CN103220146A - Zero knowledge digital signature method based on multivariate public key cryptosystem - Google Patents
Zero knowledge digital signature method based on multivariate public key cryptosystem Download PDFInfo
- Publication number
- CN103220146A CN103220146A CN2013101144265A CN201310114426A CN103220146A CN 103220146 A CN103220146 A CN 103220146A CN 2013101144265 A CN2013101144265 A CN 2013101144265A CN 201310114426 A CN201310114426 A CN 201310114426A CN 103220146 A CN103220146 A CN 103220146A
- Authority
- CN
- China
- Prior art keywords
- signature
- overbar
- signer
- digital signature
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a zero knowledge digital signature method based on a multivariate public key cryptosystem. The method comprises the following steps of generating a system parameter, generating a signature, and verifying the signature. A user keeps a corresponding private key secret through disclosing a public key based on a multivariate public key cryptography; a signer can sign any message according to the private key; the digital signature can be verified by any verifier through the public key of the signer; and if the signature verification passes, the signature of the message is true.
Description
Technical field
The invention belongs to field of information security technology, relate to a kind of zero knowledge digital signature method based on the multivariable public-key cryptosystem.
Background technology
Digital signature is in information security, and particularly there is important application aspects such as data validity, integrality and non-repudiation.
Digital signature can equally with traditional handwritten signature play the effect of law authentication.By contrast, handwritten signature shows significant limitation in the information age based on computer and the Internet.Because handwritten signature is in computer network, very easily copy is forged.And comprising the information of the employed secret keys of signer in the digital signature, it all is almost impossible that anyone who does not know this private key forges digital signature.Therefore, digital signature is more suitable for the application requirements in the New Times.People can carry out the telefile signature by network, increase work efficiency.
Many digital signature methods are based on the conventional cipher system, and as Digital Signature Algorithms such as RSA and DSA etc., major part is based on all that big integer factor decomposes and the conventional public-key cryptographic system of discrete logarithm problem.
Yet the appearance of quantum computer has caused threat to the conventional public-key cryptographic system, and for the active demand of fail safe and high efficiency, multivariable public-key cryptosystem (MPKCs) becomes a kind of novel public-key cryptosystem fast rapidly.It is based on the finite field NP-difficulty of polynary quadratic polynomial equation group and finds the solution problem, and quantum computer does not show any advantage handling on the NP difficult problem,
MPKCs might become the cryptographic system of back quantum epoch safety with its high computational efficiency.MPKCs can be divided into two electrode systems and hybrid system.Two electrode systems mainly contain MI, HFE, OV, TTM and l-IC system etc.The zero knowledge digital signature method of research back quantum epoch safety has important theory and practical significance.
Summary of the invention
The purpose of this invention is to provide a kind of zero knowledge digital signature method, solve prior art no longer safe problem under quantum calculation based on the multivariable public-key cryptosystem.
The object of the present invention is achieved like this, and the zero knowledge digital signature method based on the multivariable public-key cryptosystem may further comprise the steps:
Step 1. generation system parameter; System parameters be (k, q, l, m, n, H), q wherein, l is a security parameter, k=GF (q
l) be a finite field, m is the number of multivariable equation, n is the number of variable.H:{0,1}
*→ k
nIt is the unidirectional crash-resistant hash function of a cryptography safety;
Key generates: the private key SK={L of signer correspondence
1, F, L
2, wherein F is the mapping of reversible center, L
1And L
2Be respectively k
mAnd k
nOn reversible affine transformation; The PKI PK of signer
Be m the multinomial component with n variable, symbol here.Representative function is compound;
Step 2. signature generates; Signer to message M ∈ 0,1}
*Sign, step is as follows:
(1) selects u at random
i∈ k
m, i=1 wherein ..., t;
(2) calculate
c=H(M||PK||u
1||...||u
t)∈k
n;
(3) calculate
(4) output message M ∈ 0,1}
*Zero signatures of Knowledge σ=(c, s
1..., s
t);
Step 3. signature verification:
Signature sigma=(c, s to message M
1..., s
t), any verifier's checking utilizes the PKI of signer
The checking equation
Whether set up.If set up, then accept this signature; Otherwise refuse this signature.
The invention has the beneficial effects as follows
1, the present invention can solve the defective that existing zero knowledge digital signature method will be no longer safe under quantum calculation, not only has fail safe but also have the high advantage of computational efficiency.
