基于国密SM9的分层标识签名方案

谢佳; 栾小杰; 范长友; 王鲁玉; 高军涛; 王保仓

doi:10.12263/DZXB.20250954

您当前的位置：

首页 >

文章列表页 >

基于国密SM9的分层标识签名方案

学术论文 | 更新时间：2026-05-28

- 基于国密SM9的分层标识签名方案
- Hierarchical Identity-Based Signature Scheme Based on SM9
- 电子学报 2026年54卷第2期页码：710-722
- 作者机构：
  
  1.河南财经政法大学计算机与信息工程学院，河南郑州 450046
  2.西安电子科技大学通信工程学院，陕西西安 710071
- 作者简介：
  
  [ "谢佳女，1990年出生于河南省周口市。河南财经政法大学副教授。主要研究方向为公钥密码。E-mail: xiejia199325@163.com" ]
  [ "栾小杰男，2002年8月出生于河南省周口市。河南财经政法大学硕士研究生。主要研究方向为国密SM9算法。E-mail: 891415794@qq.com" ]
  [ "范长友女，2003年出生于河南省新乡市。河南财经政法大学硕士研究生。主要研究方向为环签名。E-mail: 2174251324@qq.com" ]
  [ "王鲁玉女，1999年出生于河南省安阳市。河南财经政法大学硕士研究生。主要研究方向为格公钥密码。E-mail: 2679947093@qq.com" ]
  [ "高军涛男，1979年出生于河北省。西安电子科技大学副教授。主要研究方向为伪随机序列。E-mail: jtgao@mail.xidian.edu.cn" ]
  [ "王保仓男，1979年出生于河南省周口市。西安电子科技大学教授。主要研究方向为公钥密码。E-mail: bcwang79@aliyun.com" ]
- 基金信息：
  
  国家自然科学基金(61802110);河南省重点研发与推广专项（科技攻关）项目(242102210149;222102210326);河南省高等学校重点科研项目(23A413001;25A413008);河南财经政法大学黄廷方/信和青年学者资助计划;河南财经政法大学校级研究课题
- DOI：10.12263/DZXB.20250954
  中图分类号： TP309;
- 收稿：2025-12-19，
  
  录用：2026-02-03，
  
  纸质出版：2026-02-25
- 稿件说明：
移动端阅览
谢佳, 栾小杰, 范长友, 等. 基于国密SM9的分层标识签名方案[J]. 电子学报, 2026, 54(02): 710-722.

XIE Jia, LUAN Xiaojie, FAN Changyou, et al. Hierarchical Identity-Based Signature Scheme Based on SM9[J]. Acta Electronica Sinica, 2026, 54(02): 710-722.
谢佳, 栾小杰, 范长友, 等. 基于国密SM9的分层标识签名方案[J]. 电子学报, 2026, 54(02): 710-722. DOI：10.12263/DZXB.20250954

XIE Jia, LUAN Xiaojie, FAN Changyou, et al. Hierarchical Identity-Based Signature Scheme Based on SM9[J]. Acta Electronica Sinica, 2026, 54(02): 710-722. DOI：10.12263/DZXB.20250954

摘要

我国自主研发的SM9密码算法是重要的商用密码标准和国家标准，对于密码算法的国产化替代具有关键作用。然而，原始SM9数字签名作为标识签名机制，存在不具备分层特征的局限性，在大规模网络环境中极易因用户量激增导致密钥生成中心压力过大和网络拥堵。为解决这一难题，本文首次提出了一种基于国密SM9算法的分层标识签名方案。方案创造性地引入分层签名技术，通过各级节点共同分担密钥生成任务，有效减轻了密钥生成中心的私钥生成与分发压力，完美适用于车联网、区块链等大规模、多层级网络场景。在技术实现上，为了适配SM9算法，本方案基于素数阶群，采用高效的分层技术，完成由上一层签名私钥到下一层级签名私钥的分配，以此来形成一种层级式的私钥更新机制；紧接着用户再根据其签名私钥来进行数字签名，生成的签名值仅由三个群元素构成，相较于原始SM9算法仅增加一个群元素，并实现了常数级签名长度，与层级深度无关。在随机谕言机模型下，给出了方案的严格安全性证明，证明方案满足选择消息和身份攻击下的存在性不可伪造，且方案的安全性可规约至（

