网络与信息安全学报 (Aug 2024)
Designated verifier aggregate signature scheme based on SM9
Abstract
Aggregate signatures have been recognized for significantly improving signing efficiency, reducing the computational cost for signers, lowering communication costs, and better protecting the privacy of signers. Currently, many aggregate signature schemes have been designed using foreign cryptographic algorithms, which do not meet the requirements for independent and controllable cryptography technology in China. The SM9 algorithm, a domestically developed identity-based signature scheme in China, was only capable of achieving one-to-one signature and verification, failing to meet the requirements for multiparty signature and verification. To address these issues, a designated verifier aggregate signature (DVAS) scheme was proposed based on the SM9 signature algorithm. Pseudonyms and the one-way property of hash functions were utilized to prevent the leakage of the signer's personal information. The privacy of the signer was protected during the signature aggregation phase by controlling data access permissions for designated verifiers. The security of the scheme was proven under the random oracle model, based on the q-strong Diffie-Hellman (q-SDH) hard problem. Scheme analysis demonstrates that it could prevent the leakage of the signer's privacy. Theoretical analysis and experimental simulation show that, compared to other similar aggregate signature schemes, the proposed scheme exhibits superior performance in terms of signature generation and verification. The proposed scheme is capable of effectively reducing the computational cost of batch signature verification and offered higher computational efficiency, making it more suitable for applications such as cloud services.
Keywords