2, the zero knowledge digital signature method based on the multivariable public-key cryptosystem that proposes of the present invention satisfies completeness, unforgeable and zero-knowledge proof, in back quantum cryptography epoch safety still.
Embodiment
The present invention is further detailed explanation below in conjunction with embodiment.
Based on the zero knowledge digital signature method of multivariable public-key cryptosystem, implement according to following steps:
Step 1. generation system parameter
System parameters be (k, q, l, m, n, H).Q wherein, l is a security parameter, k=GF (q
l) be a finite field, m is the number of multivariable equation, n is the number of variable.H:{0,1}
*→ k
nIt is the unidirectional crash-resistant hash function of a cryptography safety;
Key generates: the private key SK={L of signer correspondence
1, F, L
2, wherein F is the mapping of reversible center, L
1And L
2Be respectively k
mAnd k
nOn reversible affine transformation.The PKI of signer
Be m multinomial component with n variable.Here symbol.Representative function is compound.
Step 2. signature generates
Signer to message M ∈ 0,1}
*Sign, step is as follows:
(1) selects u at random
i∈ k
m, i=1 wherein ..., t;
(2) calculate
c=H(M||PK||u
1||...||u
t)∈k
n;
(3) calculate
(4) output message M ∈ 0,1}
*Zero signatures of Knowledge σ=(c, s
1..., s
t).
Step 3. signature verification
Signature sigma=(c, s to message M
1..., s
t), any verifier's checking utilizes the PKI of signer
The checking equation
Whether set up,, then accept this signature if set up; Otherwise refuse this signature.
Safety analysis about the zero knowledge digital signature method that the present invention is based on the multivariable public-key cryptosystem:
1. correctness
If each step, signature of message M so of having followed signature process of signer honesty
σ=(c, s
1..., s
t) satisfy:
The verifier always accepts signature, so method has completeness.
2. unforgeable
Suppose that signer is a tricker, promptly he does not know private key SK={L
1, F, L
2, attempt is forged a message M and is effectively signed.One of approach of signature adulterator success is that he selects u at random
i∈ k
m, i=1 wherein ..., t; Calculate then
C=H (M||PK||u
1|| ... || u
t) ∈ k
nNext, do not having under the prerequisite of private key, the adulterator need pass through equation
Calculate s
i, i=1 ..., t, the adulterator knows u
iAnd c, find the solution this equation, be under the hypothesis of a difficult problem finding the solution of secondary multivariable equation, be difficult.Academia generally acknowledges that finding the solution of secondary multivariable equation is a difficult problem at present.So this forgery probability of successful is very little.
Two of the approach of signature adulterator success is to find the solution to satisfy verification expression
One group separate σ=(c, s
1..., s
t), at hash function H:{0,1}
*→ k
nThe unidirectional crash-resistant hypothesis that is a cryptography safety is difficult down.
Embodiment 1. is based on the interactive zero knowledge proof of identification method of multivariable oil-vinegar public-key cryptosystem.
Step 1. generation system parameter:
(1) k=GF (q) being set is the finite field that is characterized as p=2, wherein q=2
8
(2) make o=30, v=64, m=o=30 are the number of equation in the multivariable equation group, and n=o+v=97 is the number of variable.
(3) select secure Hash function, H:{0,1}
*→ k
97, specifically can get the secure Hash function is preceding 776 bits of the 896 bits output of sha-512||sha-384, is converted into finite field k=GF (2 according to 776=8*97 then
8) on 97 variablees.
Key generates: it is from k that the certifier selects F at random
97To k
30The mapping of reversible Oil-Vinegar multinomial, the Oil-Vinegar multinomial is that any one total degree with following form is 2 multinomial
A wherein
Ij, b
Ij, c
i, d
j, e ∈ k.Here o=30, v=64.
Make F:k
n→ k
oBe a multinomial mapping, form is as follows:
The certifier selects L at random
2Be from k
nTo k
nA reversible affine transformation
M wherein
2Be the invertible matrix of a n * n on the finite field k, a
2The column vector of n * 1 on the finite field k.
Certifier its private key SK={F that maintains secrecy, L
2.
Annotate: in the multivariable oil-vinegar public-key cryptosystem, can not select k
mOn reversible affine transformation L
1
Step 2. signature generates:
Signer to message M ∈ 0,1}
*Sign, step is as follows:
(1) selects u at random
i∈ k
m, i=1 wherein ..., t; Here can get t=8.
