基于商密SM9的属性基在线/离线签名方案朱留富1李继国1,2赖建昌3黄欣沂4张亦辰1,21(福建师范大学计算机与网络空间安全学院福州350117)2(福建省网络安全与密码技术重点实验室(福建师范大学)福州350007)3(东南大学网络空间安全学院南京211189)4(香港科技大学(广州)信息枢纽广州511458)(809015896@qq.com)Attribute-BasedOnline/OfflineSignatureSchemeBasedonSM9ZhuLiufu1,LiJiguo1,2,LaiJianchang3,HuangXinyi4,andZhangYichen1,21(CollegeofComputerandCyberSecurity,FujianNormalUniversity,Fuzhou350117)2(FujianProvincialKeyLaboratoryofNetworkSecurityandCryptology(FujianNormalUniversity),Fuzhou350007)3(SchoolofCyberScienceandEngineering,SoutheastUniversity,Nanjing211189)4(InformationHub,HongKongUniversityofScienceandTechnology(Guangzhou),Guangzhou511458)AbstractTheattribute-basedsignature(ABS)schemeusesasetofattributestoidentifyusers.Theusercangenerateavalidsignatureonlywhentheattributessatisfytheaccesspolicy.Comparedwiththetraditionaldigitalsignaturescheme,theABSschemenotonlyutilizesasetofattributestohidetherealidentityofuserstoobtainanonymity,butalsorealizesfine-grainedaccesscontrolbyaccesspolicy.InABSschemesbasedonellipticcurve,alargenumberofgroupexponentiationoperationsorpairingoperationsareusuallyrequired,whicharecomputationallyexpensive,resultinginhighcomputationaloverheadinthesignatureprocess.Theonline/offlinesignaturetechnologycanpre-computeexpensiveoperationsofflinebeforeknowingmessage,therebyreducingtheonlinecomputingcostoflightweightdevices.AsacommercialcipherindependentlydesignedbyChina,theSM9identity-basedcryptographicalgorithmhasbeenstandardizedbyISO/IECandiswidelyused.BasedontheSM9identity-basedcryptographicalgorithm,weproposeanattribute-basedonline/offlinesignature(ABOOS)schemebasedontheSM9byusingtheonline/offlinesignaturetechnologyinthispaper.Notonlyine-grainedaccesscontrolcanbeachieved,butalsoitissuitableforlightweightdevices.Intherandomoraclemodel,thesecurityoftheproposedschemeisreducedtotheq-strongDiffie-Hellman(q-SDH)hardproblem.Theoreticalanalysisandexperimen...
