SM9身份认证方案及其应用研究综述

doi:10.3778/j.issn.1002-8331.2408-0245

摘要/Abstract

摘要： 商用密码是我国密码体系的重要组成部分，奠定了国家安全的基石。SM9算法因其无须证书、易于管理和低总体成本而广泛应用于身份认证领域。概述了SM9算法的整体框架和关键技术并与同类算法进行比较，探讨了其身份认证方案，特别是在盲签名、否认认证签名、环签名和属性签名的研究进展。重点梳理了SM9算法在区块链安全领域的应用，包括隐私保护、智能合约和跨域认证等场景，以及在物联网安全领域的应用，即工业物联网、电力物联网和车联网安全中的方案特点。最后，从多维度分析了SM9算法在身份认证应用中的安全性，为算法评估和优化提供了新的思路。

关键词: SM9算法, 身份认证, 区块链安全, 物联网安全, 车联网安全

Abstract: Commercial cryptography is essential to China’s cryptographic framework, serving as the foundation for national security. The SM9 algorithm is widely used in the field of identity authentication, due to its certificate free nature, ease of management, and low overall cost. The overall framework and key technologies of the SM9 algorithm are summarized and compared with similar algorithms. The progress of its identity authentication scheme, particularly in blind signatures, denial authentication signatures, ring signatures, and attribute signatures, is discussed. The application of the SM9 algorithm in the field of blockchain security is highlighted, including scenarios such as privacy enhancement, facilitation of smart contracts, and cross-domain authentication, as well as its application in the field of Internet of things (IoT) security, that is, the scheme characteristics of industrial IoT, power IoT, and Internet of vehicles (IoV) security. Finally, the multidimensional analysis of security of SM9 algorithm in identity authentication is analyzed, which provides a new idea for algorithm evaluation and optimization.

Key words: SM9 algorithm, identity authentication, blockchain security, IoT security, IoV security

陈泽宇, 刘丽华, 王尚平. SM9身份认证方案及其应用研究综述[J]. 计算机工程与应用, 2025, 61(5): 18-31.

CHEN Zeyu, LIU Lihua, WANG Shangping. Review of SM9 Identity Authentication Schemes and Their Applications[J]. Computer Engineering and Applications, 2025, 61(5): 18-31.