，

）-SDH困难问题。理论分析与实验结果表明，本方案在签名生成和验证效率上具有显著优势：随着系统层数

的增加，本方案的签名生成和签名验证时间趋于常量级别，明显优于现有基于双线性对的分层标识签名方案。特别地，当系统层数

为2~10时，签名生成和验证时间分别约为2.24 ms和36.08 ms，签名和验证效率较现有最优的分层签名方案分别提升0.03~2.79倍和0.87~1.27倍。且随着

的增大，效率提升就越大，当

为100时，签名生成和验证效率较现有最优的分层签名方案分别提升约34倍和4.5倍。最后，将本方案应用于车联网身份认证场景，成功解决了车联网环境中因用户量激增而导致的网络拥堵问题，实现了轻量化与去中心化的身份认证机制，为构建高效、安全的国产化大规模网络环境提供了重要的技术支撑。

Abstract

The SM9 cryptographic algorithm

independently developed by China

serves as a critical commercial cryptography standard and national standard

playing a key role in the localization and substitution of cryptographic algorithms. However

the original SM9 digital signature

as an identity-based signature mechanism

suffers from the limitation of not supporting hierarchical features. In large-scale network environments

this can easily lead to excessive pressure on the key generation center and network congestion due to the surge in the number of users. To address this challenge

this paper proposes the first hierarchical identity-based signature scheme based on the national cryptographic SM9 algor

ithm. The scheme innovatively introduces hierarchical signature technology

distributing the key generation task across multiple levels of nodes

effectively alleviating the private key generation and distribution pressure on the key generation center. It is ideally suited for large-scale

multi-layered network scenarios such as the Internet of Vehicles and blockchain. In terms of technical implementation

to adapt to the SM9 algorithm

this scheme is based on prime-order groups and employs efficient hierarchical technology to allocate signature private keys from the upper level to the next level

thereby forming a hierarchical private key update mechanism. Subsequently

users generate digital signatures based on their signature private keys. The resulting signature value consists of only three group elements

adding just one more group element compared to the original SM9 algorithm

and achieves a constant signature length independent of the hierarchical depth. Under the random oracle model

a rigorous security proof of the scheme is provided

demonstrating that the scheme satisfies existential unforgeability under chosen message and identity attacks

and its security can be reduced to the (

)-SDH hardness problem. Theoretical analysis and experimental results show that the proposed scheme has significant advantages in signature generation and verification efficiency. As the number of system layers

increases

the signature generation and verification time of this scheme tends to remain constant

significantly outperforming existing hierarchical identity-based signature schemes based on bilinear pairings. Specifically

when the number of system layers

ranges from 2 to 10

the signature generation and verification times are approximately 2.24 ms and 36.08 ms

respectively

improving efficiency by 0.03 to 2.79 times and 0.87 to 1.27 times compared to the current optimal hierarchical signature schemes. Moreover

increases

the efficiency improvement becomes more pronounced: when

is 100

the signature generation and verification efficiency are enhanced by approximately 34 times and 4.5 times

respectively

compared to the existing optimal hierarchical signature schemes. Finally

the proposed scheme is applied to the identity authentication scenario of the Internet of Vehicles

successfully resolving network congestion caused by the surge in users in the IoV environment. It realizes a lightweight and decentralized identity authentication mechanism

providing crucial technical support for building efficient and secure large-scale network environments with localized cryptographic solutions.

关键词

Keywords

references

Shamir A . Identity-based cryptosystems and signature schemes [C ] // Advances in Cryptology . Berlin, Heidelberg : Springer , 2007 : 47 - 53 .

Boneh D , Franklin M . Identity-based encryption from the Weil pairing [C ] // Advances in Cryptology - CRYPTO 2001 . Berlin, Heidelberg : Springer , 2001 : 213 - 229 . DOI: 10.1007/3-540-44647-8_13 http://dx.doi.org/10.1007/3-540-44647-8_13

Horwitz J , Lynn B . Toward hierarchical identity-based encryption [C ] // Advances in Cryptology - EUROCRYPT 2002 . Berlin, Heidelberg : Springer , 2002 : 466 - 481 . DOI: 10.1007/3-540-46035-7_31 http://dx.doi.org/10.1007/3-540-46035-7_31

Gentry C , Silverberg A . Hierarchical ID-based cryptography [C ] // Advances in Cryptology - ASIACRYPT 2002 . Berlin, Heidelberg : Springer , 2002 : 548 - 566 . DOI: 10.1007/3-540-36178-2_34 http://dx.doi.org/10.1007/3-540-36178-2_34

