Enhancing Efficiency in Trustless Cryptography: An Optimized SM9-Based Distributed Key Generation Scheme
Abstract
:1. Introduction
2. Preliminaries
2.1. Shamir Threshold Secret Sharing Scheme
- Distribution Stage
- 2.
- Recovery Stage
2.2. Paillier Homomorphic Encryption Algorithm
- Key Generation
- (a)
- Begin by selecting two large prime numbers and of identical length, ensuring that 1, where represents the Greatest Common Divisor.
- (b)
- Calculate and , where represents the Least Common Multiple.
- (c)
- Set , and define the function . Compute , where represents the modulus operation.
- (d)
- The public key is given by , and the private key by .
- Encryption
- (a)
- For a message within the range , select a random number from where .
- (b)
- Compute the ciphertext as .
- Decryption
- (a)
- Given ciphertext , confirm .
- (b)
- Derive the message as .
- Addition homomorphism
- 2.
- Scalar multiplication homomorphism
2.3. Paillier-Based Share Conversion Protocol
- Initial encryption and share transmission
- 2.
- Bob’s calculation and transmission
- 3.
- Alice’s decryption and share derivation
2.4. SM9 Digital Signature Algorithm: An Overview
- System setup
- (a)
- Initialization is performed by inputting safety parameters , two additive cyclic groups of prime order , and one multiplicative cyclic group also of prime order , ensuring these groups satisfy a bilinear mapping . The groups are defined by their generators , respectively.
- (b)
- Define two hash functions .
- (c)
- The KGC selects a master private key , computes the master public key , and selects a signature private key generation function identifier .
- (d)
- KGC broadcasts the public system and securely stores .
- User signature private key extraction
- (a)
- KGC computes . If , KGC retries with a different . Otherwise, it proceeds by calculating .
- (b)
- The signature private key is then computed and sent to the user identified by .
- Digital signature creation
- (a)
- The signer computes .
- (b)
- A random positive integer is selected to compute .
- (c)
- The hash .
- (d)
- The signer computes . If , is reselected; otherwise, the signature is formed, with constituting the digital signature of .
- Verification
- (a)
- The verifier, equipped with system parameters, user identification , message , and digital signature , first checks if and is a point in .
- (b)
- Calculations are performed to validate the signature: compute , , , and , then .
- (c)
- If , the signature is verified successfully; otherwise, the verification fails.
3. SM9-Based Lightweight Distributed Key Generation Scheme
3.1. System Model
- Key generation center (KGC)
- 2.
- Combine center
- 3.
- User
3.2. Scheme Definition
- Distributed setup ()
- : The private key slice for ,
- : The public key fragment for ,
- : The Paillier key pair for .
- 2.
- Distributed private key extraction ()
- 3.
- Combine private key
3.3. Security Definition and Security Models
- The combined private key , derived from using the Combine operation, is valid for the identity ID.
- The private key for ID was not previously queried in Phase 1.
3.4. Scheme Description
- Distributed setup
- (a)
- uses the recommended values in the SM9 state secret standard for system parameter generation.
- (b)
- generates the respective Paillier public-private key pairs , then broadcasts .
- (c)
- selects a random polynomial of degree t − 1, , where is the secret share chosen by . It broadcasts .
- (d)
- calculates , where is the secure hash value of ’s identity. It secretly sends the calculation result to .
- (e)
- After receiving from , verifies that . If the verification passes, it indicates that has not cheated and moves to the next step.
- (f)
- All can calculate the master public key .
- Distributed private key extract
- (a)
- calculates the main private key shard, a t-threshold private key share .
- (b)
- calculates the hash value of user identity .
- (c)
- randomly chooses and invokes the Paillier share conversion protocol to calculate:
- (d)
- , where the denominator part of the user signature private key
- (e)
- Lagrange coefficient .
- (f)
- is the additive share of ,
- (g)
- broadcasts and computes
- (h)
- sends to Combine Center.
- Combine private key
- (a)
- Combine Center computes user private key .
