Research On Key Technologies Of Geji Signing

The technique of information dissemination, especially Internet, are de-veloping quickly. It brings great convenience to people’s lives. However, it also leads to higher and more requirements for the security of information. As the kernel of information security technique, cryptography, especially public key cryptography, should supply stronger safeguard for the security of informa-tion. The boom of quantum computation poses a heavy threat to the public key cryptography based on the hardness assumption from number theory. Lattice based cryptography is beloved by cryptographer and becomes the most active cryptographical branch due to resistance the known quantum attacks, high flex-ibility to construct advanced cryptography primitives, hardness assumptions on the worst-case and high asymptotic efficiency. In the past decades, some great breakthroughs have been made in lattice based cryptographic schemes design, ordinary encryption, signature, fully homomorphic encryption (FHE), attribute encryption, fully homomorphic signature (FHS), group signature etc crypto-graphic primitive are constructed in succession, and the efficiency and security are raised steadily.Signcryption is an important cryptography primitive, but lattice based signcryption develops relatively slowly. Signcryption can perform both sig-nature function and encryption function in a logic step at a far lower cost than the mechanism of signature then encryption. As a result, it can simultaneously realize confidentiality, integrity, authentication and non-repudiation. The ver-satility and high efficiency of signcryption make it very useful in many occa-sions. Almost all of the existing signcyption schemes are based on the hardness assumptions from number theory. As a result, their security is severely threat-ened by the quantum computation. Fortunately, as a breakthrough in lattice based cryptography, two signcryption schemes have been constructed in 2012. However, their efficiencies is not high and they are both proved secure only under the random oracle. In addition, there are no lattice based signcryption schemes to support identity based public key authentification framework or fine-grained access control. Therefore, we carry out the research around lattice based signcryption. And some fruits are achieved as follows.(1) Aim the deficiency of the existing lattice based signcryption schemes, namely only secure in the random oracle and inefficient, a new signcryption scheme is constructed based on the trapdoor due to Micciancio and Peikert by utilizing the tangle relationship between signature and encryption. Due to the efficiency of the trapdoor used and the rationality of our design, in the ordinary parameters setting, the signcryption speed of the proposed scheme is 3 and 5 to 13 times faster than the existing two schemes, respectively, and the unsigncryption speed is 3 and 260 times faster. In big parameters setting, the efficiency advantage of the proposed scheme is more obvious.(2) To make the lattice based signcryption has the convenience of identity public key authentication framework, namely no maintaining communication address list and no requiring the online service from certificate authority center, an identity based signcryption scheme is designed from lattices. This scheme is proved secure in the standard model. The theoretical analysis shows that the ciphertext expansion of the proposed scheme is only 7/12 of that of the mechanism of signature-then-encryption (StE). And the computational cost of the proposed scheme is 1/2 of that of StE.(3) In order to supply fine-grained access control in interactive approach and fit the service’s property under modern Internet setting, namely one-to-many, many-to-one and many-to-many, an attribute-based signcryption scheme (ABSC) is designed from lattices. To further reduce the ciphertext size. Regev’s encryption variant is used to hide the signature obtained in the previous steps. However this variant can not even reach semantic security. Another small-size ciphertext section is introduced and the randomness from signature is utilized such that the indistinguishability under adaptively chosen ciphertext attacks in the standard model. The theoretical analysis shows that the ratio of com-putational cost between ABSC scheme and the scheme under signature-then-encryption (StE) belongs(ρ2+1/ρ2+17,ρ+2ρ/ρ+3), where ρ represents the number of attributes used in the current access control structure. The ratio of computa-tional overhead between ABSC scheme and StE Scheme isρ+3/ρ+5, where ρ is same as above. In other words, the advantages in ciphertext length and compu-tational cost are more obvious when the number of attributes used in the control structure is small.(4) For making the signature section of signcryption have anonymity, a mesh signature based on lattice hardness is constructed. The ring signature and group signature can only support the disjunction relationship between the signers. However, the lattice based mesh signature can express more abundant relationship. Namely, it support all the boolean expression and the threshold predicate.(5) In the procedure of the above study, we find that the inefficiency of pre-image sample is the bottleneck to restrict the enhancement of efficiency of lattice based signcryption schemes. The trapdoor due to Micciancio and Peikert (MP trapdoor for short) is an efficient trapdoor and it provides the nec-essary requirement for constructing efficient signature. However, if the prod-uct of the trapdoor and the Gauusian sample is directly output as the signa-ture, some information of the trapdoor will be leaked. Micciancio and Peikert adopted discrete convolution technique and Lyubashevsky employed rejection sample technique to prevent the leakage of the trapdoor information, respec-tively. However, the efficiency of scheme suffers a major setback. We propose a varaint of MP trapdoor, introduce redundance for trapdoor and combine trap-door randomly to resist the leakage of trapdoor information. As a result, an efficient pre-image sample algorithm is obtained. As an application, an iden-tity based signature scheme is designed, in which the trapdoor size is linear with the hierarchies and the computational overhead of trapdoor delegation is reduced in magnitude order.