标准模型下可撤销的基于身份的代理重签名方案

doi:10.11959/j.issn.1000-436x.2019072

通信学报 ›› 2019, Vol. 40 ›› Issue (5): 153-162.doi: 10.11959/j.issn.1000-436x.2019072

标准模型下可撤销的基于身份的代理重签名方案

杨小东^1,²,李雨潼¹,王晋利¹,麻婷春¹,王彩芬¹

¹ 西北师范大学计算机科学与工程学院，甘肃兰州 730070
² 密码科学技术国家重点实验室，北京 100878

修回日期:2018-08-16 出版日期:2019-05-25 发布日期:2019-05-30
作者简介:杨小东（1981- ），男，甘肃甘谷人，博士，西北师范大学副教授，主要研究方向为代理重签名和云计算安全。|李雨潼（1994- ），男，甘肃兰州人，西北师范大学硕士生，主要研究方向为应用密码学与车联网安全。|王晋利（1993- ），女，山西泽州人，西北师范大学硕士生，主要研究方向为信息安全理论与技术。|麻婷春（1992- ），女，甘肃武威人，西北师范大学硕士生，主要研究方向为大数据安全。|王彩芬（1963- ），女，河北安国人，博士，西北师范大学教授、博士生导师，主要研究方向为密码协议和网络编码。
基金资助:
国家自然科学基金资助项目(61662069);国家自然科学基金资助项目(61562077);中国博士后科学基金资助项目(2017M610817);兰州市科技计划基金资助项目(2013-4-22);西北师范大学青年教师科研能力提升计划基金资助项目(NWNU-LKQN-14-7)

Revocable identity-based proxy re-signature scheme in the standard model

Xiaodong YANG^1,²,Yutong LI¹,Jinli WANG¹,Tingchun MA¹,Caifen WANG¹

¹ College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China
² State Key Laboratory of Cryptology,Beijing 100878,China

Revised:2018-08-16 Online:2019-05-25 Published:2019-05-30
Supported by:
The National Natural Science Foundation of China(61662069);The National Natural Science Foundation of China(61562077);China Postdoctoral Science Foundation Project(2017M610817);The Science and Technology Project of Lanzhou(2013-4-22);The Foudation for Excellent Yong Teachers by Northwest Normal University(NWNU-LKQN-14-7)

摘要/Abstract

摘要：

用户撤销是基于身份的代理重签名方案在应用中必须解决的重要问题。针对目前基于身份的代理重签名方案不支持用户撤销的问题，引入了可撤销的基于身份代理重签名密码体制，并给出了相应的形式化定义和安全模型。基于代理重签名方案和二叉树结构，构造了一个可撤销的基于身份的代理重签名方案。在所构造的方案中，用户的签名密钥由秘密密钥和更新密钥两部分组成。通过安全信道传输的秘密密钥是固定的，但利用公开信道广播的更新密钥是周期性变化的。只有未被撤销的用户才能获得更新密钥，并使秘密密钥随机化，更新密钥生成当前时间段的签名密钥。在标准模型下证明了所构造的方案在适应性选择身份和消息攻击下是存在不可伪造的，并满足双向性、多用性和抗签名密钥泄露攻击性。分析结果表明，所构造的方案高效地实现了用户的撤销与密钥的更新，具有良好的延展性。

关键词: 基于身份的代理重签名, 用户撤销, 标准模型, 签名密钥泄露, 二叉树

Abstract:

User revocation is necessary to the practical application of identity-based proxy re-signature scheme.To solve the problem that the existing identity-based proxy re-signature schemes cannot provide revocation functionality,the notion of revocable identity-based proxy re-signature was introduced.Furthermore,the formal definition and security model of revocable identity-based proxy re-signature were presented.Based on proxy re-signature scheme and binary tree structure,a revocable identity-based proxy re-signature scheme was proposed.In the proposed,scheme,the user's signing key consists of two parts,a secret key and an update key.The secret key transmitted over the secure channel is fixed,but the update key broadcasted by the public channel is periodically changed.Only the user who has not been revoked can obtain the update key,and then randomize the secret key and update the key to generate the corresponding signature key of the current time period.In the standard model,the proposed scheme is proved to be existentially unforgeable against adaptive chosen-identity and chosen-message attacks.In addition,the proposed scheme has properties of bidirectionality and multi-use,and can resist signing key exposure attacks.The analysis results show that the proposed scheme can efficiently revoke the user and update the user’s key,and thus it has good scalability.

Key words: identity-based proxy re-signature, user revocation, standard model, signing key exposure, binary tree

中图分类号:

TP309.7

杨小东,李雨潼,王晋利,麻婷春,王彩芬. 标准模型下可撤销的基于身份的代理重签名方案[J]. 通信学报, 2019, 40(5): 153-162.

