CN116232563A - Original image Gaussian sampling method, system, electronic equipment and storage medium - Google Patents

Original image Gaussian sampling method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN116232563A
CN116232563A CN202211658716.1A CN202211658716A CN116232563A CN 116232563 A CN116232563 A CN 116232563A CN 202211658716 A CN202211658716 A CN 202211658716A CN 116232563 A CN116232563 A CN 116232563A
Authority
CN
China
Prior art keywords
key
gaussian
sampling
verification
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211658716.1A
Other languages
Chinese (zh)
Inventor
贾惠文
顾翱翔
唐春明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou University
Original Assignee
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou University filed Critical Guangzhou University
Priority to CN202211658716.1A priority Critical patent/CN116232563A/en
Publication of CN116232563A publication Critical patent/CN116232563A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Abstract

The invention discloses a primary image Gaussian sampling method, which comprises the following steps: selecting a Gaussian parameter s, and generating a signature key sk and a verification key vk by using a key generation algorithm; specifically comprises determining Gaussian parameters, selecting polynomials constituting trapdoors, and selecting tool vectors g t Constructing a trapdoor matrix R to obtain a check vector a t Let signing key sk=r, verification key vk=a; signing the selected message M with a signing key sk; and carrying out validity verification on the received signature message by using the verification key vk. The invention also discloses a primary image Gaussian sampling system, computer equipment and a storage medium. The invention has fewer elements required for constructing the trapdoor, and the constructed trapdoor is a parallel version, so that the trapdoor can be completely parallelized in the process of disturbing sampling, the ring elements of the collected disturbing vector are reduced, and the efficiency of disturbing sampling is improved.

Description

Original image Gaussian sampling method, system, electronic equipment and storage medium
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for original Gaussian sampling, electronic equipment and a storage medium.
Background
Public key cryptography is an important way of guaranteeing information security transmission, traditional public key cryptography is widely constructed based on the problems of large number decomposition and discrete logarithm, and under the environment of a quantum computer, the security of the public key cryptography cannot be guaranteed, so that research on a quantum attack resistant cryptographic algorithm becomes an urgent task. The grid password is used as one of the post quantum algorithm systems resisting quantum computation, has a password structure with potential application value, is simple and efficient based on the grid-constructed password scheme, and is based on the difficult problem on the grid, so that the worst-case security of the grid password scheme can be reduced to average condition security, which is a characteristic not possessed by other post quantum password systems.
The character of the lattice password is good, and thus the lattice password has become a hot point of research in recent years. The original Gaussian sampling is used as one of the lattice cipher core algorithms, and has wide application in a cipher system constructed based on the lattice, wherein the hash-and-sign signature based on the original Gaussian sampling algorithm is one of the applications. Algorithm for trapdoor generation of Short Integer Solution (SIS) problem proposed by Gentry et al in 2008, and performing original gaussian sampling based on the trapdoor, but the sampling efficiency is low. To improve trapdoor generation and sampling efficiency, micciancio and Peikert in 2012 proposed a G-trapdoor, which divides the original gaussian sampling algorithm into a disturbance sample and a G-lattice sample. Compared to the normal lattice, the original gaussian sampling has higher efficiency in algebraic lattice, and in 2014 Ducas et al, ring SIS (RSIS) trapdoors were first proposed on NTRU (Number Theory Research Unit) lattice. The algebraic structure of the NTRU lattice is fully utilized by Ducas and Prest in 2016, and the efficiency of original image Gaussian sampling is improved through fast Fourier transformation. Recently, genise and Li introduce two G-trapdoor-like RSIS trapdoors on NTRU grid, the first trapdoor being a noise version, but the scrambling sampling can be completely parallelized, but the modulus q is larger, and cannot be directly combined with the fast sampling technique, resulting in lower signature efficiency; the second trapdoor has a short public key size and, although combined with the fast sampling technique, cannot be accelerated in parallel.
