SM2签名算法两方门限盲协同计算方案研究  

作　　者：张可臻 林璟锵 王伟[2] 刘勇 李光正 刘振亚 ZHANG Ke-Zhen;LIN Jing-Qiang;WANG Wei;LIU Yong;LI Guang-Zheng;LIU Zhen-Ya(School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230027,China;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;Qi An Xin Technology Group Inc.,Beijing 100044,China)

机构地区：[1]中国科学技术大学网络空间安全学院,合肥230027 [2]中国科学院信息工程研究所信息安全国家重点实验室,北京100085 [3]奇安信科技集团股份有限公司,北京100044

出　　处：《密码学报（中英文）》2024年第4期945-962,共18页Journal of Cryptologic Research

基　　金：国家重点研发计划(2020YFB1005800)。

摘　　要：签名私钥的安全性是数字签名算法的基本要求,签名算法的门限计算方案可有效提高签名私钥的安全性.随着用户隐私日益受到重视,门限计算方案提出了更高要求.近年来有多个SM2签名算法的两方门限盲协同计算方案被提出,在盲协同计算方案中,签名计算需要服务器和客户端协同进行,但是在签名过程中服务器不会获知最终的签名结果,所以当签名结果被公开后,服务器也无法关联签名结果与签名过程,也就无法知道用户执行签名计算的准确时间.现有的多个盲协同计算方案的流程相似,主要区别在于使用了不同的盲化方式和签名随机数.本文对现有的非盲化和盲化的SM2两方门限计算方案进行了全面的分析,总结了在SM2门限计算方案基础上实现盲协同的多种方式,提出了构建SM2签名算法两方门限盲协同计算方案的一般流程,利用该流程可将现有的非盲化方案转化成为相应的盲协同计算方案.The security of private key is the most fundamental requirement of the digital signature schemes,and threshold signature schemes can effectively improve the security of private keys.With the increasing requirement of privacy protection,threshold signature schemes with more properties have been proposed.Recently,several two-party SM2 threshold signature schemes with a blind cooperative server are proposed,where the cooperative server is necessary for a client to finish a signature,however,the server is not aware of final signatures,so that it cannot correlate a signature with the signing process when the signature is made public.The existing threshold signature schemes with blind cooperative servers involve similar processes,where the differences are mainly about different steps of signature blinding methods and random number constructions.This paper analyzes the existing two-party SM2 threshold signature schemes with/without blind cooperative servers,summarizes various ways to blind signatures based on a two-party SM2 threshold signature scheme,and proposes a general transformation for constructing two-party SM2 threshold signature schemes with blind cooperative servers.Using this transformation,based on a two-party SM2 threshold signature scheme,two-party SM2 threshold signature schemes with blind cooperative servers can be designed.

关 键 词：SM2签名算法 两方门限计算方案 盲协同签名 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]