摘要
环签名因其无条件匿名性、自发性和灵活的群结构被广泛应用于电子现金、电子投票等强匿名认证领域.其中,关联环签名可以在不泄露真实签名者身份的前提下证明两个签名是否由同一人签发,因此可以在保障匿名性的前提下避免签名权滥用,如重复投票、电子现金重复花费等问题.然而,已有关联环签名的安全性大多数建立在离散对数困难问题基础上,且绝大多数方案因强关联性导致匿名性退化.为了克服上述问题,该文提出一个基于大整数分解难题和RSA公钥密码体制的可选择关联可转换环签名方案,并给出该类环签名的形式化安全模型.通过选择随机参数生成关联标签的方式,使得所提方案不仅具备强匿名性,而且环签名的关联性可由签名者自主决定.此外,签名者可以在不公开秘密随机参数的前提下将环签名转换为普通数字签名,能够抵抗可转换性攻击.在随机预言机模型下可证明该方案在适应性选择消息和选择公钥攻击下是存在性不可伪造的.此外,性能分析表明,该文方案与同类方案相比具有较高的运行效率.
Ring signatures are widely used in strong anonymous athentication environments such as electronic cash and electronic voting,because of their unconditional anonymity,spontaneity and flexible group structures.However,for some special purpose,we should discriminate if two signatures are signed by the same signer.For example,we should distinguish if a voter has cast mutiple ballots and the same e-cash has been repeatedly consumed.To solve the above mentiond problems,linkable ring signatures were proposed,by which any two signatures generated by the same person can be detected,with the premise of not disclosing the indentity of the real signer.However,most of the existing linkable ring signature schemes are based on discrete logarithm public key cryptosystems,and the vast majority of schemes only have the characteristics of weak anonymity and strong linkability.In this paper,a selectively linkable and convertible ring signature based on RSA public key cryptosystem was proposed,and a formal security model ofthis kind of ring signature was presented.The scheme is proven to be unconditionally anonymous,and the linkability of the signature can be decided by the signer through selecting random parameters to generate the linkable tag.Besides,in necessary occasions,the signer can convert the ring signature into an ordinary digital signature on the premise of not revealing secret parameters,so that he can prove himself as the real signer.It is proven that the proposed scheme can resist the convertable attack and is existentially unforgeable against the adaptive chosen plaintext attack and the chosen public-key attack under the random oracle model.Finally,the performance analysis shows that the proposed scheme has high operating efficiency.
出处
《计算机学报》
EI
CSCD
北大核心
2017年第5期1168-1180,共13页
Chinese Journal of Computers
基金
国家自然科学基金(61003245
61371098)
四川省科技厅应用基础研究基金(2015JY0182)
中央高校基本科研业务费专项基金(SWJTU11CX041)资助~~
关键词
RSA公钥密码体制
环签名
选择关联性
强匿名性
可转换性
RSA public key cryptosystem
ring signature
selective linkability
strong anonymity
convertibility