Xiaodong YANG,Yutong LI,Jinli WANG,Tingchun MA,Caifen WANG. Revocable identity-based proxy re-signature scheme in the standard model[J]. Journal on Communications, 2019, 40(5): 153-162.

图/表 5

表1

图1

图2

表2

图3

参考文献 26

[1]	YANG T , YU B , WANG H ,et al. Cryptanalysis and improvement of Panda-public auditing for shared data in cloud and internet of things[J]. Multimedia Tools and Applications, 2017,76(19): 19411-19428.
[2]	SOOKHAK M , GANI A , KHAN M K ,et al. Dynamic remote data auditing for securing big data storage in cloud computing[J]. Information Sciences, 2017,380: 101-116.
[3]	WATERS B , . Efficient identity-based encryption without random oracles[C]// The 24th Annual International Conference on The Theory and Application of Cryptographic Techniques. IACR, 2005: 114-127.
[4]	SHAO J , CAO Z , WANG L ,et al. Proxy re-signature schemes without random oracles[C]// The 8th International Conference on Cryptology. Springer, 2007: 197-209.
[5]	FENG J , LAN C , JIA B . ID-based proxy re-signature scheme with strong unforgeability[J]. Journal of Computer Applications, 2014,34(11): 3291-3294.
[6]	HU X , ZHANG Z , YANG Y . Identity based proxy re-signature schemes without random oracle[C]// Computational Intelligence and Security. 2009: 256-259.
[7]	SHAO J , WEI G , LING Y ,et al. Unidirectional identity-based proxy re-signature[C]// IEEE International Conference on Communications. 2011: 1-5.
[8]	HUANG P , YANG X , YAN L I ,et al. Identity-based proxy re-signature scheme without bilinear pairing[J]. Journal of Computer Applications, 2015,35(6): 1678-1682.
[9]	JIANG M M , HU Y P , WANG B C ,et al. Identity-based unidirectional proxy re-signature over lattice[J]. Journal of Electronics ＆ Information Technology, 2014,36(3): 645-649.
[10]	TIAN M M . Identity-based proxy re-signatures from lattices[J]. Information Processing Letters, 2015,115(4): 462-467.
[11]	CANETTI R , GOLDREICH O , HALEVI S . The random oracle methodology,revisited[J]. Journal of the ACM, 2004,51(4): 557-594.
[12]	BONEH D , FRANKLIN M . Identity-based encryption from the weil pairing[C]// Advances in CRYPTO. 2001: 213-229.
[13]	BOLDYREVA A , GOYAL V , KUMAR V . Identity-based encryption with efficient revocation[C]// ACM Conference on Computer and Communications Security. 2008: 417-426.
[14]	LEE K , LEE D H , PARK J H . Efficient revocable identity-based encryption via subset difference methods[J]. Designs,Codes and Cryptography, 2017,85(1): 39-76.
[15]	ZHANG L , SUN Z , MU Y ,et al. Revocable hierarchical identity-based encryption over lattice for pay-tv systems[J]. International Journal of Embedded Systems, 2017,9(4): 379-398.
[16]	TSAI T T , TSENG Y M , WU T Y . Provably secure revocable ID-based signature in the standard model[J]. Security and Communication Networks, 2013,6(10): 1250-1260.
[17]	LIU Z , ZHANG X , HU Y ,et al. Revocable and strongly unforgeable ID-based signature scheme in the standard model[J]. Security and Communication Networks, 2016,9(14): 2422-2433.
[18]	JIA X , HE D , ZEADALLY S ,et al. Efficient revocable ID-based signature with cloud revocation server[J]. IEEE Access, 2017,5: 2945-2954.
[19]	YANG X , YANG P , AN F ,et al. Cryptanalysis and improvement of a strongly unforgeable identity-based signature scheme[C]// International Conference on Information Security and Cryptology.Springer. 2017: 196-208.
[20]	ZHAO J , WEI B , SU Y . Communication-efficient revocable identity-based signature from multilinear maps[J]. Journal of Ambient Intelligence and Humanized Computing, 2019,10(1): 1-12.
[21]	WEI J , HUANG X , HU X ,et al. Revocable threshold attribute-based signature against signing key exposure[C]// International Conference on Information Security Practice and Experience. 2015: 316-330.
[22]	ZHENG Q , LI Q , AZGIN A ,et al. Data verification in information-centric networking with efficient revocable certificateless signature[C]// IEEE Conference on Communications and Network Security. IEEE, 2017: 1-9.
[23]	HUNG Y H , TSENG Y M , HUANG S S . Lattice-based revocable certificateless signature[J]. Symmetry, 2017,9(10): 242-259.
[24]	XU S , YANG G , MU Y . A new revocable and re-delegable proxy signature and its application[J]. Journal of Computer Science and Technology, 2018,33(2): 380-399.
[25]	WEI J , LIU W , HU X . Forward-secure identity-based signature with efficient revocation[J]. International Journal of Computer Mathematics, 2017,94(7): 1390-1411.
[26]	NAOR D , NAOR M , LOTSPIECH J . Revocation and tracing schemes for stateless receivers[C]// The 21st Annual International Cyptology Conference. IACR, 2001: 41-62.

