摘要
随着全球信息化时代的到来,学习、办公、生活中都离不开网络的使用.因此网络的安全问题也成为人们关注的焦点.数字证书的出现很好地解决了网络的身份认证问题,将用户身份与公钥通过权威第三方机构绑定到一起,从而证明了用户身份的合法性.数字证书认证技术更是为我国的电子政务与电子商务的安全保驾护航,因此,对数字证书的研究具有很大的意义.现有的数字证书系统中使用的签名算法大都是基于大数分解或者离散对数,而随着"量子计算机"的快速发展,这些签名算法都面临着巨大的安全威胁.针对这一问题,提出了一种基于格理论的数字证书方案.在方案中,可信第三方证书授权中心(certificate authority,CA)在证书签发过程中使用的签名算法是基于格理论的,其安全性是基于小整数解困难问题(small integer solution,SIS),并证明了基于该算法设计的证书是不可伪造的.这大大提高了证书的安全性.与传统的RSA、ECDSA证书方案相比较,本方案不仅可以抵抗量子攻击,而且在安全比特相同的情况下,具有更高的签名、验签效率.与以往的格签名方案相比,密钥以及签名值的尺寸更短,便于在证书中存储.
With the arrival of the global information era, communication networks are becoming more and more popular in daily life and work. The issue of network security has become a focus of attention. Digital certificates are a good solution to the problem of network identity authentication.It proves legitimacy of user identity by binding user identity and public key together through a third party authority. The techniques of authentication based on digital certificates provide insurance for the security of e-government and e-commerce. Therefore, the research of digital certificate is of great significance. Most of the existing signature algorithms used in digital certificate systems are based on the hard problem of large number factorization or discrete logarithm. However, with the rapid development of quantum computers, those signature algorithms are facing a huge security threat. To solve this problem, this study proposes a digital certificate scheme based on lattice theory. In the scheme, the signature algorithm used by the trusted certificate authority is based on lattice theory,and its security is based on small integer solution problem. It is proved that the design of certificate based on this algorithm cannot be forged. Compared with the traditional certificate schemes such as RSA and ECDSA, this scheme not only can resist the quantum attack, but also has higher efficiency in the same security bits. Compared with the previous lattice signature schemes, the size of key and that of signature values are both smaller.
作者
李子臣
梁斓
孙亚飞
LI Zi-Chen;LIANG Lan;SUN Ya-Fei(Communication Engineering Institute, Xidian University, Xi'an 710071, China;Beijing Institute of Graphic Communication, Beijing 102600, China;Beijing Electronic Science and Technology Institute, Beijing 100070, China)
出处
《密码学报》
CSCD
2018年第1期13-20,共8页
Journal of Cryptologic Research
关键词
数字证书
CA
格理论
digital certificate
certificate authority (CA)
lattice theory
作者简介
李子臣(1965-),河南焦作人,教授,搏士.主要研究方向为公钥密码学、信息安全、后量子签名理论、云计算.1izc2020@163.com;梁斓(1993-),陕西延安人,硕士研究生.主要研究方向为格理论签名算法、数字证书系统.1rrjustgo123@163.com通信作者:梁斓,E-mail:lrrjustg0123@163.com;孙亚飞(1992-),河南内黄人,硕士研究生.主要研究方向为密码学、信息安全.yfsun0112@163.com