参考文献

[1] OVERILL R. Foundations of cryptography: basic tools[J]. Journal of Logic and Computation, 2002, 12(3): 543-544.
[2] 卢秋如. 国密算法应用研究综述[J]. 软件, 2023, 44(1): 123-125.
LU Q R. Review on the application of national cryptography algorithms[J]. Software, 2023, 44(1): 123-125.
[3] 密码行业标准化技术委员会. 我国SM2和SM9数字签名算法正式成为ISO/IEC国际标准[EB/OL]. (2017-11-17)[2020-03-02]. http://www.gmbz.org.cn/main/postDetail.html?id=20180118171408.
Cryptography Standardization Technical Committee. China’s SM2 and SM9 digital signature algorithms have officially become ISO/IEC international standards[EB/OL]. (2017-11-17)[2020-03-02]. http://www.gmbz.org.cn/main/postDetail.html?id=20180118171408.
[4] 袁峰, 程朝辉. SM9标识密码算法综述[J]. 信息安全研究, 2016, 2(11): 1008-1027.
YUAN F, CHENG Z H. Over on SM9 identity-based cryptographic algorithm[J]. Journal of Information Security Research, 2016, 2(11): 1008-1027.
[5] 殷明. 基于标识的密码算法SM9研究综述[J]. 信息技术与信息化, 2020(5): 88-93.
YIN M. A review of identity-based cryptographic algorithm SM9[J]. Information Technology and Informatization, 2020(5): 88-93.
[6] DIFFIE W, HELLMAN M E. New directions on cryptography[J]. IEEE Transactions on Information Theory, 1976, 22(6): 644-654.
[7] SCHOOF R. Elliptic curves over finite fields and the computation of square roots mod p[J]. Mathematics of Computation, 1985, 44: 483.
[8] ZHAO C A, ZHANG F G. A note on the Ate pairing[J]. International Journal of Information Security, 2008, 7(6): 379-382.
[9] 甘植旺, 廖方圆. 国密SM9中R-Ate双线性对快速计算[J]. 计算机工程, 2019, 45(6): 171-174.
GAN Z W, LIAO F Y. Rapid calculation of R-Ate bilinear pairing in china state cryptography standard SM9[J]. Computer Engineering, 2019, 45(6): 171-174.
[10] 密码行业标准化技术委员会. SM9标识密码算法: GM/T0044—2016[S/OL]. (2018-03-10)[2020-03-08]. http://www.gmbz.org.cn/main/post Detail html? id=20180322410400.
Cryptography Standardization Technical Committee. SM9 identification cryptography algorithm: GM/T0044—2016[S/OL]. (2018-03-10)[2020-03-08]. http://www.gmbz.org.cn/main/post Detail html? id=20180322410400.
[11] MENEZES A J, VAN OORSCHOT P C, VANSTONE S A. Handbook of applied cryptography[M]. Boca Raton: CRC Press, 2018.
[12] JANSMA N, ARRENDONDO B. Performance comparison of elliptic curve and RSA digital signatures[R]. University of Michigan, 2004: 1-20.
[13] SHAMIR A. Identity-based cryptosystems and signature schemes[M]//Advances in cryptology. Berlin, Heidelberg: Springer, 2007: 47-53.
[14] 朱留富, 汪定. 支持商密SM9算法框架的多因素认证方案[J]. 电子与信息学报, 2024, 46(5): 2137-2148.
ZHU L F, WANG D. A multi-factor authentication scheme under the SM9 algorithm framework[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2137-2148.
[15] CHAUM D. Blind signatures for untraceable payments[M]//Advances in cryptology. Boston, MA: Springer US, 1983: 199-203.
[16] 张雪锋, 彭华. 一种基于SM9算法的盲签名方案研究[J]. 信息网络安全, 2019, 19(8): 61-67.
ZHANG X F, PENG H. Blind signature scheme based on SM9 algorithm[J]. Netinfo Security, 2019, 19(8): 61-67.
[17] 吕尧, 侯金鹏, 聂冲, 等. 基于SM9算法的部分盲签名方案[J]. 网络与信息安全学报, 2021, 7(4): 147-153.
LYU Y, HOU J P, NIE C, et al. Partial blind signature scheme based on SM9 algorithm[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 147-153.
[18] 陈倩倩, 秦宝东. 基于SM9的两方协同盲签名方案[J]. 计算机工程, 2023, 49(6): 144-153.
CHEN Q Q, QIN B D. Two-party cooperative blind signature scheme based on SM9[J]. Computer Engineering, 2023, 49(6): 144-153.
[19] 饶金涛, 崔喆. 基于SM9盲签名与环签名的安全电子选举协议[J]. 计算机工程, 2023, 49(6): 13-23.
RAO J T, CUI Z. Secure E-voting protocol based on SM9 blind signature and ring signature[J]. Computer Engineering, 2023, 49(6): 13-23.
[20] 邵清, 张磊军. 结合SM9和盲签名的联盟链交易隐私保护方案[J]. 小型微型计算机系统, 2025, 46(1): 217-224.