Disclosure of Invention
The invention mainly aims to provide a method, a system, computer equipment and a storage medium for original image Gaussian sampling, which can realize complete parallelization and can improve the original image Gaussian sampling efficiency by using a rapid sampling technology.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
in a first aspect, the invention discloses a method for sampling an original image by Gaussian, which comprises the following steps:
step 1: selecting a Gaussian parameter s, and generating a signature key sk and a verification key vk by using a key generation algorithm; the method specifically comprises the following steps:
step 1.1: let signed Gaussian parameters
Figure BDA0004012792110000021
Wherein α represents a quality parameter, σ represents a gaussian parameter of trapdoor, and n is Fang Mi of 2;
step 1.2: selecting polynomials f, g constituting trapdoors 1 ,g 2 ,…,g k-1 E R, where
Figure BDA0004012792110000022
Figure BDA0004012792110000023
Representing a ring, ++>
Figure BDA0004012792110000024
b is a small integer, q represents the modulus, and these polynomials are defined at R q Reversible, R q Is the coefficient modulo q of the polynomial on the ring R, and each polynomial obeys a discrete gaussian distribution with parameter σ; the method comprises the steps of carrying out a first treatment on the surface of the
Step 1.2: selecting a tool vector
Figure BDA0004012792110000025
Construction of trapdoor matrix r=diag (f, g) 1 ,g 2 ,…,g k-1 )∈R k×k Let check vector->
Figure BDA0004012792110000026
Wherein m=k;
step 1.3: selecting a tool vector
Figure BDA0004012792110000027
Construction of trapdoor matrix r=diag (f, g) 1 ,g 2 ,…,g k-1 )∈R k×k Let check vector->
Figure BDA0004012792110000028
Wherein m=k;
step 1.4: let signing key sk=r, verification key vk=a;
step 2: signing the selected message M with a signing key sk;
step 3: and carrying out validity verification on the received signature message by using the verification key vk.
Preferably, the step 2: signing the selected message M with the signing key sk comprises the steps of:
step 2.1: from the signed message space {0,1} * To select the message M to be signed, and to calculate mu=h (M, r), where h (·) is {0,1} * →R q R is a random bit string, which is a hash function for collision resistance;
step 2.2: sampling disturbance vector
Figure BDA0004012792110000031
Wherein->
Figure BDA0004012792110000032
Figure BDA0004012792110000033
Step 2.3: calculation target v= (μ -a) t ·p)·f -1 mod q and in the coset of g-lattice
Figure BDA0004012792110000034
Upper according to discrete Gaussian distribution->
Figure BDA0004012792110000035
And sampling to obtain a target vector z.
Step 2.4: let x=p+rz= (x 0 ,x 1 ,…,x k-1 );
Step 2.5: by the first component x in x 0 Discard, and output x' = (x) 1 ,…,x k-1 ) As a signature of the message M.
Preferably, the step 2.2: sampling disturbance vector
Figure BDA0004012792110000036
Wherein->
Figure BDA0004012792110000037
Figure BDA0004012792110000038
The method specifically comprises the following steps:
step 2.2.1: to be used for
Figure BDA0004012792110000039
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q 0 The method comprises the steps of carrying out a first treatment on the surface of the For i=1, …, k-1, in +.>
Figure BDA00040127921100000310
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q i
Step 2.2.2: let p= (q 0 ,q 1 ,…,q k-1 )∈R k
Preferably, the step 3: the method for verifying the validity of the received signature message by using the verification key vk comprises the following steps:
step 3.1: calculating x 0 =h(M,r)-a t X mod q, where signature x' = (x) 1 ,…,x k-1 );
Step 3.2: if II (x) 0 ,x 1 ,…,x k-1 )‖ 2 ≤s 2 M.n is true, if the verification passes, otherwise the verification fails.
In a second aspect, the present invention discloses an original gaussian sampling system, comprising:
the generation module is used for selecting the Gaussian parameter s and generating a signature key sk and a verification key vk by adopting a key generation algorithm;
the signature module is used for signing the selected message M by utilizing the signature key sk;
and the verification module is used for verifying the validity of the received signature message by using the verification key vk.
In a third aspect, the present invention discloses a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method as described above when executing the program.
In a fourth aspect, the present invention discloses a computer-readable storage medium having stored thereon a computer program for execution by a processor for performing the method as described above.
Compared with the prior art, the original image Gaussian sampling method, the original image Gaussian sampling system, the electronic equipment and the storage medium have at least the following beneficial effects:
(1) The invention has less elements required for constructing the trapdoor, reduces the time for generating the trapdoor and reduces the storage space of the trapdoor.
