基于区块链与国密SM9的抗恶意KGC无证书签名方案

doi:10.11959/j.issn.2096-109x.2022073

Abstract

Abstract:

The certificateless cryptosystem can solve the problems of certificate management and key escrow at the same time, but its security model always assumes that Type II adversary (named malicious KGC) will not launch public key replacement attacks.This security assumption has certain limitations in real-world applications.As an efficient identity-based cryptographic scheme, SM9 signature scheme adopts R-ate bilinear pairing which has good security and high computational efficiency.However, it requires KGC to generate and manage keys for users, so it has the problem of key escrow.In view of the above problems, a certificateless signature scheme against malicious KGC was constructed based on blockchain and SM9 signature algorithm.Based on the properties of decentralization and tamper-proof of blockchain, the proposed scheme used the smart contract to record part of the public key corresponding to the user’s secret value on the blockchain.Then, the verifier can revoke the smart contract to query the user’s public key during the signature verification stage.Therefore, the proposed scheme ensured the authenticity of the user’s public key.The user’s private key consisted of the partial private key generated by KGC and a secret randomly chosen by the user.The user required the partial private key generated by KGC to endorse his identity identifier when the user generates the private key for the first time.Subsequently, the private key can be independently updated by changing the secret and the corresponding partial public key.During this process, the identity remains unchanged, which provided a viable solution for key management in decentralized application scenarios.The blockchain relied on the consensus mechanism to ensure the consistency of the distributed data.Based on the traceability of the blockchain, the change log of user’s partial public key was stored in the blockchain, which can trace the source of malicious public key replacement attacks and thereby prevent malicious KGC from launching public key replacement attacks.According to the experimental simulation and security proof results, the total overhead of signature and verification of the proposed scheme is only 7.4ms.Compared with similar certificateless signature schemes, the proposed scheme can effectively resist public key replacement attacks and has higher computational efficiency.

Key words: certificateless signature, anti malicious KGC, blockchain, SM9 signature

CLC Number:

TP309

Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19.

Figures/Tables 7

方案	签名方案	验证方案	总开销/ms	签名长度	类型Ⅰ	类型Ⅱ	恶意KGC	信任等级
文献[10]	$6 E$	$4 B + 2 E$	16.709 2	$3 \| G_{1} \|$	×	×	×	2
文献[11]	$3 E$	$5 B + E$	12.7091	$3 \| G_{1} \|$	√	√	×	2
文献[12]	$3 E + (2 n_{m} + 3) S_{1}$	$3 B + 3 S_{2} + (n_{u} + 2 n_{m} + 1) S_{1}$	＞ 9.8117	$3 \| G_{1} \|$	√	√	×	3
文献[13]	$5 E + (n_{u} + n_{m} + 5) S_{1}$	$4 B + E + 3 S_{2} + (n_{u} + n_{m} + 1) S_{1}$	＞15.906 7	$3 \| G_{1} \|$	×	×	×	2
文献[33]	$B + 2 S_{1} + E + M$	$3 B + E$	9.085 2	$\| G_{1} \| + \| G_{T} \|$	√	√	×	2
本文	$B + E + S_{1}$	$2 B + E + S_{2} + M$	7.447 6	$\| G_{1} \| + \| H_{2} \|$	√	√	√	3

