微信服务号

微信订阅号

2025年6月16日 16:50 星期一
首页 > 过刊浏览>2024年第35卷第7期 >3469-3481. DOI:10.13328/j.cnki.jos.006929
PDF HTML阅读 XML下载 导出引用 引用提醒
基于SM2数字签名的匿名凭证协议
作者:
作者简介:

赵艳琦(1992-),男,博士,副教授,CCF专业会员,主要研究领域为公钥密码学,区块链安全;杨晓艺(1993-),女,博士,主要研究领域为隐私计算,安全多方计算;冯琦(1994-),女,博士,副研究员,CCF专业会员,主要研究领域为应用密码学,安全协议,隐私计算;禹勇(1980-),男,博士,教授,博士生导师,CCF高级会员,主要研究领域为密码学,数据安全,区块链安全

通讯作者:

禹勇, E-mail: yuyong@snnu.edu.cn

中图分类号:

TP309

基金项目:

国家重点研发计划(2022YFB2701500); 国家自然科学基金(61872229, U19B2021, 62202375, 62202339); 陕西省杰出青年基金(2022JC-47); 陕西省科协高校青年托举人才计划(20220134); 陕西省重点研发计划(2021ZDLGY06-04, 2020ZDLGY09-06); 陕西省自然科学基础项目(2022JQ-604); 陕西省教育厅科学研究项目(22JK0557)


Anonymous Credential Protocol Based on SM2 Digital Signature
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [41]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    匿名凭证作为一种隐私保护的数字身份认证技术, 在认证用户数字身份有效性的同时, 能够保护用户身份隐私, 广泛应用于匿名身份认证、匿名通证、去中心化的数字身份管理系统等. 现有的匿名凭证通常采用承诺-签名-证明的构造范式, 通常要求采用的签名算法具备重随机化特性, 如CL系列签名、PS系列签名及结构保持签名. 现实应用中多采用ECDSA、Schnorr、SM2等数字签名进行数字身份认证, 但其缺乏对用户身份隐私的保护. 因此, 在认证的同时, 保护身份的隐私性, 构造兼容ECDSA、Schnorr、SM2等数字签名的匿名凭证具有一定的现实意义. 探索基于SM2数字签名构造匿名凭证协议的方法. 在申请证书阶段, 借助Pedersen承诺对用户属性进行承诺, 同时依据SM2签名消息为$ H(m) $的结构特点, 证明Pedersen承诺消息与哈希承诺中消息的相等性. 为实现这种代数结构和非代数结构陈述的等价性证明, 借鉴ZKB++技术对承诺消息进行转化, 进而实现跨域证明, 并签发基于SM2数字签名的授权证书. 在匿名凭证展示阶段, 结合零知识证明技术证明持有SM2数字签名, 保证了用户的匿名性. 给出基于SM2数字签名的匿名凭证协议的具体构造, 并进一步证明该协议的安全性. 最后, 通过对协议的计算复杂度分析与算法执行效率测试验证协议的有效性和可用性.

    Abstract:

    As a privacy-preserving digital identity authentication technology, anonymous credentials not only authenticate the validity of the users’ digital identity but also protect the privacy of their identity. Anonymous credentials are widely applied in anonymous authentication, anonymous tokens, and decentralized digital identity systems. Existing anonymous credentials usually adopt the commitment-signature-proof paradigm, which requires that the adopted signature scheme should have the re-randomization property, such as CL signatures, PS signatures, and structure-preserving signatures (SPS). In practical applications, ECDSA, Schnorr, and SM2 are widely employed for digital identity authentication, but they lack the protection of user identity privacy. Therefore, it is of certain practical significance to construct anonymous credentials compatible with ECDSA, Schnorr, SM2, and other digital signatures, and protect identity privacy during the authentication. This study explores anonymous credentials based on SM2 digital signature. Pedersen commitment is utilized to commit the user attributes in the registration phase. Meanwhile, according to the structural characteristics of SM2, the signed message is H(m), and the equivalence between the Pedersen commitment message and the hash commitment message is proven. This study also employs ZKB++ technology to prove the equivalence of algebraic and non-algebraic statements. The commitment message is transformed to achieve the cross-domain proof and issue the users’ credentials based on the SM2 digital signature. In the showing phase of anonymous credentials, the zero-knowledge proof is combined to prove the possession of an SM2 signature and ensure the anonymity of credentials. This study provides the construction of an anonymous credential protocol based on SM2 digital signature and proves the security of this protocol. Finally, it also verifies the effectiveness and feasibility of the protocol by analyzing the computational complexity of the protocol and testing the algorithm execution efficiency.