Boneh D , Boyen X . Efficient selective-ID secure identity-based encryption without random oracles [C ] // Advances in Cryptology - EUROCRYPT 2004 . Berlin, Heidelberg : Springer , 2004 : 223 - 238 . DOI: 10.1007/978-3-540-24676-3_14 http://dx.doi.org/10.1007/978-3-540-24676-3_14

Chow S S M , Hui L C K , Yiu S M , et al . Secure hierarchical identity based signature and its application [C ] // Information and Communications Security . Berlin, Heidelberg : Springer , 2004 : 480 - 494 . DOI: 10.1007/978-3-540-30191-2_37 http://dx.doi.org/10.1007/978-3-540-30191-2_37

Boneh D , Boyen X , Goh E J . Hierarchical identity based encryption with constant size ciphertext [C ] // Advances in Cryptology - EUROCRYPT 2005 . Berlin, Heidelberg : Springer , 2005 : 440 - 456 . DOI: 10.1007/11426639_26 http://dx.doi.org/10.1007/11426639_26

Yuen H , Wei K . Constant-size hierarchical identity-based signature/signcryption without random oracles [J ] . Cryptology ePrint archive , 2005 .

Au M H , Liu J K , Yuen T H , et al . Practical hierarchical identity based encryption and signature schemes without random oracles [J ] . Cryptology ePrint Archive , 2006 .

吴青 , 张乐友 , 胡予濮 . 标准模型下一种新的基于分级身份的短签名方案 [J ] . 计算机研究与发展 , 2011 , 48 ( 8 ): 1357 - 1362 .

Wu Qing , Zhang Leyou , Hu Yupu . A new construction of short hierarchical identity-based signature in the standard model [J ] . Journal of Computer Research and Development , 2011 , 48 ( 8 ): 1357 - 1362 . (in Chinese)

GM/T 0044.1—2016 SM9标识密码算法第1部分:总则 [S ] . DOI: 10.1117/12.3091170 http://dx.doi.org/10.1117/12.3091170

GM/T 0044.1—2016 Identity-based cryptographic algorithms SM9: Part 1: General [S ] . DOI: 10.1117/12.3091170 http://dx.doi.org/10.1117/12.3091170

彭聪 , 何德彪 , 罗敏 , 等 . 基于SM9标识密码算法的环签名方案 [J ] . 密码学报 , 2021 , 8 ( 4 ): 724 - 734 . DOI: 10.13868/j.cnki.jcr.000473 http://dx.doi.org/10.13868/j.cnki.jcr.000473

Peng Cong , He Debiao , Luo Min , et al . An identity-based ring signature scheme for SM9 algorithm [J ] . Journal of Cryptologic Research , 2021 , 8 ( 4 ): 724 - 734 . (in Chinese) . DOI: 10.13868/j.cnki.jcr.000473 http://dx.doi.org/10.13868/j.cnki.jcr.000473

邓浩明 , 彭长根 , 丁红发 , 等 . 基于国密SM9算法的门限环签名方案 [J ] . 计算机技术与发展 , 2022 , 32 ( 12 ): 95 - 102 .

Deng Haoming , Peng Changgen , Ding Hongfa , et al . A threshold ring signature scheme based on GM SM9 algorithm [J ] . Computer Technology and Development , 2022 , 32 ( 12 ): 95 - 102 . (in Chinese)

安浩杨 , 何德彪 , 包子健 , 等 . 基于SM9数字签名的环签名及其在区块链隐私保护中的应用 [J ] . 计算机研究与发展 , 2023 , 60 ( 11 ): 2545 - 2554 .

An Haoyang , He Debiao , Bao Zijian , et al . Ring signature based on the SM9 digital signature and its application in blockchain privacy protection [J ] . Journal of Computer Research and Development , 2023 , 60 ( 11 ): 2545 - 2554 . (in Chinese)

王伊婷 , 万武南 , 张仕斌 , 等 . 基于SM9算法的可链接环签名方案 [J ] . 计算机应用 , 2024 , 44 ( 12 ): 3709 - 3716 .

Wang Yiting , Wan Wunan , Zhang Shibin , et al . Linkable ring signature scheme based on SM9 algorithm [J ] . Journal of Computer Applications , 2024 , 44 ( 12 ): 3709 - 3716 . (in Chinese)

谢振杰 , 张耀 , 杨启超 , 等 . 基于国密算法SM9的环签名方案 [J ] . 计算机科学 , 2025 , 52 ( 12 ): 384 - 390 .