SHAO Q, ZHANG L J. Transaction privacy protection scheme for consortium blockchain utilizing SM9 and blind signature[J]. Journal of Chinese Computer Systems, 2025, 46(1): 217-224.
[21] DWORK C, NAOR M, SAHAI A. Concurrent zero-knowledge[C]//Proceedings of the 30th Annual ACM Symposium on Theory of Computing. New York: ACM, 1998: 409-418.
[22] WU W, LI F. An efficient identity-based deniable authenticated encryption scheme[J]. KSII Transactions on Internet and Information Systems, 2015, 9(5): 1904-1919.
[23] HUANG W, LIAO Y J, ZHOU S J, et al. An efficient deniable authenticated encryption scheme for privacy protection[J]. IEEE Access, 2019, 7: 43453-43461.
[24] 赵晨阳, 柯品惠, 林昌露. 具有否认认证的SM9标识加密算法[J]. 计算机科学与探索, 2023, 17(10): 2519-2528.
ZHAO C Y, KE P H, LIN C L. SM9 identity-based encryption algorithm with deniable authentication[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(10): 2519-2528.
[25] RIVEST R L, SHAMIR A, TAUMAN Y. How to leak asecret[C]//Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, 2001: 552-565.
[26] 张雪锋, 彭华. 一种基于SM9算法的环签名方案[J]. 西安邮电大学学报, 2020, 25(5): 28-32.
ZHANG X F, PENG H. A ring signature scheme based on SM9 algorithm[J]. Journal of Xi’an University of Posts and Telecommunications, 2020, 25(5): 28-32.
[27] 彭聪, 何德彪, 罗敏, 等. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4): 724-734.
PENG C, HE D B, LUO M, et al. An identity-based ring signature scheme for SM9 algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734.
[28] 王伊婷, 万武南, 张仕斌, 等. 基于SM9算法的可链接环签名方案[J/OL]. 计算机应用: 1-13[2024-07-15]. http://kns.cnki.net/kcms/detail/51.1307.TP.20240301.1525.019.html.
WANG Y T, WAN W N, ZHANG S B, et al. Linkable ring signature scheme based on SM9 algorithm[J/OL]. Journal of Computer Applications: 1-13[2024-07-15]. http://kns.cnki.net/kcms/detail/51.1307.TP.20240301.1525.019.html.
[29] MAJI H K, PRABHAKARAN M, ROSULEK M. Attribute-based signatures[C]//Proceedings of the 11th International Conference on Topics in Cryptology(CT-RSA 2011). Berlin, Heidelberg: Springer, 2011: 376-392.
[30] SHI Y, MA Z Y, QIN R F, et al. Implementation of an attribute-based encryption scheme based on SM9[J]. Applied Sciences, 2019, 9(15): 3074.
[31] 唐飞, 凌国玮, 单进勇. 基于国产密码算法SM9的可追踪属性签名方案[J]. 电子与信息学报, 2022, 44(10): 3610-3617.
TANG F, LING G W, SHAN J Y. Traceable attribute signature scheme based on domestic cryptographic SM9 algorithm[J]. Journal of Electronics & Information Technology, 2022, 44(10): 3610-3617.
[32] 朱留富, 李继国, 赖建昌, 等. 基于商密SM9的属性基在线/离线签名方案[J]. 计算机研究与发展, 2023, 60(2): 362-370.
ZHU L F, LI J G, LAI J C, et al. Attribute-based online/offline signature scheme based on SM9[J]. Journal of Computer Research and Development, 2023, 60(2): 362-370.
[33] 高改梅, 段明博, 荀亚玲, 等. 支持密码逆向防火墙的基于SM9的属性基可搜索加密方案[J/OL]. 计算机应用: 1-10 [2024-06-03]. https://kns.cnki.net/kcms/detail/51.1307.TP.
20240531.1442.006.html.
GAO G M, DUAN M B, XUN Y L, et al. Attribute-based searchable encryption scheme based on SM9 supporting password reverse firewall[J/OL]. Journal of Computer Applications: 1-10 [2024-06-03]. https://kns.cnki.net/kcms/detail/51.1307.TP.20240531.1442.006.html.
[34] 邵奇峰, 金澈清, 张召, 等. 区块链技术: 架构及进展[J]. 计算机学报, 2018, 41(5): 969-988.
SHAO Q F, JIN C Q, ZHANG Z, et al. Blockchain: architecture and research progress[J]. Chinese Journal of Computers, 2018, 41(5): 969-988.
[35] AL-RIYAMI S S, PATERSON K G. Certificateless public key cryptography[C]//Proceedings of the ASIACRYPT 2003. Berlin, Heidelberg: Springer, 2003: 452-473.
