微信服务号

微信订阅号

2025年3月24日 6:15 星期一
首页 > 过刊浏览>2024年第35卷第5期 >2566-2582. DOI:10.13328/j.cnki.jos.006912
PDF HTML阅读 XML下载 导出引用 引用提醒
支持批量证明的SM2适配器签名及其分布式扩展
作者:
基金项目:

国家重点研发计划(2021YFA1000600);国家自然科学基金(62272269);泰山学者青年专家项目


SM2-based Adaptor Signature with Batch Proofs and Its Distributed Extension
Author:
  • TU Bin-Bin

    TU Bin-Bin

    School of Cyber Science and Technology, Shandong University, Qingdao 266237, China;State Key Laboratory of Cryptology, Beijing 100878, China;Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Qingdao 266237, China
    在期刊界中查找
    在百度中查找
    在本站中查找
  • CHEN Yu

    CHEN Yu

    School of Cyber Science and Technology, Shandong University, Qingdao 266237, China;State Key Laboratory of Cryptology, Beijing 100878, China;Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Qingdao 266237, China;Shandong Institute of Blockchain, Jinan 250001, China;Quan Cheng Laboratory, Jinan 250014, China
    在期刊界中查找
    在百度中查找
    在本站中查找
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [48]
    • |
  • 相似文献
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    适配器签名, 又称无脚本脚本, 是解决区块链应用(如密码货币)中扩展性差、吞吐量低等问题的重要密码技术. 适配器签名可看作数字签名关于困难关系的扩展, 同时具有签名授权和证据提取两种功能, 在区块链应用中具有以下优点: (1) 降低链上成本; (2) 提高交易的可替代性; (3) 突破区块链脚本语言限制. SM2签名是我国自主设计的国家标准签名算法, 在各种重要信息系统中有着广泛应用. 基于SM2签名构造出高效的适配器签名方案, 并在随机谕言机模型下给出安全性证明. 所提方案结合SM2签名结构, 可避免在预签名阶段生成额外的零知识证明, 与现有ECDSA/SM2适配器签名相比更加高效, 其中, 预签名生成效率提升4倍, 预签名验证效率提升3倍. 随后, 基于SM2协同签名, 构造分布式SM2适配器签名, 可避免单点故障问题, 提升签名私钥安全. 最后, 在实际应用方面, 基于SM2适配器签名构造适用于一对多场景下安全高效的批量原子交换协议.

    Abstract:

    Adaptor signature, also known as scriptless script, is an important cryptographic technique that can be used to solve the problems of poor scalability and low transaction throughput in blockchain applications such as cryptocurrency. An adaptor signature can be seen as an extension of a digital signature on hard relations, and it ties together the authorization with witness extraction and has many advantages in blockchain applications, such as (1) low on-chain cost; (2) improved fungibility of transactions; (3) advanced functionality beyond the limitation of the blockchain’s scripting language. SM2 signature is the Chinese national standard signature algorithm and has been widely used in various important information systems. This work designs an efficient SM2-based adaptor signature with batch proofs and gives security proofs under the random oracle model. The scheme avoids to generate zero-knowledge proofs used in the pre-signing phase based on the structure of SM2 signature and is more efficient than existing ECDSA/SM2-based adaptor signature. Specifically, the efficiency of pre-signature generation is increased by 4 times, and the efficiency of pre-signature verification is increased by 3 times. Then, based on distributed SM2 signature, this work develops distributed SM2-based adaptor signature which can avoid the single point of failure and improve the security of signing key. Finally, in real-world applications, this work gives a secure and efficient batch atomic swap protocol for one-to-many scenarios based on SM2-based adaptor signature.