(2) The trapdoor constructed by the invention is a parallel version, can be completely parallelized in the process of disturbing sampling, reduces the ring elements of the sampled disturbing vector, and improves the efficiency of disturbing sampling.
(3) The invention reduces the size of the signature by reducing the Gaussian parameter, and improves the security of the digital signature.
Drawings
FIG. 1 is a flow chart of an original Gaussian sampling method of the invention;
FIG. 2 is a schematic diagram of the original Gaussian sampling system according to the present invention;
fig. 3 is a circuit module connection diagram of the computer device of the present invention.
In the figure: 101. a generating module; 102. a signature module; 103 a verification module;
300. a bus; 301. a receiver; 302. a processor; 303. a transmitter; 304. a memory; 306. a bus interface.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The embodiment is described with reference to the flowchart of fig. 1, which illustrates the use of the original Xiang Gaosi sampling method in practical applications. In the demonstration scene, a signer S signs a message M, and a verifier V verifies the legality of the message M after receiving the signature, wherein the specific flow is as follows:
step 1: the signer S selects a signed Gaussian parameter S, and generates a signing key sk and a verification key vk by using a key generation algorithm; the method specifically comprises the following steps:
step 1.1: let signed Gaussian parameters
Figure BDA0004012792110000051
Wherein α represents a quality parameter, σ represents a gaussian parameter of trapdoor, and n is Fang Mi of 2; />
Step 1.2: selecting polynomials f, g constituting trapdoors 1 ,g 2 ,…,g k-1 E R, where
Figure BDA0004012792110000052
Figure BDA0004012792110000053
Representing a ring, ++>
Figure BDA0004012792110000054
b is a small integer, q represents the modulus, and these polynomials are defined at R q Reversible, R q Is the coefficient modulo q of the polynomial on the ring R, and each polynomial obeys a discrete gaussian distribution with parameter σ; selecting polynomials f and g 1 ,g 2 ,…,g k-1 Is carried out in the specific step oneIn the following, the selection polynomial f is taken as an example:
step 1.2.1: for i=1, …, K, the slave parameter is
Figure BDA0004012792110000061
Selecting a random vector f from a discrete gaussian distribution of (a) 1 ,…,f K Wherein->
Figure BDA0004012792110000062
Represents an integer;
step 1.2.2: for i=1, …, K, j=1, …, K and i+.j, f=f is calculated i +f j . If the maximum singular value s of f 1 (f) S is less than or equal to s, ending the process and returning to the f; if not, repeating the steps 1.1.1 and 1.1.2 until f returns.
Step 1.3: selecting a tool vector
Figure BDA0004012792110000063
Construction of trapdoor matrix r=diag (f, g) 1 ,g 2 ,…,g k-1 )∈R k×k Let check vector->
Figure BDA0004012792110000064
Wherein m=k;
step 1.4: let signing key sk=r, verification key vk=a.
Step 2: the signer S signs the selected message M by using the signing key sk; the method specifically comprises the following steps:
step 2.1: from the signed message space {0,1} * To select the message M to be signed, and to calculate mu=h (M, r), where h (·) is {0,1} * →R q R is a random bit string, which is a hash function for collision resistance;
step 2.2: sampling disturbance vector
Figure BDA0004012792110000065
Wherein->
Figure BDA0004012792110000066
Figure BDA0004012792110000067
The specific steps of the step 2.2 are as follows:
step 2.2.1: to be used for
Figure BDA0004012792110000068
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q 0 The method comprises the steps of carrying out a first treatment on the surface of the For o=1, …, k-1, in +.>
Figure BDA0004012792110000069
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q i
Step 2.2.2: let p= (q 0 ,q 1 ,…,q k-1 )∈R k
In particular, in step 2.2.1
Figure BDA00040127921100000610
Is Gaussian parameter, to
Figure BDA00040127921100000611
The specific process of obtaining y e R for the center point sample is as follows:
1) Let F (X) =s 2 -f 2 =f 0 +f 1 ·X+…+f n-1 ·X n-1 ,C(X)=c 0 +c 1 ·X+…+c n-1 ·X n-1
2) Let F 0 (X 2 )=f 0 +f 2 ·X 2 +…+f n-2 ·X n-2 Wherein f 0 ,f 2 ,…,f n-2 Representing even term coefficients in F (X); let C 0 (X 2 )=c 0 +c 2 ·X 2 +…+c n-2 ·X n-2 Wherein c 0 ,c 2 ,…,c n-2 Representing even term coefficients in C (X).
