江明明 胡予濮 王保仓 来齐齐 刘振华
格上基于身份的单向代理重签名
江明明*①胡予濮①王保仓①来齐齐①刘振华②
① (西安电子科技大学综合业务网理论与关键技术国家重点实验室 西安 710071)②(西安电子科技大学数学与统计学院 西安 710071)
代理重签名是简化密钥管理的重要工具,能够提供路径证明和简化证书管理等。目前的代理重签名方案都是基于整数分解与离散对数的,其在量子环境下都不安全。针对这个问题,该文利用原像抽样技术与固定维数的格基委派技术,基于格上的小整数解问题(Small Integer Solution, SIS)的困难性,构造了格上基于身份的代理重签名方案。该方案具有单向性,多次使用性等性质。与其它具有相同性质的基于身份的代理重签名相比,该方案具有验证开销小,渐近复杂度低等优点。
代理重签名;格;高斯抽样;小整数解问题
(2)存在一个概率多项式时间算法Sample Gaussian,抽取一个格中的向量,使得的分布统计接近于;
(3)存在一个概率多项式时间算法SamplePre,抽取一个中的向量,使得的分布统计接近于。
(4)签名:
定价:158.00元推荐理由:本书荣获第九届全国书籍设计艺术展优秀奖,获得“2018年最美的书”称号。本书由著名敦煌学研究专家柴剑虹和刘进宝撰写,既赋予其权威的史学特色,又有文字的简白流畅。全书配有91幅珍贵历史照片及高清精美壁画彩塑图片,另附一张长拉页展现敦煌文献收藏情况,将学术性与艺术性完美融合。
证明 考虑方案的外部安全与内部安全。
内部安全:由于在本方案中,第2层签名包含第1层签名,所以在内部安全中只考虑限制代理安全和和被授权人安全。
对于外部安全,除了重签名询问外,其过程与内部安全的限制代理安全相似。而重签名过程可以利用重签名密钥来模拟,在此不作描述。证毕
表1 方案的效率对比
本文利用原像抽样技术与固定维数的格基委派技术,构造了格上基于身份的多次使用的单向代理重签名方案。该方案基于格上的小整数解问题(Small Integer Solution, SIS),保证了其在量子环境下的安全性。
[1] Blaze M, Bleumer G, and Strauss M. Divertible protocols and atomic proxy cryptography[J].(),1998, 1403: 127-144.
[2] Ateniese G and Hohenberger S. Proxy re-signatures: new definitions, algorithms, and applications[C]. ACM Conference on Computer and Communications Security 2005, Alexandria, VA, USA, 2005: 310-319.
[3] Libert B and Vergnaud D. Multi-use unidirectional proxy re-signatures[C]. ACM Conference on Computer and Communications Security 2008, Alexandria, Virginia, USA, 2008: 511-520.
[4] Shao Jun, Feng Min, Zhu Bin,.. The security model of unidirectional proxy re-signature with private re-signature key[J].(),2010, 6168: 216-232.
[5] Schnorr C P. Efficient identification and signatures for smart cards[J].(),1990, 435: 688-689.
[6] Gentry C, Peikert C, and Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions[C]. Symposium on Theory of Computing 2008, Victoria, British Columbia, Canada, 2008: 197-206.
[7] Cash D, Hofheinz D, Kiltz E,.. Bonsai trees, or how to delegate a lattice basis[J].(),2010, 6110: 523-552.
[8] Agrawal S, Boneh D, and Boyen X. Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE[J].(), 2010, 6223: 98-115.
[9] 王凤和, 胡予濮, 王春晓. 格上基于盆景树模型的环签名[J]. 电子与信息学报, 2010, 32(10): 2400-2403.
[10] Boneh D and Freeman D. Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures[J].(),2011, 6571: 1-16.
[11] Lyubashevsky V. Lattice signatures without trapdoors[J].(),2012, 7237: 738-755.
[12] Micciancio D and Peikert C. Trapdoors for lattices: simpler, tighter, faster, smaller[J].(),2012, 7237: 700-718.
[13] Agrawal S, Boyen X, Vaikuntanathan V,.. Functional encryption for threshold functions (or fuzzy IBE) from lattices[J].(),2012, 7293: 280-297.
[14] Ducas L and Nguyen P Q. Faster Gaussian lattice sampling using lazy floating-point[J].(),2012, 7658: 25-42.
[15] Boyen X. Attribute-based functional encryption on lattices[J].(),2013, 7785: 122-142.
[16] Alwen J and Peiker C. Generating shorter bases for hard random lattices[C]. The 26th International Symposium on Theoretical Aspects of Computer Science, Freiburg, Germany, 2009: 535-553.
江明明: 男,1984年生,博士生,研究方向为格公钥密码、数字签名.
胡予濮: 男,1955年生,博士生导师,教授,研究方向为格公钥密码、流密码等.
王保仓: 男,1979年生,硕士生导师,副教授,研究方向为格公钥密码、多变量密码等.
Identity-based Unidirectional Proxy Re-signature over Lattice
Jiang Ming-ming①Hu Yu-pu①Wang Bao-cang①Lai Qi-qi①Liu Zhen-hua②
①(,,’710071,)②(,,’710071,)
Proxy re-signature is an important tool for simplifying key management, and can be used to prove a proof for a path, manage group signatures, simplify certificate management and so on. Currently, proxy re- signature schemes are based on large integer factorization and discrete logarithm which are not security in quantum setting. For this problem, the first identity-based proxy re-signature scheme over lattices is constructed in this paper, which uses preimage sampleable technology and lattice basis delegation in fixed dimension technology. Its security is based on the hardness of Small Integer Solution (SIS) problem. This scheme possesses the properties of unidirectional, multi-use and so on. Compared with the previous schemes which have the same properties, the proposed scheme has the advantage of low verification cost and low asymptotic computational complexity.
Proxy re-signature; Lattice; Gaussian sampling; Small Integer Solution (SIS) problem
TP309
A
1009-5896(2014)03-0645-05
10.3724/SP.J.1146.2013.00818
2013-06-07收到, 2013-09-11改回
国家自然科学基金(61173151, 61173152, 61100229)资助课题
江明明 jiangmm3806586@126.com