Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for ...Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.展开更多
Since transactions in blockchain are based on public ledger verification,this raises security concerns about privacy protection.And it will cause the accumulation of data on the chain and resulting in the low efficien...Since transactions in blockchain are based on public ledger verification,this raises security concerns about privacy protection.And it will cause the accumulation of data on the chain and resulting in the low efficiency of block verification,when the whole transaction on the chain is verified.In order to improve the efficiency and privacy protection of block data verification,this paper proposes an efficient block verification mechanism with privacy protection based on zeroknowledge proof(ZKP),which not only protects the privacy of users but also improves the speed of data block verification.There is no need to put the whole transaction on the chain when verifying block data.It just needs to generate the ZKP and root hash with the transaction information,then save them to the smart contract for verification.Moreover,the ZKP verification in smart contract is carried out to realize the privacy protection of the transaction and efficient verification of the block.When the data is validated,the buffer accepts the complete transaction,updates the transaction status in the cloud database,and packages up the chain.So,the ZKP strengthens the privacy protection ability of blockchain,and the smart contracts save the time cost of block verification.展开更多
Interactive proof and zero-knowledge proof systems are two important concepts in cryptography and complexity theory. In the past two decades, a great number of interactive proof and zero-knowledge proof protocols have...Interactive proof and zero-knowledge proof systems are two important concepts in cryptography and complexity theory. In the past two decades, a great number of interactive proof and zero-knowledge proof protocols have been designed and applied in practice. In this paper, a simple memorizable zero-knowledge protocol is proposed for graph non-isomorphism problem, based on the memorizable interactive proof system, which is extended from the original definition of interactive proof and is more applicable in reality. Keywords interactive proof - zero-knowledge proof - memorizable interactive proof - memorizable zero-knowledge proof This work was supported by the ministry of Science and Technology of China (Grant No.2001CCA03000), and the National Natural Science Foundation of China (Grant No.60273045).Ning Chen received his B.S. degree from Fudan University in 2001. Now he is a master candidate of Department of Computer Science, Fudan University. His research interests include computational complexity, computational cryptography, algorithm design and analysis.Jia-Wei Rong received her B.S. degree from Fudan University in 2002. Now she is a master candidate of Department of Computer Science, Fudan University. Her research interests include computational cryptography, machine learning, artificial intelligence.展开更多
This paper considers the existence of 3-round zero-knowledge proof systems for NP. Whether there exist 3-round non-black-box zero-knowledge proof systems for NP language is an open problem. By introducing a new intera...This paper considers the existence of 3-round zero-knowledge proof systems for NP. Whether there exist 3-round non-black-box zero-knowledge proof systems for NP language is an open problem. By introducing a new interactive proof model, we construct a 3-round zero-knowledge proof system for graph 3-coloring under standard assumptions. Our protocol is a non-black-box zero-knowledge proof because we adopt a special strategy to prove the zero-knowledge property. Consequently, our construction shows the existence of 3-round non-black-box zero-knowledge proof for all languages in NP under the DDH assumption.展开更多
Blockchains are widely used because of their openness,transparency,nontampering and decentralization.However,there is a high risk of information leakage when trading on blockchain,and the existing anonymous trading sc...Blockchains are widely used because of their openness,transparency,nontampering and decentralization.However,there is a high risk of information leakage when trading on blockchain,and the existing anonymous trading schemes still have some problems.To meet the high requirement of anonymity,the cost of proof submitted by the user is too large,which does not apply to blockchain storage.Meanwhile,transaction verification takes too long to ensure the legitimacy of the transaction.To solve these problems,this paper presents a novel anonymous trading scheme named Block Maze Smart Contract(BMSC)based on the zeroknowledge proof system zk-SNARKs to propose efficiency.This scheme can hide account balances,transaction amounts,and the transfer relationships between transaction parties while preventing overspending attacks and double-spending attacks.Compared with other anonymous schemes,this scheme has less cost of proof and takes less time for transaction verification while meeting the high requirements of anonymity and security.展开更多