3) Let F 1 (X 2 )=f 1 +f 3 ·X 2 +…+f n-1 ·X n-2 Wherein f 1 ,f 3 ,…,f n-1 Representing odd term coefficients in F (X), i.e. F (X) =f 0 (X 2 )+X·F 1 (X 2 ). Let C 1 (X 2 )=c 1 +c 3 ·X 2 +…+c n-1 ·X n-2 Wherein c 1 ,c 3 ,…,c n-1 Representing odd term coefficients in C (X), i.e. C (X) =c 0 (X 2 )+X·C 1 (X 2 )。
4) To be used for
Figure BDA0004012792110000071
Is Gaussian parameter, with C 1 Taking the ring R as a center point, sampling to obtain y 1
5) To be used for
Figure BDA0004012792110000072
Is Gaussian parameter, in->
Figure BDA0004012792110000073
Taking the sample as a central point and sampling on R to obtain y 0
Since the tasks of step 4) and step 5) and the original task are all sampling on the ring R to get y 1 Y 0 The same is true for the two steps, but they are all half the original task, by continuing to scale down until a 1-dimensional sampling structure is obtained, so that the steps 4) and 5) can be repeated to invoke steps 1) through 5) until a 1-dimensional sampling is achieved.
6) Return y=y 0 (X 2 )+X·y 1 (X 2 )∈R。
Step 2.3: calculation target v= (μ -a) t ·p)·f -1 mod q and in the coset of g-lattice
Figure BDA0004012792110000074
Upper according to discrete Gaussian distribution->
Figure BDA0004012792110000075
And sampling to obtain a target vector z.
Step 2.4: let x=p+rz= (x 0 ,x 1 ,…,x k-1 );
Step 2.5: by the first component x in x 0 Discard, and output x' = (x) 1 ,…,x k-1 ) As a signature of the message M.
Step 3: the verifier V performs validity verification on the received signature message by using a verification key vk; the method comprises the following steps:
step 3.1: calculating x 0 =h(M,r)-a t X mod q, where signature x' = (x) 1 ,…,x k-1 );
Step 3.2: if II (x) 0 ,x 1 ,…,x k-1 )‖ 2 ≤s 2 M.n is true, if the verification passes, otherwise the verification fails.
The existing similar signature method cannot achieve both high parallelism and low storage space. The original Gaussian sampling algorithm provided by the invention can simultaneously improve the space efficiency and the time efficiency, and the reason is as follows:
(1) As can be seen from step 1.1 of the first embodiment, the magnitude of the Gaussian parameter s in the present invention is defined by f, g 1 ,…,g k-1 The maximum singular value of the matrix corresponding to the equal ring element is determined and is obviously smaller than Gaussian parameters in other existing methods of the same type, so that the safety can be improved;
(2) Smaller Gaussian parameters correspond to smaller modulus q, while the number of ring elements in the public key, private key, and signature are all
Figure BDA0004012792110000081
Determining, therefore, when b is determined, reducing the size of q can directly reduce the storage space and can reduce the computational scale;
(3) As can be seen from step 2.2 in example one, the disturbance vector samples q are sampled k times 0 ,…,q k-1 The two are completely independent, so that the two can be completely executed in parallel, and the operation efficiency is improved.
Example two
Referring to fig. 2, corresponding to the first embodiment, this embodiment correspondingly discloses a primitive gaussian sampling system, which includes:
the generation module 101, the generation module 101 is used for selecting the gaussian parameter s and adopting a key generation algorithm to generate a signature key sk and a verification key vk; the generating module 101 is specifically configured to perform the following steps:
step 1.1: let signed Gaussian parameters
Figure BDA0004012792110000082
Wherein α represents a quality parameter, σ represents a gaussian parameter of trapdoor, and n is Fang Mi of 2;
step 1.2: selecting polynomials f, g constituting trapdoors 1 ,g 2 ,…,g k-1 E R, where r=
Figure BDA0004012792110000091
Representing a ring, ++>
Figure BDA0004012792110000092
b is a small integer, q represents the modulus, and these polynomials are defined at R q Reversible, R q Is the coefficient modulo q of the polynomial on the ring R, and each polynomial obeys a discrete gaussian distribution with parameter σ;
step 1.3: selecting a tool vector
Figure BDA0004012792110000093
Construction of trapdoor matrix r=diag (f, g) 1 ,g 2 ,…,g k-1 )∈R k×k Let check vector->
Figure BDA0004012792110000094
Wherein m=k;
step 1.4: let signing key sk=r, verification key vk=a.