(2) calculate then
c=H(M||PK||u
1||...||u
t)∈k
n;
(3) calculate
Annotate: F here inverts
-1The time, at first appoint and get one group
Find the solution (x then
1..., x
o).
(4) output message M ∈ 0,1}
*Zero signatures of Knowledge σ=(c, s
1..., s
t).
Step 3. signature verification:
Signature sigma=(c, s to message M
1..., s
t), any verifier's checking utilizes the PKI of signer
The checking equation
Whether set up.If set up, then accept this signature; Otherwise refuse this signature.
In the endorsement method of the present invention, the user is by disclosing its PKI based on the multivariable public key cryptography, secret corresponding private key.Signer can utilize the private key of oneself, to any information signature.This signature can the authenticatee utilize the PKI of signer to verify.If signature verification is passed through, the signature that this message then is described is real.
With compare based on the digital signature method of traditional cryptographic system, the present invention has the computational efficiency height, under quantum calculation safety advantage.
Claims (2)
1. based on the zero knowledge digital signature method of multivariable public-key cryptosystem, it is characterized in that, comprise that generation system parameter step, signature generate step and signature verification step.
2. the zero knowledge digital signature method based on the multivariable public-key cryptosystem as claimed in claim 1 is characterized in that concrete steps are as follows:
Step 1. generation system parameter
System parameters be (k, q, l, m, n, H); Q wherein, l is a security parameter, k=GF (q
l) be a finite field, m is the number of multivariable equation, n is the number of variable, H:{0,1}
*→ k
nIt is the unidirectional crash-resistant hash function of a cryptography safety;
Key generates: the private key SK={L of signer correspondence
1, F, L
2, wherein F is the mapping of reversible center, L
1And L
2Be respectively k
mAnd k
nOn reversible affine transformation.The PKI of signer
Be m multinomial component with n variable.Here symbol.Representative function is compound;
Step 2. signature generates:
Signer to message M ∈ 0,1}
*Sign, step is as follows:
(1) selects u at random
i∈ k
m, i=1 wherein ..., t;
(2) calculate then
c=H(M||PK||u
1||...||u
t)∈k
n;
(3) calculate
(4) output message M ∈ 0,1}
*Zero signatures of Knowledge σ=(c, s
1..., s
t);
Step 3. signature verification:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310114426.5A CN103220146B (en) | 2013-04-02 | 2013-04-02 | Zero Knowledge digital signature method based on multivariate public key cryptosystem |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310114426.5A CN103220146B (en) | 2013-04-02 | 2013-04-02 | Zero Knowledge digital signature method based on multivariate public key cryptosystem |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103220146A true CN103220146A (en) | 2013-07-24 |
CN103220146B CN103220146B (en) | 2016-12-28 |
Family
ID=48817635
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310114426.5A Expired - Fee Related CN103220146B (en) | 2013-04-02 | 2013-04-02 | Zero Knowledge digital signature method based on multivariate public key cryptosystem |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103220146B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103501227A (en) * | 2013-10-23 | 2014-01-08 | 西安电子科技大学 | Improved multi-variable public key cryptogram encryption and decryption scheme |
CN103516526A (en) * | 2013-10-23 | 2014-01-15 | 西安电子科技大学 | Improved TTS scheme |
CN106209376A (en) * | 2016-07-01 | 2016-12-07 | 陕西科技大学 | A kind of multivariate endorsement method resisting forgery attack |
CN106209377A (en) * | 2016-07-01 | 2016-12-07 | 陕西师范大学 | A kind of based on multivariable can anti-conspiracy attack agency weight endorsement method |
CN113098691A (en) * | 2021-03-25 | 2021-07-09 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113259094A (en) * | 2021-04-21 | 2021-08-13 | 山东大学 | Universal hierarchical signature encryption system and construction method |
CN113591160A (en) * | 2021-07-30 | 2021-11-02 | 山东大学 | State digital signature method and system based on symmetric password |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7346162B2 (en) * | 2002-09-30 | 2008-03-18 | Micron Technology, Inc. | Public key cryptography using matrices |
CN101651542A (en) * | 2009-08-26 | 2010-02-17 | 西安理工大学 | Method for protecting security of digital signature documents of multiple verifiers strongly designated by multiple signers. |
CN102006165A (en) * | 2010-11-11 | 2011-04-06 | 西安理工大学 | Ring signature method for anonymizing information based on multivariate public key cryptography |
CN102201920A (en) * | 2011-07-12 | 2011-09-28 | 北京中兴通数码科技有限公司 | Method for constructing certificateless public key cryptography |
-
2013