    参考文献
    [1] Nakamoto S. Bitcoin:A peer-to-peer electronic cash system. 2008. https://nakamotoinstitute.org/bitcoin/
    [2] Bano S, Sonnino A, Al-Bassam M, Azouvi S, McCorry P, Meiklejohn S, Danezis G. SoK:Consensus in the age of blockchains. In:Proc. of the 1st ACM Conf. on Advances in Financial Technologies. Zurich:ACM, 2019. 183-198.
    [3] Gudgeon L, Moreno-Sanchez, P, Roos S, McCorry P, Gervais A. SoK:Layer-two blockchain protocols. In:Proc. of the 24th Int'l Conf. on Financial Cryptography and Data Security. Kota Kinabalu:Springer, 2020. 201-226.
    [4] Zamyatin A, Al-Bassam M, Zindros D, Kokoris-Kogias E, Moreno-Sanchez P, Kiayias A, Knottenbelt WJ. SoK:Communication across distributed ledgers. In:Proc. of the 25th Int'l Conf. on Financial Cryptography and Data Security. Springer, 2021. 3-36.
    [5] Aumayr L, Ersoy O, Erwig A, Faust S, Hostáková K, Maffei M, Moreno-Sanchez P, Riahi S. Generalized channels from limited blockchain scripts and adaptor signatures. In:Proc. of the 27th Int'l Conf. on the Theory and Application of Cryptology and Information Security. Singapore:Springer, 2021. 635-664.
    [6] 单进勇, 高胜. 区块链理论研究进展. 密码学报, 2018, 5(5):484-500.[doi:10.13868/j.cnki.jcr.000258]
    Shan JY, Gao S. Research progress on theory of blockchains. Journal of Cryptologic Research, 2018, 5(5):484-500 (in Chinese with English abstract).[doi:10.13868/j.cnki.jcr.000258]
    [7] Bitcoin Wiki:Payment channels. 2018. https://en.bitcoin.it/wiki/Payment­_channels
    [8] Poon J, Dryja T. The bitcoin lightning network:Scalable off-chain instant payments. 2016. https://lightning.network/lightning-network-paper.pdf
    [9] Raiden Team. Raiden network 3.0.1 documentation. 2022. https://raiden-network.readthedocs.io/en/latest/
    [10] Poelstra A. Lightning in scriptless scripts. mimblewimble team mailing list archive. 2017. https://lists.launchpad.net/mimblewimble/msg00086.html
    [11] Decker C, Wattenhofer R. A fast and scalable payment network with bitcoin duplex micropayment channels. In:Pelc A, Schwarzmann AA, eds. Proc. of the 17th Int'l Symp. on Stabilization, Safety, and Security of Distributed Systems. Edmonton:Springer, 2015. 3-18.
    [12] Eckey L, Faust S, Hostáková K, Roos S. Splitting payments locally while routing interdimensionally. Cryptology ePrint Archive:2020/555, 2020.
    [13] Malavolta G, Moreno-Sanchez P, Schneidewind C, Kate A, Maffei M. Anonymous multi-hop locks for blockchain scalability and interoperability. In:Proc. of the 2019 Network and Distributed Systems Security (NDSS) Symp. San Diego:The Internet Society, 2019.
    [14] Miller A, Bentov I, Bakshi S, Kumaresan R, McCorry P. Sprites and state channels:Payment networks that go faster than lightning. In:Goldberg I, Moore T, eds. Proc. of the 23rd Int'l Conf. on Financial Cryptography and Data Security. Springer, 2019. 508-526.
    [15] Nolan T. Alt chains and atomic transfers. 2013. https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949
    [16] Poelstra A. Adaptor signatures and atomic swaps from scriptless scripts. 2017. https://github.com/ElementsProject/scriptless-scripts/tree/master/slides/2017-05-milan-meetup
    [17] Deshpande A, Herlihy M. Privacy-preserving cross-chain atomic swaps. In:Proc. of the 2020 Financial Cryptography and Data Security. Kota Kinabalu:Springer, 2020. 540-549.
    [18] Gugger J. Bitcoin-monero cross-chain atomic swap. Cryptology ePrint Archive:2020/1126, 2020.
    [19] Thyagarajan SAK, Malavolta G, Moreno-Sanchez P. Universal atomic swaps:Secure exchange of coins across all blockchains. In:Proc. of the 2022 IEEE Symp. on Security and Privacy. San Francisco:IEEE, 2022. 1299-1316.
    [20] SM2椭圆曲线公钥密码算法第2部分:数字签名算法. 2016. https://std.samr.gov.cn/gb/search/gbDetailed?id=71F772D811F7D3A7E05397BE0A0AB82A
    Public key cryptographic algorithm SM2 based on elliptic curves-Part 2:Digital signature algorithm. 2016 (in Chinese). https://std.samr.gov.cn/gb/search/gbDetailed?id=71F772D811F7D3A7E05397BE0A0AB82A
    [21] 汪朝晖, 张振峰. SM2椭圆曲线公钥密码算法综述. 信息安全研究, 2016, 2(11):972-982.
    Wang ZH, Zhang ZF. Overview on public key cryptographic algorithm SM2 based on elliptic curves. Journal of Information Security Research, 2016, 2(11):972-982 (in Chinese with English abstract).
    [22] Schnorr CP. Efficient identification and signatures for smart cards. In:Proc. of the 1989 Advances in Cryptology. New York:Springer, 1990. 239-252.
