Research on Quantum-Attack-Resistant Strong Forward-Secure Signature Schemes
Abstract
:1. Introduction
2. Preliminaries
2.1. Framework of Strong Forward-Secure Signature Scheme
- Parameter generation: input security parameter n, output public parameter PP, master key msk and user initial key usk.
- Key iteration and update: When the user wants to use the private key, he initiates a key request to PKG and sends the identity together. PKG inputs the public parameters PP, master key msk, user initial key usk and user identity , then executes the algorithm to generate the initial forward private key and initial backward private key . When iterating the forward private key, user inputs the current period i, user identity and current forward private key , then outputs the forward private key for the next period i + 1. When iterating the backward private key, user inputs the current period i, user identity and current backward private key are input , then outputs the backward private key for the previous period i − 1. The private key of the i-th period is = , which is the result of concatenating the forward private key and the backward private key. The iteration process of the private key is shown in Figure 1.
- Signature generation: User inputs his identity , the private key of the current period i and the message m, then outputs the signature at this period.
- Signature verification: The verifier inputs the user’s identity , the public key of the current period i, the original message m and the signature , if the signature is valid then accept it, otherwise reject it.
2.2. Security Model
- Key query: A own the ability to ask any identity (k = 1,2,…,N) for the key of any period i (i T), and C generates the key of identity in period i and sends it to A.
- Signature query: A can inquire about the signature of any identity in any period i (i T), and C generates the signature of the identity in period i and sends it to A.
2.3. Lattices and Hardness Assumptions
- v h, z , output signature(v,z) with probability ;
- v h, z , output the signature (v,z) with probability .
- Algorithm input x;
- Randomly select ρ ∈ {0,1};
- Randomly select ,…, from the set H;
- (I,) ← B(x,,…,; ρ);
- If I = 0, return (0, ε, ε);
- Randomly select ,…, from the set H;
- (I, ) ← B(x, , … , , , … , ; ρ);
- If I = I and hh, output (1, , ); otherwise output (0, ε, ε), let frk=Pr[b=1,x←IG; (b,σ,σ)←], then frkacc.
3. A Strong Forward-Secure Signature Scheme Based on Identity on Lattice
3.1. Strong Forward-Security Key-Iteration Algorithm
3.1.1. Symbol Description
3.1.2. System Initialization
- System parameter generation
- 2.
- Master key generation
- 3.
- User master key generation
3.1.3. Key-Iteration Algorithm
- Forward private key iterative algorithm
- 2.
- Backward private key-iteration algorithm
3.1.4. Key Update
3.2. Strong Forward-Secure Signature Scheme on Lattice
3.2.1. Parameter Generation
3.2.2. Key Generation
3.2.3. Sign
- The user inputs the public parameters PP, the message , and the private key of the i-th period .
- The user randomly selects a vector .
- Calculates .
- Then calculates .
- Outputs the current period signature with a probability of , and re-executes the algorithm if there is no output.
- Publishes the current period public key .
3.2.4. Verify
4. Performance Analysis
4.1. Existential Unforgeability against Chosen-Message Attacks
- C first browses whether there is a corresponding hash value in the list and , if exists, directly returns the corresponding hash value and calculates , . If the corresponding hash value does not exist, C randomly select a matrix , then run the BasisDel algorithm to generate a private key and add it to the list .
- C maintains list ), if A performs a key query on i, C returns the current cycle private key of A as a response. Then C browses whether there is a corresponding hash value in the list and , and if so, directly returns the corresponding hash value. After that calculate , , , . If the corresponding hash value does not exist, C randomly selects a matrix , then runs the BasisDel algorithm to generate a forward private key and a backward private key , afterwards adds them into list .
- 1 T.
- has not been queried in the key query.
- (,) has not been asked in the signature query.
- Signature pass the verification.
4.2. Strong Forward Security
4.2.1. Forward-Security Analysis
- Key-iteration algorithm has forward security
- 2.
- The signature scheme is forward-secure
4.2.2. Backward Security Analysis
- The key-iteration algorithm has backward security
- 2.
- The signature scheme is forward-secure
5. Remote Identity Authentication to Resist Quantum Attacks
5.1. Overview of Remote Identity Authentication
5.2. Lattice-Based Strong Forward-Secure Signature Scheme for Remote Authentication
5.2.1. Enrollment Phase
- The user first determines the required period T, initiates a key request to PKG to obtain the master private key and the master public key , and then the user uses , to generate the private key set and the public key set , after that stores the private key set and the public key set carefully.
- The server uses a public-key encryption algorithm to generate a public–private key pair (ssk, spk), and sends the public key to the user to encrypt the transmitted identity information.
- The user uses the public key of the server to encrypt the identity and the public key set with spk and then sends them to the server.
- The server uses the ssk to decrypt and obtains the user’s sum and store it in the server’s database.
5.2.2. Authentication Phase
- The user checks the private key number in the private key set to determine the current period t(tT), encrypts the user identity as well as the public key corresponding to the current period with the server’s public key spk, and sends it to the server.
- After receiving the ciphertext sent by the user, the server decrypts it with the private key ssk to obtain the user’s and the public key of the current period , and then the server compares the user’s identity and public key in the database to see whether they are consistent with the stored ones. If they are consistent, continue 3, otherwise stop the interaction.
- The server randomly selects a challenge message and sends the challenge message to the user.
- The user replies to the challenge information, and takes the challenge information and replies to information as messages to be signed.
- Use the private key of the current period to sign, and send the message signature pair to the server after signing.
- After the server receives the message signature pair, the public key is used to verify. If the signature is verified, the user is authenticated; otherwise, the authentication fails. The remote identity-authentication process of the lattice-based strong forward-secure signature scheme is shown in Figure 3.
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Data Availability Statement
Conflicts of Interest
References
- Anderson, R. Invited lecture. In Proceedings of Fourth Annual Conference on Computer and Communication Security; ACM Press: New York, NY, USA, 1997; pp. 1–7. [Google Scholar]
- Anderson, R. Two Remarks on Public-Key Cryptology; UCAM-CL-TR-549; University of Cambridge: Cambridge, England, 2000. [Google Scholar]
- Burmester, M.; Chrissikopoulos, V. Strong forward security. In IFIP International Information Security Conference; IFIP-SEC2001 Conference; Kluwer Academics Publishers: New York, NY, USA, 2001; pp. 109–119. [Google Scholar]
- Cheng, Y.G.; Hu, M.S.; Gong, B.; Wang, L.P.; Lei, Y.F. A Dynamic Threshold Signature Scheme with Strong Forward Security. Comput. Eng. Appl. 2020, 56, 125–134. [Google Scholar]
- Li, F.Y.; Liu, Z.X.; Li, T.; Ju, H.; Wang, H.; Zhou, H. Privacy-aware PKI model with strong forward security. Int. J. Intell. Syst. 2020, 37, 10049–10065. [Google Scholar]
- Yoneyama, K. One-round authenticated key exchange with strong forward secrecy in the standard model against constrained adversary. In Proceedings of the Advances in Information and Computer Security: 7th International Workshop on Security, IWSEC 2012, Fukuoka, Japan, 7–9 November 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 69–86. [Google Scholar]
- Surbhi, S.; Ratna, D. Post-quantum secure identity-based signature achieving forward secrecy. J. Inf. Secur. Appl. 2022, 69, 103275. [Google Scholar]
- Yin, H.L.; Fu, Y.; Li, C.L.; Weng, C.X.; Li, B.H.; Gu, J.; Lu, Y.S.; Huang, S.; Chen, Z.B. Experimental quantum secure network with digital signatures and encryption. Natl. Sci. Rev. 2023, 10, nwac228. [Google Scholar] [PubMed]
- Alvarez, D.; Kim, Y. Survey of the development of quantum cryptography and its applications. In Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 27–30 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1074–1080. [Google Scholar]
- Gottesman, D.; Chuang, I.L. Quantum Digital Signatures. arXiv 2001, arXiv:quant-ph/0105032. [Google Scholar]
- Pirandola, S.; Andersen, U.L.; Banchi, L.; Berta, M.; Bunandar, D.; Colbeck, R.; Englund, D.; Gehring, T.; Lupo, C.; Ottaviani, C.; et al. Advances in quantum cryptography. Adv. Opt. Photonics 2020, 12, 1012–1236. [Google Scholar] [CrossRef] [Green Version]
- Kiktenko, E.O.; Pozhar, N.O.; Anufriev, M.N.; Trushechkin, A.S.; Yunusov, R.R.; Kurochkin, Y.V.; Lvovsky, A.I.; Fedorov, A.K. Quantum-secured blockchain. Quantum Sci. Technol. 2018, 3, 035004. [Google Scholar]
- Gu, J.; Cao, X.Y.; Fu, Y.; He, Z.W.; Yin, Z.J.; Yin, H.L.; Chen, Z.B. Experimental measurement-device-independent type quantum key distribution with flawed and correlated sources. Sci. Bull. 2022, 67, 2167–2175. [Google Scholar] [CrossRef] [PubMed]
- Huang, A.Q.; Gao, B.W.; Shi, W.X. Quantum attack and defense technology and security assessment for Quantum key distribution. Natl. Def. Sci. Technol. 2022, 43, 1–7. [Google Scholar]
- Zhang, R.; Li, L.X.; Peng, H.P. Research on the Development Trend of Post Quantum Cryptography. Inf. Secur. Commun. Secur. 2023, 45, 64–81. [Google Scholar]
- Nejatollahi, H.; Dutt, N.; Ray, S.; Regazzoni, F.; Banerjee, I.; Cammarota, R. Post-quantum lattice-based cryptography implementations: A survey. ACM Comput. Surv. 2019, 51, 129. [Google Scholar] [CrossRef]
- Akter, M.S. Quantum Cryptography for Enhanced Network Security: A Comprehensive Survey of Research, Developments, and Future Directions. arXiv 2023, arXiv:2306.09248. [Google Scholar]
- Kansal, M.; Dutta, R.; Mukhopadhyay, S. Group signature from lattices preserving forward security in dynamic setting. Adv. Math. Commun. 2020, 14, 535–553. [Google Scholar] [CrossRef] [Green Version]
- Liao, Z.; Huang, Q.; Chen, X. A fully dynamic forward-secure group signature from lattice. Cybersecurity 2022, 5, 20. [Google Scholar] [CrossRef]
- Le, H.Q.; Duong, D.H.; Susilo, W.; Tran, H.T.; Trinh, V.C.; Pieprzyk, J.; Plantard, T. Lattice blind signatures with forward security. In Proceedings of the Information Security and Privacy: 25th Australasian Conference, ACISP 2020, Perth, Australia, 30 November–2 December 2020; Springer International Publishing: Cham, Switzerland, 2020; pp. 3–22. [Google Scholar]
- Wu, G.; Huang, R. An efficient identity-based forward secure signature scheme from lattices. In Proceedings of the 2021 International Wireless Communications and Mobile Computing (IWCMC), Harbin, China, 28 June–2 July 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 626–631. [Google Scholar]
- Zhang, X.; Liu, Z. Lattice-based strongly-unforgeable forward-secure identity-based signature scheme with flexible key update. KSII Trans. Internet Inf. Syst. 2017, 11, 2792–2810. [Google Scholar]
- REGEVO. Lattice-based cryptography. In Advances in Cryptology—CRY PTO 2006; Springer: Berlin, Germany, 2006; pp. 131–141. [Google Scholar]
- Gentry, C.; Peikert, C.; Vaikuntanathan, V. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, Victoria, BC, Canada, 17–20 May 2008; pp. 197–206. [Google Scholar]
- Ling, S.; Nguyen, K.; Wang, H. Group signatures from lattices: Simpler, tighter, shorter, ring-based. In Proceedings of the Public-Key Cryptography—PKC 2015: 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, 30 March–1 April 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 427–449. [Google Scholar]
- Agrawal, S.; Boneh, D.; Boyen, X. Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE. In Proceedings of the Advances in Cryptology—CRYPTO 2010: 30th Annual Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 98–115. [Google Scholar]
- Lyubashevsky, V. Lattice signatures without trapdoors. In Proceedings of the Advances in Cryptology—EUROCRYPT 2012: 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, 15–19 April 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 738–755. [Google Scholar]
- Bellare, M.; Neven, G. Multi-signatures in the plain public-key model and a general forking lemma. In Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, 30 October–3 November 2006; pp. 390–399. [Google Scholar]
- Zhou, R.R.; Wang, C.Y.; Li, H.F. A review of identity authentication patent technology. Henan Sci. Technol. 2020, 701, 147–152. [Google Scholar]
- Xu, C.; Guo, F. Research and Design of Dynamic Identity Authentication Mechanism Based on Digital Signature. Comput. Knowl. Technol. 2020, 16, 22–23. [Google Scholar]
- Tian, Y.; Li, Y.; Deng, R.H.; Binanda, S.; Guomin, Y. Lattice-based remote user authentication from reusable fuzzy signature. J. Comput. Secur. 2021, 29, 273–298. [Google Scholar] [CrossRef]
Symbol | Meaning |
---|---|
The identity of user K | |
User K’s master private key | |
User K’s master public key | |
User K’s initial forward private key | |
User K’s initial backward private key | |
The private key of user K in period t | |
The public key of user K in period t | |
PKG | key generation center |
signature |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Li, F.; Wang, J.; Shang, M.; Zhang, D.; Li, T. Research on Quantum-Attack-Resistant Strong Forward-Secure Signature Schemes. Entropy 2023, 25, 1159. https://doi.org/10.3390/e25081159
Li F, Wang J, Shang M, Zhang D, Li T. Research on Quantum-Attack-Resistant Strong Forward-Secure Signature Schemes. Entropy. 2023; 25(8):1159. https://doi.org/10.3390/e25081159
Chicago/Turabian StyleLi, Fengyin, Junhui Wang, Mengxue Shang, Dandan Zhang, and Tao Li. 2023. "Research on Quantum-Attack-Resistant Strong Forward-Secure Signature Schemes" Entropy 25, no. 8: 1159. https://doi.org/10.3390/e25081159
APA StyleLi, F., Wang, J., Shang, M., Zhang, D., & Li, T. (2023). Research on Quantum-Attack-Resistant Strong Forward-Secure Signature Schemes. Entropy, 25(8), 1159. https://doi.org/10.3390/e25081159