安全的两方协作SM2签名算法

doi:10.3969/j.issn.0372-2112.2020.01.001

电子学报 ›› 2020, Vol. 48 ›› Issue (1): 1-8.DOI: 10.3969/j.issn.0372-2112.2020.01.001

• 学术论文 • 下一篇

安全的两方协作SM2签名算法

侯红霞^1,2,3, 杨波^1,3, 张丽娜^1,3,4, 张明瑞^1,3

1. 陕西师范大学计算机科学学院, 陕西西安 710119;
2. 西安邮电大学网络空间安全学院, 陕西西安 710121;
3. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093;
4. 西安科技大学计算机科学与技术学院, 陕西西安 710054

收稿日期:2018-10-09 修回日期:2019-06-03 出版日期:2020-01-25
- 通讯作者:
- 杨波
- 作者简介:
- 侯红霞 女,1980年生于山西朔州.陕西师范大学计算机科学学院博士研究生,研究方向为密码学、信息安全.E-mail:hongxiahou@snnu.edu.cn
- 基金资助:
- 国家重点研发计划 (No.2017YFB0802000）; 国家自然科学基金 (No.61572303，No.61772326，No.61802241，No.61802242）; "十三五"国家密码发展基金 (No.MMJJ20180217）; 中国科学院信息工程研究所信息安全国家重点实验室开放课题 (No.2017-MS-03）

Secure Two-Party SM2 Signature Algorithm

HOU Hong-xia^1,2,3, YANG Bo^1,3, ZHANG Li-na^1,3,4, ZHANG Ming-rui^1,3

1. School of Computer Science, Shaanxi Normal University, Xi'an, Shaanxi 710119, China;
2. School of Cyberspace Security, Xi'an University of Posts & Telecommunications, Xi'an, Shaanxi 710121, China;
3. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
4. Department of Computing Science and Technology, Xi'an University of Science and Technology, Xi'an, Shaanxi 710054, China

Received:2018-10-09 Revised:2019-06-03 Online:2020-01-25 Published:2020-01-25

摘要/Abstract

摘要： 在签名算法中，一旦签名私钥被窃取，敌手就可以随意伪造合法用户的签名，从而致使合法用户的权益受到侵害.为了降低签名私钥泄露的风险，本文提出了一种安全的两方协作SM2数字签名算法，该算法将签名私钥拆分成两个部分，分别交由两方来保管，通过采用零知识证明、比特承诺、同态加密等密码学技术保证了只有合法的通信双方才能安全地协作产生完整的SM2签名，任何一方都不能单独恢复出完整的签名私钥，方案的安全性在通用可组合安全框架下被证明，与已有的SM2协作签名方案相比，本文方案具有交互次数少、协作签名效率高等优势.

关键词: 数字签名, 零知识证明, 比特承诺, 同态加密, 可证明安全

Abstract: In the signature algorithm,once the private key of the signature is stolen,the adversary can forge the signature of the legal user arbitrarily,which will cause the rights of legal users to be infringed.In order to reduce the risk of signature private key leakage,a secure two-party SM2 digital signature algorithm is proposed in this paper.The private key of the signature is divided into two parts and each part of the private key is handed over to the different parties separately.The cryptographic techniques such as zero-knowledge proof,bit commitment and homomorphic encryption are used to ensure that only the legal users can generate the integrated SM2 signature.The integrated private key cannot be recovered individually.The security of the proposed scheme is proved under the universally composable security framework.Compared with the existing SM2 cooperative signature schemes,the proposed scheme has the advantages of fewer interactions and higher efficiency.

Key words: digital signature, zero-knowledge proof, bit commitment, homomorphic encryption, provable security

中图分类号:

TP309

侯红霞, 杨波, 张丽娜, 张明瑞. 安全的两方协作SM2签名算法[J]. 电子学报, 2020, 48(1): 1-8.

HOU Hong-xia, YANG Bo, ZHANG Li-na, ZHANG Ming-rui. Secure Two-Party SM2 Signature Algorithm[J]. Acta Electronica Sinica, 2020, 48(1): 1-8.

参考文献

[1] GB/T 32918.2-2016,信息安全技术SM2椭圆曲线公钥密码算法[S].
[2] ISO/IEC 14888-3:2016,Information Technology-Security Techniques-Digital Signatures with Appendix-Part 3:Discrete Logarithm Based Mechanisms[S].
[3] ZHANG Yu-di,HE De-biao,ZHANG Ming-wu,et al.A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm[OL].Frontiers of Computer Science,2018-05-28.DOI:10.1007/s11704-018-8106-9.
[4] LIU M,CHEN J,LI H.Partially known nonces and fault injection attacks on SM2 signature algorithm[A].Proceedings of the 9th International Conference on Information Security and Cryptology[C].Berlin:Springer,2013.343-358.
[5] CHEN Jia-zhe,LIU Ming-jie,LI He-xin,SHI Hong-song.Mind your nonces moving:Template-based partially-sharing nonces attack on SM2 digital signature algorithm[A].Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security[C].Singapore:ACM,2015.609-614.
[6] ZHANG Kai-yu,XU Sen,GU Da-wu,et al.Practical partial-nonce-exposure attack on ECC algorithm[A].Proceedings of the 13th International Conference on Computational Intelligence and Security[C].New York:IEEE,2017.248-252.
[7] TUVERI N,HASSAN S,et al.Side-channel analysis of SM2:a late-stage featurization case study[A].Proceedings of the 34th Annual Computer Security Applications Conference[C].San Juan:ACM,2018.147-160.
[8] SHAMIR A.How to share a secret[J].Communications of the ACM,1979,22(11):612-613.
[9] 马春光,石岚,等.属性基门限签名方案及其安全性研究[J].电子学报,2013,41(5):1012-1015. MA Chun-guang,SHI Lan,et al.Threshold attribute-based signature and its security[J].Acta Electronica Sinica,2013,41(5):1012-1015.(in Chinese)
[10] YANG Xiao-dong,WANG Cai-fen,ZHANG Lei,QIU Jian-bin.On-line/off-line threshold proxy re-signatures[J].Chinese Journal of Electronics,2014,23(2):248-253.
[11] YAN Jie,LU Yu,CHEN Li-yun,NIE Wei.A SM2 elliptic curve threshold signature scheme without a trusted center[J].KSII Transactions on International and Information Systems,2016,2(10):897-913.
[12] PEDERSEN T P.Distributed provers with applications to undeniable signatures[A].Proceedings of Advances in Cryptology-EUROCRYPT'91[C].Berlin:Springer,1991.221-242.
[13] LINDELL Y.Fast secure two-party ecdsa signing[A].Proceedings of Annual International Cryptology Conference[C].Berlin:Springer,2017.613-644.
[14] HE De-biao,ZHANG Yu-di,et al.Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography[OL].IEEE Transactions on Dependable and Secure Computing,2018-07-19.DOI:10.1109/TDSC.2018.2857775.
[15] ZHANG Yu-di,HE De-biao,et al.Efficient and provably secure distributed signing protocol for mobile devices in wireless networks[J].IEEE Internet of Things Journal,2018,5(6):5271-5280.
[16] GOLDWASSER S,MICALI S,RACKOFF C.The knowledge complexity of interactive proof system[J].SIAM Journal on Computing,1989,18(1):186-208.
[17] BLUM M.Coin flipping by telephone[A].Proceedings of Advances in Cryptology-CRYPT'81[C].Berlin:Springer,1981.133-137.
[18] PAILLIER P.Cryptosystems based on composite degree residuosity classes[A].Proceedings of Advances in Cryptology-EUROCRYPT'99[C].Berlin:Springer,1999.223-238.
[19] CANETTI R.Universally composable security:a new paradigm for cryptographic protocols[A].Proceedings of the 42nd IEEE Symposium on the FOCS[C].New York:IEEE,2001.136-145.

安全的两方协作SM2签名算法

Secure Two-Party SM2 Signature Algorithm

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	丁毅, 沈薇, 李海生, 钟琼慧, 田明宇, 李洁. 面向CNN的区块链可信隐私服务计算模型[J]. 电子学报, 2022, 50(6): 1399-1409.
[2]	尹安琪, 曲彤洲, 郭渊博, 汪定, 陈琳, 李勇飞. 格上基于密文标准语言的可证明安全两轮口令认证密钥交换协议[J]. 电子学报, 2022, 50(5): 1140-1149.
[3]	汪榆淋, 窦家维. k-min问题安全多方计算方案及应用[J]. 电子学报, 2021, 49(11): 2256-2260.
[4]	宋秀丽, 周道洋, 文爱君. d维(t,n)门限量子同态加密算法的设计与仿真[J]. 电子学报, 2020, 48(5): 846-853.
[5]	丁勇, 王冰尧, 袁方, 王玉珏, 张昆, 田磊. 支持第三方仲裁的智能电网数据安全聚合方案[J]. 电子学报, 2020, 48(2): 350-358.
[6]	窦家维, 陈明艳. 多重集的保密计算及应用[J]. 电子学报, 2020, 48(1): 204-208.
[7]	杨小东, 王美丁, 裴喜祯, 李雨潼, 陈春霖, 麻婷春. 一种标准模型下无证书签名方案的安全性分析与改进[J]. 电子学报, 2019, 47(9): 1972-1978.
[8]	李秋贤, 田有亮, 王缵. 基于全同态加密的理性委托计算协议[J]. 电子学报, 2019, 47(2): 470-474.
[9]	李子臣, 张卷美, 杨亚涛, 张峰娟. 基于NTRU的全同态加密方案[J]. 电子学报, 2018, 46(4): 938-944.
[10]	段然, 顾纯祥, 祝跃飞, 郑永辉, 陈莉. 一种NTRU格上基于身份全同态加密体制设计[J]. 电子学报, 2018, 46(10): 2410-2417.
[11]	窦家维, 马丽, 李顺东. 最小值问题的安全多方计算及其应用[J]. 电子学报, 2017, 45(7): 1715-1721.
[12]	李顺东, 左祥建, 杨晓莉, 巩林明. 安全向量优势协议及其应用[J]. 电子学报, 2017, 45(5): 1117-1123.
[13]	陈振华, 李顺东, 王道顺, 黄琼, 张卫国. 集合成员关系的安全多方计算及其应用[J]. 电子学报, 2017, 45(5): 1109-1116.
[14]	辛丹, 顾纯祥, 郑永辉, 光焱, 康元基. 利用RLWE构造基于身份的全同态加密体制[J]. 电子学报, 2016, 44(12): 2887-2893.
[15]	张俊伟, 陈治平, 马建峰, 杨力. 可证明安全的基于位置的Prover-to-Prover密钥交换协议[J]. 电子学报, 2016, 44(1): 14-20.