符号	说明	符号	说明	符号	说明
BT	二叉树	η	叶子节点	G或G_T	循环群
N	叶子节点个数、用户数	path(η)	η到root的节点集合	p	素数
root	根节点	t_i	时间周期	g	G的生成元
θ	非叶子节点	Y	更新的最小节点集合	e	双线性映射
θ_l、θ_r	左/右孩子节点	RL或RL′	用户撤销列表	T	最大时间周期
st	状态	msk	主密钥	M	消息
ID	用户身份	m和n	字符串的比特长度	sk_θ	秘密密钥
uk_t	更新密钥	dk_ID,t	签名密钥	σ_A	原始签名
σ_B	重签名	rk_A→B	重签名密钥	⊥	错误符号

方案	签名长度	重签名长度	签名	重签名	签名验证	抗签名密钥泄露攻击	用户撤销功能
Shao方案^[4]	3\|G\|	3\|G\|	2exp	4Pa +2exp	4Pa	否	否
Feng方案^[5]	3\|G\|	4\|G\|	3exp	4Pa +5exp	5Pa+3exp	否	否
Hu方案^[6]	4\|G\|+\|p\|	4\|G\|+\|p\|	6exp	4Pa+6exp	4Pa+4exp	否	否
本文方案	4\|G\|	4\|G\|	2exp	5Pa+3exp	5Pa+exp	是	是

标准模型下可撤销的基于身份的代理重签名方案

Revocable identity-based proxy re-signature scheme in the standard model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 26

相关文章 15

Metrics

推荐阅读 0

[1]	侯红霞, 张明瑞, 赵艳琦, 董晓丽. 素数阶群上基于非对称对的身份基环签名[J]. 通信学报, 2021, 42(9): 155-164.
[2]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[3]	田苗苗, 陈静, 仲红. 格上基于身份的增量签名方案[J]. 通信学报, 2021, 42(1): 108-117.
[4]	杜瑞忠,石朋亮,何欣枫. 基于覆写验证的云数据确定性删除方案[J]. 通信学报, 2019, 40(1): 130-140.
[5]	孟倩,马建峰,陈克非,苗银宾,杨腾飞. 基于云计算平台的物联网加密数据比较方案[J]. 通信学报, 2018, 39(4): 167-175.
[6]	杨小东,陈春霖,杨平,安发英,麻婷春,王彩芬. 可证安全的部分盲代理重签名方案[J]. 通信学报, 2018, 39(2): 65-72.
[7]	伍祈应,马建峰,李辉,张俊伟,姜奇,苗银宾. 支持用户撤销的多关键字密文查询方案[J]. 通信学报, 2017, 38(8): 183-193.
[8]	汤永利,胡明星,刘琨,叶青,闫玺玺. 新的格上基于身份的全同态加密方案[J]. 通信学报, 2017, 38(5): 39-47.
[9]	牛淑芬,牛灵,王彩芬,李亚红. 标准模型下可证明安全的无证书广义签密[J]. 通信学报, 2017, 38(4): 35-45.
[10]	叶青,胡明星,汤永利,刘琨,闫玺玺. 新的格上基于身份的分级加密方案[J]. 通信学报, 2017, 38(11): 54-64.
[11]	杨小东,杨苗苗,高国娟,李亚楠,鲁小勇,王彩芬. 强不可伪造的基于身份服务器辅助验证签名方案[J]. 通信学报, 2016, 37(6): 49-55.
[12]	杨春丽,闫建华,郑世慧,王励成,杨榆. 对一个格基身份签名方案的分析和改进[J]. 通信学报, 2015, 36(5): 104-111.
[13]	李艳琼,李继国,张亦辰. 标准模型下安全的无证书签名方案[J]. 通信学报, 2015, 36(4): 186-194.
[14]	应作斌,马建峰,崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015, 36(12): 1-221.
[15]	姚亮，杨超，马建峰，张俊伟. 云端数据访问控制中基于中间代理的用户撤销新方法[J]. 通信学报, 2015, 36(11): 92-101.