电子学报 ›› 2020, Vol. 48 ›› Issue (1): 1-8.DOI: 10.3969/j.issn.0372-2112.2020.01.001

• 学术论文 •    下一篇

安全的两方协作SM2签名算法

侯红霞1,2,3, 杨波1,3, 张丽娜1,3,4, 张明瑞1,3   

  1. 1. 陕西师范大学计算机科学学院, 陕西西安 710119;
    2. 西安邮电大学网络空间安全学院, 陕西西安 710121;
    3. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093;
    4. 西安科技大学计算机科学与技术学院, 陕西西安 710054
  • 收稿日期:2018-10-09 修回日期:2019-06-03 出版日期:2020-01-25 发布日期:2020-01-25
  • 通讯作者: 杨波
  • 作者简介:侯红霞 女,1980年生于山西朔州.陕西师范大学计算机科学学院博士研究生,研究方向为密码学、信息安全.E-mail:hongxiahou@snnu.edu.cn
  • 基金资助:
    国家重点研发计划(No.2017YFB0802000);国家自然科学基金(No.61572303,No.61772326,No.61802241,No.61802242);"十三五"国家密码发展基金(No.MMJJ20180217);中国科学院信息工程研究所信息安全国家重点实验室开放课题(No.2017-MS-03)

Secure Two-Party SM2 Signature Algorithm

HOU Hong-xia1,2,3, YANG Bo1,3, ZHANG Li-na1,3,4, ZHANG Ming-rui1,3   

  1. 1. School of Computer Science, Shaanxi Normal University, Xi'an, Shaanxi 710119, China;
    2. School of Cyberspace Security, Xi'an University of Posts & Telecommunications, Xi'an, Shaanxi 710121, China;
    3. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    4. Department of Computing Science and Technology, Xi'an University of Science and Technology, Xi'an, Shaanxi 710054, China
  • Received:2018-10-09 Revised:2019-06-03 Online:2020-01-25 Published:2020-01-25

摘要: 在签名算法中,一旦签名私钥被窃取,敌手就可以随意伪造合法用户的签名,从而致使合法用户的权益受到侵害.为了降低签名私钥泄露的风险,本文提出了一种安全的两方协作SM2数字签名算法,该算法将签名私钥拆分成两个部分,分别交由两方来保管,通过采用零知识证明、比特承诺、同态加密等密码学技术保证了只有合法的通信双方才能安全地协作产生完整的SM2签名,任何一方都不能单独恢复出完整的签名私钥,方案的安全性在通用可组合安全框架下被证明,与已有的SM2协作签名方案相比,本文方案具有交互次数少、协作签名效率高等优势.

关键词: 数字签名, 零知识证明, 比特承诺, 同态加密, 可证明安全

Abstract: In the signature algorithm,once the private key of the signature is stolen,the adversary can forge the signature of the legal user arbitrarily,which will cause the rights of legal users to be infringed.In order to reduce the risk of signature private key leakage,a secure two-party SM2 digital signature algorithm is proposed in this paper.The private key of the signature is divided into two parts and each part of the private key is handed over to the different parties separately.The cryptographic techniques such as zero-knowledge proof,bit commitment and homomorphic encryption are used to ensure that only the legal users can generate the integrated SM2 signature.The integrated private key cannot be recovered individually.The security of the proposed scheme is proved under the universally composable security framework.Compared with the existing SM2 cooperative signature schemes,the proposed scheme has the advantages of fewer interactions and higher efficiency.

Key words: digital signature, zero-knowledge proof, bit commitment, homomorphic encryption, provable security

中图分类号: