一种通用可组合安全的非交互式承诺方案

doi:10.3969/j.issn.1006-2475.2024.01.002

摘要/Abstract

摘要： 摘要：承诺方案是密码学中最基本的组件之一，是许多密码协议的基础，如零知识证明和安全多方计算协议。通用可组合安全在设计安全协议中具有重要意义，如果一种协议在通用可组合框架中可证明安全，那么即使该协议与任意（甚至不安全的）协议并发运行，它仍然保持安全性。现有的几种高效的通用可组合安全的承诺方案都是交互式协议，而非交互式的通用可组合承诺方案具有较高的协议计算量和通信复杂度。针对于此，本文在公共参考串模型下，提出一种高效的通用可组合安全的非交互式承诺方案。通用可组合承诺方案的关键设计思想在于同时实现可提取性和模棱两可性。在承诺阶段使用一种选择密文安全加密方案实现可提取性，在承诺打开阶段使用一种非交互式零知识证明，并利用一种双模式承诺方案保持协议的模棱两可性。该方案将承诺打开阶段的多轮通信改进为一轮，实现了非交互性。与现有的非交互式承诺方案相比，大大减少了计算量和通信量，提高了协议的效率。

关键词: 关键词：通用可组合安全, 承诺方案, 非交互式, 公共参考串

Abstract:

Abstract： The commitment scheme is one of the most fundamental components in cryptography， and is the basis of many cryptographic protocols， such as zero-knowledge proof and secure multi-party computing protocols. Universally composability （UC） is of great significance in designing secure protocols， if a protocol is proven secure in the UC framework， it still maintains security even if it is executed concurrently with arbitrary （even insecure） protocols. Several current efficient UC commitment schemes are all interactive protocols， and non-interactive UC commitments have high computational cost and communication complexity of the protocol. Aiming at solving this problem， an efficient UC-secure non-interactive commitment scheme in the common reference string model is proposed. The key design idea of universally composable commitments are to achieve extractability and equivocability at the same time. A CCA2-secure encryption scheme is used to achieve extractability in the commitment phase. A non-interactive zero-knowledge proof is used in the decommitment phase， and a dual-model commitment scheme is utilized to maintain protocol equivocability. The proposed protocol reduces the multi-round communication to one round in the open phase， achieving the non-interactivity. Compared with the existing non-interactive commitment scheme， the cost of computation and communication are greatly reduced， and the efficiency of the protocol is improved.

Key words: Key words： UC-security, commitment schemes, non-interactivity, common reference string

中图分类号:

TP309

蔡泗沐, 王立斌. 一种通用可组合安全的非交互式承诺方案[J]. 计算机与现代化, 2024, 0(01): 6-12.

CAI Si-mu, WANG Li-bin. A Universally-composable Secure Non-interactive Commitment Scheme[J]. Computer and Modernization, 2024, 0(01): 6-12.