References 36

[1]	Al-RIYAMI S S , PATERSON K G . Certificateless public key cryptography[C]// Proceedings of 9th International Conference on the Theory and Application of Cryptology. 2003: 452-473.
[2]	夏峰, 杨波 . 公钥不可替换无证书签名方案[J]. 计算机科学, 2012,39(8): 92-95.
	XIA F , YANG B . Certificateless signature scheme without public key replaced[J]. Computer Science, 2012,39(8): 92-95.
[3]	王圣宝, 刘文浩, 谢琪 . 无双线性配对的无证书签名方案[J]. 通信学报, 2012,33(4): 93-98.
	WANG S B , LIU W H , XIE Q . Certificateless signature scheme without bilinear pairings[J]. Journal on Communications, 2012,33(4): 93-98.
[4]	王亚飞, 张睿哲 . 强安全无对的无证书签名方案[J]. 通信学报, 2013,34(2): 94-99.
	WANG Y F , ZHANG R Z . Strongly secure certificateless signature scheme without pairings[J]. Journal on Communications, 2013,34(2): 94-99.
[5]	樊爱宛, 杨照锋, 谢丽明 . 强安全无证书签名方案的安全性分析与改进[J]. 通信学报, 2014,35(5): 118-123.
	FAN A W , YANG Z F , XIE L M . Security analysis and improvement of strongly secure certificate less signature scheme[J]. Journal on Communications, 2014,35(5): 118-123.
[6]	李艳琼, 李继国, 张亦辰 . 标准模型下安全的无证书签名方案[J]. 通信学报, 2015,36(4): 189-198.
	LI Y Q , LI J G , ZHANG Y C . Certificateless signature scheme without random oracles[J]. Journal on Communications, 2015,36(4): 189-198.
[7]	汤永利, 王菲菲, 叶青 ,等. 改进的可证明安全无证书签名方案[J]. 北京邮电大学学报, 2016,39(1): 112-116.
	TANG Y L , WANG F F , YE Q ,et al. Improved provably secure certificateless signature scheme[J]. Journal of Beijing University of Posts and Telecommunications, 2016,39(1): 112-116.
[8]	王菁, 李祖猛 . 几个无证书签名方案的伪造攻击[J]. 网络与信息安全学报, 2020,6(3): 108-112.
	WANG J , LI Z M . Forgery attacks on several certificate lesssignature schemes[J]. Chinese Journal of Network and Information Security, 2020,6(3): 108-112.
[9]	HUNG Y H , HUANG S S , TSENG Y M ,et al. Certificateless signature with strong unforgeability in the standard model[J]. Informatica, 2015,26(4): 663-684.
[10]	吴涛, 景晓军 . 一种强不可伪造无证书签名方案的密码学分析与改进[J]. 电子学报, 2018,46(3): 602-606.
	WU T , JING X J . Cryptanalysis and improvement of a certificateless signature scheme with strong unforgeability[J]. Acta Electronica Sinica, 2018,46(3): 602-606.
[11]	杨小东, 王美丁, 裴喜祯 ,等. 一种标准模型下无证书签名方案的安全性分析与改进[J]. 电子学报, 2019,47(9): 1972-1978.
	YANG X D , WANG M D , PEI X Z ,et al. Security analysis and improvement of a certificateless signature scheme in the standard model[J]. Acta Electronica Sinica, 2019,47(9): 1972-1978.
[12]	YANG W , WANG S , WU W ,et al. Top-level secure certificateless signature against malicious-but-passive KGC[J]. IEEE Access, 2019,7: 112870-112878.
[13]	SHIM K A . A new certificateless signature scheme provably secure in the standard model[J]. IEEE Systems Journal, 2019,13(2): 1421-1430.
[14]	国家市场监督管理总局,国家标准化管理委员会. 2-2020 信息安全技术 SM9标识密码算法第2部分:算法[S]. 中国标准出版社, 2020.
	State Administration of Market SupervisionandState Standardization Administration Committee. GM/T 38635.2-2020 Information security technology—Identity-based cryptographic algorithms SM9—Part 2:algorithms[S]. China Standards Press, 2020.
[15]	赖建昌, 黄欣沂, 何德彪 ,等. 国密 SM9 数字签名和密钥封装算法的安全性分析. 中国科学:信息科学, 2021,51: 1900-1913.
	LAI J C , HUANG X Y , HE D B ,et al. Security analysis of SM9 digital signature and key encapsulation (in Chinese). Scientia Sinica Informations, 2021,51: 1900-1913.
[16]	唐飞, 凌国玮, 单进勇 . 基于国密SM2和SM9的加法同态加密方案[J]. 密码学报, 2022,9(3): 535-549.
	TANG F , LING G W , SHAN J Y . Additive homomorphic encryption schemes based on SM2 and SM9[J]. Journal of Cryptologic Research, 2022,9(3): 535-549.
[17]	张超, 彭长根, 丁红发 ,等. 基于国密 SM9 的可搜索加密方案[J]. 计算机工程, 2022: 1-10.
	ZHANG C , PENG C G , DING H F ,et al. Searchable encryption scheme based on china state cryptography standard SM9[J]. Computer Engineering, 2022: 1-10.
[18]	安涛, 马文平, 刘小雪 . VANET中基于 SM9 密码算法的聚合签名方案[J]. 计算机应用与软件, 2020,37(12): 280-284.
