| 基于区块链与国密SM9的抗恶意KGC无证书签名方案 |
| |
| 作者姓名: | 唐飞 甘宁 阳祥贵 王金洋 |
| |
| 作者单位: | 1. 重庆邮电大学网络空间安全与信息法学院,重庆 400065;2. 江西昌河航空工业有限公司工程技术部,江西 景德镇 333002 |
| |
| 基金项目: | 国防基础科研计划(JCKY2020205C013) |
| |
| 摘 要: | 无证书密码体制能同时解决证书管理和密钥托管问题,但其安全模型中总是假设TypeⅡ敌手(恶意密钥生成中心(KGC))不会发起公钥替换攻击,这一安全性假设在现实应用中具有一定的局限性。国密SM9签名方案是一种高效的标识密码方案,它采用了安全性好、运算速率高的R-ate双线性对,但需要KGC为用户生成和管理密钥,存在密钥托管问题。针对以上问题,基于区块链和国密 SM9 签名方案提出一种抗恶意KGC无证书签名方案。所提方案基于区块链的去中心化、不易篡改等特性,使用智能合约将用户秘密值对应的部分公钥记录在区块链上,在验签阶段,验证者通过调用智能合约查询用户公钥,从而保证用户公钥的真实性。用户私钥由KGC生成的部分私钥和用户自己随机选取的秘密值构成,用户仅在首次获取私钥时由KGC为其生成部分私钥来对其身份标识符背书。随后可以通过更改秘密值及其存证于区块链的部分公钥实现私钥的自主更新,在此过程中身份标识保持不变,为去中心化应用场景提供密钥管理解决方法。区块链依靠共识机制来保证分布式数据的一致性,用户部分公钥的变更日志存储在区块链中,基于区块链的可追溯性,可对恶意公钥替换攻击行为进行溯源,从而防止恶意KGC发起替换公钥攻击。基于实验仿真和安全性证明结果,所提方案签名与验签的总开销仅需7.4 ms,与同类无证书签名方案相比,所提方案能有效抵抗公钥替换攻击,且具有较高的运算效率。
|
| 关 键 词: | 无证书签名方案 抗恶意KGC 区块链 SM9签名 |
Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 |
| |
| Authors: | Fei TANG Ning GAN Xianggui YANG Jinyang WANG |
| |
| Affiliation: | 1. School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing 400065, China;2. Department of Engineering Technology, Jiangxi Changhe Aviation Industry CO.,LTD, Jingdezhen 333002, China |
| |
| Abstract: | The certificateless cryptosystem can solve the problems of certificate management and key escrow at the same time, but its security model always assumes that Type II adversary (named malicious KGC) will not launch public key replacement attacks.This security assumption has certain limitations in real-world applications.As an efficient identity-based cryptographic scheme, SM9 signature scheme adopts R-ate bilinear pairing which has good security and high computational efficiency.However, it requires KGC to generate and manage keys for users, so it has the problem of key escrow.In view of the above problems, a certificateless signature scheme against malicious KGC was constructed based on blockchain and SM9 signature algorithm.Based on the properties of decentralization and tamper-proof of blockchain, the proposed scheme used the smart contract to record part of the public key corresponding to the user’s secret value on the blockchain.Then, the verifier can revoke the smart contract to query the user’s public key during the signature verification stage.Therefore, the proposed scheme ensured the authenticity of the user’s public key.The user’s private key consisted of the partial private key generated by KGC and a secret randomly chosen by the user.The user required the partial private key generated by KGC to endorse his identity identifier when the user generates the private key for the first time.Subsequently, the private key can be independently updated by changing the secret and the corresponding partial public key.During this process, the identity remains unchanged, which provided a viable solution for key management in decentralized application scenarios.The blockchain relied on the consensus mechanism to ensure the consistency of the distributed data.Based on the traceability of the blockchain, the change log of user’s partial public key was stored in the blockchain, which can trace the source of malicious public key replacement attacks and thereby prevent malicious KGC from launching public key replacement attacks.According to the experimental simulation and security proof results, the total overhead of signature and verification of the proposed scheme is only 7.4ms.Compared with similar certificateless signature schemes, the proposed scheme can effectively resist public key replacement attacks and has higher computational efficiency. |
| |
| Keywords: | certificateless signature anti malicious KGC blockchain SM9 signature |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
