具有临时公钥特性的子分组多重EdDSA签名方案  

作　　者：朱秋池 张振琦 王志伟 ZHU Qiu-chi;ZHANG Zhen-qi;WANG Zhi-wei(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory of Big Data Security and Intelligent Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)

机构地区：[1]南京邮电大学计算机学院、软件学院、网络空间安全学院,江苏南京210023 [2]南京邮电大学江苏省大数据安全与智能处理重点实验室,江苏南京210023

出　　处：《计算机技术与发展》2024年第12期66-72,共7页Computer Technology and Development

基　　金：国家自然科学基金(62372245)。

摘　　要：比特币需要存储在一个安全的钱包中,而钱包只能通过私钥才能打开。如果该私钥仅依赖于一个签名者,那么会对交易造成权力过于集中等不良影响。为了解决这个问题,该文利用爱德华椭圆曲线数字签名算法(EdDSA)提供钱包共享控制的安全策略,同时引入临时公钥,签名者在每次签名时会生成一个新的公钥以增加其身份的混淆性,能够适用于各种需要隐私保护的场景例如匿名认证、电子投票等,从而提出了一个具有临时公钥特性的子分组多重EdDSA方案,其生成的签名大小与标准EdDSA签名相等。方案可以抵御“Byzantine攻击”、“Rouge-Key攻击”和差分故障攻击,定义了方案的鲁棒性并给出了相应的证明;在随机预言机模型下,证明该方案在适应性选择消息攻击下具有不可伪造性,其安全性基于爱德华椭圆曲线离散对数问题(EdDLP)的困难假设。Bitcoin needs to be stored in a secure wallet,which can only be opened by a private key.If the private key only depends on a signer,it will cause undesirable effects such as excessive concentration of power on transactions.In order to solve this problem,we use Edwards-curve Digital Signature Algorithm(EdDSA)to provide a security strategy for wallet sharing control,and introduce a temporary public key.The signer will generate a new public key each time he signs to increase the confusion of his identity,which can be applied to various scenarios requiring privacy protection,such as anonymous authentication,electronic voting,etc.Thus,a subgroup multiple EdDSA signature scheme with temporary public key is proposed,and the size of the generated signature is equal to that of the standard EdDSA signature.The scheme can resist"Byzantine attack","Rouge-Key attack"and differential fault attack.The robustness of the scheme is defined and proved.Under the random oracle model,relying on the hardness of the Edwards-curve Discrete Logarithm Problem(EdDLP),the scheme is proved to be unforgeable under adaptive selection message attacks.

关 键 词：多重签名 临时公钥 EdDSA签名 计算EdDL问题 分叉引理 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]