In recent decades, log system management has been widely studied for data security management. System abnormalities or illegal operations can be found in time by analyzing the log and provide evidence for intrusions. In order to ensure the integrity of the log in the current system, many researchers have designed it based on blockchain. However, the emerging blockchain is facing significant security challenges with the increment of quantum computers. An attacker equipped with a quantum computer can extract the user's private key from the public key to generate a forged signature, destroy the structure of the blockchain, and threaten the security of the log system. Thus, blind signature on the lattice in post-quantum blockchain brings new security features for log systems. In our paper, to address these, firstly, we propose a novel log system based on post-quantum blockchain that can resist quantum computing attacks. Secondly, we utilize a post-quantum blind signature on the lattice to ensure both security and blindness of log system, which makes the privacy of log information to a large extent. Lastly, we enhance the security level of lattice-based blind signature under the random oracle model, and the signature size grows slowly compared with others. We also implement our protocol and conduct an extensive analysis to prove the ideas. The results show that our scheme signature size edges up subtly compared with others with the improvement of security level.

Log system is a significant implement for a complete information system, which provides log collection, log storage, log query, etc. However, confronting illegal online access and malicious tampering, the log system lacks in log validation and user consensus. As a result, data privacy and integrity have been facing a tremendous threat [

In recent years, blockchain technology has set off a subversive revolution and significantly changed current transaction networks [

As the modern network information society tending to globalization, log systems based on the blockchain can withstand the attack of adversaries equipping traditional computers, but the emergence of quantum computing has threatened the security of log systems again. The importance of security is profound in terms of a more robust demand for privacy protection and identity authentication. In this way, research on blockchain security should consider traditional cryptography and other potential threats, such as quantum attacks [

Many researchers have focused on anti-quantum methodologies [

Further, an effective signature protocol utilizes to identify the facticity of node content [

Blind signature based on lattice designed by Rückert [

In summary, our proposed scheme also has the features above. The significant contributions of this article are as follows:

In the current blockchain-based log system, the signer can view the log information he signed during the signing process, which poses a great threat to the security and privacy of log information. Fortunately, blind signature can effectively solve this problem. Moreover, with the development of quantum computers, malicious attackers can launch quantum computing attacks on log system, which makes the traditional cryptographic-based signature lose its protection for log information. Based on the above reasons, we have proposed a novel post-quantum blind signature scheme for log system in blockchain.

Firstly, in response to the problem of excessive power in the central organization of the log system, we have used blockchain technology, which can eliminate the centralized system to ensure the immutability of log information. Secondly, since the log system faces quantum computing attacks, we use lattice-based cryptography to resist quantum computing attacks from malicious attackers. Further, for the issue that signers can threaten the privacy of log information, we proposed a novel lattice-based blind signature scheme enhanced the security level to complete the signature operation in this system, which blindness protects the privacy of log information, and one-more unforgeability keeps the validity of the blind signature.

We analyze the security in theory and implement a complete security proof, which reduces the difficulty of malicious attackers to forge signatures to the SIS problem. Moreover, we evaluate the comprehensive performance and prove that our scheme has a smaller signature length compared with similar schemes.

People could collect various information by utilizing log systems, attracting more and more individuals to adopt log systems in various circumstances. In order to figure out the shortage which traditional log systems cannot avert the log from being tampered with, many researchers have applied blockchain to log systems. In 2019, Huang not only proposed a blockchain-based framework for log storage, but also utilized Inter Planetary File System (IPFS) to store log files which decreased the expenditure of storing enormous files in the blockchain [

Moreover, Proof of Work (PoW) in blockchain depends on a search problem. Unfortunately, the Grover algorithm is a robust quantum search algorithm that provides square root acceleration for many search problems. By this, the privacy of individuals’ information in the log system will be seriously exposed, and the security of the log system will no longer exist.

Thus, log security in blockchain cannot be guaranteed. In our paper, a post-quantum blockchain is applied to the log system so as to solve this urgent problem.

