计算机科学与探索 ›› 2020, Vol. 14 ›› Issue (7): 1164-1172.DOI: 10.3778/j.issn.1673-9418.1904022

• 网络与信息安全 • 上一篇    下一篇

利用环上容错学习问题构造可链接环签名方案

叶青,王文博,李莹莹,秦攀科,赵宗渠,王永军   

  1. 河南理工大学 计算机科学与技术学院,河南 焦作 454000
  • 出版日期:2020-07-01 发布日期:2020-08-12

Using Ring Learning with Errors Problem to Construct Linkable Ring Signature Scheme

YE Qing, WANG Wenbo, LI Yingying, QIN Panke, ZHAO Zongqu, WANG Yongjun   

  1. College of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454000, China
  • Online:2020-07-01 Published:2020-08-12

摘要:

针对格上可链接环签名方案中存在密钥较大、效率较低的问题,基于环上容错学习(RLWE)难题,依据“同态承诺→∑-协议→Fiat-Shamir转化”的技术路线,重新构造一个格上可链接环签名方案。首先构造一个基于RLWE难题的多项式环上的同态承诺方案,然后基于承诺方案设计一个∑-协议,并利用Fiat-Shamir转化方法将该∑-协议转化为可链接环签名方案,最后基于该可链接环签名方案提出一个简易的数字货币模型。安全分析表明,由于所提方案基于RLWE困难问题构建,方案的安全性可规约至格上困难问题,抵抗量子计算机攻击。效率分析表明,与以往格上可链接环签名方案相比,由于方案中环元素取自小多项式,所提方案具有更短的密钥尺寸和更高的计算效率,且方案描述更简单。

关键词: 承诺方案, 零知识证明, 环上容错学习问题(RLWE), 可链接环签名

Abstract:

In order to solve the problem of large key size and low efficiency in the linkable ring signature scheme on lattice, this paper reconstructs the linkable ring signature scheme from lattice based on the ring learning with errors (RLWE) problem, according to the technical route of “homomorphic commitment→∑-protocol→Fiat-Shamir transformation”. This paper first constructs a homomorphic commitment scheme over a polynomial ring based on the RLWE problem, and then designs a ∑-protocol based on the commitment scheme, and transforms the ∑-protocol into a linkable ring signature scheme using the Fiat-Shamir transformation methods. Finally, this paper proposes a simple digital currency model based on the linkable ring signature scheme. Security analysis shows since the proposed scheme is constructed based on the problem of RLWE, its security can reduce to the lattice-based difficult problem and resist the quantum computer attack. Efficiency analysis shows compared with the previous linkable ring signature schemes on lattice, since the ring elements in the scheme are taken from small polynomials, the proposed scheme has shorter key size and higher computational efficiency, and the description of the scheme is simpler.

Key words: commitment scheme, zero-knowledge proof, ring learning with errors (RLWE) , linkable ring signature