Moving beyond the conventional“level diagnosis-case analysis”framework,this study,grounded in the SOLO Taxonomy,constructs a four-dimensional instructional model of“stratified objectives,tasks,guidance,and assessme...Moving beyond the conventional“level diagnosis-case analysis”framework,this study,grounded in the SOLO Taxonomy,constructs a four-dimensional instructional model of“stratified objectives,tasks,guidance,and assessment.”Focusing on geometric proofs in middle school,the model is practically applied through case studies of the properties of parallelograms and triangle congruence.By transforming the SOLO levels into actionable instructional steps,the model addresses key student challenges-such as fragmented thinking processes,disorganized logical expression,and weak knowledge transfer-thereby facilitating cognitive progression among students at different levels.The implementation demonstrates that this model significantly enhances the precision and effectiveness of teaching geometric proofs.Its core strengths lie in using visualized diagnostic tools for precise instructional positioning and constructing scaffolded task sequences to build clear pathways for cognitive development.展开更多
A zero-knowledge proof or protocol is a cryptographic technique for verifying private data without revealing it in its clear form.In this paper,we evaluate the potential for zero-knowledge distributed ledger technolog...A zero-knowledge proof or protocol is a cryptographic technique for verifying private data without revealing it in its clear form.In this paper,we evaluate the potential for zero-knowledge distributed ledger technology to alleviate asymmetry of information in the asset-backed securitization market.To frame this inquiry,we conducted market data analyses,a review of prior literature,stakeholder interviews with investors,originators and security issuers and collaboration with blockchain engineers and researchers.We introduce a new system which could enable all market participants in the securitization lifecycle(e.g.investors,rating agencies,regulators and security issuers)to interact on a unique decentralized platform while maintaining the privacy of loan-level data,therefore providing the industry with timely analytics and performance data.Our platform is powered by zkLedger(Narula et al.2018),a zero-knowledge protocol developed by the MIT Media Lab and the first system that enables participants of a distributed ledger to run publicly verifiable analytics on masked data.展开更多
The cloud computing technology has emerged,developed,and matured in recent years,consequently commercializing remote outsourcing storage services.An increasing number of companies and individuals have chosen the cloud...The cloud computing technology has emerged,developed,and matured in recent years,consequently commercializing remote outsourcing storage services.An increasing number of companies and individuals have chosen the cloud to store their data.However,accidents,such as cloud server downtime,cloud data loss,and accidental deletion,are serious issues for some applications that need to run around the clock.For some mission and business-critical applications,the continuous availability of outsourcing storage services is also necessary to protect users'outsourced data during downtime.Nevertheless,ensuring the continuous availability of data in public cloud data integrity auditing protocols leads to data privacy issues because auditors can obtain the data content of users by a sufficient number of storage proofs.Therefore,protecting data privacy is a burning issue.In addition,existing data integrity auditing schemes that rely on semi-trusted third-party auditors have several security problems,including single points of failure and performance bottlenecks.To deal with these issues,we propose herein a blockchain-based continuous data integrity checking protocol with zero-knowledge privacy protection.We realize a concrete construction by using a verifiable delay function with high efficiency and proof of retrievability,and prove the security of the proposal in a random oracle model.The proposed construction supports dynamic updates for the outsourced data.We also design smart contracts to ensure fairness among the parties involved.Finally,we implement the protocols,and the experimental results demonstrate the efficiency of the proposed protocol.展开更多
Precise zero-knowledge was introduced by Micali and Pass in STOC06. This notion captures the idea that the view of a verifier can be reconstructed in almost same time. Following the notion, they constructed some preci...Precise zero-knowledge was introduced by Micali and Pass in STOC06. This notion captures the idea that the view of a verifier can be reconstructed in almost same time. Following the notion, they constructed some precise zero-knowledge proofs and arguments, in which the communicated messages are polynomial bits. In this paper, we employ the new simulation technique introduced by them to provide a precise simulator for a modified Kilian's zero-knowledge arguments with poly-logarithmic efficiency (this modification addressed by Rosen), and as a result we show this protocol is a precise zero-knowledge argument with poly-logaxithmic efficiency. We also present an alternative construction of the desired protocols.展开更多