	AN T , MA W P , LIU X X . Aggregate signature scheme based on SM9 cryptographic algorithm in VANET[J]. Computer Applications and Software, 2020,37(12): 280-284.
[19]	吕尧, 侯金鹏, 聂冲 ,等. 基于 SM9 算法的部分盲签名方案[J]. 网络与信息安全学报, 2021,7(4): 147-153.
	LYU Y , HOU J P , NIE C ,et al. Partial blind signature algorithm based on SM9[J]. Chinese Journal of Network and Information Security, 2021,7(4): 147-153.
[20]	彭聪, 何德彪, 罗敏 ,等. 基于 SM9 标识密码算法的环签名方案[J]. 密码学报, 2021,8(4): 724-734.
	PENG C , HE D B , LUO M ,et al. An identity-based ring signature scheme for SM9 algorithm[J]. Journal of Cryptologic Research, 2021,8(4): 724-734.
[21]	唐飞, 凌国玮, 单进勇 . 基于国产密码算法SM9的可追踪属性签名方案[J]. 电子与信息学报, 2022,44: 1-8.
	TANG F , LING G W , SHAN J Y . Traceable attribute-based signature scheme based on domestic cryptographic SM9 algorithm[J]. Journal of Electronics and Information, 2022,44: 1-8.
[22]	杨亚涛, 蔡居良, 张筱薇 ,等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019,30(6): 1692-1704.
	YANG Y T , CAI J L , ZHANG X W ,et al. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm[J]. Journal of Software, 2019,30(6): 1692-1704.
[23]	郭阳楠, 蒋文保, 叶帅 . 可监管的区块链匿名交易系统模型[J]. 计算机应用, 2022: 1-10.
	GUO Y N , JIANG W B , YE S . Supervisable blockchain anonymous transaction system model[J]. Computer Applications, 2022: 1-10.
[24]	闻庆峰, 杨文捷, 张永强 . SM9及其PKI在电子政务邮件系统中的应用[J]. 计算机应用与软件, 2017,34(4): 105-109.
	WEN Q F , YANG W J , ZHANG Y Q . Application of SM9 and PKI in e-government e-mail system[J]. Computer Applications and Software, 2017,34(4): 105-109.
[25]	马晓婷, 马文平, 刘小雪 . 基于区块链技术的跨域认证方案[J]. 电子学报, 2018,46(11): 2571-2579.
	MA X T , MA W P , LIU X X . A cross domain authentication scheme based on blockchain technology[J]. Acta electronica Sinica, 2018,46(11): 2571-2579.
[26]	邱帆, 胡凯雨, 左黎明 ,等. 基于国密SM9的配电网分布式控制身份认证技术[J]. 计算机应用与软件, 2020,37(9): 291-295.
	QIU F , HU K Y , ZUO L M ,et al. Distributed control identity authentication technology based on SM9[J]. Computer Applications and Software, 2020,37(9): 291-295.
[27]	姚英英, 常晓林, 甄平 . 基于区块链的去中心化身份认证及密钥管理方案[J]. 网络空间安全, 2019,10(6): 33-39.
	YAO Y Y , CHANG X L , ZHEN P . Decentralized identity authentication and key management scheme based on blockchain[J]. Cyberspace Security, 2019,10(6): 33-39.
[28]	许盛伟, 任雄鹏, 袁峰 ,等. 一种关于 SM9 的安全密钥分发方案[J]. 计算机应用与软件, 2020,37(1): 314-319.
	XU S W , REN X P , YUAN F ,et al. A secure key issuing scheme for SM9[J]. Computer Applications and Software, 2020,37(1): 314-319.
[29]	吴俊青, 彭长根, 谭伟杰 ,等. FaceEncAuth:基于FaceNet和国密算法的人脸识别隐私安全方案[J]. 计算机工程与应用, 2022: 1-7.
	WU J Q , PENG C G , TAN W J ,et al. FaceEncAuth:face recognition privacy security scheme based on FaceNet and SM algorithms[J]. Computer engineering and application, 2022: 1-7.
[30]	NAKAMOTO S . Bitcoin:A peer-to-peer electronic cash system[J]. Decentralized Business Review, 2008:21260.
[31]	GIRAULT M , . Self-certified public keys[C]// Workshop on the Theory and Application of Cryptographic Techniques. Springer, 1991,547(1): 490-497.
[32]	POINTCHEVAL D , STERN J . Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000,13(3): 361-396.
[33]	叶胜男, 陈建华 . 一个强安全的无证书签名方案的分析和改进[J]. 计算机科学, 2021,48(10): 272-277.
	YE S N , CHEN J H . Security Analysis and improvement of strongly secure certificateless digital signature Scheme[J]. Computer Science, 2021,48(10): 272-277.
[34]	LIU J , LI X , YE L ,et al. BPDS:a blockchain based privacy-preserving data sharing for electronic medical records[C]// Proceedings of 2018 IEEE Global Communications Conference (GLOBECOM). 2018: 1-6.
[35]	ALI I , GERVAIS M , AHENE E ,et al. A blockchain-based certificateless public key signature scheme for vehicle-to-infrastructure communication in VANETs[J]. Journal of Systems Architecture, 2019,99:101636.
[36]	BENIL T , JASPER J . Cloud based security on outsourcing using blockchain in E-health systems[J]. Computer Networks, 2020,178:107344.

