计算机科学与探索 ›› 2024, Vol. 18 ›› Issue (8): 2190-2202.DOI: 10.3778/j.issn.1673-9418.2310057

• 网络·安全 • 上一篇    下一篇

随机预言机模型下基于身份的格基可链接环签名

谢佳,王露,刘仕钊,高军涛,王保仓   

  1. 1. 河南财经政法大学 计算机与信息工程学院,郑州 450046
    2. 西安电子科技大学 通信工程学院,西安 710071
  • 出版日期:2024-08-01 发布日期:2024-07-29

Identity-Based Linkable Ring Signature from Lattice in Random Oracle Model

XIE Jia, WANG Lu, LIU Shizhao, GAO Juntao, WANG Baocang   

  1. 1. School of Computer and Information Engineering, Henan University of Economics and Law, Zhengzhou 450046, China
    2. School of Telecommunications Engineering, Xidian University, Xi’an 710071, China
  • Online:2024-08-01 Published:2024-07-29

摘要: 作为一种简化的群签名,环签名没有管理员角色,不需要环成员之间合作;签名者仅需自己私钥和其他环成员公钥即可进行签名操作。因其天然的匿名性,环签名在匿名投票、电子货币和车联网等场景得到广泛应用。可链接环签名作为环签名概念的一种变体,在保持了匿名性的同时还可验证两个签名是否来自同一签名者,从而有效解决举报系统中的恶意举报及区块链系统中的双重花费等问题,进而丰富了环签名的应用场景。提出一种基于身份的格基可链接环签名方案,采用G-陷门生成技术生成系统密钥,使用其改进后的陷门委派技术和原像采样算法提取用户私钥,利用双峰高斯分布下的拒绝采样技术生成签名。经安全分析,所提方案在随机预言机模型下满足无条件匿名性、不可伪造性和可链接性,安全性可规约至格上的小整数解(SIS)问题,与现有的方案相比,签名生成时间开销和签名验证时间开销都减少约50%。最后将该方案和基于异或秘密共享算法结合,设计了电子投票协议,从而保证电子投票系统的隐私性和公正性。

关键词: 可链接环签名, 格, 匿名性, G-陷门, 拒绝采样

Abstract: As a simplified group signature, ring signature has no administrator and does not require cooperation among ring members. The signer only needs his private key and the public keys of other ring members to sign. Because of its natural anonymity, ring signature is widely used in scenarios such as anonymous voting, e-cash and vehicular ad-hoc network. As a variant of the ring signature concept, linkable ring signature can verify whether two signatures come from the same signer while maintaining anonymity, thus effectively solving malicious reporting in the reporting system and double spending in the blockchain system, further enriching the application scenarios of ring signature. This paper proposes an identity-based linkable ring signature scheme from lattice, which uses G-trapdoor generation technology to generate the system key, uses its improved trapdoor delegation technology and the preimage sampling algorithm to extract the user??s private key, and uses the rejection sampling technology under bimodal Gaussian to generate the signature. Through security analysis, the proposed scheme meets unconditional anonymity, unforgeability and linkability in random oracle model, and the security can be reduced to the hardness assumption of the small integer solution problem (short integer solution, SIS) on lattice. Compared with existing schemes, both signature generation time overhead and verification time overhead are reduced by about 50%. Finally, the e-voting protocol is designed by combining the scheme of this paper with a secret sharing algorithm based on XOR operation, which ensures the privacy and fairness of the e-voting system.

Key words: linkable ring signature, lattice, anonymity, G-trapdoor, rejection sampling