支持一般电路的高效安全基于属性签名黄振杰1林志伟1,21(福建省粒计算及其应用重点实验室(闽南师范大学)福建漳州363000)2(交通运输部东海航海保障中心厦门通信中心福建厦门361026)(zjhuang@mnnu.edu.cn)EfficientandSecureAttribute-BasedSignaturesforGeneralCircuitsHuangZhenjie1andLinZhiwei1,21(FujianKeyLaboratoryofGranularComputingandApplication(MinnanNormalUniversity),Zhangzhou,Fujian363000)2(XiamenCommunicationCenter,DonghaiNavigationSafetyAdministrationofMinistryofTransport,Xiamen,Fujian361026)AbstractAttribute-basedsignatureisanimportantcryptographicprimitiveandhasattractedtheattentionofmanyscholars.Becauseofitsgoodproperties,attribute-basedsignaturehasfoundsignificantapplicationsinmanyfields,suchasmessagedelivery,anonymousauthentication,leakingsecrets,trustnegotiations,privateaccesscontrol,anonymouscredentials,etc.Toimprovethesecurity,expressiveness,andefficiencyofattribute-basedsignature,anefficientandsecureattribute-basedsignatureschemewithperfectprivacyforgeneralcircuitsisproposedbyusingmulti-linearmapping.Byintroducingtheconceptofnodeweightandadoptingthe"top-down"recursive,thecomputationcostofsignaturegenerationisreduced.Thesizesofthekeysofthegatenodesarereducedbyusingthesymmetryoftheleftandrightchildnodes.Comparedwiththepreviousscheme,theproposedschemeimprovestheunforgeabilityfrom"existentialunforgeableunderselectivemessageandselectiveattributeattack"to"existentialunforgeableunderadaptivechosenmessagebutselectiveattributeattack."Theproposedschemeextendstheaccessstructurefromspecialcircuitstogeneralcircuits,whichcansupportarbitraryaccessstructuresandachievearbitraryaccesscontrolgranularity.Theproposedschemekeepsthesignatureasonlyonegroupelement,shortensthesizesofthemasterpublickey,masterprivatekey,andsigningkeymarkedly,andreducesthecomputationoverheadsofsigningkeygeneration,signaturegeneration,andsignatureverificationsignificantly.Theanalysisshowsthattheproposedschemehasobviousadvantagesinperformanceandefficiencyandispractical.Keywordsattribute-basedsignature...
