A Quantum-resistant Threshold Signature Scheme for Database Audit Logs

CHEN Dajiang; ZHANG Yiwen; JIAO Lihua; WANG Baizheng; CHEN Ruidong

doi:10.11999/JEIT251320

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

CHEN Dajiang, ZHANG Yiwen, JIAO Lihua, WANG Baizheng, CHEN Ruidong. A Quantum-resistant Threshold Signature Scheme for Database Audit Logs[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251320

Citation:

CHEN Dajiang, ZHANG Yiwen, JIAO Lihua, WANG Baizheng, CHEN Ruidong. A Quantum-resistant Threshold Signature Scheme for Database Audit Logs[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251320

Citation:

PDF( 1498 KB)

A Quantum-resistant Threshold Signature Scheme for Database Audit Logs

doi: 10.11999/JEIT251320 cstr: 32379.14.JEIT251320

University of Electronic Science and Technology of China, Chengdu 610054, China

Funds: The National Key Research and Development Program of China (2023YFB3106402), The Natural Science Foundation of Sichuan Province (2024NSFJQ0030, 24NSFSC1771)

Received Date: 2025-12-15
Accepted Date: 2026-03-24
Rev Recd Date: 2026-03-18

Available Online: 2026-04-19

Abstract

Abstract

Objective Database audit logs are a core basis for ensuring data integrity, accountability, and traceability in distributed systems. However, current audit-log protection mechanisms still rely on classical public-key signature algorithms such as RSA and ECDSA, which are vulnerable to quantum attacks. Shor’s algorithm can break integer-factorization- and discrete-logarithm-based cryptography in polynomial time, while Grover’s algorithm reduces the brute-force security of hash-based and symmetric primitives. These threats weaken the long-term reliability of existing database audit-log protection mechanisms in cloud and data-intensive environments. To address this issue, a quantum-resistant framework for database audit logs is proposed to satisfy practical requirements for efficiency, real-time verification, scalable deployment, and distributed trust management. The goal is to provide a robust cryptographic foundation for next-generation database audit-log systems with unforgeability and tamper resistance under quantum threats. Methods A hybrid hash-based signature layer is constructed by combining Few-Time Signature (FORS) and eXtended Merkle Signature Scheme-Tree (XMSS-T). FORS supports efficient signing for high-frequency log events, whereas XMSS-T organizes authentication paths in a Merkle-tree hierarchy for scalable state management. This combination yields a multi-level quantum-resistant signing structure. A Shamir (r,n) threshold secret-sharing mechanism is then adopted to split the signing key into multiple shares managed by independent audit agents. This design avoids a single point of failure, supports collaborative attestation, and ensures that no single party holds complete signing authority. In addition, a chained-hash structure is used to bind consecutive log entries through one-way linkage, thereby ensuring tamper evidence and chronological integrity. The framework further defines a complete set of system algorithms, including setup, key distribution, partial-signature generation, signature aggregation, log-chain update, and verification, all of which operate efficiently in a distributed setting. For formal security analysis, the scheme is modeled in the Quantum Random Oracle Model (QROM), and adversarial capabilities are characterized through UF-CMA, IND-CCA2, and IND-CKA2 games to capture forgery, decryption misuse, and index-indistinguishability attacks. A prototype implementation is developed and evaluated under realistic multi-node settings across different log scales, message sizes, interval configurations, and threshold ratios. Results and Discussions Experimental results show that the proposed scheme achieves a good balance between quantum-resistant security and system performance. For large-scale logs, the average signing latency increases linearly with log volume, which supports the efficiency of the chained-hash structure (Table 2). Compared with representative quantum-resistant signatures such as Dilithium and SPHINCS+, the threshold-signing design reduces the peak computational burden on individual nodes while preserving strong security guarantees. The system also maintains a stable throughput of about 2 000 operations per second. The message-size analysis shows that latency increases with message size but remains manageable even when the message exceeds 4 kB (Fig. 2(b)). Additionally, variation in the threshold ratio (r/n) has a measurable but moderate effect on system latency. A higher threshold improves resistance to collusion, but slightly increases delay (Fig. 2(e)). The interval-based chained-signing strategy further reduces the signing frequency and improves throughput without weakening log-integrity guarantees. These results indicate that the proposed scheme is well suited to cloud-based and distributed database environments that require real-time auditing and high-volume log processing. Conclusions A quantum-resistant mechanism for database audit logs is presented by integrating hash-based signatures, threshold secret sharing, and chained log-integrity protection. The scheme provides strong quantum-resistant security guarantees, including provable unforgeability, confidentiality, and tamper resistance, supported by formal proofs in the QROM. Experimental results show that the mechanism maintains high signing and verification efficiency under large-scale deployment, with good scalability across different log volumes, message sizes, and threshold settings. Owing to its distributed trust model and quantum-resistant cryptographic basis, the proposed scheme offers a practical and secure solution for next-generation database audit systems in cloud computing, big-data processing, and compliance-critical environments.
- Quantum-resistant signature,
- Database audit logs,
- Threshold secret sharing,
- Data security

