严格可证明安全的两方协同SM2签名协议  

A Two-Party SM2 Signing Protocol with Strict Provable Security

在线阅读下载全文

作  者:程一帆 刘擎宇 梁泽宇 于昇 CHENG Yi-fan;LIU Qing-yu;LIANG Ze-yu;YU Sheng(SSC Holding Company Ltd.,Chengmai,Hainan 571924,China;Laboratory of Cryptography,Oxford-Hainan Blockchain Research Institute,Chengmai,Hainan 571924,China)

机构地区:[1]云海链控股股份有限公司,海南澄迈571924 [2]牛津(海南)区块链研究院有限公司密码学实验室,海南澄迈571924

出  处:《电子学报》2024年第2期540-549,共10页Acta Electronica Sinica

基  金:海南省重大科技计划(No.ZDKJ2020009)。

摘  要:SM2签名算法自提出后得到了广泛的应用,其中电子合同是一个典型的应用场景.用户在使用电子合同服务签约时,由于单个用户抗攻击能力较弱,存在严重的私钥泄露风险,因此往往将私钥托管在服务商的云端服务器上.但是这又涉及对服务商的信任问题,甚至直接影响电子合同的合法性.为了解决这个两难问题,我们基于同态加密的思想提出了一种两方协同SM2签名协议,用户和服务商协同生成并保存各自的私钥分片,在使用时通过线上交互的方式合作生成签名,从而同时解决安全和信任问题.我们发现,现有的两方协同SM2签名协议的安全性都存在问题或者错误,就我们所知,本协议是第一个严格可证明安全的两方协同SM2签名协议.Since it was first proposed,the SM2 signature algorithm has become increasingly popular.A typical appli⁃cation scenario is the electronic contract service.Due to the inadequate anti-attack capability of a single user and the high risk of private key leakage,users who use electronic contract services to sign contracts frequently host the private key on the service provider’s cloud server.However,this calls for consumers to have faith in service providers,and it will even impact the contract’s legitimacy.We suggest a two-party SM2 signing protocol based on the concept of homomorphic encryption to address this conundrum.In order to simultaneously address the issues of security and trust,users and service providers work together to create and save their own private key fragments as well as generate signatures through online interaction.We discover that the two-party SM2 signing protocols currently in use have flaws or security mistakes.This protocol is the first strictly proven secure two-party SM2 signature protocol that we are aware of.

关 键 词:SM2协同签名 可证明安全 电子合同 同态加密 安全多方计算 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象