格上高效的基于身份的环签名体制  被引量：15

作　　者：贾小英[1] 何德彪[2] 许芷岩[2] 刘芹[2] 

机构地区：[1]中南民族大学数学与统计学学院,武汉430074 [2]武汉大学计算机学院,武汉430072

出　　处：《密码学报》2017年第4期392-404,共13页Journal of Cryptologic Research

基　　金：中南民族大学基本科研业务费专项资金项目(CZY15018);国家自然科学基金项目(61572370;61572379;61501333;61603419)

摘　　要：环签名由于具有无管理者和完全匿名的特性,在电子投票、电子货币及匿名举报等方面有着广泛的应用.基于身份的环签名是基于身份的公钥密码技术与环签名技术的融合,既具有环签名的匿名性和不可伪造性,又避免了传统公钥框架下复杂的用户数字证书管理.传统的基于身份的环签名方案一般基于双线性对构造,而量子计算技术的发展为密码带来新的挑战,传统意义下的困难问题在量子计算环境下不再安全.格密码作为一类抗量子计算攻击的公钥密码体制,近年来备受关注.本文提出了一种格上基于身份的环签名体制,给出了基于身份的环签名方案安全模型的形式化定义,将不可伪造性归约到格中小整数解的困难性,在随机谕言模型下证明了所提出方案的完全匿名性和不可伪造性.现有的格上基于身份的环签名方案还很少,且离实用还有一定的距离.由于采用了维数无扩展的格基委派技术和拒绝抽样技术,本文方案与现有的方案相比,具有更高的计算效率、更低的通信和存储开销,更具有实用性.Ring signatures have important applications in scenarios such as e-voting,e-money and whistle blowing due to their fully anonymity and unforgeability. Identity-based ring signature is a merge of identity-based public key cryptography and ring signature technique. It is anonymous, unforgeable, and avoids the management of users' certificates. Traditional construction of identity-based ring signature schemes is mostly based on bilinear pairings. However, the development of quantum computing technique brings new challenge to cryptography. Many traditional cryptographic assumptions do not hold any more under quantum circumstances. As a candidate of quantum-resistant public key cryptosystem, latticed-based cryptography has attracted a lot of attention in recent years. In this paper, we propose an identity-based ring signature scheme over a lattice. We present the formal definition of the security model of identity-based ring signature schemes, and proposed an identity-based ring signature from lattice. We prove the fully anonymity and unforgeability of the proposed scheme in the random oracle model. The unforgeability of the scheme is based on the small integer solution(SIS) problem. As far as we know, there is little study on identity-based ring signatures over lattices and existing solutions are not suitable for practical applications. By employing the technique of lattice basis delegation without expanding the dimension of lattice, as well as the technique of rejection samplings, our scheme has higher computation performance, lower communication and memory cost,which is more practical compared with other existing schemes.

关 键 词：格基委派 拒绝抽样 小整数解问题 基于身份的环签名 

分 类 号：TN918.4[电子电信—通信与信息系统]