[36] YU Y, MU Y, WANG G, et al. Improved certificateless signature scheme provably secure in the standard model[J]. IET Information Security, 2012, 6(2): 102-110.
[37] MIERS I, GARMAN C, GREEN M, et al. Zerocoin: anonymous distributed E-cash from Bitcoin[C]//Proceedings of the 2013 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2013: 397-411.
[38] NOETHER S, MACKENZIE A, RESEARCH LAB T M. Ring confidential transactions[J]. Ledger, 2016, 1: 1-18.
[39] GUO S Y, WANG F N, ZHANG N, et al. Master-slave chain based trusted cross-domain authentication mechanism in IoT[J]. Journal of Network and Computer Applications, 2020, 172: 102812.
[40] 魏松杰, 李莎莎, 王佳贺. 基于身份密码系统和区块链的跨域认证协议[J]. 计算机学报, 2021, 44(5): 908-920.
WEI S J, LI S S, WANG J H. A cross-domain authentication protocol by identity-based cryptography on consortium blockchain[J]. Chinese Journal of Computers, 2021, 44(5): 908-920.
[41] 傅丽玉, 陆歌皓, 吴义明, 等. 区块链技术的研究及其发展综述[J]. 计算机科学, 2022, 49(S1): 447-461.
FU L Y, LU G H, WU Y M, et al. Overview of research and development of blockchain technology[J]. Computer Science, 2022, 49(S1): 447-461.
[42] 杨亚涛, 蔡居良, 张筱薇, 等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6): 1692-1704.
YANG Y T, CAI J L, ZHANG X W, et al. Privacy preserving scheme in block chain with provably secure based on SM9 algorithm[J]. Journal of Software, 2019, 30(6): 1692-1704.
[43] 郭阳楠, 蒋文保, 叶帅. 可监管的区块链匿名交易系统模型[J]. 计算机应用, 2022, 42(9): 2757-2764.
GUO Y N, JIANG W B, YE S. Supervisable blockchain anonymous transaction system model[J]. Journal of Computer Applications, 2022, 42(9): 2757-2764.
[44] 安浩杨, 何德彪, 包子健, 等. 基于SM9数字签名的环签名及其在区块链隐私保护中的应用[J]. 计算机研究与发展, 2023, 60(11): 2545-2554.
AN H Y, HE D B, BAO Z J, et al. Ring signature based on the SM9 digital signature and its application in blockchain privacy protection[J]. Journal of Computer Research and Development, 2023, 60(11): 2545-2554.
[45] 周权, 陈民辉, 卫凯俊, 等. 基于SM9的属性加密的区块链访问控制方案[J]. 信息网络安全, 2023, 23(9): 37-46.
ZHOU Q, CHEN M H, WEI K J, et al. Blockchain access control scheme with SM9-based attribute encryption[J]. Netinfo Security, 2023, 23(9): 37-46.
[46] 叶帅, 蒋文保, 祁亚楠. 基于SM9多密钥中心的用户身份隐私保护模型[J]. 计算机工程与设计, 2023, 44(7): 1985-1992.
YE S, JIANG W B, QI Y N. User identity privacy protection model based on SM9 multi-key center[J]. Computer Engineering and Design, 2023, 44(7): 1985-1992.
[47] 朱郭诚, 何德彪, 安浩杨, 等. 基于区块链和SM9数字签名的代理投票方案[J]. 信息网络安全, 2024, 24(1): 36-47.
ZHU G C, HE D B, AN H Y, et al. The proxy voting scheme based on the blockchain and SM9 digital signature[J]. Netinfo Security, 2024, 24(1): 36-47.
[48] 薛慧, 沈勇, 时岳, 等. 基于区块链的物联网智能合约模型设计[J]. 软件导刊, 2022, 21(6): 161-168.
XUE H, SHEN Y, SHI Y, et al. Design of blockchain-based smart contract model for Internet of things[J]. Software Guide, 2022, 21(6): 161-168.
[49] 张利华, 刘季, 曹宇, 等. 双共识混合链跨异构域身份认证方案[J]. 应用科学学报, 2022, 40(4): 666-680.
ZHANG L H, LIU J, CAO Y, et al. Dual consensus hybrid blockchain cross heterogeneous domain identity authentication scheme[J]. Journal of Applied Sciences, 2022, 40(4): 666-680.
[50] SCHOENBERGER R C. The Internet of things[J]. Forbes, 2002, 169(6): 155-156.
[51] XIE Y, XU F, LI X, et al. EIAS: an efficient identity-based aggregate signature scheme for WSNs against coalition attack[J]. Computers, Materials & Continua, 2019, 59(3): 903-924.
[52] SIDDHARTHA V, GABA G S, KANSAL L. A lightweight authentication protocol using implicit certificates for securing IoT systems[J]. Procedia Computer Science, 2020, 167: 85-96.
[53] 董一潇, 全建斌, 王明儒, 等. 国密SM9算法在物联网安全领域的应用研究[J]. 电信工程技术与标准化, 2022, 35(9): 22-27.