参考文献［28］

［1］	CANETTI R， FISCHLIN M. Universally composable commitments［C］// Advances in Cryptology-CRYPTO 2001. 2001：19-40.
［2］	唐春明，刘卓军. 承诺方案的研究［J］. 系统科学与数学， 2008，28（8）：961-970.
［3］	DAMGÅRD I， NIELSEN J B. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor［C］// Advances in Cryptology-CRYPTO 2002. 2002：581-596.
［4］	CANETTI R， LINDELL Y， OSTROVSKY R， et al. Universally composable two-party and multi-party secure computation［C］// Proceedings of the 34th Annual ACM Symposium on Theory of Computing. 2002：494-503.
［5］	张硕. 安全多方计算协议及其应用研究［D］. 北京：北京邮电大学， 2021.
［6］	CANETTI R. Universally composable security： A new paradigm for cryptographic protocols［C］// Proceedings 42nd IEEE Symposium on Foundations of Computer Science. 2001：136-145.
［7］	CANETTI R， JAIN A， SCAFURO A. Practical UC security with a global random oracle［C］// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014：597-608.
［8］	CASCUDO I， DAMGÅRD I， DAVID B， et al. Efficient UC commitment extension with homomorphism for free （and applications）［C］// International Conference on the Theory and Application of Cryptology and Information Security. 2019：606-635.
［9］	LINDELL Y. Highly-efficient universally-composable commitments based on the DDH assumption［C］// Advances in Cryptology-EUROCRYPT 2011. 2011：446-466.
［10］	BLAZY O， CHEVALIER C， POINTCHEVAL D， et al. Analysis and improvement of Lindell’s UC-secure commitment schemes［C］// International Conference on Applied Cryptography and Network Security. 2013：534-551.
［11］	FUJISAKI E. Improving practical UC-secure commitments based on the DDH assumption［J］. IEICE Transactions on Fundamentals of Electronics， Communications and Computer Sciences， 2022，105（3）：182-194.
［12］	ABDOLMALEKI B， BAGHERY K， LIPMAA H， et al. DL -extractable UC-commitment schemes［C］// International Conference on Applied Cryptography and Network Security. 2019：385-405.
［13］	FISCHLIN M， LIBERT B， MANULIS M. Non-interactive and reusable universally composable string commitments with adaptive security［C］// Advances in Cryptology-ASIACRYPT 2011. 2011：468-485.
［14］	DAMGARD I， GROTH J. Non-interactive and reusable non-malleable commitment schemes［C］// Proceedings of the 35th Annual ACM Symposium on Theory of Computing. 2003：426-437.
［15］	ABDOLMALEKI B， KHOSHAKHLAGH H， SLAMANIG D. A framework for UC-secure commitments from publicly computable smooth projective hashing［C］// Proceedings of the 17th IMA International Conference on Cryptography and Coding. 2019：1-21.
［16］	DAMGÅRD I. On Σ protocols［J］. Lecture Notes， 2002，56（2）：62-84.
［17］	FIAT A， SHAMIR A. How to prove yourself： Practical solutions to identification and signature problems［C］// Advances in Cryptology-CRYPTO 1986. 1986：186-194.
［18］	LINDELL Y. An efficient transform from sigma protocols to NIZK with a CRS and non-programmable random Oracle［C］// Theory of Cryptography Conference. 2015：93-109.
［19］	BONEH D， FRANKLIN M. Identity-based encryption from the Weil pairing［C］// Annual International Cryptology Conference. 2001：213-229.
［20］	CRAMER R， SHOUP V. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack［C］// Advances in Cryptology -CRYPTO 1998. 1998：13-25.
［21］	CATALANO D， VISCONTI I. Hybrid commitments and their applications to zero-knowledge proof systems［J］. Theoretical Computer Science， 2007，374（1-3）：229-260.
［22］	BLUM M， FELDMAN P， MICALI S. Non-interactive zero-knowledge and its applications［M］// Providing Sound Foundations for Cryptography： On the Work of Shafi Goldwasser and Silvio Micali. 2019：329-349.
［23］	雷飞宇，陈克非. UC 安全多方计算模型及其典型应用研究［D］. 上海：上海交通大学， 2007.
［24］	LINDELL Y. How to simulate it： A tutorial on the simulation proof technique［J］. Tutorials on the Foundations of Cryptography， 2017，66（1）：277-346.
［25］	LINDELL Y. Secure multiparty computation［J］. Communications of the ACM， 2020，64（1）：86-96.
［26］	CANETTI R. Security and composition of cryptographic protocols： A tutorial （part I）［J］. ACM SIGACT News， 2006，37（3）：67-92.
［27］	CASCUDO I， DAMGARD I， DAVID B， et al. Additively homomorphic UC commitments with optimal amortized overhead［C］// IACR International Workshop on Public Key Cryptography. 2015：495-515.
［28］	HOFHEINZ D， MÜller-QUADE J. Universally composable commitments using random oracles［C］// Theory of Cryptography Conference. 2004：58-76.

[1]	韩冬松, 沙乐天, 赵创业. 基于蠕虫和代理的工控系统攻击建模[J]. 计算机与现代化, 2023, 0(10): 107-114.
[2]	叶力鸣, 陈蔚文. 一种结合语义分割和目标检测的级联式绝缘子缺陷检测方法[J]. 计算机与现代化, 2023, 0(06): 82-88.
[3]	刘军, 袁霖, 冯志尚, 张彪, 刘超. 面向无人机群组的高效愈合密钥管理方案[J]. 计算机与现代化, 2023, 0(06): 103-109.
[4]	查凯金, 王志波, 何月顺, 徐洪珍. 区块链安全保护研究综述[J]. 计算机与现代化, 2023, 0(06): 110-117.
[5]	邓银娟, 杜红珍, 窦晓霞. 无安全信道的注册用户公钥可搜索加密方案[J]. 计算机与现代化, 2020, 0(09): 43-48.
[6]	邓铭巍, 欧嵬, 杨杰. 几种典型区块链共识机制的安全性分析[J]. 计算机与现代化, 2020, 0(06): 34-.
[7]	张茜,王箭. 基于盲签名的云共享数据完整性审计方案[J]. 计算机与现代化, 2020, 0(04): 60-.
[8]	吴克河，陈鸿祥，李为 . 基于SM9标识密码的北斗安全传输协议研究[J]. 计算机与现代化, 2020, 0(02): 41-.
[9]	张毅，王波. 基于分数阶Rossler混沌序列的图像加密[J]. 计算机与现代化, 2019, 0(12): 119-.
[10]	文婷婷,李洪赭. 面向云服务平台的弹性负载均衡算法[J]. 计算机与现代化, 2019, 0(10): 28-.
[11]	李荷婷，冯仁君，陈海雁，景栋盛. 基于异卷积神经网络的入侵检测[J]. 计算机与现代化, 2019, 0(10): 117-.
[12]	张苏宁，王月娟，吴水明，景栋盛. 基于Krylov子空间方法的网络入侵数据聚类[J]. 计算机与现代化, 2019, 0(10): 121-.
[13]	尚靖伟1,2，姜茸1,2，胡潇涵1,2，施明月1,2. 医疗大数据及隐私泄露[J]. 计算机与现代化, 2019, 0(07): 111-.
[14]	张芃,周良. 基于信任的动态多级访问控制模型[J]. 计算机与现代化, 2019, 0(07): 116-.
[15]	巫万坚1，吴小勇2. 一种前后端数据交互的安全机制[J]. 计算机与现代化, 2019, 0(07): 122-.