Page 298 - 《软件学报》2025年第5期

P. 298

2198 软件学报 2025 年第 36 卷第 5 期

表 3 基于乘法密钥拆分的多随机数框架的实例化

Alice Bob −1
k = w 4 +w 1 w 5 +w 2 w 6 +w 3 w 7 s = (1+d) (k +r)−r 序号

w 1 w 2 w 3 w 4 w 5 w 6 w 7

k 3 k 2 +k 1 k 3 d 1 d 2 k 2 +d 1 d 2 k 1 k 3 +(d 1 d 2 −1)r 3.1
2
d 2 k 3 k 2 +d 2 k 1 k 3 d 1 d 2 k 2 +d 1 d k 1 k 3 +(d 1 d 2 −1)r 3.2
2
−1 −1 3.3
d k 3 k 2 +d k 1 k 3 d 1 d 2 k 2 +d 1 k 1 k 3 +(d 1 d 2 −1)r
2 2
2
2
1+d 2 k 3 k 2 +k 1 +d 2 k 1 k 3 d 1 d 2 k 2 +d 1 d 2 k 1 +d 1 d k 1 k 3 +(d 1 d 2 −1)r 3.4
Null Null
k 2
k 1 NullNull −1 −1 d 1 d 2 k 2 +d 1 d 2 k 1 +d 1 k 1 k 3 +(d 1 d 2 −1)r 3.5
1+d k 3 k 2 +k 1 +d k 1 k 3
2 2
2
d 2 +k 3 k 2 +d 2 k 1 +k 1 k 3 d 1 d 2 k 2 +d 1 d k 1 +d 1 d 2 k 1 k 3 +(d 1 d 2 −1)r 3.6
2

d −1 +k 3 −1 d 1 d 2 k 2 +d 1 k 1 +d 1 d 2 k 1 k 3 +(d 1 d 2 −1)r 3.7
2
2 k 2 +d k 1 +k 1 k 3
k 2 k 3 k 2 (1+k 1 k 3 ) d 1 d 2 k 2 (1+k 1 k 3 )+(d 1 d 2 −1)r 3.8
Null Null 3.9
k 2 k 3 k 3 k 3 (k 1 +k 2 ) d 1 d 2 k 3 (k 1 +k 2 )+(d 1 d 2 −1)r
−2 −2 −1 −1
−2
−2
d k 1 k 2 k 3 k 4 k 5 d k 6 k 7 d k 1 k 5 +d k 2 k 6 +k 3 k 7 +k 4 d d 2 k 1 k 5 +d 1 d k 2 k 6 +d 1 d 2 k 4 +d 1 d 2 k 3 k 7 +(d 1 d 2 −1)r 3.10

1 2 1 2 1 2
−1 −2 −1
−1 −2 d 2 k 1 k 5 +d 1 d k 2 k 6 +d 1 d 2 k 4 +d 1 d 2 k 3 k 7 +(d 1 d 2 −1)r 3.11
d k 1 k 2 k 3 k 4 k 5 d k 6 k 7 d k 1 k 5 +d k 2 k 6 +k 3 k 7 +k 4 2

1
2
1 2

表 4 基于签名私钥的多随机数框架签名随机数构造

Alice Bob
′
′
′
′
′
′
k = d 1 w +w w +w w +w w ′ 序号
3 7
4
1 5
2 6
w ′ w ′ w ′ w ′ w ′ w ′ w ′
1 2 3 4 5 6 7
(1+d)d 2 k 3 (1+d)d 1 d 2 (k 2 +k 1 k 3 ) 3.1.d
2 (1+d)d 1 d 2 (k 2 +d 2 k 1 k 3 ) 3.2.d
(1+d)d k 3
2
( −1 )
(1+d)k 3 (1+d)d 1 d 2 k 2 +d k 1 k 3 3.3.d
2
( )
2 (1+d)d 1 d 2 (k 2 +k 1 +d 2 k 1 k 3 ) 3.4.d
(1+d) d 2 +d k 3
2
(1+d)d 2 k 2 Null Null
d 1 k 1 Null Null (1+d)(d 2 +k 3 ) ( −1 ) 3.5.d
(1+d)d 1 d 2 k 2 +k 1 +d k 1 k 3
2
( )
2 (1+d)d 1 d 2 (k 2 +d 2 k 1 +k 1 k 3 ) 3.6.d
(1+d) d +d 2 k 3
2
( −1 )
(1+d)(1+d 2 k 3 ) (1+d)d 1 d 2 k 2 +d k 1 +k 1 k 3 3.7.d
2
(1+d)d 2 k 2 k 3 (1+d)d 1 d 2 k 2 (1+k 1 k 3 ) 3.8.d
(1+d)d 2 k 2 k 3 (1+d)d 2 k 3 Null Null (1+d)d 1 d 2 k 3 (k 1 +k 2 ) 3.9.d
−2
−2
−1
−1 d 1 k 2 d 1 k 3 (1+d)d 2 k 4 (1+d)d 2 k 5 (1+d)d k 6 (1+d)d 2 k 7 (1+d)d 1 d 2 (d k 1 k 5 +d k 2 k 6 +k 3 k 7 +k 4 ) 3.10.d
d k 1 2 1 2
1
−1
−1
−2

d 1 k 1 d 1 k 2 d 1 k 3 (1+d)d 2 k 4 (1+d)d 2 k 5 (1+d)d k 6 (1+d)d 2 k 7 (1+d)d 1 d 2 (d k 1 k 5 +d k 2 k 6 +k 3 k 7 +k 4 ) 3.11.d

2
1
2

(2) 签名第 2 部分 s 的中间值 s 1 = d 2 r +w γ+1 mod q s 2 = d 2 w γ+2 mod q,..., s γ+1 = d 2 w 2γ+1 mod q .
(
)
,
其中, r 是公开的信息且不包含任何 Bob 的私密信息, s 1 ,..., s γ+1 包含 Bob 的私密信息 d 2 w γ+1 ,..., w 2γ+1 . Alice 试
,
图求解下述方程组:


 s 1 −rd 2 −w γ+1 d 2 = 0




 s 2 −d 2 w γ+2 = 0 ,


 .
 .

 .
[ ]
该方程组包含 γ +1 个方程、 γ +2 个未知数. Alice 令 d 2 在 1,q−1 区间上遍历取值, 并计算与之对应的 w j ( j ∈ [γ +1,

293 294 295 296 297 298 299 300 301 302 303