新的格上变色龙签名方案  

作　　者：丁亮 陈岩 胡鸿宣 鲁国阳 高淼 Ding Liang;Chen Yan;Hu Hongxuan;Lu Guoyang;Gao Miao(China Tobacco Henan Industrial Co.,Ltd.,Zhengzhou,China;School of Computer Science and Technology,Zhengzhou University of Light Industry,Zhengzhou,China)

机构地区：[1]河南中烟工业有限责任公司,河南郑州 [2]郑州轻工业大学计算机科学与技术学院,河南郑州

出　　处：《科学技术创新》2024年第6期125-129,共5页Scientific and Technological Innovation

基　　金：河南省自然科学基金资助项目(222300420371);河南省网络密码技术重点实验室开放课题(LNCT2022-A09)。

摘　　要：传统的数字签名往往是公开可验证的,而在某些具有隐私保护需求的应用中,签名者不希望其所签署的敏感信息被不诚实的验证者再次传递。相较于诸多具有不可传递性的数字签名原语,变色龙签名(CS)通过在签名算法中嵌入变色龙哈希函数对消息进行散列,更简便地解决了签名的二次传递问题。针对基于传统数论难题的CS无法抵御量子计算机攻击的问题,提出一个基于格上小整数解(SIS)难题假设的CS方案。首先,分析了格上第一个CS方案的安全性漏洞,指出其不满足第三方不可伪造性和签名者可拒绝性;其次,构造了一个新的格上CS方案,并在随机预言机模型下严格证明了新方案的安全性;最后,指出了新方案的签名具有更轻量级的存储和传输效率。A standard digital signature is considered to be publicly verifiable,however,in an application with the special privacy protection requirement,it needs that a confidential message signed by the signer cannot be transmitted again by a dishonest designated verifier.Compared with numerous digital signature primitives with non-transferability,Chameleon Signature(CS)solves this problem more subtly by embedding a chameleon hash function into the signing algorithm.To solve the problem that all CS schemes based on the traditional number theory problems cannot resist quantum computing attacks,a new CS scheme based on the Small Integer Solution(SIS)hardness assumption over lattices is proposed.Firstly,this paper analyzes the vulnerabilities of the first CS scheme over lattices,and points out that it does not satisfy the unforgeability for any third party and the deniability for the signer;Secondly,this paper designs a new CS scheme based on the SIS problem over lattices,and proves its security strictly under the random oracle model;Finally,the comparison shows that the new CS scheme enjoys a lighter signature storage and transmission efficiency.

关 键 词：格 变色龙签名 不可传递性 指定验证者 小整数解 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]