As interpreted in Section 2.1, our paper emphasizes the vulnerability of log to quantum attacks in systems equipping with blockchain. Therefore, we adopt post-quantum cryptography so as to make sure the security of blockchain in quantum circumstances [

Post-Quantum Blockchain (PQB) includes conventional blockchain and quantum cryptography, which combines the features of blockchain and resisting quantum adversary. In this paper, we apply PQB in order to not only maintain decentralization but also withstand quantum computing attacks.

In this paper, we use ℝ for real numbers, and ℤ for integers. For any positive integer _{1}, …, _{m}] ∈ ℤ^{n×m}. Use _{i∈[m]}||_{i}||, where || ⋅ || represents the Euclidean norm. The expression b ← B means that b is randomly and uniformly derive from the set

Blind Signature (BS) protocol includes four concrete algorithms (

_{b} and the signer receives it. Then, signer generates a corresponding signature

For the _{b},

Concerning security, blind signature consists of two main proportions, which is blindness and one-more unforgeability [_{b} and _{1−b} with a reliable user _{b} as the output _{b}), and _{1−b} as the corresponding _{1−b}). According to these, even if one of them is wrong, the scheme will be halted. Then, the advantage of

For the other part, one-more unforgeability characteristic guarantees an adversary user _{b} and _{1−b} with _{0}, _{1}. Therefore, the advantage of

Our blind signature protocol is accurately blind if

Gaussian distribution with lattices has been a standard model in mathematics, which use it to randomly select sections in

Definition 6 (Gaussian function): Λ ∈ ℝ^{m} is an ^{m} and a positive number _{σ,c}(

Definition 7 (Discrete Gaussian distribution): Let _{σ,c}(ℤ^{m}) as a means of the discrete integral of _{σ,c} over ℤ^{m}, then the discrete Gaussian distribution in ℤ^{m} can be defined as:

Lemma 1 [^{m},

Lemma 2 [^{m},

There is an aborting methodology used in lattice-based cryptography for rejection samples. In this protocol, one could prevent the interactive protocol if his/her secret key leaked. As for almost all

Lemma 3 [^{m},

In this paper, we propose a log storage system on the post-quantum blockchain, including a lattice-based blind signature scheme to resist quantum computing attacks and ensure signers’ log information privacy. The architecture of our system shows in

To begin with, a log owner packages her log information which she will upload. The log information is integrated into blocks in a period and stored in our post-quantum blockchain. The current owner uses her secret key to sign a signature to the transaction and to the next owner, which appends to the end of the currency. In order to ensure that the content of the transaction is kept secret from the current owner, we use a blind signature in our system.

Then, the current owner broadcasts his/her transaction to the entire network, where every network node collects several unverified transactions into blocks and completes the qualification of creating a new block for these transactions through PoW. When a node accomplished PoW, it will generate a new block as well as data fingerprint including log information, public key, signature, and data fingerprint of the previous transaction so as to verify the validity of its information and link to the next block.

After that, this node broadcasts the block to the whole network, and the rest of the network checks whether the transactions contained in the block are valid. As the block containing log information passes all authentication, it is formally added to the post-quantum blockchain automatically. Consequently, log system utilized lattice-based blind signature has more robust security resisting quantum attackers and privacy protection capability for log information.

In this sector, we introduce our blind signature based on lattice protocol, which is under the average case SIS problem including four

_{k} ← { − ^{m×k}for the secret key. Considering the security as well as efficiency, we choose a as small as possible. The calculation method of the public key is (_{k}. Therefore, the reliability of

Sign −

In this sector, we prove our protocol for correctness, blindness, one-more unforgeability under random oracle. For each, we propose some theorems which prove theoretically. It is unquestionable that the correctness in our proposed protocol. First, when received a blind signature

Theorem 2: After at most ^{2} repetitions, the blind signature process is effective.

Proof of Theorem 2: To begin with, we prove the current correctness of

Therefore,

Blindness is one of the most significant characters that the signer only knows independent of signed message views. Thus, attackers cannot discern the views produced by different kinds of information.

Theorem 3: Our BS scheme is statistically blind since the signer only understands values that are independent of the signed message.

