A Quantum-Resistant Threshold Signature Scheme for Database Audit Logs
-
摘要: 随着量子计算的迅猛发展,数据库审计日志中常用的RSA、ECDSA等经典数字签名机制因依赖大整数分解与离散对数等难题而在Shor算法下面临失效风险,同时Grover算法对哈希函数及对称密码的攻击复杂度降低也进一步削弱了现有审计机制的长期安全性。为提升审计日志在云计算与大数据环境中的完整性与可追溯能力,有必要构建能够抵御量子攻击的审计签名体系。为此,研究采用抗量子密码学原理,以FORS少次签名与XMSS-T树型结构为基础构建量子安全签名层,结合Shamir门限秘密共享机制实现私钥的安全分发与分布式管理,并利用链式哈希结构确保日志在存储与传输过程中的不可篡改性。安全性分析表明,该机制在量子随机预言机模型下满足不可伪造性与机密性要求,并具备抵御量子攻击的能力。实验结果进一步验证了体系在高并发日志场景下保持较低签名延迟与稳定吞吐率,且在不同日志规模与消息大小下表现出良好的扩展性,适用于大规模分布式数据库审计环境。Abstract:
Objective The rapid development of quantum computing has raised critical security concerns for current database audit-logging systems that still rely on classical public-key signature algorithms such as RSA and ECDSA. These schemes are vulnerable to Shor’s algorithm, which breaks integer-factorization- and discrete-logarithm-based cryptography in polynomial time. Grover’s algorithm further amplifies the risks by reducing the brute-force complexities of hash-based and symmetric primitives, undermining the long-term reliability of existing audit-log protection mechanisms in large-scale cloud and data-intensive infrastructures. Database audit logs serve as foundational evidence for ensuring data integrity, accountability, and traceability across distributed systems. Their security degradation under quantum-capable adversaries could impose severe operational, compliance, and forensic consequences. To address these challenges, this work aims to design a quantum-resistant audit-logging framework that simultaneously satisfies practical constraints on efficiency, real-time verification, scalable deployment, and distributed trust management. The objective is to provide a robust cryptographic foundation for next-generation database auditing systems capable of maintaining unforgeability and tamper-resistance against quantum threats.Methods To achieve these goals, the proposed framework integrates multiple post-quantum cryptographic primitives and distributed-security mechanisms. First, a hybrid hash-based signature layer is constructed by combining FORS and XMSS-T. FORS provides fast few-time signatures suitable for high-frequency log events, while XMSS-T organizes authentication paths in a Merkle-tree hierarchy to enable scalable state management. Their combination yields a high-security, multi-level quantum-resistant signing structure. Second, the design introduces a Shamir (r,n) threshold-sharing mechanism to decentralize the signing key into multiple fragments managed by independent audit agents. This avoids single points of failure, supports collaborative attestation workflows, and ensures that no individual party possesses complete signing authority. Third, a chained-hash structure is incorporated to bind consecutive log entries via one-way linkability, thereby providing strong tamper evidence and chronological integrity. Fourth, the framework defines a complete set of system algorithms—setup, key distribution, partial-signature generation, signature aggregation, log-chain update, and verification—that operate efficiently under distributed execution. To formally analyze security, the system is modeled under the quantum random-oracle model, and adversarial capabilities are described through UF-CMA, IND-CCA, and IND-CKA2 games, capturing quantum-capable forgery attempts, decryption misuse, and index indistinguishability attacks. A prototype implementation is developed and benchmarked on realistic multi-node settings to evaluate its performance across log scales, message sizes, interval configurations, and threshold ratios. Results and Discussions Experimental evaluations demonstrate that the proposed scheme achieves a favorable balance between quantum-resistant security and system performance. When handling large-scale logs, the average signing latency exhibits linear scalability with respect to log volume, validating the efficiency of the chain-hash structure ( Table 2 ). Compared with traditional PQC signatures such as Dilithium and SPHINCS+, the integration of threshold signing reduces peak computational load on individual nodes while maintaining robust security guarantees. Performance tests