    [23] Erwig A, Faust S, Hostáková K, Maitra M, Riahi S. Two-party adaptor signatures from identification schemes. In:Proc. of the 24th IACR Int'l Conf. on Practice and Theory of Public Key Cryptography. Springer, 2021. 451-480.
    [24] American National Standards Institute. X9.62:Public key cryptography for the financial services industry:The elliptic curve digital signature algorithm. 2005. https://standards.globalspec.com/std/1955141/ANSI%20X9.62#:~:text=Public%20Key%20Cryptography%20for%20the%20Financial%20Services%20Industry%3A,using%20the%20Elliptic%20Curve%20Digital%20Signature%20Algorithm%20%28ECDSA%29
    [25] Hoffman P, Wijngaards WCA. Elliptic curve digital signature algorithm (DSA) for DNSSEC. RFC 6605, 2012. https://www.rfc-editor.org/rfc/pdfrfc/rfc6605.txt.pdf
    [26] Moreno-Sanchez P, Kate A. Scriptless scripts with ECDSA. 2018. https://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180426/fe978423/attachment-0001.pdf
    [27] Ducas L, Lepoint T, Lyubashevsky V, Schwabe P, Seiler G, Stehlé D. Crystals-Dilithium:Digital signatures from module lattices. Cryptology ePrint Archive:2017/633, 2017.
    [28] Esgin MF, Ersoy O, Erkin Z. Post-quantum adaptor signatures and payment channel networks. In:Proc. of the 25th European Symp. on Research in Computer Security. Guildford:Springer, 2020. 378-397.
    [29] 彭聪, 罗敏, 何德彪, 黄欣沂. 基于SM2数字签名算法的适配器签名方案. 计算机研究与发展, 2021, 58(10):2278-2286.[doi:10.7544/issn1000-1239.2021.20210645]
    Peng C, Luo M, He DB, Huang XY. Adaptor signature scheme based on the SM2 digital signature algorithm. Journal of Computer Research and Development, 2021, 58(10):2278-2286 (in Chinese with English abstract).[doi:10.7544/issn1000-1239.2021.20210645]
    [30] Fischlin M. Communication-efficient non-interactive proofs of knowledge with online extractors. In:Proc. of the 25th Annual Int'l Conf. on Advances in Cryptology. Santa Barbara:Springer, 2005. 152-168.
    [31] Fiat A, Shamir A. How to prove yourself:Practical solutions to identification and signature problems. In:Proc. of the 1986 Advances in Cryptology. Berlin:Springer, 1986. 186-194.
    [32] Chaum D, Pedersen TP. Wallet databases with observers. In:Proc. of the 12th Annual Int'l Cryptology Conf. on Advances in Cryptology. Santa Barbara:Springer, 1992. 89-105.
    [33] Zhang ZF, Yang K, Zhang J, Chen C. Security of the SM2 signature scheme against generalized key substitution attacks. In:Proc. of the 2nd Int'l Conf. on Security Standardization Research. Tokyo:Springer, 2015. 140-153.
    [34] 涂彬彬, 王现方, 张立廷. 两种分布式SM2/9算法应用. 密码学报, 2020, 7(6):826-838.[doi:10.13868/j.cnki.jcr.000409]
    Tu BB, Wang XF, Zhang LT. Two distributed applications of SM2 and SM9. Journal of Cryptologic Research, 2020, 7(6):826-838 (in Chinese with English abstract).[doi:10.13868/j.cnki.jcr.000409]
    [35] 尚铭, 马原, 林璟锵, 荆继武. SM2椭圆曲线门限密码算法. 密码学报, 2014, 1(2):155-166.[doi:10.13868/j.cnki.jcr.000015]
    Shang M, Ma Y, Lin JQ, Jing JW. A threshold scheme for SM2 elliptic curve cryptographic algorithm. Journal of Cryptologic Research, 2014, 1(2):155-166 (in Chinese with English abstract).[doi:10.13868/j.cnki.jcr.000015]
    [36] 冯琦, 何德彪, 罗敏, 李莉. 移动互联网环境下轻量级SM2两方协同签名. 计算机研究与发展, 2020, 57(10):2136-2146.[doi:10.7544/issn1000-1239.2020.20200401]
    Feng Q, He DB, Luo M, Li L. Efficient two-party SM2 signing protocol for mobile internet. Journal of Computer Research and Development, 2020, 57(10):2136-2146 (in Chinese with English abstract).[doi:10.7544/issn1000-1239.2020.20200401]
    [37] Zhang YD, He DB, Zhang MW, Choo KKR. A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm. Frontiers of Computer Science, 2020, 14:143803.[doi:10.1007/s11704-018-8106-9]
    [38] 何德彪, 张语荻, 林超, 冯琦, 王婧, 张佳妮. 一种多方协同产生SM2数字签名的方法:109474422A. 2019-03-15.
    He DB, Zhang YD, Lin C, Feng Q, Wang J, Zhang JN. Method for multi-party associated generation of SM2 digital signature:109474422A. 2019-03-15 (in Chinese).
    [39] 张立廷, 王现方, 潘文伦. 基于SM2的两方签名方法及系统:109450640A. 2019-03-08.
    Zhang LT, Wang XF, Pan WL. SM2-based both side signature method and system:109450640A. 2019-03-08 (in Chinese).
    相似文献
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

涂彬彬,陈宇.支持批量证明的SM2适配器签名及其分布式扩展.软件学报,2024,35(5):2566-2582

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2022-07-20
  • 最后修改日期:2022-09-26
  • 在线发布日期: 2023-08-09
  • 出版日期: 2024-05-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号