高效的强隐私保护和可转让的属性票据方案

doi:10.11959/j.issn.1000-436x.2022053

通信学报 ›› 2022, Vol. 43 ›› Issue (3): 63-75.doi: 10.11959/j.issn.1000-436x.2022053

高效的强隐私保护和可转让的属性票据方案

封化民¹^,², 史瑞¹^,², 袁峰³, 李艳俊⁴, 杨旸⁵

¹ 北京邮电大学网络空间安全学院，北京 100876
² 北京电子科技学院信息安全研究所，北京 100070
³ 中国航天科工集团第二研究院706所，北京 100854
⁴ 中国电子科技集团第十五研究所，北京 100846
⁵ 福州大学数学与计算机科学学院，福建福州 350108

修回日期:2022-02-22 出版日期:2022-03-25 发布日期:2022-03-01
作者简介:封化民（1963- ），男，陕西富平人，博士，北京邮电大学教授，北京电子科技学院教授，主要研究方向为密码学和信息安全
史瑞（1988- ），男，山东德州人，北京邮电大学博士生，北京电子科技学院工程师，主要研究方向为密码学和隐私保护
袁峰（1982- ），男，北京人，博士，中国航天科工集团第二研究院706所研究员，主要研究方向为密码学和信息安全
李艳俊（1979- ），女，山西晋城人，博士，中国电子科技集团第十五研究所研究员，主要研究方向为密码学和信息安全
杨旸（1984- ），女，湖北随州人，博士，福州大学教授，主要研究方向为密码学和隐私保护
基金资助:
国家重点研发计划基金资助项目(2018YFB0803600);北京电子科技学院一流学科建设基金资助项目(3201024)

Efficient strong privacy protection and transferable attribute-based ticket scheme

Huamin FENG¹^,², Rui SHI¹^,², Feng YUAN³, Yanjun LI⁴, Yang YANG⁵

¹ School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
² Institute of Information Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China
³ Institute 706, Second Academy of CASIC, Beijing 100854, China
⁴ The 15th Research Institute of CETC, Beijing 100846, China
⁵ College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108, China

Revised:2022-02-22 Online:2022-03-25 Published:2022-03-01
Supported by:
The National Key Research and Development Program of China(2018YFB0803600);First Class Discipline Building Project of Beijing Electronic Science and Technology Institute(3201024)

摘要/Abstract

摘要：

为了解决电子票据中面临的效率低、灵活性差和隐私保护不全面的问题，提出了高效的强隐私保护且可转让的属性票据方案。首先，结合属性证书和集合承诺构建了基于属性泄露的票据购买算法；其次，利用等价类上的结构保持签名和动态可延展签名降低了票据购买的计算复杂度，实现了常数复杂度的票据转让和票据验证；再次，为了杜绝恶意的验票方根据卖方身份猜测用户信息的可能，在票据验证中同时实现了用户和卖方的匿名性；最后，给出了方案的安全性定义，并将其安全性规约到普通密码学假设或已证明安全的密码学原语的安全性上。对比和实验结果表明了所提方案的灵活性和高效性。

关键词: 属性票据, 隐私保护, 匿名证书, 结构保持签名

Abstract:

To solve the problems of efficiency, flexibility, and privacy protection faced by electronic tickets, an efficient and transferable attribute-based ticket scheme with strong privacy protection was proposed.Firstly, a ticket issuing algorithm based on attribute disclosure was constructed by combining attribute-based credentials and set commitment.Secondly, the structure-preserving signature on equivalence class and dynamic malleable signature were used to reduce the computational complexity of the ticket issuance, and the ticket transfer and ticket verification with constant complexity were realized.In addition, to prevent the possibility of malicious verifiers guessing user information according to the seller’s identity, the scheme not only realized the anonymity of the user, but also realized the anonymity of the seller in the ticket verification for the first time.Finally, the security definition of the scheme was given, and its security was reduced to either well-known complexity cryptography assumptions or the security of proven cryptography primitives.Comparison and experimental results demonstrate that the proposed scheme is flexible and efficient.

Key words: attribute-based ticket, privacy protection, anonymous credential, structure-preserving signature

中图分类号:

TP309.2

封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75.

Huamin FENG, Rui SHI, Feng YUAN, Yanjun LI, Yang YANG. Efficient strong privacy protection and transferable attribute-based ticket scheme[J]. Journal on Communications, 2022, 43(3): 63-75.

图/表 16

图1

表1

符号定义"

符号	说明
λ	安全参数
ε (λ)	可忽略函数
$x \overset{R}{\leftarrow} ℤ$	从集合 $ℤ$ 中随机选取元素x
$1_{G_{1}}, 1_{G_{2}}$	$G_{1}, G_{2}$ 的单位元
CA,S,U,V	证书中心，卖方，用户，验票方
msk,pp	CA的主密钥，系统参数
$S, A, D$	售票策略集合，用户属性集合，泄露属性集合
(usk,upk)	用户公私钥对
(ssk,spk)	卖方公私钥对
cred _u,cred_s	用户证书，卖方证书
tkt,tid	票据，票据标识
f,tk	票据转让标识，转让密钥
$H ({0, 1}^{*}) \to ℤ_{p}$	哈希函数
ds	追踪双花信息
⊥	失败标识符

表1

图2

图3

图4

图5

图6

图7

图8

图9

表2

表3

表4

图10

图11

图12

参考文献 29

[1]	HAN J G , CHEN L Q , SCHNEIDER S ,et al. Anonymous single sign-on with proxy re-verification[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 223-236.
[2]	HAN J G , CHEN L Q , SCHNEIDER S ,et al. Privacy-preserving electronic ticket scheme with attribute-based credentials[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1836-1849.
[3]	HEYDT-BENJAMIN T S , CHAE H J , DEFEND B ,et al. Privacy for public transportation[C]// International Workshop on Privacy Enhancing Technologies. Berlin:Springer, 2006: 1-19.
[4]	CHAUM D . Security without identification:transaction systems to make big brother obsolete[J]. Communications of the ACM, 1985,28(10): 1030-1044.
[5]	VIVES-GUASCH A , PAYERAS-CAPELLà M M , MUT-PUIGSERVER M ,et al. Anonymous and transferable electronic ticketing scheme[C]// Data Privacy Management and Autonomous Spontaneous Security. Berlin:Springer, 2014: 100-113.
[6]	PAYERAS-CAPELLà M M , MUT-PUIGSERVER M , CASTELLà-ROCA J ,et al. Design and performance evaluation of two approaches to obtain anonymity in transferable electronic ticketing schemes[J]. Mobile Networks and Applications, 2017,22(6): 1137-1156.
[7]	ARFAOUI G , LALANDE J F , TRAORé J , ,et al. A practical set-membership proof for privacy-preserving NFC mobile ticketing[J]. Proceedings on Privacy Enhancing Technologies, 2015,2015(2): 25-45.
[8]	CAMENISCH J , LYSYANSKAYA A . An efficient system for non-transferable anonymous credentials with optional anonymity revocation[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2001: 93-118.
[9]	LYSYANSKAYA A , RIVEST R L , SAHAI A ,et al. Pseudonym systems[C]// International Workshop on Selected Areas in Cryptography. Berlin:Springer, 2000: 184-199.
[10]	CHAUM D , . Blind signatures for untraceable payments[C]// Advances in Cryptology. Berlin:Springer, 1983: 199-203.
[11]	CHAUM D , VAN HEYST E . Group signatures[C]// Workshop on the Theory and Application of of Cryptographic Techniques. Berlin:Springer, 1991: 257-265.
[12]	CAMENISCH J , LYSYANSKAYA A . Signature schemes and anonymous credentials from bilinear maps[C]// Advances in Cryptology –CRYPTO 2004. Berlin:Springer, 2004: 56-72.
[13]	AU M H , SUSILO W , MU Y . Constant-size dynamic k-TAA[C]// International Conference on Security and Cryptography for Networks. Berlin:Springer, 2006: 111-125.
[14]	POINTCHEVAL D , SANDERS O . Short randomizable signatures[J]. IACR Cryptology ePrint Archive,2015, 2015:525.
[15]	BOBOLZ J , EIDENS F , KRENN S ,et al. Privacy-preserving incentive systems with highly efficient point-collection[C]// Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. New York:ACM Press, 2020: 319-333.
[16]	QUERCIA D , HAILES S . MOTET:mobile transactions using electronic tickets[C]// Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks. Piscataway:IEEE Press, 2005: 374-383.
[17]	RUPP A , HINTERW?LDER G , BALDIMTSI F ,et al. P4R:privacy-preserving pre-payments with refunds for transportation systems[C]// International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2013: 205-212.
[18]	BONEH D , LYNN B , SHACHAM H . Short signatures from the Weil pairing[C]// Advances in Cryptology — ASIACRYPT 2001. Springer:Berlin, 2001: 514-532.
[19]	MILUTINOVIC M , DECROIX K , NAESSENS V ,et al. Privacy-preserving public transport ticketing system[C]// IFIP Annual Conference on Data and Applications Security and Privacy. Berlin:Springer, 2015: 135-150.
[20]	ABE M , OKAMOTO T . Provably secure partially blind signatures[C]// Advances in Cryptology — CRYPTO 2000. Springer:Berlin, 2000: 271-286.
[21]	PEDERSEN T P , . Non-interactive and information-theoretic secure verifiable secret sharing[C]// Advances in Cryptology — CRYPTO’91. Springer:Berlin, 1992: 129-140.
[22]	NAKANISHI T , HARUNA N , SUGIYAMA Y . Unlinkable electronic coupon protocol with anonymity control[C]// International Workshop on Information Security. Berlin:Springer, 1999: 37-46.
[23]	VIVES-GUASCH A , CASTELLà-ROCA J , PAYERAS-CAPELLA M M ,et al. An electronic and secure automatic fare collection system with revocable anonymity for users[C]// Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia. New York:ACM Press, 2010: 387-392.
[24]	BONEH D , BOYEN X . Short signatures without random ora-cles[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Springer:Berlin, 2004: 56-73.
[25]	VIVES-GUASCH A , PAYERAS-CAPELLà M M , MUT-PUIGSERVER M ,et al. A secure E-ticketing scheme for mobile devices with near field communication (NFC) that includes exculpability and reusability[J]. IEICE Transactions on Information and Systems, 2012,95(1): 78-93.
[26]	CHASE M , LYSYANSKAYA A . On signatures of knowledge[C]// Annual International Cryptology Conference. Berlin:Springer, 2006: 78-96.
[27]	FUCHSBAUER G , HANSER C , SLAMANIG D . Structure-preserving signatures on equivalence classes and constant-size anonymous credentials[J]. Journal of Cryptology, 2019,32(2): 498-546.
[28]	HANSER C , SLAMANIG D . Structure-preserving signatures on equivalence classes and their application to anonymous credentials[C]// International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2014: 491-511.
[29]	BL?MER J , BOBOLZ J . Delegatable attribute-based anonymous credentials from dynamically malleable signatures[C]// International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2018: 221-239.

