计算机科学 ›› 2023, Vol. 50 ›› Issue (6A): 220100157-6.doi: 10.11896/jsjkx.220100157
洪璇, 袁梦玲
HONG Xuan, YUAN Mengling
摘要: 与比特币类似,门罗币也是一种加密货币。最初的门罗币是基于CryptoNote协议,该协议使用环签名和一次密钥来隐藏交易双方的真实身份,但是具体的交易金额却暴露在区块链中,存在一定的安全风险。为了解决这个安全漏洞,Shen Noether提出了环机密交易协议(RingCT),利用一个随机数来隐藏真正的交易金额。目前门罗币社区使用的环机密交易协议是基于离散对数难题的。然而随着量子计算机的发展,基于传统数论问题的方案将变得不再安全,后量子方案是一个很好的替代选择。多变量公钥密码学是后量子密码的主要研究方向之一,并且相较于其他后量子密码方案,基于多变量的签名方案往往在签名和验证过程中计算速度快、所需计算资源少,具有很好的研究价值。在多变量环签名方案的基础上,设计了一个基于多变量的环机密交易协议。该协议利用多变量签名方案公钥的加法同态性实现了对交易金额的承诺,并对此承诺进行环签名,通过随机选择区块链中的用户公钥成环,来混淆交易中实际的交易参与者的身份。同时在交易产生过程中会利用交易者的私钥生成唯一一个key-image,并让其参与签名生成过程,成为签名的一部分,通过比对此部分可以有效防止交易双花。在随机预言机模型中证明了本文方案的安全性,并且相比基于格的后量子安全的环机密交易协议,所提方案在签名效率以及验证效率方面都更具优势。
中图分类号:
[1]ZAGHLOUL E,LI T T,MUTKA M W,et al.Bitcoin and Blockchain:Security and Privacy[J].IEEE Internet of Things Journal,2020,7(10):10288-10313. [2]NAKAMOTO S.Bitcoin:A Peer-to-Peer Electronic Cash Sys-tem[EB/OL].[2021-12-06].https://bitcoin.org/bitcoin.pdf. [3]KOSHY P,KOSHY D,MCDANIEL P.An Analysis of Anonymity in Bitcoin Using P2P Network Traffic[C]//Interna-tional Financial Cryptography Association 2014.LNCS 8437,2014:469-485. [4]RON D,SHAMIR A.Quantitative analysis of the full bitcoin transaction graph[C]//Financial Cryptography and Data Security(FC 2013).2013:6-24. [5]WIJAYA D A,LIU J K,STEINFELD R,et al.Anonymizingbitcoin transaction[C]//Information Security Practice and Experience(ISPEC 2016).2016:271-283. [6]DUFFIELD E,DIAZ D.Dash:A Payments-Focused Cryptocurrency[EB/OL].[2021-12-06].https://docs.dash.org/en/stable/introduction/about.html#whitepaper. [7]BEN-SASSON E,CHIESA A,GARMAN C.Zerocash:Decentralized Anonymous Payments from Bitcoin[C]//2014 IEEE Symposium on Security and Privacy.2014:459-474. [8]KOE,ALONSO K M,NOETHER S.Zero to Monero:SecondEdition[EB/OL].[2021-12-06].https://www.getmonero.org/library/Zero-to-Monero-2-0-0.pdf. [9]VAN SABERHAGEN N.CryptoNote v 2.0[EB/OL].[2021-12-06].https://cryptonote.org/whitepaper.pdf. [10]RIVEST R L,SHAMIR A,TAUMAN Y.How to leak a secret[C]//7th International Conference on the Theory and Application of Cryptology and Information Security.2001:552-565. [11]NOETHER S,MACKENZIE A.A Note on Chain Reactions in Traceability in CryptoNote2.0[EB/OL][2021-12-06].https://www.getmonero.org/resources/research-lab/pubs/MRL-0001.pdf. [12]MAXWELL G.Confidential Transactions[EB/OL].[2021-12-06].https://www.weusecoins.com/confidential-transactions/. [13]NOETHER S.Ring Signature Confidential Transactions forMonero[EB/OL].[2021-12-06].https://eprint.iacr.org/2015/1098. [14]PEDERSEN T P.Non-interactive and information-theoretic secure verifiable secret sharing[M].Lecture Notes in Computer Science.Springer:Heidelberg,1992:129-140. [15]LIU J K,WEI V K,WONG D S.Linkable spontaneous anonymous group signature for ad hoc groups[M]//Lecture Notes in Computer Science.Heidelberg:Springer,2004:325-335. [16]RIVEST R L,SHAMIR A,ADLEMAN L.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of the ACM,1978,21(2):120-126. [17]SHOR P W.Polynomial-Time Algorithms for Prime Factoriza-tion and Discrete Logarithms on a Quantum Computer[J].SIAM Review,1999,41(2):303-332. [18]DING J,GOWER J E,SCHMIDT D S.Multivariate Public Key Cryptosystems[M].New York:Springer Science+Business Media,2006. [19]BUCHMANN J,LINDNER R,RÜCKERT M.Post-quantumcryptography:lattice signatures[J].Computing,2009,85(1/2):105-125. [20]LIU W R.Analysis on the Development of CryptosystemsAgainst Quantum Computing Attacks[J].Communication Technology,2017,50(5):1054-1059. [21]HARTMANIS J.Computers and Intractability:A Guide to the Theory of NP-Completeness[J].SIAM Review,1982,24(1):90-91. [22]SUN S F,AU M H,LIU J K.RingCT 2.0:A Compact Accumulator-Based(Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero[C]//Computer Security-ESORICS 2017.2017:456-474. [23]YUEN T H,SUN S F,LIU J K,et al.RingCT 3.0 for Blockchain Confidential Transaction:Shorter Size and Stronger Security[C]//Financial Cryptography and Data Securi-ty(FC 2020).2020:464-483. [24]ALBERTO TORRES W A,STEINFELD R,SAKZAD A.Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain(Lattice RingCT v1.0)[C]//Information Security and Privacy(ACISP 2018).2018:558-576. [25]ALBERTO TORRES W,KUCHTA V,STEINFELD R,et al.Lattice RingCT V2.0 with Multiple Input and Multiple Output Wallets[C]//Information Security and Privacy(ACISP 2019).2019:156-175. |
|