    参考文献
    [1] 公安部第一研究所, 中国信息通信研究院等. 基于可信数字身份的区块链应用服务白皮书. 2020. https://www.xdyanbao.com/doc/h02arce83u?bd_vid=10125837072972166658
    First Research Institute of the Ministry of Public Security of P.R.C, China Academy of Information and Communication Technology, et al. Blockchain application service white paper based on trusted digital identity. 2020 (in Chinese) https://www.xdyanbao.com/doc/h02arce83u?bd_vid=10125837072972166658
    [2] Lindell Y. Fast secure two-party ECDSA signing. Journal of Cryptology, 2021, 34(4): 44. [doi: 10.1007/s00145-021-09409-9]
    [3] Schnorr CP. Efficient identification and signatures for smart cards. In: Proc. of the 1989 Workshop on the Theory and Application of Cryptographic Techniques. Houthalen: Springer, 1989. 688–689.
    [4] 汪朝晖, 张振峰. SM2椭圆曲线公钥密码算法综述. 信息安全研究, 2016, 2(11): 972–982.
    Wang ZH, Zhang ZF. Overview on public key cryptographic algorithm SM2 based on elliptic curves. Journal of Information Security Research, 2016, 2(11): 972–982 (in Chinese with English abstract).
    [5] Kurbatov O, Kravchenko P, Poluyanenko N, Demenko Y, Kuznetsova T. Global digital identity and public key infrastructure. In: Proc. of the 16th Int’l Conf. on ICT in Education, Research and Industrial Applications. Integration, Harmonization and Knowledge Transfer. ICTERI Workshops 2020. Kharkiv, 2020. 1–12.
    [6] Information on German Identity Card. eID. 2022. https://www.germany.info/us-en/service/02-PassportsandIDCards/id-card/917860
    [7] Chaum D. Security without Identification: Transaction systems to make big brother obsolete. Communications of the ACM, 1985, 28(10): 1030–1044. [doi: 10.1145/4372.4373]
    [8] Camenisch J, Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proc. of the 2001 Int’l Conf. on the Theory and Application of Cryptographic Techniques. Innsbruck: Springer, 2001. 93–118.
    [9] Camenisch J, Lysyanskaya A. Signature schemes and anonymous credentials from bilinear maps. In: Proc. of the 24th Annual Int’l Cryptology Conf. on Advances in Cryptology. Santa Barbara: Springer, 2004. 56–72.
    [10] Muth R, Galal T, Heiss J, Tschorsch F. Towards smart contract-based verification of anonymous credentials. IACR Cryptology ePrint Archive, Paper 2022/492, 2022.
    [11] Bitansky N, Canetti R, Chiesa A, Tromer E. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proc. of the 3rd Innovations in Theoretical Computer Science Conf. Cambridge: ACM, 2012. 326–349.
    [12] Rathee D, Vamsi Policharla G, Xie TC, Cottone R, Song D. ZEBRA: Anonymous credentials with practical on-chain verification and applications to KYC in DeFi. IACR Cryptology ePrint Archive, 2022.
    [13] Groth J. On the size of pairing-based non-interactive arguments. In: Proc. of the 35th Annual Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Vienna: Springer, 2016. 305–326.
    [14] Gabizon A, Williamson ZJ, Ciobotaru O. PLONK: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. IACR Cryptology ePrint Archive, Paper 2019/953, 2019.
    [15] Pointcheval D, Sanders O. Short randomizable signatures. In: Proc. of the 2016 Cryptographers’ Track at the RSA Conf. on Topics in Cryptology. San Francisco: Springer, 2016. 111–126.
    [16] Pointcheval D, Sanders O. Reassessing security of randomizable signatures. In: Proc. of the 2018 Cryptographers’ Track at the RSA Conf. on Topics in Cryptology. San Francisco: Springer, 2018. 319–338.
    [17] Sonnino A, Al-Bassam M, Bano S, Meiklejohn S, Danezis G. Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers. arXiv:1802.07344, 2020.
    [18] Yu Y, Zhao YQ, Li YN, Du XJ, Wang LH, Guizani M. Blockchain-based anonymous authentication with selective revocation for smart industrial applications. IEEE Transactions on Industrial Informatics, 2020, 16(5): 3290–3300. [doi: 10.1109/TII.2019.2944678]
    [19] Hébant C, Pointcheval D. Traceable constant-size multi-authority credentials. In: Proc. of the 13th Int’l Conf. on Security and Cryptography for Networks. Amalfi: Springer, 2022. 411–434.