Precise zero-knowledge was introduced by Micali and Pass in STOC'06.This notion captures the idea that the view of any verifier in interaction can be reconstructed in almost time.Pass also obtained a sequential co...Precise zero-knowledge was introduced by Micali and Pass in STOC'06.This notion captures the idea that the view of any verifier in interaction can be reconstructed in almost time.Pass also obtained a sequential composition lemma for precise zero-knowledge protocols.However,this lemma doesn't provide tight precisions for composed protocols.In this paper we further obtain a sequential composition lemma for a subclass of precise zero-knowledge protocols,which all satisfy a property:their simulators use the code of verifier in almost the black-box way.We call such subclass emulated black-box zero-knowledge protocols.Our lemma provides better precisions for sequential composition of such protocols.展开更多
Published proof test coverage(PTC)estimates for emergency shutdown valves(ESDVs)show only moderate agreement and are predominantly opinion-based.A Failure Modes,Effects,and Diagnostics Analysis(FMEDA)was undertaken us...Published proof test coverage(PTC)estimates for emergency shutdown valves(ESDVs)show only moderate agreement and are predominantly opinion-based.A Failure Modes,Effects,and Diagnostics Analysis(FMEDA)was undertaken using component failure rate data to predict PTC for a full stroke test and a partial stroke test.Given the subjective and uncertain aspects of the FMEDA approach,specifically the selection of component failure rates and the determination of the probability of detecting failure modes,a Fuzzy Inference System(FIS)was proposed to manage the data,addressing the inherent uncertainties.Fuzzy inference systems have been used previously for various FMEA type assessments,but this is the first time an FIS has been employed for use with FMEDA.ESDV PTC values were generated from both the standard FMEDA and the fuzzy-FMEDA approaches using data provided by FMEDA experts.This work demonstrates that fuzzy inference systems can address the subjectivity inherent in FMEDA data,enabling reliable estimates of ESDV proof test coverage for both full and partial stroke tests.This facilitates optimized maintenance planning while ensuring safety is not compromised.展开更多
In the age of big data,ensuring data privacy while enabling efficient encrypted data retrieval has become a critical challenge.Traditional searchable encryption schemes face difficulties in handling complex semantic q...In the age of big data,ensuring data privacy while enabling efficient encrypted data retrieval has become a critical challenge.Traditional searchable encryption schemes face difficulties in handling complex semantic queries.Additionally,they typically rely on honest but curious cloud servers,which introduces the risk of repudiation.Furthermore,the combined operations of search and verification increase system load,thereby reducing performance.Traditional verification mechanisms,which rely on complex hash constructions,suffer from low verification efficiency.To address these challenges,this paper proposes a blockchain-based contextual semantic-aware ciphertext retrieval scheme with efficient verification.Building on existing single and multi-keyword search methods,the scheme uses vector models to semantically train the dataset,enabling it to retain semantic information and achieve context-aware encrypted retrieval,significantly improving search accuracy.Additionally,a blockchain-based updatable master-slave chain storage model is designed,where the master chain stores encrypted keyword indexes and the slave chain stores verification information generated by zero-knowledge proofs,thus balancing system load while improving search and verification efficiency.Finally,an improved non-interactive zero-knowledge proof mechanism is introduced,reducing the computational complexity of verification and ensuring efficient validation of search results.Experimental results demonstrate that the proposed scheme offers stronger security,balanced overhead,and higher search verification efficiency.展开更多
针对目前格上环签名方案在环成员数量较多的情况下,签名效率低下且签名尺寸和公钥尺寸过大的问题,基于零知识证明,使用E-MLWE(extended module learning with errors)和MSIS(module short interger solution)问题降低了公钥大小,结合拒...针对目前格上环签名方案在环成员数量较多的情况下,签名效率低下且签名尺寸和公钥尺寸过大的问题,基于零知识证明,使用E-MLWE(extended module learning with errors)和MSIS(module short interger solution)问题降低了公钥大小,结合拒绝采样算法和追踪机制设计了一种可追踪环签名方案,签名算法中使用递归算法压缩了承诺的大小,进一步降低了签名尺寸,在随机预言机模型下证明方案满足可链接性、匿名性和抗陷害性。性能分析表明,签名尺寸与环成员数量为对数大小关系,在环成员数量较多时,公钥的存储开销和签名的通信开销具有明显优势。展开更多
基金supported by the National High-Tech Research and Development Plan of China under Grant Nos.863-317-01- 04-99, 2009AA01Z122 (863)the Natural Science Foundation of Shenyang City of China under Grant No. F10-205-1-12
文摘Non-Interactive Zero-Knowledge(NIZK for short) proofs are fascinating and extremely useful in many security protocols. In this paper,a new group signature scheme,decisional linear assumption group signature(DLAGS for short) with NIZK proofs is proposed which can prove and sign the multiple values rather than individual bits based on DLIN assumption. DLAGS does not need to interact between the verifier and issuer,which can decrease the communication times and storage cost compared with the existing interactive group signature schemes. We prove and sign the blocks of messages instead of limiting the proved message to only one bit(0 or 1) in the conventional non-interactive zero-knowledge proof system,and we also prove that our scheme satisfy the property of anonymity,unlinkability and traceability. Finally,our scheme is compared with the other scheme(Benoitt's scheme) which is also based on the NIZK proofs system and the DLIN assumption,and the results show that our scheme requires fewer members of groups and computational times.
