基于国产密码算法SM9的可追踪属性签名方案

国产密码算法SM9是我国自主设计的标识密码方案，现已受到各界的广泛关注。为了解决现有属性签名(ABS)方案验签效率不高这一问题，该文基于国密SM9算法构造新的支持树形访问策略的属性签名方案，该方案的验签操作仅需1次双线性对映射和1次指数运算。此外，所提方案具有签名者身份可追踪功能，防止恶意签名者利用属性签名的匿名性进行非法签名操作，从而避免传统属性签名中无条件匿名性下的签名滥用问题。安全分析结果表明所提方案在随机谕言机模型下具有不可伪造性，同时也可抗合谋攻击。与现有的可追踪属性签名方案相比，所提方案的追踪算法效率更高，签名与验签开销也更低。实验结果表明，所提方案验签算法的计算复杂度与策略规模无关，完成1次验签算法仅需2 ms。

Traceable Attribute Signature Scheme Based on Domestic Cryptographic SM9 Algorithm

The domestic cryptographic SM9 algorithm is an identity-based cryptographic scheme independently designed by our nation, and has progressively attracted attention from all walks of life. In order to resolve the problem of inefficient verification of the existing Attribute-Based Signature(ABS) schemes, a new attribute-based signature scheme is constructed based on SM9 that supports the dendritic access structure strategy. The signature verification cost of the scheme only requires one bilinear pairing operation and one exponential operation. In addition, the proposed scheme has the function of tracking the identity of the signer, preventing the signer from using anonymity to sign illegally, and avoiding the problem of signature abuse under unconditional anonymity in the traditional attribute-based digital signature scheme. The security analysis results demonstrate that the proposed scheme is unforgeable in random oracle model and can withstand collusion attack. Compared with the existing traceable identity attribute-based signature scheme, the proposed scheme avoids complicated operations for identity tracking algorithm, and has lower signature and verification costs. The experimental results indicate that the computational complexity of the verification has nothing to do with the scale of strategy, and it only takes 2 ms to complete a verification.