FullText(HTML)

References(16)

References

[1]	ISLAM M S and RAHMAN M S. LogStamping: A blockchain-based log auditing approach for large-scale systems[EB/OL]. https://arxiv.org/abs/2505.17236, 2025.
[2]	马金花, 黄欣沂, 许俊鹏, 等. 公开可审计的可修订签名方案[J]. 电子与信息学报, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836. MA Jinhua, HUANG Xinyi, XU Junpeng, et al. Public accountable redactable signature scheme[J]. Journal of Electronics & Information Technology, 2020, 42(5): 1079–1086. doi: 10.11999/JEIT190836.
[3]	SERENGIL S and OZPINAR A. LightDSA: A python-based hybrid digital signature library and performance analysis of RSA, DSA, ECDSA and EdDSA in variable configurations, elliptic curve forms and curves[EB/OL]. https://arxiv.org/abs/2505.23773, 2025.
[4]	BARRAL D, CARDAMA J, DÍAZ-CAMACHO G, et al. Review of distributed quantum computing: From single QPU to high performance quantum computing[J]. Computer Science Review, 2025, 57: 100747. doi: 10.1016/j.cosrev.2025.100747.
[5]	CHEN Lidong, JORDAN S P, LIU Yikai, et al. Report on post-quantum cryptography[R]. Gaithersburg, MD, USA: National Institute of Standards and Technology, 2016.
[6]	JOSEPH D, MISOCZKI R, MANZANO M, et al. Transitioning organizations to post-quantum cryptography[J]. Nature, 2022, 605(7909): 237–243. doi: 10.1038/s41586-022-04623-2.
[7]	AIKATA A, MERT A C, IMRAN M, et al. KaLi: A crystal for post-quantum security using Kyber and Dilithium[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2023, 70(2): 747–758. doi: 10.1109/TCSI.2022.3219555.
[8]	JACKSON K A, MILLER C A, and WANG Daochen. Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model[C]. The 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Zurich, Switzerland, 2024: 418–446. DOI: 10.1007/978-3-031-58751-1_15.
[9]	严迎建, 常雅静, 朱春生, 等. 基于循环密文的格密码模板攻击方法[J]. 电子与信息学报, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164. YAN Yingjian, CHANG Yajing, ZHU Chunsheng, et al. A lattice cipher template attack method based on recurrent cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4530–4538. doi: 10.11999/JEIT221164.
[10]	BUCHMANN J, DAHMEN E, and HÜLSING A. XMSS-a practical forward secure signature scheme based on minimal security assumptions[C]. The 4th International Workshop on Post-Quantum Cryptography, Taipei, China, 2011: 117–129. doi: 10.1007/978-3-642-25405-5_8.
[11]	BERNSTEIN D J, HOPWOOD D, HÜLSING A, et al. SPHINCS: Practical stateless hash-based signatures[C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 368–397. doi: 10.1007/978-3-662-46800-5_15.
[12]	YASUDA T and SAKURAI K. A multivariate encryption scheme with rainbow[C]. The 17th International Conference on Information and Communications Security, Beijing, China, 2015: 236–251. doi: 10.1007/978-3-319-29814-6_19.
[13]	BERNSTEIN D J. Post-quantum cryptography[M]. JAJODIA S, SAMARATI P, YUNG M. Encyclopedia of Cryptography, Security and Privacy. Cham, Switzerland: Springer, 2025: 1846–1847. doi: 10.1007/978-3-030-71522-9_386.
[14]	BORGES F, REIS P R, and PEREIRA D. A comparison of security and its performance for key agreements in post-quantum cryptography[J]. IEEE Access, 2020, 8: 142413–142422. doi: 10.1109/ACCESS.2020.3013250.
[15]	GUR K D, KATZ J, and SILDE T. Two-round threshold lattice-based signatures from threshold homomorphic encryption[C]. The 15th International Workshop on Post-Quantum Cryptography, Oxford, UK, 2024: 266–300. Doi: 10.1007/978-3-031-62746-0_12.
[16]	李凤华, 李晖, 牛犇, 等. 数据要素流通与安全的研究范畴与未来发展趋势[J]. 通信学报, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106. LI Fenghua, LI Hui, NIU Ben, et al. Research category and future development trend of data elements circulation and security[J]. Journal on Communications, 2024, 45(5): 1–11. DOI: 10.11959/j.issn.1000-436x.2024106.