Abstract: Abstract: The existing SM2-based signature scheme has the risk of private key leakage， In order to overcome the shortcomings of the dishonest KGC (key generation center) which has the ability to intercept and forge the communication between entities， a certificateless ring signature scheme based on SM2 (SMCL-RS) is proposed. In the scheme， the user's private key is composed of two independent parts， one is calculated by KGC according to the user's identity and the system master key， and the other part is a secret value randomly selected by the user. Therefore， even if the malicious KGC leaks part of the private key， the attacker will not be able to obtain the entire private key of the user. The security specification of the scheme is a discrete logarithm problem， and it is proved that it has unforgeability and unconditional anonymity under the random oracle model. Experimental results show that the signature and verification time of the proposed scheme is comparable to that of the SM2-based ring signature scheme， and can effectively resist the malicious key generation center attack。

Key words: Keywords: SM2 signature algorithm, unforgeability, anonymity, certificateless ring signature, random oracle model

摘要： 摘 要: 现有的基于SM2环签名方案存在着私钥泄露的风险，不诚实的KGC(key generation center)有能力对实体间的通信进行监听和伪造，为了克服该不足，提出了一种基于SM2的无证书环签名方案(SMCL-RS)。方案中用户的私钥由各自独立的两部分组成，一部分是由KGC根据用户的身份和系统主密钥计算用户的部分私钥，另一部分是用户自身随机选择的一个秘密值．因此即使恶意KGC泄露了部分私钥，攻击者也无法获得用户的整个私钥．方案的安全性规约为离散对数问题，并在随机预言模型下证明了其具有不可伪造性和无条件匿名性。验结果表明，所提方案的签名与验签耗时与基于SM2环签名方案相当，并能有效抵抗恶意密钥生成中心攻击。

关键词: SM2签名算法, 不可伪造性, 匿名性, 无证书环签名, 随机预言机模型