基金This work was supported by China’s National Natural Science Foundation(No.62072249,62072056).Jin Wang and Yongjun Ren received the grant and the URLs to sponsors’websites are https://www.nsfc.gov.cn/.This work was also funded by the Researchers Supporting Project No.(RSP-2021/102)King Saud University,Riyadh,Saudi Arabia.
文摘Since transactions in blockchain are based on public ledger verification,this raises security concerns about privacy protection.And it will cause the accumulation of data on the chain and resulting in the low efficiency of block verification,when the whole transaction on the chain is verified.In order to improve the efficiency and privacy protection of block data verification,this paper proposes an efficient block verification mechanism with privacy protection based on zeroknowledge proof(ZKP),which not only protects the privacy of users but also improves the speed of data block verification.There is no need to put the whole transaction on the chain when verifying block data.It just needs to generate the ZKP and root hash with the transaction information,then save them to the smart contract for verification.Moreover,the ZKP verification in smart contract is carried out to realize the privacy protection of the transaction and efficient verification of the block.When the data is validated,the buffer accepts the complete transaction,updates the transaction status in the cloud database,and packages up the chain.So,the ZKP strengthens the privacy protection ability of blockchain,and the smart contracts save the time cost of block verification.
文摘Interactive proof and zero-knowledge proof systems are two important concepts in cryptography and complexity theory. In the past two decades, a great number of interactive proof and zero-knowledge proof protocols have been designed and applied in practice. In this paper, a simple memorizable zero-knowledge protocol is proposed for graph non-isomorphism problem, based on the memorizable interactive proof system, which is extended from the original definition of interactive proof and is more applicable in reality. Keywords interactive proof - zero-knowledge proof - memorizable interactive proof - memorizable zero-knowledge proof This work was supported by the ministry of Science and Technology of China (Grant No.2001CCA03000), and the National Natural Science Foundation of China (Grant No.60273045).Ning Chen received his B.S. degree from Fudan University in 2001. Now he is a master candidate of Department of Computer Science, Fudan University. His research interests include computational complexity, computational cryptography, algorithm design and analysis.Jia-Wei Rong received her B.S. degree from Fudan University in 2002. Now she is a master candidate of Department of Computer Science, Fudan University. Her research interests include computational cryptography, machine learning, artificial intelligence.
基金Supported by the National Natural Science Foundation of China (Grant Nos. 60573052 and 90304013)
文摘This paper considers the existence of 3-round zero-knowledge proof systems for NP. Whether there exist 3-round non-black-box zero-knowledge proof systems for NP language is an open problem. By introducing a new interactive proof model, we construct a 3-round zero-knowledge proof system for graph 3-coloring under standard assumptions. Our protocol is a non-black-box zero-knowledge proof because we adopt a special strategy to prove the zero-knowledge property. Consequently, our construction shows the existence of 3-round non-black-box zero-knowledge proof for all languages in NP under the DDH assumption.
基金supported by the Emerging Interdisciplinary Project of CUFE,the National Natural Science Foundation of China (No.61906220)Ministry of Education of Humanities and Social Science project (No.19YJCZH178).