DONG Y X, QUAN J B, WANG M R, et al. Research on the application of SM9 algorithm in the security field of Internet of things[J]. Telecom Engineering Technics and Standardization, 2022, 35(9): 22-27.
[54] 翟鹏, 何泾沙, 张昱. 物联网环境下基于SM9算法和区块链技术的身份认证方法[J]. 信息网络安全, 2024, 24(2): 179-187.
ZHAI P, HE J S, ZHANG Y. An identity authentication method based on SM9 and blockchain in the IoT environment[J]. Netinfo Security, 2024, 24(2): 179-187.
[55] 翟社平, 刘法鑫, 杨锐, 等. 基于联盟链的工业物联网数据存储模型[J]. 计算机应用研究, 2023, 40(5): 1318-1323.
ZHAI S P, LIU F X, YANG R, et al. Industrial Internet of things data storage model based on consortium blockchain[J]. Application Research of Computers, 2023, 40(5): 1318-1323.
[56] 陈纪成, 包子健, 罗敏, 等. 一种面向工业物联网的远程安全指令控制方案[J]. 计算机工程, 2024, 50(3): 28-35.
CHEN J C, BAO Z J, LUO M, et al. A security remote command control scheme for industrial Internet of things[J]. Computer Engineering, 2024, 50(3): 28-35.
[57] 廖会敏, 俞果, 班国民, 等. 基于国密SM9算法的电力物联网身份认证技术研究[J]. 山东电力技术, 2020, 47(10): 1-5.
LIAO H M, YU G, BAN G M, et al. Research on identity authentication technology in power Internet of things based on SM9 algorithm[J]. Shandong Electric Power, 2020, 47(10): 1-5.
[58] 向新宇, 姚海燕, 於志渊, 等. 电力物联网安全分析与国密算法应用[J]. 网络安全技术与应用, 2021(7): 37-39.
XIANG X Y, YAO H Y, YU Z Y, et al. Security analysis of power Internet of things and application of state secret algorithm[J]. Network Security Technology & Application, 2021(7): 37-39.
[59] 吴克河, 程瑞, 郑碧煌, 等. 电力物联网安全通信协议研究[J]. 信息网络安全, 2021, 21(9): 8-15.
WU K H, CHENG R, ZHENG B H, et al. Research on security communication protocol of power Internet of things[J]. Netinfo Security, 2021, 21(9): 8-15.
[60] 卢阳, 刘书勇, 李嘉, 等. SM9在智慧能源充电桩蓝牙安全防护中的应用[J]. 计算机应用与软件, 2022, 39(11): 324-328.
LU Y, LIU S Y, LI J, et al. Application of SM9 in bluetooth security protection of smart energy charging pile[J]. Computer Applications and Software, 2022, 39(11): 324-328.
[61] 张彦杰, 王辉, 李延, 等. 电力物联网下基于SM9的CP-ABE访问控制方案[J/OL]. 太原理工大学学报: 1-14[2024-03-02]. https://kns.cnki.net/kcms/detail/14.1220.N.20240229.1750.
007.html.
ZHANG Y J, WANG H, LI Y, et al. CP-ABE access control scheme based on SM9 in power Internet of things[J/OL]. Journal of Taiyuan University of Technology: 1-14[2024-03-02]. https://kns.cnki.net/kcms/detail/14.1220.N.20240229.1750.
007.html.
[62] 周启扬, 李飞, 章嘉彦, 等. 基于区块链技术的车联网匿名身份认证技术研究[J]. 汽车技术, 2020(10): 58-62.
ZHOU Q Y, LI F, ZHANG J Y, et al. Research on anonymous identity authentication technology of connected vehicles based on blockchain technology[J]. Automobile Technology, 2020(10): 58-62.
[63] 曹瑀晗. 车联网环境下的轻量级认证密钥协商协议研究[J]. 物联网技术, 2024, 14(6): 57-60.
CAO Y H. Research on lightweight authentication key agreement protocol in Internet of vehicles environment[J]. Internet of Things Technologies, 2024, 14(6): 57-60.
[64] LIBERT B, YUNG M. Fully forward-secure group signatures[M]//Cryptography and Security: from theory to applications. Berlin, Heidelberg: Springer, 2012: 156-184.
[65] 李佩丽, 徐海霞. 区块链用户匿名与可追踪技术[J]. 电子与信息学报, 2020, 42(5): 1061-1067.
LI P L, XU H X. Blockchain user anonymity and traceability technology[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1061-1067.
[66] 王梅, 孙磊. 一个安全可追踪的策略隐藏属性基加密方案[J]. 计算机应用与软件, 2017, 34(2): 267-271.
WANG M, SUN L. A secure and traceable attribute-based encryption scheme with access structures[J]. Computer Applications and Software, 2017, 34(2): 267-271.
[67] 陈晓, 程朝晖, 张振峰, 等. 信息安全技术SM9标识密码算法第2部分: 算法: GB/T 38635.2—2020[S]. 北京: 中国标准出版社, 2020.
CHEN X, CHENG Z H, ZHANG Z F, et al. Information security technology SM9 identification cryptography algorithm part 2: algorithm: GB/T 38635.2—2020[S]. Beijing: Standards Press of China, 2020.