【作者】 陈静；

【导师】 田苗苗；

【作者基本信息】 安徽大学 ， 计算机科学与技术， 2021， 硕士

【摘要】 数字签名是一种基本的密码学原语,被广泛应用于信息社会中以保证数字信息的真实性。增量签名是由Bellare等人在1994年的美密会上提出的一种特殊类型的数字签名。与标准数字签名相比,增量签名能够快速生成相似消息的签名,所以其可以被广泛应用于云计算、物联网、区块链等大数据系统中。现有的增量签名方案普遍基于非量子计算安全的困难假设,难以在量子计算机时代仍保持不可伪造性,因此设计出能够满足量子安全的增量签名方案已经迫在眉睫。基于格的密码学作为当前备受关注的后量子密码体制之一,不仅安全性较高,而且计算效率也较高。针对上述问题,本文基于增量签名方案,以及格上相关密码方案和证明技术,做了以下研究:1.将格密码学技术应用到增量签名中,提出了一种基于格的增量签名方案。基于k次小整数解问题,在标准模型下证明了该方案能够达到适应性安全。此外,由于所提方案具有增量性质,因此与标准签名方案相比,该方案在生成签名的时间开销上具有更好的性能表现。2.借鉴基于身份的密码学思想,提出了基于身份的增量签名概念,设计了一种格上基于身份的增量签名方案。基于标准小整数解问题,在标准模型下证明了该方案能够达到适应性安全。此外,通过理论分析和实验结果证明,所提增量签名算法与标准签名算法相比较,其计算效率更高。更多还原

【Abstract】 Digital signature is a fundamental cryptographic primitive that is used heavily in information society to guarantee the authenticity of digital information.Incremental signature,introduced by Bellare et al.in CRYPTO’94,is a special kind of digital signature,which can generate signatures of similar messages much faster than standard digital signatures,and thus it can be widely used in certain big data systems such as cloud computing,Internet of Things,as well as blockchain systems.Most of the existing incremental signature schemes are based on the non-quantum computing security assumptions,which will be difficult to remain unforgeable in the age of quantum computers,and it is urgent to design incremental signature schemes that can satisfy quantum security.Lattice-based cryptography,as one of the post quantum cryptosystems that has attracted much attention,not only has high security,but also has high computational efficiency.To address the above issues,this thesis has done the following researches based on incremental signature schemes,lattice-based cryptographic schemes and proof techniques:1.This thesis applies lattice-based cryptography technology to incremental signatures,and proposes a lattice-based incremental signature scheme.It is proved that the scheme can achieve adaptive security in the standard model,assuming the k-small integer solutions problem is intractable.In addition,due to the incremental property of the proposed scheme,compared with the standard signature scheme,this scheme has better performance in terms of the time cost of generating signatures.2.This thesis proposes the concept of identity-based incremental signature by drawing on ideas of identity-based cryptography,and an identity-based incremental signature scheme from lattices.It is proved that the scheme can achieve adaptive security in the standard model,assuming the standard small integer solution problem is intractable.In addition,theoretical analysis and experimental results show that the computational overhead of the incremental signature algorithm is less than that of the standard signature algorithm.更多还原