Metrics

Recommended 0

No Suggested Reading articles found!

Peer节点个数	上链时间/s	查询时间/ms
2	2.083 3	9.407 8
4	2.097 3	13.477 7
8	2.291 7	43.750 7

运算	效率/ms
S₂	0.276 8
S₁	0.088 3
B	1.449 1
E	1.364 1
M	0.007 0

Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 36

Related Articles 15

Metrics

Recommended 0

方案	签名类型	类型Ⅰ	类型Ⅱ	恶意KGC	信任等级
文献[22]	群签名	√	√	×	1
文献[34]	可截取签名	√	√	×	2
文献[35]	聚合签名	√	√	×	2
文献[36]	聚合签名	√	√	×	2
本文	—	√	√	√	3

[1]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[2]	Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114.
[3]	Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17.
[4]	Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120.
[5]	Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.
[6]	Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28.
[7]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[8]	Xiaoling SONG, Yong LIU, Jingnan DONG, Yongfei HUANG. Application and prospect of blockchain in Metaverse [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 45-65.
[9]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[10]	Pengkun JIANG, Wenyin ZHANG, Jiuru WANG, Shanyun HUANG, Wanshui SONG. Blockchain covert communication scheme based on the cover of normal transactions [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 77-86.
[11]	Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.
[12]	Baoqin ZHAI, Jian WANG, Lei HAN, Jiqiang LIU, Jiahao HE, Tianhao LIU. Hierarchical proxy consensus optimization for IoV based on blockchain and trust value [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 142-153.
[13]	Yurong LUO, Jin CAO, Hui LI, Xingwen ZHAO, Chao SHANG. Electronic invoice public verification scheme based on SM2 coalition signature algorithm [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 122-131.
[14]	Jiaren YU, Youliang TIAN, Hui LIN. Design of miner type identification mechanism based on reputation management model [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 128-138.
[15]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.