基于SM2的高效签密方案  

作　　者：张宇 汪宗斌 秦体红 Zhang Yu;Wang Zongbin;Qin Tihong(Beijing Infosec Technologies Co.,Ltd.,Beijing 100096)

机构地区：[1]北京信安世纪科技股份有限公司,北京100096

出　　处：《信息安全研究》2024年第6期526-531,共6页Journal of Information Security Research

摘　　要：签密融合了数字签名和数据加密的功能,能有效减少系统的计算开销和通信开销.现有签密方案主要以国外设计为主,不符合核心技术自主创新、信息安全自主可控的要求.包含数字签名算法、数据加密算法的SM2密码算法是我国自主设计的商用密码算法,同等安全强度下,计算效率和传输效率均较高,已成为我国密码行业标准,广泛应用于各个领域,以保护数据安全.基于SM2密码算法的核心技术,提出首个基于SM2的高效签密方案.方案具有定长的系统公开参数、用户公私钥对,其中用户私钥由1个整数组成,公钥由1个群元素构成,密文由1个群元素和n比特组成(n为签名数据与明文长度之和).方案的安全性基于椭圆曲线上的离散对数和ECDH困难问题假设.在随机预言模型中证明了方案的安全性.理论分析与实验仿真均表明,相较于传统的先签名再加密的处理方式,方案的通信效率和计算效率都有一定的优势,具有实用价值.A signcryption system combines the functionalities of digital signature and data encryption,significantly reducing computational and communication costs.Most existing signcryption schemes are mainly designed by foreign countries,which does not align with the requirements of independent innovation in core technology and independent and controllable information security.SM2,a Chinese cryptography industry standard for data security,includes both signature and encryption schemes.It offers high computational and transmission efficiency at the same level of security and has been widely adopted across various sectors.This study proposes the first signcryption scheme based on SM2.The proposed scheme has constant-size public parameters,constant-size public and private keys.Specifically,the private key consists a single integer,while the public key consists of a single group element.The ciphertexts comprises one group element and n bits(n is the total length of signature and plaintext).The security of the proposed scheme relies on ECDH assumption and ECDLP assumption.In the random oracle model,the proposed scheme is proved to be secure.Both theoretical analysis and experimental simulations demonstrate that,compared with the traditional sign and then encrypt processing method,the communication and computational efficiency of the scheme have certain advantages,making it practical for real-world applications.

关 键 词：SM2 ECC 签密 可证明安全 随机预言模型 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]