some sensitiveinformation,for example,in e-health,e-finance,or e-government.The signature message also contains some personal privacy records,business transaction secrets or secret government information.It will lead to privacy leakage if we do not perform desensitization operation,which brings great security risks to individuals and society.The idea of strong-designated verifier signature is that only the designated verifier can verify validity of the signature,and other users can not verify validity of the signature,because the designated verifier can also generate a valid signature by using its secret key.A sanitizable signature is a method that can make the sensitive information be modified or deleted by the sanitizer to generate a sanitizable message.The sanitizer can still generate a valid signature without the signer’s secret key.Therefore,sanitizable signature scheme can protect the privacy of the user.It is challenging problem for the existing ABS scheme to solve privacy leakage and the malicious spread of the signature.In order to address above problems,we propose an attribute-based sanitizable signature scheme with strong designated verifier(ABSS-SDV),which prevents t

关 键 词：属性基签名 强指定验证者 可净化 隐私性 标准模型 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]