The signature module 102, the signature module 102 is used for signing the selected message M by utilizing the signature key sk;
the verification module 103, the verification module 103 is configured to perform validity verification on the received signature message by using the verification key vk.
The original gaussian sampling system of the present embodiment is used for executing and implementing the original gaussian sampling method of the first embodiment, so this embodiment will not be described in detail.
Example III
Referring to fig. 3, the present embodiment discloses a computer device comprising a memory 304, a processor 302 and a computer program stored on the memory and executable on the processor, wherein the processor 302 implements the steps of the method according to the first embodiment when executing the program.
Further, in FIG. 3, the present embodiment also includes a bus architecture (represented by bus 300), where bus 300 may include any number of interconnected buses and bridges, with bus 300 linking together various circuits, including one or more processors, represented by processor 302, and memory, represented by memory 304. Bus 300 may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., as are well known in the art and, therefore, will not be described further herein. Bus interface 306 provides an interface between bus 300 and receiver 301 and transmitter 303. The receiver 301 and the transmitter 303 may be the same element, i.e. a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 302 is responsible for managing the bus 300 and general processing, while the memory 304 may be used to store data used by the processor 302 in performing operations.
Example IV
The present embodiment provides a computer-readable storage medium having stored thereon a computer program for execution by a processor for performing the method of embodiment one.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (7)

1. The original Gaussian sampling method is characterized by comprising the following steps:
step 1: selecting a Gaussian parameter s, and generating a signature key sk and a verification key vk by using a key generation algorithm; the method specifically comprises the following steps:
step 1.1: let signed Gaussian parameters
Figure FDA0004012792100000011
Wherein α represents a quality parameter, σ represents a gaussian parameter of trapdoor, and n is Fang Mi of 2;
step 1.2: selecting polynomials f, g constituting trapdoors 1 ,g 2 ,…,g k-1 E R, where
Figure FDA0004012792100000012
Figure FDA0004012792100000013
Representing a ring, ++>
Figure FDA0004012792100000014
b is a small integer, q represents the modulus, and these polynomials are defined at R q Reversible, R q Is the coefficient modulo q of the polynomial on the ring R, and each polynomial obeys a discrete gaussian distribution with parameter σ;
step 1.3: selecting a tool vector
Figure FDA0004012792100000015
Construction of trapdoor matrix r=diag (f, g) 1 ,g 2 ,…,g k-1 )∈R k×k Let check vector->
Figure FDA0004012792100000016
Wherein m=k;
step 1.4: let signing key sk=r, verification key vk=a;
step 2: signing the selected message M with a signing key sk;
step 3: and carrying out validity verification on the received signature message by using the verification key vk.
2. The original gaussian sampling method according to claim 1, wherein said step 2: signing the selected message M with the signing key sk comprises the steps of:
step 2.1: from the signed message space {0,1} * To select the message M to be signed, and to calculate mu=h (M, r), where h (·) is {0,1} * →R q R is a random bit string, which is a hash function for collision resistance;
step 2.2: sampling disturbance vector
Figure FDA0004012792100000017
Wherein->
Figure FDA0004012792100000018
Figure FDA0004012792100000019
Step 2.3: calculation target v= (μ -a) t ·p)·f -1 Modq, and coset at g-lattice
Figure FDA0004012792100000021
Upper according to discrete Gaussian distribution->
Figure FDA0004012792100000022
And sampling to obtain a target vector z.
Step 2.4: let x=p+rz= (x 0 ,x 1 ,…,x k-1 );
Step (a)2.5: by the first component x in x 0 Discard, and output x' = (x) 1 ,…,x k-1 ) As a signature of the message M.