    [20] Hanser C, Slamanig D. Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Proc. of the 20th Int’l Conf. on the Theory and Application of Cryptology and Information Security. Kaoshiung: Springer, 2014. 491–511.
    [21] Connolly A, Lafourcade P, Perez-Kempner O. Improved constructions of anonymous credentials from structure-preserving signatures on equivalence classes. In: Proc. of the 25th IACR Int’l Conf. on Practice and Theory of Public-key Cryptography. Virtual Event: Springer, 2022. 409–438.
    [22] Mir O, Slamanig D, Bauer B, Mayrhofer R. Practical delegatable anonymous credentials from equivalence class signatures. IACR Cryptology ePrint Archive, Paper 2022/680, 2022.
    [23] Connolly A, Deschamps J, Lafourcade P, Perez-Kempner O. Protego: Efficient, revocable and auditable anonymous credentials with applications to hyperledger fabric. In: Proc. of the 23rd Int’l Conf. on Cryptology in India. Kolkata: Springer, 2022. 249–271.
    [24] Chase M, Ganesh C, Mohassel P. Efficient zero-knowledge proof of algebraic and non-algebraic statements with applications to privacy preserving credentials. In: Proc. of the 36th Annual Int’l Cryptology Conf. on Advances in Cryptology. Santa Barbara: Springer, 2016. 499–530.
    [25] 何德彪, 张语荻, 张方国, 冯琦, 王婧. 一种轻量级SM2盲签名生成方法及系统: 201910473354.0. 2019-09-06.
    He DB, Zhang YD, Zhang FG, Feng Q, Wang J. A lightweight SM2 blind signature generation method and system: 201910473354.0. 2019-09-06 (in Chinese).
    [26] 范青, 何德彪, 罗敏, 黄欣沂, 李大为. 基于SM2数字签名算法的环签名方案. 密码学报, 2021, 8(4): 710–723. [doi: 10.13868/j.cnki.jcr.000472]
    Fan Q, He DB, Luo M, Huang XY, Li DW. Ring signature schemes based on SM2 digital signature algorithm. Journal of Cryptologic Research, 2021, 8(4): 710–723 (in Chinese with English abstract). [doi: 10.13868/j.cnki.jcr.000472]
    [27] 何德彪, 张佳妮, 冯琦, 王婧, 陈泌文. 一种轻量级SM2两方协同生成数字签名的方法. 中国, 201910147366.4. 2019-07-12.
    He DB, Zhang J N, Feng Q, Wang J, Chen B W. A Lightweight SM2 two-party collaborative method to generate digital signatures. China, 201910147366.4. 2019-07-12 (in Chinese).
    [28] Chase M, Derler D, Goldfeder S, Orlandi C, Ramacher S, Rechberger C, Slamanig D, Zaverucha G. Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: Proc. of the 2017 ACM SIGSAC Conf. on Computer and Communications Security. Dallas: ACM, 2017. 1825–1842.
    [29] Backes M, Hanzlik L, Herzberg A, Kate A, Pryvalov I. Efficient non-interactive zero-knowledge proofs in cross-domains without trusted setup. In: Proc. of the 22nd IACR Int’l Conf. on Practice and Theory of Public-key Cryptography. Beijing: Springer, 2019. 286–313.
    [30] Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactive proof-systems. In: Proc. of the 17th Annual ACM Symp. on Theory of Computing. Providence: ACM, 1985. 291–304.
    [31] Derler D, Slamanig D. Key-homomorphic signatures: Definitions and applications to multiparty signatures and non-interactive zero-knowledge. Designs, Codes and Cryptography, 2019, 87(6): 1373–1413. [doi: 10.1007/s10623-018-0535-9]
    [32] Camenisch J, Stadler M. Proof systems for general statements about discrete logarithms. ETH Zurich, 1997.
    [33] Fiat A, Shamir A. How to prove yourself: Practical solutions to identification and signature problems. In: Proc. of the 1986 Advances in Cryptology (CRYPTO 1986). Berlin: Springer, 1986. 186–194.
    [34] Ishai Y, Kushilevitz E, Ostrovsky R, Sahai A. Zero-knowledge from secure multiparty computation. In: Proc. of the 39th Annual ACM Symp. on Theory of Computing. San Diego: ACM, 2007. 21–30.
    [35] Giacomelli I, Madsen J, Orlandi C. ZKBoo: Faster zero-knowledge for Boolean circuits. In: Proc. of the 25th USENIX Conf. on Security Symp. Austin: USENIX Association, 2016. 1069–1083.
    [36] Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 2000, 13(3): 361–396. [doi: 10.1007/s001450010003]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

赵艳琦,杨晓艺,冯琦,禹勇.基于SM2数字签名的匿名凭证协议.软件学报,2024,35(7):3469-3481

复制
相关视频

分享
文章指标
  • 点击次数:1018
  • 下载次数: 2734
  • HTML阅读次数: 833
  • 引用次数: 0
历史
  • 收稿日期:2022-11-01
  • 最后修改日期:2022-12-15
  • 在线发布日期: 2023-08-23
  • 出版日期: 2024-07-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号