摘要
可追踪的基于属性的签名(traceable attribute-based signature,TABS)继承了属性签名的优点,能通过可信第三方追踪签名者的真实身份,避免了属性签名匿名性的滥用.目前,针对1对多认证场景下支持可追踪的签名策略属性签名(signature-policy attribute-based signature,SP-ABS)方案甚少,现有方案大多存在以下不足:验证阶段的计算复杂度与属性个数呈线性关系,运算效率不高,同时策略由验证者直接提供给签名者容易造成策略隐私泄露.为此,提出一种基于SM9的支持策略隐藏的可追踪属性签名方案,该方案采用属性名和属性值拆分的线性秘密共享方案(linear secret sharing scheme,LSSS)构造访问结构,支持策略的部分隐藏,能在保障签名者身份隐私和属性隐私的情况下,保障验证者的策略隐私,在验证阶段只需要常数量级的配对运算和指数运算,能实现高效的细粒度访问控制.最后通过q-SDH(q-strong Diffie-Hellman)难题证明了该方案在随机谕言机模型下具有不可伪造性.
Traceable attribute-based signature(TABS)inherits the merits of attribute-based signature and can trace the real identity of the signer through a trusted third party,avoiding the abuse of anonymity of attribute-based signature.At present,there are very few signature-policy attribute-based signature(SP-ABS)schemes that support traceability in one-to-many authentication scenario,and most of the existing schemes suffer from efficiency and security deficiencies,for example,the computational complexity of the verification phase is linearly related to the number of attributes,which is inefficient.Meanwhile,the fact that the policy is provided directly by the verifier to the signer can easily lead to policy privacy leakage.To solve the above problems,a traceable attribute-based signature scheme supporting policy hiding based on SM9 is proposed in this paper.The scheme uses a linear secret sharing scheme(LSSS)with attribute name and attribute value splitting to construct the access structure,supports partial hiding of the policies,and can protect the policy privacy of the verifier while protecting the signer’s identity privacy and attribute privacy.In the verification phase,the scheme only requires constant order bilinear pairing operations and exponential operations,which can achieve efficient fine-grained access control.Finally,the scheme is proved to be unforgeable under the random oracle model by the q-strong Diffie-Hellman(q-SDH)hard problem.
作者
周权
陈民辉
卫凯俊
郑玉龙
Zhou Quan;Chen Minhui;Wei Kaijun;Zheng Yulong(School of Mathematics and Information Science,Guangzhou University,Guangzhou 510006;School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou 510006)
出处
《计算机研究与发展》
2025年第4期1065-1074,共10页
Journal of Computer Research and Development
基金
国家重点研发计划项目(2021YFA1000600)。
关键词
SM9
属性签名
访问控制
策略隐藏
可追踪性
SM9
attribute-based signature
access control
policy hidden
traceability
