计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (6A): 220100157-6.doi: 10.11896/jsjkx.220100157

• 信息安全 • 上一篇    下一篇

基于多变量公钥密码系统的环机密交易协议

洪璇, 袁梦玲   

  1. 上海师范大学信息与机电工程学院 上海 200234;
    上海师范大学上海智能教育大数据工程技术研究中心 上海 200234
  • 出版日期:2023-06-10 发布日期:2023-06-12
  • 通讯作者: 袁梦玲(yuan_mengling@163.com)
  • 作者简介:(hong@shnu.edu.cn)
  • 基金资助:
    上海师范大学科研发展基金(309-C-9000-21-309203)

Ring Confidential Transaction Protocol Based on Multivariate Public-key Cryptosystem

HONG Xuan, YUAN Mengling   

  1. College of Information,Mechanical and Electrical Engineering,Shanghai Normal University,Shanghai 200234,China;
    Shanghai Engineering Research Center of Intelligent Education and Bigdata,Shanghai Normal University,Shanghai 200234,China
  • Online:2023-06-10 Published:2023-06-12
  • About author:HONG Xuan,born in 1982,Ph.D,professor.Her main research interests include blockchain technology,big data technology,cryptography and network security,etc. YUAN Mengling,born in 1996,postgraduate.Her main research interests include cryptography and digital signatures.
  • Supported by:
    Shanghai Normal University Scientific Research Development Fund Project(309-C-9000-21-309203).

PDF (PC)

244

摘要: 与比特币类似,门罗币也是一种加密货币。最初的门罗币是基于CryptoNote协议,该协议使用环签名和一次密钥来隐藏交易双方的真实身份,但是具体的交易金额却暴露在区块链中,存在一定的安全风险。为了解决这个安全漏洞,Shen Noether提出了环机密交易协议(RingCT),利用一个随机数来隐藏真正的交易金额。目前门罗币社区使用的环机密交易协议是基于离散对数难题的。然而随着量子计算机的发展,基于传统数论问题的方案将变得不再安全,后量子方案是一个很好的替代选择。多变量公钥密码学是后量子密码的主要研究方向之一,并且相较于其他后量子密码方案,基于多变量的签名方案往往在签名和验证过程中计算速度快、所需计算资源少,具有很好的研究价值。在多变量环签名方案的基础上,设计了一个基于多变量的环机密交易协议。该协议利用多变量签名方案公钥的加法同态性实现了对交易金额的承诺,并对此承诺进行环签名,通过随机选择区块链中的用户公钥成环,来混淆交易中实际的交易参与者的身份。同时在交易产生过程中会利用交易者的私钥生成唯一一个key-image,并让其参与签名生成过程,成为签名的一部分,通过比对此部分可以有效防止交易双花。在随机预言机模型中证明了本文方案的安全性,并且相比基于格的后量子安全的环机密交易协议,所提方案在签名效率以及验证效率方面都更具优势。

关键词: 多变量公钥密码, 后量子, 环签名, 环机密交易协议, 同态承诺

Abstract: Similar to Bitcoin,Monero is also a cryptocurrency.The original Monero is based on the CryptoNote protocol,which uses ring signatures and one-time keys to hide the real identities of both parties to the transaction,but the specific transaction amount is exposed in the area.In the blockchain,there are certain security risks.To address this security hole,Shen Noether proposed ring confidential transactions(RingCT),which utilizes a random number to hide the real transaction amount.The ring confidential transaction protocol currently uses by the Monero community is based on the discrete logarithm problem.However,with the development of quantum computers,solutions based on traditional number theory problems will become no longer secure.Post-quantum solutions are a good alternative.Multivariate public key cryptography is one of the main research directions of post-quantum cryptography,and compared with other post-quantum cryptographic schemes,multivariate-based signature schemes tend to have faster computing speed and less computing resources in the process of signature and verification.It has good researchva-lue.Based on the multivariable ring signature scheme,this paper designs a multivariable ring confidential transaction protocol.The protocol uses the additive homomorphism of the public key of the multivariable signature scheme to realize the commitment to the transaction amount,and performs a ring signature on the commitment.By randomly selecting the user public key in the blockchain to form a ring,the identity of the actual transaction participants in the transaction is confused.At the same time,during the transaction generation process,the trader’s private key will be used to generate a unique key-image,and it will participate in the signature generation process and become a part of the signature.By comparing this part,the transaction double-spending can be effectively prevented.The security of the proposed scheme is proved in the random oracle model,and compared with the lattice-based post-quantum secure ring confidential transaction protocol,the proposed scheme has more advantages in signature efficiency and verification efficiency.

Key words: Multivariate public-key cryptosystem, Post-quantum, Ring signature, Ring confidential transactions protocol, Homomorphic commitment

中图分类号: 

  • TN918
[1]ZAGHLOUL E,LI T T,MUTKA M W,et al.Bitcoin and Blockchain:Security and Privacy[J].IEEE Internet of Things Journal,2020,7(10):10288-10313.
[2]NAKAMOTO S.Bitcoin:A Peer-to-Peer Electronic Cash Sys-tem[EB/OL].[2021-12-06].https://bitcoin.org/bitcoin.pdf.
[3]KOSHY P,KOSHY D,MCDANIEL P.An Analysis of Anonymity in Bitcoin Using P2P Network Traffic[C]//Interna-tional Financial Cryptography Association 2014.LNCS 8437,2014:469-485.
[4]RON D,SHAMIR A.Quantitative analysis of the full bitcoin transaction graph[C]//Financial Cryptography and Data Security(FC 2013).2013:6-24.
[5]WIJAYA D A,LIU J K,STEINFELD R,et al.Anonymizingbitcoin transaction[C]//Information Security Practice and Experience(ISPEC 2016).2016:271-283.
[6]DUFFIELD E,DIAZ D.Dash:A Payments-Focused Cryptocurrency[EB/OL].[2021-12-06].https://docs.dash.org/en/stable/introduction/about.html#whitepaper.
[7]BEN-SASSON E,CHIESA A,GARMAN C.Zerocash:Decentralized Anonymous Payments from Bitcoin[C]//2014 IEEE Symposium on Security and Privacy.2014:459-474.
[8]KOE,ALONSO K M,NOETHER S.Zero to Monero:SecondEdition[EB/OL].[2021-12-06].https://www.getmonero.org/library/Zero-to-Monero-2-0-0.pdf.
[9]VAN SABERHAGEN N.CryptoNote v 2.0[EB/OL].[2021-12-06].https://cryptonote.org/whitepaper.pdf.
[10]RIVEST R L,SHAMIR A,TAUMAN Y.How to leak a secret[C]//7th International Conference on the Theory and Application of Cryptology and Information Security.2001:552-565.
[11]NOETHER S,MACKENZIE A.A Note on Chain Reactions in Traceability in CryptoNote2.0[EB/OL][2021-12-06].https://www.getmonero.org/resources/research-lab/pubs/MRL-0001.pdf.
[12]MAXWELL G.Confidential Transactions[EB/OL].[2021-12-06].https://www.weusecoins.com/confidential-transactions/.
[13]NOETHER S.Ring Signature Confidential Transactions forMonero[EB/OL].[2021-12-06].https://eprint.iacr.org/2015/1098.
[14]PEDERSEN T P.Non-interactive and information-theoretic secure verifiable secret sharing[M].Lecture Notes in Computer Science.Springer:Heidelberg,1992:129-140.
[15]LIU J K,WEI V K,WONG D S.Linkable spontaneous anonymous group signature for ad hoc groups[M]//Lecture Notes in Computer Science.Heidelberg:Springer,2004:325-335.
[16]RIVEST R L,SHAMIR A,ADLEMAN L.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of the ACM,1978,21(2):120-126.
[17]SHOR P W.Polynomial-Time Algorithms for Prime Factoriza-tion and Discrete Logarithms on a Quantum Computer[J].SIAM Review,1999,41(2):303-332.
[18]DING J,GOWER J E,SCHMIDT D S.Multivariate Public Key Cryptosystems[M].New York:Springer Science+Business Media,2006.
[19]BUCHMANN J,LINDNER R,RÜCKERT M.Post-quantumcryptography:lattice signatures[J].Computing,2009,85(1/2):105-125.
[20]LIU W R.Analysis on the Development of CryptosystemsAgainst Quantum Computing Attacks[J].Communication Technology,2017,50(5):1054-1059.
[21]HARTMANIS J.Computers and Intractability:A Guide to the Theory of NP-Completeness[J].SIAM Review,1982,24(1):90-91.
[22]SUN S F,AU M H,LIU J K.RingCT 2.0:A Compact Accumulator-Based(Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero[C]//Computer Security-ESORICS 2017.2017:456-474.
[23]YUEN T H,SUN S F,LIU J K,et al.RingCT 3.0 for Blockchain Confidential Transaction:Shorter Size and Stronger Security[C]//Financial Cryptography and Data Securi-ty(FC 2020).2020:464-483.
[24]ALBERTO TORRES W A,STEINFELD R,SAKZAD A.Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain(Lattice RingCT v1.0)[C]//Information Security and Privacy(ACISP 2018).2018:558-576.
[25]ALBERTO TORRES W,KUCHTA V,STEINFELD R,et al.Lattice RingCT V2.0 with Multiple Input and Multiple Output Wallets[C]//Information Security and Privacy(ACISP 2019).2019:156-175.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发