further show that the proposed mechanism sustains a stable throughput of approximately 2,000 operations per second. The message-size sensitivity analysis indicates that latency grows linearly with log size, while remaining manageable even for messages exceeding 4 KB (Fig. 2b ). Additionally, varying the threshold parameters ((r/n)) reveals a measurable but moderate impact on system latency; higher thresholds enhance security resistance against collusion at the cost of a slight delay increase (Fig. 2e ). The interval-based chained signing strategy effectively reduces signature-generation frequency, thereby improving system throughput without sacrificing log-integrity guarantees. These results confirm that the proposed mechanism is well-suited for cloud and distributed database environments that demand real-time auditing and high-volume log processing.Conclusions This work presents a quantum-resistant database audit-logging mechanism that integrates hash-based signatures, threshold secret sharing, and chained log-integrity protection. The scheme provides strong security assurances in the post-quantum setting, including provable unforgeability, confidentiality, and tamper-resistance, supported by rigorous proofs in the QROM framework. Experimental results demonstrate that the mechanism maintains high signing and verification efficiency under large-scale deployment conditions, with excellent scalability across diverse log sizes, message lengths, and threshold configurations. Owing to its distributed trust model and future-proof cryptographic foundations, the proposed scheme provides a practical and secure solution for next-generation database audit systems in cloud computing, big-data analytics, and compliance-critical infrastructures. -
Key words:
- Post-quantum signature /
- Database audit logs /
- Threshold secret sharing /
- Data security
-
表 1 系统符号表
符号 含义 $ {1}^{\lambda } $ 安全参数(后量子安全) $ p,q $ 大质数 (Shamir 域和哈希/输出长度控制) $ {Z}_{p} $ Shamir 多项式运算的有限域 $ G $ 基于椭圆曲线的循环群,阶为 $ q $ $ P $ 循环群生成元 msk 密钥管理中心(KMC)主私钥 mpk KMC 主公钥 $ \text{mpk}=\alpha P $ $ \mathrm{s}{\mathrm{k}}_{\text{share,i}} $ 签名参与方第 $ i $ 个私钥分片 $ \mathrm{p}{\mathrm{k}}_{\text{global}} $ 系统全局公钥, 由 XMSS-T 签名 FORS 公钥生成 $ \text{LogChai}{\text{n}}_{i} $ 日志链节点,包括 $ {d}_{i}、{h}_{i-1}、{t}_{i} $ $ {d}_{i} $ 日志具体审计数据 $ {h}_{i} $ 日志链哈希值 $ {t}_{i} $ 日志时间戳 $ {\sigma }_{i} $ 节点签名,由 FORS+XMSS-T 生成 $ {K}_{\text{enc}}{,K}_{\text{hash}} $ 对称加密和索引哈希密钥 $ {H}_{1},{H}_{2},{H}_{3} $ 抗碰撞哈希函数, 用于身份验证、加密、签名验证 PRF 伪随机函数, 用于生成 FORS 叶节点私钥 
下载: 导出CSV
表 2 不同日志规模下的签名性能数据(消息大小:1 KB,签名对所有日志)
日志数 方案 签名数 平均延迟 (ms) 吞吐 (ops/s) 最大/最小延迟 (ms) 总耗时 (s) 标准差(ms) 10,000 ECDSA 10000 0.314 3,226 1.22/0.22 3.11 0.03 10,000 Dilithium 10000 0.392 2,564 1.10/0.30 3.90 0.05 10,000 SPHINCS+ 10000 0.655 1,538 1.19/0.50 6.52 0.11 10,000 Our Scheme 10000 0.453 2,222 2.92/0.10 4.50 0.25 50,000 ECDSA 50000 0.310 3,226 1.55/0.24 15.56 0.04 50,000 Dilithium 50000 0.419 2,413 1.21/0.31 20.72 0.06 50,000 SPHINCS+ 50000 0.706 1,429 6.04/0.51 35.23 0.12 50,000 Our Scheme 50000 0.484 2,083 3.20/0.11 24.16 0.30 100,000 ECDSA 100000 0.322 3,125 1.88/0.25 32.04 0.05 100,000 Dilithium 100000 0.431 2,326 12.10/0.31 43.80 0.08 100,000 SPHINCS+ 100000 0.783 1,282 11.40/0.51 78.37 0.15 100,000 Our Scheme 100000 0.551 1,818 5.31/0.38 55.72 0.78 500,000 ECDSA 500000 0.339 2,941 5.33/0.25 170.82 0.13 500,000 Dilithium 500000 0.485 2,083 10.71/0.31 240.16 0.22 500,000 SPHINCS+ 500000 0.848 1,176 15.81/0.52 425.19 0.41 500,000 Our Scheme 500000 0.756 1,333 30.09/0.10 375.19 2.49 1,000,000 ECDSA 1000000 0.361 2,777 12.11/0.26 360.26 0.16 1,000,000 Dilithium 1000000 0.520 1,923 16.32/0.31 520.75 0.28 1,000,000 SPHINCS+ 1000000 0.857 1,176 20.78/0.51 850.02 0.62 1,000,000 Our Scheme 1000000 0.952 1,053 52.45/0.10 950.42 4.98
下载: 导出CSV
表 3 本方案在不同消息大小下的性能对比(日志数量 =10 万条)
消息大小 平均延迟 (ms) 吞吐率(ops/s) 总时间 (s) 最大/最小延迟 (ms) 标准差 (ms) 0.5 KB 0.522 1,923 52.13 3.40/0.35 0.83 1.0 KB 0.551 1,818 55.72 5.31/0.38 0.78 2.0 KB 0.619 1,667 60.98 10.47/0.43 0.91 4.0 KB 0.750 1,333 75.43 12.61/0.55 2.54 8.0 KB 0.824 1,220 82.41 15.48/0.60 3.17 16.0 KB 0.956 1,053 95.56 20.06/0.75 5.42
下载: 导出CSV
-