3.5. Paillier Homomorphic Share Transformation Protocol Optimization
- Alice computes , then sends to Bob ( denote the sum of two random numbers and does not reveal the specific value of the random number).
- Bob computes , . Bob computes the additive share secret as and sends to Alice.
- Alice decrypts and computes Alice’s secret share .
3.6. Scheme Correctness
3.7. Security Analysis
- Setupand A co-run the distributed setup algorithm
- (a)
- and obtain the generators of the cyclic group of the system parameters and Paillier key pair , respectively.
- (b)
- adaptively randomly chooses as , , sends to corresponding KGCs and broadcast commits , which .
- (c)
- simulates KGC, computes as master public key share, then randomly chooses and sends to .
- (d)
- simulates coefficients commits,
The matrix in the above equation is a Vandermonde matrix. Obviously the determinant is not equal to 0, and the elliptic curve points are capable of addition, subtraction and number multiplication operations, so that can be found by the above equation, S broadcasts to open Feldman Commit.- (e)
- adversary can compute .
- query
- (a)
- maintains a list of tuples ( as explained below. When makes query on that are adaptively chosen by itself, responds as follows:
- (b)
- If is on the list of tuples (, S responds with . Otherwise, if the query is on the I-th distinct , then stores (.
- (c)
- Otherwise, selects a random integer from the τ-BCAA1 instance and the instance has been not been chosen by S, then S stores tuple ( and responds with .
- Distributed private key extract query
- (a)
- A runs Distributed Private Key Extract algorithms and Combine Private Key algorithms with selects a random integer as t threshold-private key share.
- (b)
- A makes private key extract queries on identities that are adaptively chosen, S responds as follows:
- (c)
- If , then S aborts the game. Otherwise, if , then there is a tuple , S responds with where .
- Forgery
4. Performance Evaluation
4.1. Theoretical Analysis
4.2. Experimental Analysis
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Lynn, T.; Rosati, P.; Endo, P.T. Toward the intelligent internet of everything: Observations on multidisciplinary challenges in intelligent systems research. Technol. Sci. Cult. 2018, 116, 52–64. [Google Scholar] [CrossRef]
- Hahn, D.; Munir, A.; Behzadan, V. Security and privacy issues in intelligent transportation systems: Classification and challenges. IEEE Intell. Transp. Syst. Mag. 2019, 13, 181–196. [Google Scholar] [CrossRef]
- Alabdulatif, A.; Thilakarathne, N.N. A novel cloud-enabled cyber threat hunting platform for evaluating the cyber risks associated with smart health ecosystems. Appl. Sci. 2024, 14, 9567. [Google Scholar] [CrossRef]
- Chowdhury, R.H. Intelligent systems for healthcare diagnostics and treatment. World J. Adv. Res. Rev. 2024, 23, 007–015. [Google Scholar] [CrossRef]
- Huda, N.U.; Ahmed, I.; Adnan, M.; Ali, M.; Naeem, F. Experts and intelligent systems for smart homes’ transformation to sustainable smart cities: A comprehensive review. Expert Syst. Appl. 2024, 238, 122380. [Google Scholar] [CrossRef]
- Egerson, J.I.; Williams, M.; Aribigbola, A.; Okafor, M.; Olaleye, A. Cybersecurity strategies for protecting big data in business intelligence systems: Implication for operational efficiency and profitability. World J. Adv. Res. Rev. 2024, 23, 916–924. [Google Scholar] [CrossRef]