Xie Zhenjie , Zhang Yao , Yang Qichao , et al . Ring signature scheme based on domestic cryptographic algorithm SM9 [J ] . Computer Science , 2025 , 52 ( 12 ): 384 - 390 . (in Chinese)

谢振杰 , 尹小康 , 蔡瑞杰 , 等 . 基于国密算法SM9的可追踪环签名方案 [J ] . 通信学报 , 2025 , 46 ( 3 ): 199 - 211 .

Xie Zhenjie , Yin Xiaokang , Cai Ruijie , et al . Traceable ring signature scheme based on domestic cryptographic algorithm SM9 [J ] . Journal on Communications , 2025 , 46 ( 3 ): 199 - 211 . (in Chinese)

李继国 , 方淳 . 基于SM9的指定验证者聚合签名方案 [J ] . 网络与信息安全学报 , 2024 , 10 ( 4 ): 63 - 71 .

Li Jiguo , Fang Chun . Designated verifier aggregate signature scheme based on SM9 [J ] . Chinese Journal of Network and Information Security , 2024 , 10 ( 4 ): 63 - 71 . (in Chinese)

李继国 , 朱留富 , 刘成东 , 等 . 标准模型下证明安全的可追踪属性基净化签名方案 [J ] . 计算机研究与发展 , 2021 , 58 ( 10 ): 2253 - 2264 .

Li Jiguo , Zhu Liufu , Liu Chengdong , et al . Provably secure traceable attribute-based sanitizable signature scheme in the standard model [J ] . Journal of Computer Research and Development , 2021 , 58 ( 10 ): 2253 - 2264 . (in Chinese)

唐飞 , 凌国玮 , 单进勇 . 基于国产密码算法SM9的可追踪属性签名方案 [J ] . 电子与信息学报 , 2022 , 44 ( 10 ): 3610 - 3617 . DOI: 10.11999/JEIT210747 http://dx.doi.org/10.11999/JEIT210747

Tang Fei , Ling Guowei , Shan Jinyong . Traceable attribute signature scheme based on domestic cryptographic SM9 algorithm [J ] . Journal of Electronics & Information Technology , 2022 , 44 ( 10 ): 3610 - 3617 . (in Chinese) . DOI: 10.11999/JEIT210747 http://dx.doi.org/10.11999/JEIT210747

朱留富 , 李继国 , 赖建昌 , 等 . 基于商密SM9的属性基在线/离线签名方案 [J ] . 计算机研究与发展 , 2023 , 60 ( 2 ): 362 - 370 . DOI: 10.7544/issn1000-1239.202220530 http://dx.doi.org/10.7544/issn1000-1239.202220530

Zhu Liufu , Li Jiguo , Lai Jianchang , et al . Attribute-based online/offline signature scheme based on SM9 [J ] . Journal of Computer Research and Development , 2023 , 60 ( 2 ): 362 - 370 . (in Chinese) . DOI: 10.7544/issn1000-1239.202220530 http://dx.doi.org/10.7544/issn1000-1239.202220530

周权 , 陈民辉 , 卫凯俊 , 等 . 基于SM9的支持策略隐藏的可追踪属性签名 [J ] . 计算机研究与发展 , 2025 , 62 ( 4 ): 1065 - 1074 .

Zhou Quan , Chen Minhui , Wei Kaijun , et al . Traceable attribute-based signature for SM9-based support policy hidden [J ] . Journal of Computer Research and Development , 2025 , 62 ( 4 ): 1065 - 1074 . (in Chinese)

董佶圣 , 李聪 , 沈子楠 , 等 . 面向区块链的UC安全门限SM9签名方案 [J ] . 计算机研究与发展 , 2026 , 63 ( 1 ): 227 - 242 .

Dong Jisheng , Li Cong , Shen Zinan , et al . Threshold SM9 signature scheme with UC security for blockchain [J ] . Journal of Computer Research and Development , 2026 , 63 ( 1 ): 227 - 242 . (in Chinese)

高睿 , 丁昀 , 高欣 , 等 . 基于国密SM9的密钥隔离签名 [J/OL ] . 软件学报 , 2025 : 1 - 11 . https://doi.org/10.13328/j.cnki.jos.007469 https://doi.org/10.13328/j.cnki.jos.007469 .

Gao Rui , Ding Yun , Gao Xin , et al . Key isolation signature based on state secret SM9 [J/OL ] . Journal of Software , 2025 : 1 - 11 . https://doi.org/10.13328/j.cnki.jos.007469 https://doi.org/10.13328/j.cnki.jos.007469 .