[1] ISLAM M S and RAHMAN M S. LogStamping: A blockchain-based log auditing approach for large-scale systems[EB/OL]. https://arxiv.org/abs/2505.17236, 2025. [2] 马金花, 黄欣沂, 许俊鹏, 等. 公开可审计的可修订签名方案[J]. 电子与信息学报, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836.MA Jinhua, HUANG Xinyi, XU Junpeng, et al. Public accountable redactable signature scheme[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836. [3] SERENGIL S and OZPINAR A. LightDSA: A python-based hybrid digital signature library and performance analysis of RSA, DSA, ECDSA and EdDSA in variable configurations, elliptic curve forms and curves[EB/OL]. https://arxiv.org/abs/2505.23773, 2025. [4] BARRAL D, CARDAMA J, DÍAZ-CAMACHO G, et al. Review of distributed quantum computing: From single QPU to high performance quantum computing[J]. Computer Science Review, 2025, 57: 100747. doi: 10.1016/j.cosrev.2025.100747. [5] CHEN Lidong, JORDAN S P, LIU Yikai, et al. Report on post-quantum cryptography[R]. Gaithersburg, MD, USA: National Institute of Standards and Technology, 2016. [6] JOSEPH D, MISOCZKI R, MANZANO M, et al. Transitioning organizations to post-quantum cryptography[J]. Nature, 2022, 605(7909): 237–243. doi: 10.1038/s41586-022-04623-2. [7] AIKATA A, MERT A C, IMRAN M, et al. KaLi: A crystal for post-quantum security using Kyber and Dilithium[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2023, 70(2): 747–758. doi: 10.1109/TCSI.2022.3219555. [8] JACKSON K A, MILLER C A, and WANG Daochen. Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model[C]. Proceedings of the 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Zurich, Switzerland, 2024: 418–446. DOI: 10.1007/978-3-031-58751-1_15. [9] 严迎建, 常雅静, 朱春生, 等. 基于循环密文的格密码模板攻击方法[J]. 电子与信息学报, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164.YAN Yingjian, CHANG Yajing, ZHU Chunsheng, et al. A lattice cipher template attack method based on recurrent cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164. [10] BUCHMANN J, DAHMEN E, and HÜLSING A. XMSS-a practical forward secure signature scheme based on minimal security assumptions[C]. Proceedings of the 4th International Workshop on Post-Quantum Cryptography, Taipei, China, 2011: 117–129. doi: 10.1007/978-3-642-25405-5_8. [11] BERNSTEIN D J, HOPWOOD D, HÜLSING A, et al. SPHINCS: Practical stateless hash-based signatures[C]. Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 368–397. doi: 10.1007/978-3-662-46800-5_15. [12] YASUDA T and SAKURAI K. A multivariate encryption scheme with rainbow[C]. Proceedings of the 17th International Conference on Information and Communications Security, Beijing, China, 2015: 236–251. doi: 10.1007/978-3-319-29814-6_19. [13] BERNSTEIN D J. Post-quantum cryptography[M]. JAJODIA S, SAMARATI P, YUNG M. Encyclopedia of Cryptography, Security and Privacy. Cham, Switzerland: Springer, 2025: 1846–1847. doi: 10.1007/978-3-030-71522-9_386. [14] BORGES F, REIS P R, and PEREIRA D. A comparison of security and its performance for key agreements in post-quantum cryptography[J]. IEEE Access, 2020, 8: 142413–142422. doi: 10.1109/ACCESS.2020.3013250. [15] GUR K D, KATZ J, and SILDE T. Two-round threshold lattice-based signatures from threshold homomorphic encryption[C]. Proceedings of the 15th International Workshop on Post-Quantum Cryptography, Oxford, UK, 2024: 266–300. Doi: 10.1007/978-3-031-62746-0_12. [16] 李凤华, 李晖, 牛犇, 等. 数据要素流通与安全的研究范畴与未来发展趋势[J]. 通信学报, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106.LI Fenghua, LI Hui, NIU Ben, et al. Research category and future development trend of data elements circulation and security[J]. Journal on Communications, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106. [17] HUELSING A, BUTIN D, GAZDAG S, et al. XMSS: eXtended Merkle signature scheme[R]. RFC 8391, 2018. (查阅网上资料,本条文献包含两条文献,请确认). [17] BUCHMANN J, DAHMEN E, and HÜLSING A. XMSS-a practical forward secure signature scheme based on minimal security assumptions[C]. Proceedings of the 4th International Workshop on Post-Quantum Cryptography, Taipei, China, 2011: 117–129. doi: 10.1007/978-3-642-25405-5_8. (查阅网上资料,本条文献与第10条文献重复,请确认). -
图(2) / 表(3)
计量
- 文章访问数: 20
- HTML全文浏览量: 10
- PDF下载量: 1
- 被引次数: 0
下载:
