部分盲签名不仅保留了盲签名的优点，同时又解决了盲签名中对签名不可追踪而造成的签名被滥用的问题。为保障部分盲签名协议在数字货币及其他领域应用中的安全性，构造安全且高效的部分盲签名方案具有重要的研究意义。目前多数部分盲签名方案都是在随机谕言机模型（Random Oracle Model，ROM）中给出的安全性证明，而ROM是一种理想化的计算模型，并不能提供现实的安全性。标准模型虽然能够反映真实世界，但是在标准模型下构造方案并提供安全性证明相比较而言是困难的。代数群模型（Algebraic Group Model，AGM）是目前最接近标准模型的计算模型，它可以在标准模型中实例化，从而提供了比ROM更强的安全性保证。与此同时，量子算法的快速发展，对基于传统密码原语的签名方案的安全性造成了威胁，这使得将这些密码体系向后量子密码体系过渡成为趋势。与其他后量子密码相比，基于格的密码算法具有较强的抗量子特性，能够更好地保障签名方案在量子环境下的安全性。然而，当前多数基于格的部分盲签名方案在安全性证明方面都存在漏洞，此外在计算效率、交互性能等方面也有待提高。针对这些问题，构造在代数群模型下以及量子计算环境下安全的部分盲签名方案变得更加紧迫。本文在前人工作的基础上，进行了如下工作：

（1）提出了一个基于Schnorr的部分盲签名方案，本方案能够实现AGM下的安全性。我们论证了方案的正确性、部分盲性以及One-More不可伪造性。其中，在One-More不可伪造性的证明中，将概率多项式时间（Probabilistic Polynomial Time，PPT）的敌手替换为代数敌手，基于椭圆曲线上的One-More离散对数（One-More Discrete Logarithm，OMDL）问题以及超定可解线性方程组中的随机非齐次性（Random inhomogeneities in an Overdetermined，Solvable system of linear equations，ROS）问题在AGM中给出了相关证明。此外，本方案是基于椭圆曲线密码体制构造的，相比基于RSA的方案，具有更低的计算成本。将方案应用在电子现金系统时，可抵抗双重花费攻击，同时在发布电子现金时，将公共信息设置为有效期，通过及时删除过期的电子现金，可解决银行数据库扩张的问题。我们分析了方案的可行性和计算开销，并与几个类似方案进行了对比。结果表明本方案具有一定的可扩展性，同时在计算效率方面更有优势。

（2）提出了一个基于格的部分盲签名方案。本方案是基于环上小整数解（Ring Small Integer Solution，RSIS）问题构建的。为避免拒绝采样带来的签名方案重启问题，预先对大量随机数进行采样，以便在不满足条件时只需在当前阶段重新选取，而不需要终止整个签名过程。此外，还结合使用哈希树技术来降低通信成本，提高交互性能。为避免之前方案在安全性证明中的漏洞，我们在盲签名模块化框架的基础上进行扩展，根据线性哈希函数（Linear Hash Function，LHF）的性质，分别对方案的正确性、部分盲性以及One-More不可伪造性进行了详细的证明。其中，在One-More不可伪造性的证明中，我们将签名方案的One-More不可伪造性与其底层识别方案的One-More中间人安全性之间建立关联，而识别方案的One-More中间人安全性是由LHF的抗碰撞性保障的，最终说明了方案满足One-More不可伪造性。相较于在ROM下安全性证明存在漏洞的其他基于格的部分盲签名方案，本方案的安全性证明更加严谨。

Partially blind signatures not only retain the advantages of blind signatures but also solve the problems of signature abuse caused by the untraceable nature of blind signatures. In order to ensure the security of partially blind signature protocols in digital currencies and other fields, it is important to construct a secure and efficient partially blind signature scheme, which is of great research significance. At present, most partially blind signature schemes are proven in the Random Oracle Model (ROM), which is an idealized computing model and cannot provide realistic security. Although the standard model can reflect the real world, it is comparatively difficult to construct a scheme and provide security proof in the standard model. The Algebraic Group Model (AGM) is currently the closest computational model to the standard model at present, and it can be instantiated in the standard model, thus providing a stronger security guarantee than the ROM. At the same time, the rapid development of quantum algorithms poses a threat to the security of signature schemes based on traditional cryptographic primitives, which makes it a trend to transition these cryptographic systems to post-quantum cryptographic systems. Compared with other post-quantum ciphers, lattice-based ciphers have stronger quantum resistance, which can better guarantee the security of signature schemes in the quantum environment. However, most lattice-based partially blind signature schemes have loopholes in security proof and need to be improved in computational efficiency and interactive performance. Aiming at these problems, it becomes more urgent to construct secure partially blind signature schemes in the AGM and quantum computing environment. On the basis of previous work, this paper has carried out the following work:

Firstly, we propose a secure partially blind signature scheme based on Schnorr, which can realize security in the AGM. We demonstrate the correctness, partial blindness, and One-More unforgeability of the scheme. In the proof of the One-More unforgeability, the Probabilistic Polynomial Time (PPT) adversary is replaced by an algebraic adversary, and the relevant proofs are given in the AGM based on the elliptic curve One-More Discrete Logarithm (OMDL) problem and the Random inhomogeneities in an Overdetermined, Solvable system of linear equations (ROS) problem. In addition, this scheme is based on the elliptic curve cryptosystem, which has a lower calculation cost than the scheme based on RSA. When the scheme is applied to the electronic cash system, it can resist the double-spending attack, and when issuing electronic cash, set the common information as the expiration date, which can solve the problem of bank database expansion by deleting expired electronic cash in time. We analyzed the feasibility and calculation cost of the scheme and compared it with several similar schemes. The results show that this scheme has certain scalability and has more advantages in computing efficiency.

Secondly, we propose a new lattice-based partially blind signature scheme, which is based on the Ring Small Integer Solution (RSIS) problem. To avoid the restart of signature schemes caused by rejection sampling, a large number of random numbers are sampled in advance. In this way, if the conditions are not met, you only need to re-select them at the current stage without terminating the entire signature process. In addition, the hash tree technology is used to reduce communication costs and improve interactive performance. In order to avoid the errors in the security proofs of previous schemes, our proof builds upon and extends the modular framework for blind signatures. According to the properties of Linear Hash Function (LHF), it is proved that the scheme satisfies the correctness, partial blindness, and One-More unforgeability. In the proof of One-More unforgeability, the One-More unforgeability of the scheme is associated with the One-More man-in-the-middle security of the underlying identification scheme, which is guaranteed by the collision resistance of the LHF. The security proof of this scheme is more rigorous than other lattice-based partially blind signature schemes where the security proof is flawed in the ROM.