3. The original gaussian sampling method according to claim 2, wherein said step 2.2: sampling disturbance vector
Figure FDA0004012792100000023
Wherein->
Figure FDA0004012792100000024
The method specifically comprises the following steps:
step 2.2.1: to be used for
Figure FDA0004012792100000025
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q 0 The method comprises the steps of carrying out a first treatment on the surface of the For i=1, …, k-1, in +.>
Figure FDA0004012792100000026
Taking 0 as a center point as Gaussian parameter, sampling on a ring R to obtain q i ;/>
Step 2.2.2: let p= (q 0 ,q 1 ,…,q k-1 )∈R k
4. The original gaussian sampling method according to claim 1, wherein said step 3: the method for verifying the validity of the received signature message by using the verification key vk comprises the following steps:
step 3.1: calculating x 0 =h(M,r)-a t Xmodq, where signature x' = (x) 1 ,…,x k-1 );
Step 3.2: if II (x) 0 ,x 1 ,…,x k-1 )‖ 2 ≤s 2 M.n is true, if the verification passes, otherwise the verification fails.
5. An original gaussian sampling system, comprising:
the generation module is used for selecting the Gaussian parameter s and generating a signature key sk and a verification key vk by adopting a key generation algorithm;
the signature module is used for signing the selected message M by utilizing the signature key sk;
and the verification module is used for verifying the validity of the received signature message by using the verification key vk.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method according to any of claims 1-4 when the program is executed by the processor.
7. A computer readable storage medium, having stored thereon a computer program for execution by a processor for implementing the method of any of claims 1-4.
CN202211658716.1A 2022-12-22 2022-12-22 Original image Gaussian sampling method, system, electronic equipment and storage medium Pending CN116232563A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211658716.1A CN116232563A (en) 2022-12-22 2022-12-22 Original image Gaussian sampling method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211658716.1A CN116232563A (en) 2022-12-22 2022-12-22 Original image Gaussian sampling method, system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116232563A true CN116232563A (en) 2023-06-06

Family

ID=86590104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211658716.1A Pending CN116232563A (en) 2022-12-22 2022-12-22 Original image Gaussian sampling method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116232563A (en)

Similar Documents

Publication Publication Date Title
CN111885079B (en) Multi-party combined data processing method and device for protecting data privacy
US9948462B2 (en) Hypersphere-based multivariable public key signature/verification system and method
WO2013031414A1 (en) Signature verification device, signature verification method, program, and recording medium
CN112446052B (en) Aggregated signature method and system suitable for secret-related information system
CN105515778B (en) Cloud storage data integrity services signatures method
CN115529141A (en) Traceable ring signature generation method and system for logarithmic signature size
JP2022095852A (en) Digital signature method, signature information verification method, related device, and electronic device
Tian et al. DIVRS: Data integrity verification based on ring signature in cloud storage
CN111740821B (en) Method and device for establishing shared secret key
CN117527223A (en) Distributed decryption method and system for quantum-password-resistant grid
CN110247761B (en) Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner
CN112800482A (en) Identity-based online/offline security cloud storage auditing method
CN116743395A (en) Grid password-based threshold ring signature method
JP5427117B2 (en) Message authenticator generation device, message authenticator verification device, message authenticator generation method, message authenticator verification method, and program
CN107947944B (en) Incremental signature method based on lattice
CN116232563A (en) Original image Gaussian sampling method, system, electronic equipment and storage medium
CN115865302A (en) Multi-party matrix multiplication method with privacy protection attribute
CN112491560A (en) SM2 digital signature method and medium supporting batch verification
CN111711524A (en) Certificate-based lightweight outsourcing data auditing method
CN112217629A (en) Cloud storage public auditing method
CN116232596A (en) Digital signature method, system, computer device and storage medium for improving efficiency
JP5227816B2 (en) Anonymous signature generation device, anonymous signature verification device, anonymous signature tracking determination device, anonymous signature system with tracking function, method and program thereof
Zhang et al. An image encryption algorithm based on an epidemic spreading model
Farooq et al. QuantIoT Novel Quantum Resistant Cryptographic Algorithm for Securing IoT Devices: Challenges and Solution
CN112822026B (en) Digital signature method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination