The Research Of Lattice-based Blind Signature And Proxy Signature

Blind signature allows a signer to sign on the document without knowing what he signs,so it is widely used in e-voting and e-payment systems,etc.But when these systems are deployed in distributed architecture,the blind signature cannot allow the signer to assign his branches to sign instead of himself.Thus we need to use proxy signature to address this issue.So far,most of proxy blind signature schemes and proxy signature schemes are based on discrete logarithm problem,factoring problem,and the hard problems on bilinear pairing.However,these schemes cannot defeat quantum computers attack.Therefore,blind signature schemes and proxy signature schemes based on lattice become an alternative solution for their high efficiency and anti-quantum computers attack.However,the lattice-based blind signature schemes and proxy signature schemes are mainly constructed based on preimage sampleable functions of Gentry et al.and bonsai trees model of cash et al.,these schemes are inefficient.Therefore,this thesis constructs several provable-secure blind signature and proxy signature based on lattice to address these issues,the achievements are summarized as follows:(1)This thesis constructs two blind signature schemes based on the closest vector problem in the lattice.Firstly,we construct a provable-secure and efficient blind sig-nature scheme named BS-CVP₂using euclidean norm based on the scheme of Shang et al.Secondly,we construct another blind signature scheme named BS-CVP_?using infinity norm based on the scheme of Plantard et al.We prove that both of them are secure in the random oracle model,i.e.,they are blind and one-more unforgeable.The proposed two schemes outperform Rückert scheme in terms of moves and private key size,also their public key size is shorter than WHW scheme and TZLYY scheme,the security of BS-CVP_?is stronger than BS-CVP₂scheme and Rückert scheme,signing speed of BS-CVP₂scheme is faster than other schemes.(2)This thesis constructs an identity-based blind signature scheme on NTRU lat-tice.BS-CVP₂and BS-CVP_?schemes mentioned above dependent on the complex public key infrastructure.To overcome these disadvantages,we propose an identity-based lattice-based blind signature scheme named IDBS-NTRU.The main tool in this scheme is the rejection sampling theorem,which was proposed by Lyubashevsky in2012.This theorem can be used to construct secure signature scheme without con-structing trapdoor function.Then we prove that it is secure in the random oracle model,i.e.,it is blind and one-more unforgeable.This scheme satisfies confidentiality,integrity,and non-repudiation.The proposed scheme outperforms others in terms of signing speed and moves,outperforms ZK scheme and HCZ scheme in terms of security,outperforms Rückert scheme,ZM scheme,and BS-CVP_?scheme in terms of private key size,and outperforms Rückert scheme in terms of signature size.(3)This thesis constructs an identity-based proxy signature scheme on NTRU lattice.When e-payment system and e-voting system are deployed using distributed architecture in application,BS-CVP₂,BS-CVP_?,and IDBS-NTRU schemes mentioned above cannot allow a proxy signer to sign instead of himself.Therefore,we need to use proxy signature.We propose an identity-based proxy signature named IDPS-NTRU.We prove that it is secure in the random oracle model,i.e.,it is correct,unforgeable,verifiable,strong identifiable,non-deniable,and key independent.Our scheme outper-forms others in terms of signature size and private key size of original signer and proxy signer.(4)This thesis constructs an identity-based proxy blind signature scheme on NTRU lattice,which combines IDPS-NTRU scheme with blind signature scheme.Though IDPS-NTRU scheme cannot protect user privacy,this thesis proposes an identity-based proxy blind signature named IDPBS-NTRU to address this issue.We prove that it is secure in the random oracle model,i.e.,it is correct,blind,one-more unforgeable,verifiable,strong identifiable,non-deniable,and key independent.The proposed scheme has both advantages of proxy authorization of proxy signature and protecting user privacy of blind signature.