方案	匿名性	属性票据（证书）	属性泄露	卖方匿名性	可转让票据	票据转让	双花检测	双花追踪	形式化证明
文献[22]	√	×	—	×	×	—	√	×	×
文献[3]	√	×	—	×	×	—	√	√	×
文献[25]	√	×	—	×	×	—	√	√	×
文献[12]	√	√	ZKP	—	—	—	—	—	√
文献[13]	√	√	ZKP	—	—	—	—	—	√
文献[14]	√	√	ZKP	—	—	—	—	—	√
文献[2]	√	√	ZKP	×	×	—	√	√	√
文献[5-6]	√	×	—	×	√	签名链	√	√	√
本文方案	√	√	SPS-EQ	√	√	DMS	√	√	√

算法	执行实体	本文方案	文献[2]方案
系统初始化	CA	O(n)	O(n)
卖方注册	S	O(1)	O(1)
	CA	O(1)	O(1)
用户注册	U	O(n)	O(n)
	CA	O(n)	O(n)
票据购买	U	O(n-k)	O(n)
	S	O(k)	O(n)
票据验证	U	O(1)	O(1)
	V	O(1)	O(1)
双花追踪	V	O(1)	O(1)

算法	执行实体	本文方案	文献[5-6]方案
票据转让	U	O(1)	O(1)
	U'	O(1)	O(t)
票据验证	U	O(1)	O(1)
	V	O(1)	O(t)

高效的强隐私保护和可转让的属性票据方案

Efficient strong privacy protection and transferable attribute-based ticket scheme

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 16

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153.
[2]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[3]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[4]	胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200.
[5]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[6]	余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28.
[7]	张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141.
[8]	王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.
[9]	于海宁, 张宏莉, 余翔湛, 曲家兴, 葛蒙蒙. 隐私保护的轨迹相似度计算方法[J]. 通信学报, 2022, 43(11): 1-13.
[10]	彭滔, 钟文韬, 王国军, 罗恩韬, 熊金波, 刘忆宁, Hao Wang. 移动社交网络中面向隐私保护的精确好友匹配[J]. 通信学报, 2022, 43(11): 90-103.
[11]	史瑞, 封化民, 谢惠琴, 史国振, 刘飚, 杨旸. 基于带智能卡的移动终端实现的隐私保护的属性票据方案[J]. 通信学报, 2022, 43(10): 26-41.
[12]	熊金波, 周永洁, 毕仁万, 万良, 田有亮. 边缘协同的轻量级隐私保护分类框架[J]. 通信学报, 2022, 43(1): 127-137.
[13]	晏燕, 丛一鸣, Adnan Mahmood, 盛权政. 基于深度学习的位置大数据统计发布与隐私保护方法[J]. 通信学报, 2022, 43(1): 203-216.
[14]	马立川, 彭佳怡, 裴庆祺, 朱浩瑾. 高效的决策树隐私分类服务协议[J]. 通信学报, 2021, 42(8): 80-89.
[15]	刘辉, 刘鑫衍, 许艳, 仲红, 王梦. 隐私保护的VANET警告消息发布协议[J]. 通信学报, 2021, 42(8): 120-129.