文摘Blockchains are widely used because of their openness,transparency,nontampering and decentralization.However,there is a high risk of information leakage when trading on blockchain,and the existing anonymous trading schemes still have some problems.To meet the high requirement of anonymity,the cost of proof submitted by the user is too large,which does not apply to blockchain storage.Meanwhile,transaction verification takes too long to ensure the legitimacy of the transaction.To solve these problems,this paper presents a novel anonymous trading scheme named Block Maze Smart Contract(BMSC)based on the zeroknowledge proof system zk-SNARKs to propose efficiency.This scheme can hide account balances,transaction amounts,and the transfer relationships between transaction parties while preventing overspending attacks and double-spending attacks.Compared with other anonymous schemes,this scheme has less cost of proof and takes less time for transaction verification while meeting the high requirements of anonymity and security.
文摘Moving beyond the conventional“level diagnosis-case analysis”framework,this study,grounded in the SOLO Taxonomy,constructs a four-dimensional instructional model of“stratified objectives,tasks,guidance,and assessment.”Focusing on geometric proofs in middle school,the model is practically applied through case studies of the properties of parallelograms and triangle congruence.By transforming the SOLO levels into actionable instructional steps,the model addresses key student challenges-such as fragmented thinking processes,disorganized logical expression,and weak knowledge transfer-thereby facilitating cognitive progression among students at different levels.The implementation demonstrates that this model significantly enhances the precision and effectiveness of teaching geometric proofs.Its core strengths lie in using visualized diagnostic tools for precise instructional positioning and constructing scaffolded task sequences to build clear pathways for cognitive development.
基金We received funding solely from our institution to perform this research.
文摘A zero-knowledge proof or protocol is a cryptographic technique for verifying private data without revealing it in its clear form.In this paper,we evaluate the potential for zero-knowledge distributed ledger technology to alleviate asymmetry of information in the asset-backed securitization market.To frame this inquiry,we conducted market data analyses,a review of prior literature,stakeholder interviews with investors,originators and security issuers and collaboration with blockchain engineers and researchers.We introduce a new system which could enable all market participants in the securitization lifecycle(e.g.investors,rating agencies,regulators and security issuers)to interact on a unique decentralized platform while maintaining the privacy of loan-level data,therefore providing the industry with timely analytics and performance data.Our platform is powered by zkLedger(Narula et al.2018),a zero-knowledge protocol developed by the MIT Media Lab and the first system that enables participants of a distributed ledger to run publicly verifiable analytics on masked data.
基金This work is supported by the National Natural Science Foundation of China(61872229,U19B2021)the Shaanxi Provincial Science Fund for Distinguished Young Scholars(2022JC-47)+1 种基金the Blockchain Core Technology Strategic Research Program of Ministry of Education of China(2020KJ010301)the Key Research and Development Program of Shaanxi(2021ZDLGY06-04,2020ZDLGY09-06).
文摘The cloud computing technology has emerged,developed,and matured in recent years,consequently commercializing remote outsourcing storage services.An increasing number of companies and individuals have chosen the cloud to store their data.However,accidents,such as cloud server downtime,cloud data loss,and accidental deletion,are serious issues for some applications that need to run around the clock.For some mission and business-critical applications,the continuous availability of outsourcing storage services is also necessary to protect users'outsourced data during downtime.Nevertheless,ensuring the continuous availability of data in public cloud data integrity auditing protocols leads to data privacy issues because auditors can obtain the data content of users by a sufficient number of storage proofs.Therefore,protecting data privacy is a burning issue.In addition,existing data integrity auditing schemes that rely on semi-trusted third-party auditors have several security problems,including single points of failure and performance bottlenecks.To deal with these issues,we propose herein a blockchain-based continuous data integrity checking protocol with zero-knowledge privacy protection.We realize a concrete construction by using a verifiable delay function with high efficiency and proof of retrievability,and prove the security of the proposal in a random oracle model.The proposed construction supports dynamic updates for the outsourced data.We also design smart contracts to ensure fairness among the parties involved.Finally,we implement the protocols,and the experimental results demonstrate the efficiency of the proposed protocol.
基金the National Natural Science Foundation of China (No.60573031)New Century Excellent Talent Program of Education Ministry of China (No.NCET-05-0398)
文摘Precise zero-knowledge was introduced by Micali and Pass in STOC06. This notion captures the idea that the view of a verifier can be reconstructed in almost same time. Following the notion, they constructed some precise zero-knowledge proofs and arguments, in which the communicated messages are polynomial bits. In this paper, we employ the new simulation technique introduced by them to provide a precise simulator for a modified Kilian's zero-knowledge arguments with poly-logarithmic efficiency (this modification addressed by Rosen), and as a result we show this protocol is a precise zero-knowledge argument with poly-logaxithmic efficiency. We also present an alternative construction of the desired protocols.
