SM2椭圆曲线门限密码算法  被引量：27

作　　者：尚铭[1] 马原[1,2,3] 林璟锵[2,3] 荆继武[2,3] 

机构地区：[1]中国科学院大学,北京100049 [2]中国科学院数据与通信保护研究教育中心,北京100093 [3]中国科学院信息工程研究所,北京100093

出　　处：《密码学报》2014年第2期155-166,共12页Journal of Cryptologic Research

基　　金：国家重点基础研究发展项目(973计划)(2013CB338001)

摘　　要：在门限密码学中,私钥信息被分享给独立的多个参与者,每一次私钥计算都需要多个参与者同意,从而提高算法安全性;而且当少量参与者发生故障、不可用时,不影响私钥的可用性.一个安全的(t,n)门限密码算法应当满足:(1)任意多于t个参与者可以计算最终的签名、交换的密钥或明文,而t个或少于t个参与者不能得到关于以上结果的任何信息;(2)在算法执行过程中不泄露关于私钥和参与者的子私钥的任何信息.相比于其他密码体制,椭圆曲线密码体制在达到相同安全性的条件下所需要的密钥更短,因此具有优越性.本文基于最近发布的SM2椭圆曲线公钥密码算法,提出了安全有效的门限密码方案,包括门限签名算法、门限密钥交换协议和门限解密算法,同时分析了上述算法的安全性和效率。本文提出的门限密码算法可支持有可信中心和无可信中心的不同情况,并且具有较小的通信复杂度.安全分析表明,(1)在n≥2t+1(n≥3t+1)情况下,提出的门限签名方案可容忍对t个成员的窃听(中止)攻击,(2)在n≥t+1(n≥2t+1)情况下,提出的门限密钥交换和门限解密算法可以容忍对t个成员的窃听(中止)攻击.In threshold cryptography, a private key is shared among multiple participants, and any private-key computation involves a threshold number of participants, hence to improve the security. When a small number of participants are unavailable, the shared private key is still available. A secure threshold cryptographic algorithm should satisfy that,(1) any t players can figure out the signature, the exchanged key or the plaintext, and t or less than t players cannot obtain any available information of the above results, and(2) the execution of the algorithm must not leak any information about the key or the subkeys. Compared with other cryptosystems, elliptic curve cryptosystem uses a much shorter key to achieve an equivalent level of security, thus is superior. In this paper, we design a threshold scheme for the SM2 elliptic curve cryptographic algorithm, consisting of a threshold signature scheme, a threshold key exchange protocol and a threshold decryption algorithm. In addition, we analyze the security and efficiency of the proposed SM2 threshold schemes. Our schemes can work with or without a trusted dealer, and have a small communication load. The security analysis indicates that,(1) the proposed threshold signature algorithm is secure in the presence of t eavesdropping(halting) faults if the total number of players is n≥2t+1(n≥3t+1),(2) the proposed threshold key exchange protocol and threshold decryption algorithm are secure in the presence of t eavesdropping(halting) faults if the total number of players is n≥t+1(n≥2t+1).

关 键 词：SM2椭圆曲线密码算法 门限密码学 

分 类 号：TN918.4[电子电信—通信与信息系统]