- 2013-04-02 CN CN201310114426.5A patent/CN103220146B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7346162B2 (en) * | 2002-09-30 | 2008-03-18 | Micron Technology, Inc. | Public key cryptography using matrices |
CN101651542A (en) * | 2009-08-26 | 2010-02-17 | 西安理工大学 | Method for protecting security of digital signature documents of multiple verifiers strongly designated by multiple signers. |
CN102006165A (en) * | 2010-11-11 | 2011-04-06 | 西安理工大学 | Ring signature method for anonymizing information based on multivariate public key cryptography |
CN102201920A (en) * | 2011-07-12 | 2011-09-28 | 北京中兴通数码科技有限公司 | Method for constructing certificateless public key cryptography |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103501227A (en) * | 2013-10-23 | 2014-01-08 | 西安电子科技大学 | Improved multi-variable public key cryptogram encryption and decryption scheme |
CN103516526A (en) * | 2013-10-23 | 2014-01-15 | 西安电子科技大学 | Improved TTS scheme |
CN103516526B (en) * | 2013-10-23 | 2016-08-31 | 西安电子科技大学 | A kind of TTS method of improvement |
CN106209376A (en) * | 2016-07-01 | 2016-12-07 | 陕西科技大学 | A kind of multivariate endorsement method resisting forgery attack |
CN106209377A (en) * | 2016-07-01 | 2016-12-07 | 陕西师范大学 | A kind of based on multivariable can anti-conspiracy attack agency weight endorsement method |
CN106209377B (en) * | 2016-07-01 | 2017-05-17 | 陕西师范大学 | Multivariable-based proxy re-signature method capable of resisting conspiracy attacks |
CN113098691A (en) * | 2021-03-25 | 2021-07-09 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113098691B (en) * | 2021-03-25 | 2021-11-23 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113259094A (en) * | 2021-04-21 | 2021-08-13 | 山东大学 | Universal hierarchical signature encryption system and construction method |
CN113259094B (en) * | 2021-04-21 | 2022-03-25 | 山东大学 | Universal hierarchical signature encryption system and construction method |
CN113591160A (en) * | 2021-07-30 | 2021-11-02 | 山东大学 | State digital signature method and system based on symmetric password |
CN113591160B (en) * | 2021-07-30 | 2023-08-11 | 山东大学 | State digital signature method and system based on symmetric passwords |
Also Published As
Publication number | Publication date |
---|---|
CN103220146B (en) | 2016-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN101834724B (en) | Authenticated encryption method of public key and digital signature method | |
CN103220146A (en) | Zero knowledge digital signature method based on multivariate public key cryptosystem | |
CN103546567B (en) | Without certificate cross-domain authentication method in a kind of credible cloud computing environment | |
CN102983971B (en) | Certificateless signature algorithm for user identity authentication in network environment | |
CN103259662B (en) | A kind of new allograph based on Integer Decomposition problem and verification method | |
CN104601605A (en) | Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage | |
CN106357701A (en) | Integrity verification method for data in cloud storage | |
CN103220147B (en) | Strong designated verifier signature method based on multivariate public key cryptosystem | |
CN106027262B (en) | Multi-variable signing method resisting key recovery attack | |
CN108667623A (en) | A kind of SM2 ellipse curve signatures verification algorithm | |
CN107171788B (en) | Identity-based online and offline aggregated signature method with constant signature length | |
CN101741559B (en) | Chameleon digital signature method without key disclosure | |
Wang et al. | A modified efficient certificateless signature scheme without bilinear pairings | |
CN102291396B (en) | Anonymous authentication algorithm for remote authentication between credible platforms | |
CN116346328A (en) | Digital signature method, system, equipment and computer readable storage medium | |
CN102045164B (en) | Key exposure free chameleon digital signature method based on ID (Identity) | |
CN108390866A (en) | Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy | |
CN109617700A (en) | Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method | |
CN104917615A (en) | Trusted computing platform attribute verification method based on ring signature | |
JP5227816B2 (en) | Anonymous signature generation device, anonymous signature verification device, anonymous signature tracking determination device, anonymous signature system with tracking function, method and program thereof | |
CN110505052B (en) | Cloud data public verification method for protecting data privacy | |
Hu et al. | An improved efficient identity-based proxy signature in the standard model | |
Liu et al. | Security of analysis mutual authentication and key exchange for low power wireless communicationsi | |
CN111064581B (en) | Privacy protection method and system with connection capability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161228 |