高效的可撤销SM9标识签名算法

SM9-IBS是我国在2016年公布的一种标识签名算法行业标准。标识签名算法虽然降低了系统管理用户公钥的复杂性，但是却存在密钥撤销的难题，此外SM9的特殊结构使得已有技术无法完全适用。为此，提出了一种可撤销SM9标识签名算法，可快速实现对用户签名权限的撤销和更新操作。该算法引入一棵完全子树，密钥中心借助该树为每个合法用户生成临时签名密钥，只有使用该密钥生成的签名才可以通过签名验证。在安全性方面，该算法在随机预言机模型中被证明在适应性选择消息和标识攻击模型下满足存在性不可伪造；在效率方面，该方案在密钥更新阶段当系统用户数量较大、被撤销用户数量较少时，密钥中心更新用户签名密钥的时间开销远小于Boneh等人的更新技术。

Efficient revocable SM9 identity-based signature algorithm

SM9-IBS is an industry standard for identity-based signature(IBS) algorithms issued by China in 2016. Although the IBS algorithms can be reduce the complexity of management of user keys, they have the problem of key revocation. In addition, the existing technologies aren''t fully applicable to SM9-IBS due to its special algebraic structure of users'' secret keys. Therefore, this paper proposed an efficient revocable SM9 identity-based signature(shorted as CS-SM9-RIBS) algorithm, which could quickly revoke and update the user''s signature authority. This algorithm introduced a complete subtree, which was used by the key generation center(KGC) generated temporary signature keys for each legitimate user, so that only the signature generated by this key could pass the signature verification. In terms of security, the new algorithm was proven to be existentially unforgeable under adaptive chosen message and identity attacks in the random oracle model. In terms of efficiency, when the number of users in the system was large and the number of revoked users was small in the key update stage, the time cost of the KGC to update the user''s signature key was much smaller than Boneh et al ''s update technology.