- Ogborigbo, J.C.; Sobowale, O.S.; Amienwalen, E.I.; Owoade, Y.; Samson, A.T.; Egerson, J. Strategic integration of cybersecurity in business intelligence systems for data protection and competitive advantage. World J. Adv. Res. Rev. 2024, 23, 081–096. [Google Scholar] [CrossRef]
- Pedersen, T.P. A Threshold Cryptosystem without a Trusted Party. In Advances in Cryptology—EUROCRYPT ’91; Davies, D.W., Ed.; Springer: Berlin/Heidelberg, Germany, 1991; pp. 522–526. [Google Scholar] [CrossRef]
- Gennaro, R.; Jarecki, S.; Krawczyk, H.; Rabin, T. Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. J. Cryptol. 2007, 20, 51–83. [Google Scholar] [CrossRef]
- Gennaro, R.; Jarecki, S.; Krawczyk, H.; Rabin, T. Secure Applications of Pedersen’s Distributed Key Generation Protocol. In Topics in Cryptology—CT-RSA 2003; Joye, M., Ed.; Springer: Berlin/Heidelberg, Germany, 2003; pp. 373–390. [Google Scholar] [CrossRef]
- Schnorr, C.P. Efficient Identification and Signatures for Smart Cards. In Proceedings of the CRYPTO’89, Santa Barbara, CA, USA; 1989; pp. 239–252. [Google Scholar] [CrossRef]
- Kate, A.; Goldberg, I. Distributed Key Generation for the Internet. In Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems, Montreal, QC, Canada, 22–26 June 2009; pp. 119–128. [Google Scholar] [CrossRef]
- Fouque, P.-A.; Stern, J. One Round Threshold Discrete-Log Key Generation without Private Channels. In Public Key Cryptography; Kim, K., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; pp. 300–316. [Google Scholar] [CrossRef]
- Zhang, R.; Imai, H. Round Optimal Distributed Key Generation of Threshold Cryptosystem Based on Discrete Logarithm Problem. In Applied Cryptography and Network Security; Zhou, J., Yung, M., Han, Y., Eds.; Springer: Berlin/Heidelberg, Germany, 2003; pp. 96–110. [Google Scholar] [CrossRef]
- Canny, J.; Sorkin, S. Practical Large-Scale Distributed Key Generation. In Advances in Cryptology—EUROCRYPT 2004; Cachin, C., Camenisch, J.L., Eds.; Springer: Berlin/Heidelberg, Germany, 2004; pp. 138–152. [Google Scholar] [CrossRef]
- Zhang, F.-T.; Wang, Y.-M. Distributed Key Generation Based on Generalized Verifiable Secret Sharing. Acta Electron. Sin. 2003, 31, 580–584. Available online: https://www.ejournal.org.cn/CN/Y2003/V31/I4/580 (accessed on 5 December 2024).
- Zhang, F.-T. Distributed Key Generation Based on Vector Space Access Structures. Acta Electron. Sin. 2005, 33, 816–819. Available online: https://www.ejournal.org.cn/CN/Y2005/V33/I5/816 (accessed on 5 December 2024).
- Zha, J.; Su, J.; Yan, J.H. Adaptive Distributed Key Generation Scheme. Comput. Eng. 2010, 36, 161–162+170. [Google Scholar]
- Zhang, J.; Zhang, F. Secure Distributed Key Generation on Vector Space Access Structures in Bilinear Groups. In Proceedings of the 2013 5th International Conference on Intelligent Networking and Collaborative Systems, Xi’an, China, 9–11 September 2013; pp. 803–808. [Google Scholar] [CrossRef]
- Wang, H.; Li, J.; Cui, Q. Military Equipment’s Distributed Key-generating Algorithm for Identity-based Cryptography. Comput. Sci. 2016, 43, 355–357. Available online: https://www.jsjkx.com/EN/Y2016/V43/IZ11/355 (accessed on 8 December 2024).
