紧致安全的基于身份的签名方案

本文提出了第一个紧致安全的基于身份的签名(IBS)方案.我们的构造基于Bellare等人提出的基于证书思想的通用转化方法,包括两个组件,即选择消息攻击下不可伪造安全(EUF-CMA安全)的签名方案S,和多用户场景中选择消息攻击&动态密钥窃取攻击下不可伪造安全(MU-EUF-CMAcorr安全)的签名方案S.组件S的公私钥用作IBS的主公钥和主私钥,用户id的签名私钥包含了组件S所产生的一对公私钥,以及主私钥对id和S的公钥的签名证书.用户对消息的签名包含了组件S的公钥和证书,以及S的私钥对此消息的签名.IBS的安全性可以紧致归约到组件S的EUF-CMA安全性和组件S的MU-EUF-CMAcorr安全性.最后,我们给出了组件S和S的实例化,并分别在随机预言机模型和标准模型下得到了紧致(与几乎紧致)EUF-CMA&CIA安全的IBS方案.

Tightly Secure Identity-Based Signature Scheme

This paper proposes a tightly secure identity-based signature(IBS) scheme. The construction follows the certification paradigm, due to Bellare et al., which consists of two building blocks,i.e., an unforgeable signature scheme S secure against chosen message attacks(EUF-CMA security),and an unforgeable signature schemeS secure against chosen message & adaptive corruption attacks in the multi-user setting(MU-EUF-CMAcorr security). The public/private keys of signature scheme S serve as the main public/private keys of the IBS. For each user id, its signing secret key consists of a key pair of signature schemeS, and a signature of id and the public key ofS, which is served as the certificate. The final signature contains the public key ofS, the certificate, and a signature of the message underS. Security of IBS can be tightly reduced to the EUF-CMA security of S and the MU-EUF-CMAcorr security ofS. At last, we present instantiations of S andS, and obtain tightly(and almost tightly) EUF-CMA&CIA secure IBS schemes in the random oracle and the standard models,respectively.