Proof of Theorem 3: Adversaries with advantage _{b}),_{1−b}) to attack our scheme. In order to prove blindness to malicious

To begin with, as a challenge _{b}) and _{1−b}). As we calculate _{b} and ε_{1−b} depending on the same distribution

Furthermore, according to the signature _{b} and _{1−b} is the signature of _{b}) responding _{1−b}) as

One-more unforgeability represents adversary _{q,n,m,β} problem for _{2}.

Theorem 4: With probability_{q,n,m,β} problem for _{2} where

Proof of Theorem 4: It is abided by the fact that our signature output is self-governed of the signing key. Further, the simulator will generate a solution to the SIS problem when a malicious forger fights with one-more unforgeability.

Lemma 4: Assume that

Proof of Lemma 4: In the first part, we design Algorithm 3 as follows, which is as same as a real blind signature algorithm except for output ε.

We note ^{k}, and ^{k} = {^{k}:‖_{1} ≤ ^{−n+1}of probability,

Therefore, if Algorithm 3 is accessed ^{−n+1}^{−n+1}

After that, we calculate that the outputs of Algorithm 2 and Algorithm 3 is similar at most

Lemma 5: There is an opponent ^{m} such that ||_{2} and

Proof of Lemma 5: We set randomly _{1}, ε_{2}, …, ε_{l} ← ^{k} and select the appropriate value. It starts a functional element program A taking as input (_{1}, ε_{2}, …, ε_{l}). After that,

The functional element program A sends the (_{i} in a set (ε_{1}, ε_{2}, …, ε_{l}) that has not been used. _{1}, ε_{1}), (_{2}, ε_{2}), …, (_{s+1}, ε_{s+1}) for different messages with probability

All the output of A maintains _{1}, ε_{2}, …, ε_{l}) with probability_{i} with probability_{i} was an action by _{i},

There is an overwhelming probability _{i} since if it not the case. Consequently, we have

Furthermore, we assume that ε_{j} is an action computing by an adversary to a random oracle _{j}), and then produce disparate

Thus, we get the subroutine's blind signature

Lemma 6 [^{−100}.

For any adversary, secret S or _{3} +

In a nutshell, there is a non-zero solution to figure the _{q,n,m,β} problem with probability

The methodology of selecting parameters is the same as in [

Parameter | Definition | Sample |
---|---|---|

512 | ||

2^{27} |
||

80 | ||

_{1} |
||

_{1} |
||

_{2} |
||

_{2} |
||

_{3} |
||

_{3} |
||

Public key size | ||

Secret key size | ||

Signature size | _{3}) |

We use _{1}, _{2}, _{3} for _{1}, _{2}, _{3} in the protocol, which does not depend on ‖_{2} together with _{2} will be derived in same way. Moreover, the signature size is roughly affected by vector _{3}) bits.

We conduct on Windows 10, AMD Ryzen 7 5800H with Radeon Graphics 3.20 GHz processor, 16.0GB running in RAM, and produce the simulation through MATLAB 2020. In

Security level (bits) | Signature size (KB) | ||
---|---|---|---|

RSA | ECC | Our scheme | |

80 | 1.03 | 0.16 | 56.36 |

128 | 3.13 | 0.25 | 57.85 |

256 | 16.23 | 0.51 | 58.47 |

512 | 32.46 | 1.02 | 59.32 |

1024 | 64.92 | 2.05 | 60.57 |

2048 | 129.84 | 4.10 | 62.32 |

Though the signature size of ECC edges up, it is frequently 2 times of its security level. Last but not least, those two algorithms cannot resist quantum computing attacks. Therefore, our scheme is more useful in terms of security, blindness, and unforgeability than other methods utilized in the log system.

We present a novel post-quantum blind signature scheme for log system, which integrates a post-quantum blockchain to achieve decentralization and undeniability. Moreover, we designed a lattice-based blind signature not only maintains our protocol to resist quantum computing, but satisfies the blindness and one-more unforgeability, ensuring the privacy of log information and the validity of the blind signature. In addition, through the theoretical security analysis and the comprehensive performance evaluation to prove that our scheme has superior efficiency. As this is the first paper regarding to the post-quantum blind signature to secure log system, there are still some open questions for researchers to solve and enhance like how to minimize the signature size and how to improve the security without any increase in the communication overhead.