Cheng Z H . Security analysis of SM9 key agreement and encryption [C ] // Information Security and Cryptology . Cham : Springer , 2019 : 3 - 25 . DOI: 10.1007/978-3-030-14234-6_1 http://dx.doi.org/10.1007/978-3-030-14234-6_1

赖建昌 , 黄欣沂 , 何德彪 , 等 . 国密SM9数字签名和密钥封装算法的安全性分析 [J ] . 中国科学(信息科学) , 2021 , 51 ( 11 ): 1900 - 1913 . DOI: 10.1360/ssi-2021-0049 http://dx.doi.org/10.1360/ssi-2021-0049

Lai Jianchang , Huang Xinyi , He Debiao , et al . Security analysis of SM9 digital signature and key encapsulation [J ] . Science in China (Information Sciences) , 2021 , 51 ( 11 ): 1900 - 1913 . (in Chinese) . DOI: 10.1360/ssi-2021-0049 http://dx.doi.org/10.1360/ssi-2021-0049

董佶圣 , 李聪 , 沈子楠 , 等 . 基于国密SM9的区块链匿名交易方案 [J ] . 中国科学: 信息科学 , 2025 , 55 ( 6 ): 1428 - 1446 . DOI: 10.1360/ssi-2025-0013 http://dx.doi.org/10.1360/ssi-2025-0013

Dong Jisheng , Li Cong , Shen Zinan , et al . An anonymous blockchain transaction scheme based on SM9 [J ] . Scientia Sinica (Informationis) , 2025 , 55 ( 6 ): 1428 - 1446 . (in Chinese) . DOI: 10.1360/ssi-2025-0013 http://dx.doi.org/10.1360/ssi-2025-0013

赖建昌 , 黄欣沂 , 何德彪 , 等 . 基于商用密码SM9的高效分层标识加密 [J ] . 中国科学(信息科学) , 2023 , 53 ( 5 ): 918 - 930 .

Lai Jianchang , Huang Xinyi , He Debiao , et al . An efficient hierarchical identity-based encryption based on SM9 [J ] . Scientia Sinica (Informationis) , 2023 , 53 ( 5 ): 918 - 930 . (in Chinese)

李聪 , 梁俊凯 , 丁煜甲 , 等 . 基于SM9的分层标识广播内积函数加密 [J ] . 中国科学: 信息科学 , 2024 , 54 ( 6 ): 1400 - 1418 .

Li Cong , Liang Junkai , Ding Yujia , et al . Hierarchical identity-based broadcast inner product functional encryption based on SM9 [J ] . Scientia Sinica (Informationis) , 2024 , 54 ( 6 ): 1400 - 1418 . (in Chinese)

Chuai Y , Zhang L Y , Xie S W , et al . Hierarchical identity-based encryption based on SM9 [C ] // Data Security and Privacy Protection . Singapore : Springer Nature , 2024 : 106 - 118 . DOI: 10.1007/978-981-97-8540-7_7 http://dx.doi.org/10.1007/978-981-97-8540-7_7

Pointcheval D , Stern J . Security arguments for digital signatures and blind signatures [J ] . Journal of Cryptology , 2000 , 13 ( 3 ): 361 - 396 . DOI: 10.1007/s001450010003 http://dx.doi.org/10.1007/s001450010003

沈俊杰 , 彭江 , 郭坤银 , 等 . 车联网中基于位置信息映射和相关性评估的进化多任务优化算法 [J ] . 电子学报 , 2025 , 53 ( 5 ): 1661 - 1676 .

Shen Junjie , Peng Jiang , Guo Kunyin , et al . Location mapping and correlation assessment based evolutionary multi-task optimization algorithm in the Internet of vehicles [J ] . Acta Electronica Sinica , 2025 , 53 ( 5 ): 1661 - 1676 . (in Chinese)

许小龙 , 杨威 , 杨辰翊 , 等 . 车联网边缘计算环境下基于流量预测的高效任务卸载策略研究 [J ] . 电子学报 , 2025 , 53 ( 2 ): 329 - 343 .

Xu Xiaolong , Yang Wei , Yang Chenyi , et al . Efficient task offloading based on traffic prediction in IoV-enabled edge computing [J ] . Acta Electronica Sinica , 2025 , 53 ( 2 ): 329 - 343 . (in Chinese)

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

Spatial-FineDef：融合多尺度感知与自适应增强的风电机组叶片小缺陷检测方法

基于TCAD与DNN的FinFET器件辐射总剂量效应模型

特征掩码与对比学习融合多维度去过度相关的序列推荐

基于大语言模型语义增强的多模态智能合约漏洞检测方法研究

基于加权优先级与数据包到达时间的MP-QUIC调度算法