基金the National Natural Science Foundation of China (No. 60573031)the New Century Excellent Talent Program of Education Ministry of China(NCET-05-0398)
文摘Precise zero-knowledge was introduced by Micali and Pass in STOC'06.This notion captures the idea that the view of any verifier in interaction can be reconstructed in almost time.Pass also obtained a sequential composition lemma for precise zero-knowledge protocols.However,this lemma doesn't provide tight precisions for composed protocols.In this paper we further obtain a sequential composition lemma for a subclass of precise zero-knowledge protocols,which all satisfy a property:their simulators use the code of verifier in almost the black-box way.We call such subclass emulated black-box zero-knowledge protocols.Our lemma provides better precisions for sequential composition of such protocols.
文摘Published proof test coverage(PTC)estimates for emergency shutdown valves(ESDVs)show only moderate agreement and are predominantly opinion-based.A Failure Modes,Effects,and Diagnostics Analysis(FMEDA)was undertaken using component failure rate data to predict PTC for a full stroke test and a partial stroke test.Given the subjective and uncertain aspects of the FMEDA approach,specifically the selection of component failure rates and the determination of the probability of detecting failure modes,a Fuzzy Inference System(FIS)was proposed to manage the data,addressing the inherent uncertainties.Fuzzy inference systems have been used previously for various FMEA type assessments,but this is the first time an FIS has been employed for use with FMEDA.ESDV PTC values were generated from both the standard FMEDA and the fuzzy-FMEDA approaches using data provided by FMEDA experts.This work demonstrates that fuzzy inference systems can address the subjectivity inherent in FMEDA data,enabling reliable estimates of ESDV proof test coverage for both full and partial stroke tests.This facilitates optimized maintenance planning while ensuring safety is not compromised.
基金supported in part by the National Natural Science Foundation of China under Grant 62262073in part by the Yunnan Provincial Ten Thousand People Program for Young Top Talents under Grant YNWR-QNBJ-2019-237in part by the Yunnan Provincial Major Science and Technology Special Program under Grant 202402AD080002.
文摘In the age of big data,ensuring data privacy while enabling efficient encrypted data retrieval has become a critical challenge.Traditional searchable encryption schemes face difficulties in handling complex semantic queries.Additionally,they typically rely on honest but curious cloud servers,which introduces the risk of repudiation.Furthermore,the combined operations of search and verification increase system load,thereby reducing performance.Traditional verification mechanisms,which rely on complex hash constructions,suffer from low verification efficiency.To address these challenges,this paper proposes a blockchain-based contextual semantic-aware ciphertext retrieval scheme with efficient verification.Building on existing single and multi-keyword search methods,the scheme uses vector models to semantically train the dataset,enabling it to retain semantic information and achieve context-aware encrypted retrieval,significantly improving search accuracy.Additionally,a blockchain-based updatable master-slave chain storage model is designed,where the master chain stores encrypted keyword indexes and the slave chain stores verification information generated by zero-knowledge proofs,thus balancing system load while improving search and verification efficiency.Finally,an improved non-interactive zero-knowledge proof mechanism is introduced,reducing the computational complexity of verification and ensuring efficient validation of search results.Experimental results demonstrate that the proposed scheme offers stronger security,balanced overhead,and higher search verification efficiency.
文摘针对目前格上环签名方案在环成员数量较多的情况下,签名效率低下且签名尺寸和公钥尺寸过大的问题,基于零知识证明,使用E-MLWE(extended module learning with errors)和MSIS(module short interger solution)问题降低了公钥大小,结合拒绝采样算法和追踪机制设计了一种可追踪环签名方案,签名算法中使用递归算法压缩了承诺的大小,进一步降低了签名尺寸,在随机预言机模型下证明方案满足可链接性、匿名性和抗陷害性。性能分析表明,签名尺寸与环成员数量为对数大小关系,在环成员数量较多时,公钥的存储开销和签名的通信开销具有明显优势。
