The Research Of Threshold SM2 Signature Scheme

Public-key cryptography effectively solves the two problems of key distribution and identity authentication,and thus corresponds to two basic cryptographic protocols: key exchange and digital signature.Digital signature can identify identity,determine the authenticity of document,and the prevention of forgery,denial,and tampering of network transmission message,which have the same legal effect as handwritten signature.With the continuous development of the Internet,multi-stage key management and identity authentication have become the research focus of the information society.The existing signature scheme cannot be deployed on distributed devices,and the security of private key and the diversification of access structure also promote the research and development of threshold signature.Threshold signature is a special signature scheme,in which private key are shared among n parties,and a legal signature can be constructed for any subset containing t parties,but less than t parties then no information can be obtained.The threshold signature can effectively protect the private key and has a flexible access structure.Considering the progress of the threshold ECDSA signature and threshold Schnorr signature,the threshold form of SM2 signature,which is the digital signature standard in China,is still limited to two-party or security assumption based on an honest majority,there is no efficient solution.To make SM2 signature suitable for flexible practical scenario,and promote the application of SM2 signature in blockchain and privacy computing.Based on additive homomorphic encryption and zero-knowledge proof,this paper designs a non-interactive threshold SM2 signature scheme.The scheme’s non-interactive nature is reflected in that only one round of communication is required to obtain the signature after the message input.At the same time,the pre-signing step only needs 2 rounds of communication.In addition,it is security with identity abort under the malicious majority adversary model,that is,if the signature process fails,the party that caused the failure can be found.Compatible with the plain SM2 signature,allowing arbitrary threshold t ≤ n,and adding a key refresh strategy.Performance analysis shows the amount of computation and communication in the pre-signing step of the scheme increases linearly with the number of participants,which is theoretically 1/3 of the computation amount of the same threshold ECDSA signature.