计算机科学

计算机科学 ›› 2014, Vol. 41 ›› Issue (9): 165-168.doi: 10.11896/j.issn.1002-137X.2014.09.031

• 信息安全 • 上一篇    下一篇

具有消息恢复功能的无陷门格签名方案

张襄松,刘振华   

  1. 西安工业大学理学院 西安710032;西安电子科技大学数学与统计学院 西安710071;中国科学院信息工程研究所信息安全国家重点实验室 北京100093;桂林电子科技大学广西信息科学实验中心 桂林541004
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受国家自然科学基金项目(61100229,1,11101321),陕西省教育厅科研计划项目(12JK0852),信息安全国家重点实验室开放基金项目(GW0704127001),广西信息科学实验中心经费,中央高校基本科研业务费项目(K5051270003)资助

Non-trapdoors Lattice Signature Scheme with Message Recovery

ZHANG Xiang-song and LIU Zhen-hua   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

471

摘要: 利用Lyubashevsky拒绝抽样(无陷门)技术,提出了一个高效的具有消息恢复功能的格签名方案。新方案可以看作是 具有消息恢复功能的 Abe-Okamato签名的格密码版本。在随机预言机模型下,利用General Forking Lemma,证明了新方案的选择消息攻击下存在的不可伪造安全性依赖于格上小整数解困难问题假设。新方案没有使用高斯原像抽样作为签名,仅需要简单的矩阵与向量乘法运算,具有短的消息-签名总长度。

关键词: 签名,格密码,消息恢复,小整数解问题,可证明安全

Abstract: Based on Lyubashevsky’s rejection sampling approach (without trapdoors),a lattice-based signature scheme with message recovery was proposed.This scheme can be regarded as lattice-based cryptographic version of Abe-Okamato signature with message recovery.In the random oracle model,we proved the new scheme’s existential unforgeability under chosen message attacks security relies on the Small Integer Solution hardness assumption by using the General Forking Lemma.The proposed scheme does not use Gauss pre-image sampling as a signature,requires just simple matrix-vector multiplication operations,and has short message- signature size.

Key words: Signature,Lattice-based cryptography,Message recovery,Small integer solution,Provable security

[1] Boneh D,Lynn B,Shacham H.Short signatures from the weilpairing [J].Journal of Cryptology,2004,17(4):297-319
[2] Nyberg K,Rueppel R A.A new signature scheme based on the DSA giving message recovery[C]∥CCS 1993.ACM,New York,1993:58-61
[3] Abe M,Okamoto T.A signature scheme with message recovery as secure as discrete logarithm [C]∥ASIACRYPT 1999.LNCS 1716,Springer,Berlin,1999:378-389
[4] 陈辉焱,吕述望.基于身份的具有部分消息恢复功能的签名方案[J].计算机学报,2006,29(9):1622-1627
[5] ISO/IEC 9796-3:Information technology-Security techniques-Digital signature schemes giving message recovery-Part 3:Discrete logarithm based mechanisms(2nd Edition)[S].JTC 1/SC 27.2006
[6] ISO/IEC 9796-2:Information technology-Security techniques-Digital signature schemes giving message recovery-Part 2:Integer factorization based mechanisms(3nd Edition)[S].JTC 1/SC 27.2010
[7] Yang J H,Lin I C.A source authentication scheme based on message recovery digital signature for multicast[J].InternationalJournal of Communication Systems,2013
[8] Ajtai M.Generating hard instances of lattice problems[C]∥STOC 1996.ACM,New York,1996:99-108
[9] 王凤和,胡予濮,贾艳艳.标准模型下的格基数字签名方案[J].西安电子科技大学学报,2012,39(4):57-61
[10] 谢璇,喻建平,王廷,等.基于格的变色龙签名方案[J].计算机科学,2013,40(2):117-119
[11] Gentry C,Peikert C,Vaikuntanathan V.Trapdoors for hard lattices and new cryptographic constructions[C]∥STOC 2008.ACM,New York,2008:197-206
[12] Cash D,Hofheinz D,et al.Bonsai trees,or how to delegate a lattice basis[C]∥EUEOCRYPT 2010.LNCS 6110,Springer,Berlin,2010:523-552
[13] Micciancio D,Peikert C.Trapdoors for lattices:Simpler,tighter,faster,smaller[C]∥EUROCRYPT 2012.LNCS 7237,Springer,Berlin,2012:700-718
[14] Lyubashevsky V.Lattice signatures without trapdoors [C]∥EUROCRYPT 2012.LNCS 7237,Springer,Berlin,2012:738-755
[15] Ducas L,Durmus A,Lepoint T,et al.Lattice signatures and bimodal Gaussians [C]∥Crypto 2013.LNCS 8042,Springer,Berlin,2013:40-56
[16] Bellare M,Neven G.Multi-signatures in the plain public-keymodel and a general forking lemma[C]∥CCS 2006.ACM,New York,2006:390-399
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发