- Lindell, Y.; Nof, A. Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1837–1854. [Google Scholar] [CrossRef]
- Gennaro, R.; Goldfeder, S. Fast Multiparty Threshold ECDSA with Fast Trustless Setup. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1179–1194. [Google Scholar] [CrossRef]
- Shamir, A. Identity-Based Cryptosystems and Signature Schemes. In Advances in Cryptology; Blakley, G.R., Chaum, D., Eds.; Springer: Berlin/Heidelberg, Germany, 1985; pp. 47–53. [Google Scholar] [CrossRef]
- Wang, Y. Application Research Based on SM9 Digital Signature Algorithm. Master’s Thesis, Beijing Jiaotong University, Beijing, China, 2021. [Google Scholar] [CrossRef]
- Zhang, R.; Zou, H.; Zhang, C.; Xiao, Y.; Tao, Y. Distributed Key Generation for SM9-Based Systems. In Proceedings of the Information Security and Cryptology—Proceedings of the16th International Conference, Inscrypt 2020, Guangzhou, China, 11–14 December 2020; Springer Nature Switzerland AG: Cham, Switzerland, 2021; pp. 113–129. [Google Scholar] [CrossRef]
- Identity-Based Cryptographic Algorithms SM9. 2016. Available online: http://www.sca.gov.cn/sca/xxgk/2016-03/28/content_1002407.shtml (accessed on 5 December 2024).
- Wang, Z. Research on the Fast Implementation Method of National Secret SM9 Software. Master’s Thesis, Beijing University of Posts and Telecommunications, Beijing, China, 2023. [Google Scholar] [CrossRef]
- Ma, T. Research on SM9 Threshold Cipher Algorithm. Master’s Thesis, Nanjing Normal University, Nanjing, China, 2020. [Google Scholar] [CrossRef]
- Tu, B.B.; Wang, X.F.; Zhang, L.T. Two Distributed Applications of SM2 and SM9. J. Cryptologic Res. 2020, 7, 826–838. [Google Scholar] [CrossRef]
- Yu, Y.Y.; Li, Z.H.; Tu, F. Distributed Identification Cryptographic Management Based on Blockchain. Appl. Electron. Tech. 2023, 49, 98–102. [Google Scholar] [CrossRef]
Scheme | Number of Parties | (t,n) Threshold | Relationship Between t and n | System Cost |
---|---|---|---|---|
Ma [28] | Multi-party | √ | n ≥ 2t−1 | Moderate |
Zhang et al. [25] | Multi-party | √ | n ≥ 2t−1 | Moderate |
Tu et al. [29] | Multi-party | √ | n ≥ t | High |
Yu et al. [30] | Two-party | × | n = t = 2 | Low |
Scheme | Storage Space (bits) | Computational Time | Communication Rounds |
---|---|---|---|
Original scheme | |||
Improvement scheme |
Scheme Number of KGCs | Original Scheme | Improvement Scheme |
---|---|---|
5 | 82 ms | 44 ms |
10 | 365 ms | 207 ms |
15 | 768 ms | 390 ms |
20 | 1358 ms | 721 ms |
25 | 1909 ms | 1087 ms |
30 | 2781 ms | 1536 ms |
35 | 3767 ms | 1957 ms |
40 | 4842 ms | 2437 ms |
45 | 6009 ms | 3086 ms |
50 | 7212 ms | 3850 ms |
100 | 28,970 ms | 14,441 ms |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chen, J.; Zhou, X.; Fu, W.; Mao, Y. Enhancing Efficiency in Trustless Cryptography: An Optimized SM9-Based Distributed Key Generation Scheme. Sensors 2024, 24, 7874. https://doi.org/10.3390/s24247874
Chen J, Zhou X, Fu W, Mao Y. Enhancing Efficiency in Trustless Cryptography: An Optimized SM9-Based Distributed Key Generation Scheme. Sensors. 2024; 24(24):7874. https://doi.org/10.3390/s24247874
Chicago/Turabian StyleChen, Jinhong, Xueguang Zhou, Wei Fu, and Yihuan Mao. 2024. "Enhancing Efficiency in Trustless Cryptography: An Optimized SM9-Based Distributed Key Generation Scheme" Sensors 24, no. 24: 7874. https://doi.org/10.3390/s24247874
APA StyleChen, J., Zhou, X., Fu, W., & Mao, Y. (2024). Enhancing Efficiency in Trustless Cryptography: An Optimized SM9-Based Distributed Key Generation Scheme. Sensors, 24(24), 7874. https://doi.org/10.3390/s24247874