安全的两方协作SM2签名算法

doi:10.3969/j.issn.0372-2112.2020.01.001

PDF(624 KB)

电子学报 ›› 2020, Vol. 48 ›› Issue (1) : 1-8. DOI: 10.3969/j.issn.0372-2112.2020.01.001

学术论文

安全的两方协作SM2签名算法

侯红霞^1,2,3, 杨波^1,3, 张丽娜^1,3,4, 张明瑞^1,3

作者信息 +

Secure Two-Party SM2 Signature Algorithm

HOU Hong-xia^1,2,3, YANG Bo^1,3, ZHANG Li-na^1,3,4, ZHANG Ming-rui^1,3

Author information +

文章历史 +

摘要

在签名算法中，一旦签名私钥被窃取，敌手就可以随意伪造合法用户的签名，从而致使合法用户的权益受到侵害.为了降低签名私钥泄露的风险，本文提出了一种安全的两方协作SM2数字签名算法，该算法将签名私钥拆分成两个部分，分别交由两方来保管，通过采用零知识证明、比特承诺、同态加密等密码学技术保证了只有合法的通信双方才能安全地协作产生完整的SM2签名，任何一方都不能单独恢复出完整的签名私钥，方案的安全性在通用可组合安全框架下被证明，与已有的SM2协作签名方案相比，本文方案具有交互次数少、协作签名效率高等优势.

Abstract

In the signature algorithm,once the private key of the signature is stolen, the adversary can forge the signature of the legal user arbitrarily, which will cause the rights of legal users to be infringed.In order to reduce the risk of signature private key leakage, a secure two-party SM2 digital signature algorithm is proposed in this paper. The private key of the signature is divided into two parts and each part of the private key is handed over to the different parties separately. The cryptographic techniques such as zero-knowledge proof, bit commitment and homomorphic encryption are used to ensure that only the legal users can generate the integrated SM2 signature.The integrated private key cannot be recovered individually. The security of the proposed scheme is proved under the universally composable security framework.Compared with the existing SM2 cooperative signature schemes, the proposed scheme has the advantages of fewer interactions and higher efficiency.

导出引用

侯红霞, 杨波, 张丽娜, 张明瑞. 安全的两方协作SM2签名算法[J]. 电子学报, 2020, 48(1): 1-8. https://doi.org/10.3969/j.issn.0372-2112.2020.01.001

HOU Hong-xia, YANG Bo, ZHANG Li-na, ZHANG Ming-rui. Secure Two-Party SM2 Signature Algorithm[J]. Acta Electronica Sinica, 2020, 48(1): 1-8. https://doi.org/10.3969/j.issn.0372-2112.2020.01.001

中图分类号： TP309

参考文献

[1] GB/T 32918.2-2016,信息安全技术SM2椭圆曲线公钥密码算法[S].
[2] ISO/IEC 14888-3:2016,Information Technology-Security Techniques-Digital Signatures with Appendix-Part 3:Discrete Logarithm Based Mechanisms[S].
[3] ZHANG Yu-di,HE De-biao,ZHANG Ming-wu,et al.A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm[OL].Frontiers of Computer Science,2018-05-28.DOI:10.1007/s11704-018-8106-9.
[4] LIU M,CHEN J,LI H.Partially known nonces and fault injection attacks on SM2 signature algorithm[A].Proceedings of the 9th International Conference on Information Security and Cryptology[C].Berlin:Springer,2013.343-358.
[5] CHEN Jia-zhe,LIU Ming-jie,LI He-xin,SHI Hong-song.Mind your nonces moving:Template-based partially-sharing nonces attack on SM2 digital signature algorithm[A].Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security[C].Singapore:ACM,2015.609-614.
[6] ZHANG Kai-yu,XU Sen,GU Da-wu,et al.Practical partial-nonce-exposure attack on ECC algorithm[A].Proceedings of the 13th International Conference on Computational Intelligence and Security[C].New York:IEEE,2017.248-252.
[7] TUVERI N,HASSAN S,et al.Side-channel analysis of SM2:a late-stage featurization case study[A].Proceedings of the 34th Annual Computer Security Applications Conference[C].San Juan:ACM,2018.147-160.
[8] SHAMIR A.How to share a secret[J].Communications of the ACM,1979,22(11):612-613.
[9] 马春光,石岚,等.属性基门限签名方案及其安全性研究[J].电子学报,2013,41(5):1012-1015. MA Chun-guang,SHI Lan,et al.Threshold attribute-based signature and its security[J].Acta Electronica Sinica,2013,41(5):1012-1015.(in Chinese)
[10] YANG Xiao-dong,WANG Cai-fen,ZHANG Lei,QIU Jian-bin.On-line/off-line threshold proxy re-signatures[J].Chinese Journal of Electronics,2014,23(2):248-253.
[11] YAN Jie,LU Yu,CHEN Li-yun,NIE Wei.A SM2 elliptic curve threshold signature scheme without a trusted center[J].KSII Transactions on International and Information Systems,2016,2(10):897-913.
[12] PEDERSEN T P.Distributed provers with applications to undeniable signatures[A].Proceedings of Advances in Cryptology-EUROCRYPT'91[C].Berlin:Springer,1991.221-242.
[13] LINDELL Y.Fast secure two-party ecdsa signing[A].Proceedings of Annual International Cryptology Conference[C].Berlin:Springer,2017.613-644.
[14] HE De-biao,ZHANG Yu-di,et al.Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography[OL].IEEE Transactions on Dependable and Secure Computing,2018-07-19.DOI:10.1109/TDSC.2018.2857775.
[15] ZHANG Yu-di,HE De-biao,et al.Efficient and provably secure distributed signing protocol for mobile devices in wireless networks[J].IEEE Internet of Things Journal,2018,5(6):5271-5280.
[16] GOLDWASSER S,MICALI S,RACKOFF C.The knowledge complexity of interactive proof system[J].SIAM Journal on Computing,1989,18(1):186-208.
[17] BLUM M.Coin flipping by telephone[A].Proceedings of Advances in Cryptology-CRYPT'81[C].Berlin:Springer,1981.133-137.
[18] PAILLIER P.Cryptosystems based on composite degree residuosity classes[A].Proceedings of Advances in Cryptology-EUROCRYPT'99[C].Berlin:Springer,1999.223-238.
[19] CANETTI R.Universally composable security:a new paradigm for cryptographic protocols[A].Proceedings of the 42nd IEEE Symposium on the FOCS[C].New York:IEEE,2001.136-145.

基金

国家重点研发计划 (No.2017YFB0802000）; 国家自然科学基金 (No.61572303，No.61772326，No.61802241，No.61802242）; "十三五"国家密码发展基金 (No.MMJJ20180217）; 中国科学院信息工程研究所信息安全国家重点实验室开放课题 (No.2017-MS-03）