网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (6): 9-19.doi: 10.11959/j.issn.2096-109x.2022073

• 专题:密码学技术与应用 • 上一篇    下一篇

基于区块链与国密SM9的抗恶意KGC无证书签名方案

唐飞1, 甘宁1, 阳祥贵2, 王金洋1   

  1. 1 重庆邮电大学网络空间安全与信息法学院,重庆 400065
    2 江西昌河航空工业有限公司工程技术部,江西 景德镇 333002
  • 修回日期:2022-09-30 出版日期:2022-12-15 发布日期:2023-01-16
  • 作者简介:唐飞(1986- ),男,重庆垫江人,博士,重庆邮电大学副教授、博士生导师,主要研究方向为公钥密码、隐私保护、区块链等
    甘宁(1998- ),女,重庆綦江人,重庆邮电大学硕士生,主要研究方向为区块链、公钥密码
    阳祥贵(1985- ),男,江西宜春人,江西昌河航空工业有限公司高级工程师,主要研究方向为信息化、数字化、智能制造
    王金洋(1998- ),男,重庆渝北人,重庆邮电大学硕士生,主要研究方向为区块链、公钥密码
  • 基金资助:
    国防基础科研计划(JCKY2020205C013)

Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9

Fei TANG1, Ning GAN1, Xianggui YANG2, Jinyang WANG1   

  1. 1 School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
    2 Department of Engineering Technology, Jiangxi Changhe Aviation Industry CO.,LTD, Jingdezhen 333002, China
  • Revised:2022-09-30 Online:2022-12-15 Published:2023-01-16
  • Supported by:
    The National Defense Basic Research Program(JCKY2020205C013)

摘要:

无证书密码体制能同时解决证书管理和密钥托管问题,但其安全模型中总是假设TypeⅡ敌手(恶意密钥生成中心(KGC))不会发起公钥替换攻击,这一安全性假设在现实应用中具有一定的局限性。国密SM9签名方案是一种高效的标识密码方案,它采用了安全性好、运算速率高的R-ate双线性对,但需要KGC为用户生成和管理密钥,存在密钥托管问题。针对以上问题,基于区块链和国密 SM9 签名方案提出一种抗恶意KGC无证书签名方案。所提方案基于区块链的去中心化、不易篡改等特性,使用智能合约将用户秘密值对应的部分公钥记录在区块链上,在验签阶段,验证者通过调用智能合约查询用户公钥,从而保证用户公钥的真实性。用户私钥由KGC生成的部分私钥和用户自己随机选取的秘密值构成,用户仅在首次获取私钥时由KGC为其生成部分私钥来对其身份标识符背书。随后可以通过更改秘密值及其存证于区块链的部分公钥实现私钥的自主更新,在此过程中身份标识保持不变,为去中心化应用场景提供密钥管理解决方法。区块链依靠共识机制来保证分布式数据的一致性,用户部分公钥的变更日志存储在区块链中,基于区块链的可追溯性,可对恶意公钥替换攻击行为进行溯源,从而防止恶意KGC发起替换公钥攻击。基于实验仿真和安全性证明结果,所提方案签名与验签的总开销仅需7.4 ms,与同类无证书签名方案相比,所提方案能有效抵抗公钥替换攻击,且具有较高的运算效率。

关键词: 无证书签名方案, 抗恶意KGC, 区块链, SM9签名

Abstract:

The certificateless cryptosystem can solve the problems of certificate management and key escrow at the same time, but its security model always assumes that Type II adversary (named malicious KGC) will not launch public key replacement attacks.This security assumption has certain limitations in real-world applications.As an efficient identity-based cryptographic scheme, SM9 signature scheme adopts R-ate bilinear pairing which has good security and high computational efficiency.However, it requires KGC to generate and manage keys for users, so it has the problem of key escrow.In view of the above problems, a certificateless signature scheme against malicious KGC was constructed based on blockchain and SM9 signature algorithm.Based on the properties of decentralization and tamper-proof of blockchain, the proposed scheme used the smart contract to record part of the public key corresponding to the user’s secret value on the blockchain.Then, the verifier can revoke the smart contract to query the user’s public key during the signature verification stage.Therefore, the proposed scheme ensured the authenticity of the user’s public key.The user’s private key consisted of the partial private key generated by KGC and a secret randomly chosen by the user.The user required the partial private key generated by KGC to endorse his identity identifier when the user generates the private key for the first time.Subsequently, the private key can be independently updated by changing the secret and the corresponding partial public key.During this process, the identity remains unchanged, which provided a viable solution for key management in decentralized application scenarios.The blockchain relied on the consensus mechanism to ensure the consistency of the distributed data.Based on the traceability of the blockchain, the change log of user’s partial public key was stored in the blockchain, which can trace the source of malicious public key replacement attacks and thereby prevent malicious KGC from launching public key replacement attacks.According to the experimental simulation and security proof results, the total overhead of signature and verification of the proposed scheme is only 7.4ms.Compared with similar certificateless signature schemes, the proposed scheme can effectively resist public key replacement attacks and has higher computational efficiency.

Key words: certificateless signature, anti malicious KGC, blockchain, SM9 signature

中图分类号: 

No Suggested Reading articles found!