CN103647642B - A kind of based on certification agency re-encryption method and system - Google Patents

Abstract

The invention discloses a kind of based on certification agency re-encryption method and system, relate to the data encryption technology field in information security.In order to solve the existing deficiency acted on behalf of and exist in re-encryption method, the present invention will based on cryptographic certificate system with act on behalf of re-encryption and combine, provide a kind of based on certification agency re-encryption method, described method includes generating systematic parameter, generate client public key and private key to, generate user certificate, to message encryption, generate and act on behalf of re-encrypted private key, act on behalf of re-encryption and recover the step of message.Present invention also offers a kind of based on certification agency re-encryption system, including systematic parameter generation module, user key generation module, certificates constructing module, encrypting module, act on behalf of re-encrypted private key generation module, act on behalf of re-encryption module and deciphering module.Technical scheme of the present invention not only simplify the management process of certificate, and be absent from key and distribute the problem with key escrow, it is simple to the application of open network environment.

Description

A kind of based on certification agency re-encryption method and system

Technical field

The present invention relates to the data encryption technology field in information security, particularly to one based on certification agency re-encryption method and system.

Background technology

Along with the high speed development of information technology, the safety issue of electronic data is increasingly subject to the attention of data owner.Data encryption technology is to ensure the core of electronic data confidentiality and key technology, it converts the data into insignificant ciphertext by encryption key and AES, thus avoiding data to be accessed without permission, and the effective guarantee confidentiality of data.

Society is frequently encountered the situation that deciphering authorizes.Such as, one company manager needs to other places to go on business, in order to not affect the business of company, this manager needs to entrust a reliable assistant to help him to process the privacy enhanced mail that some business are relevant in its period of going on business, but reveals to this assistant without wishing to by the private key of oneself simultaneously.In order to solve the problem of above-mentioned deciphering mandate, Blaze et al. proposed, in 1998, the thought acting on behalf of re-encryption.In acting on behalf of re-encryption system, one has the half trusted agent re-encryption center acting on behalf of re-encrypted private key, the ciphertext of message M encrypted for the PKI through user Alice can be converted into the PKI with user Bob to the message M ciphertext encrypted, wherein user Alice is called consigner, and user Bob is called receiving party.In this process, any information of message M cannot be known in half believable re-encryption center of acting on behalf of.Owing to acting on behalf of the problem that re-encryption can effectively solve the problem that deciphering authorizes, therefore the method has much important practical application, and in the cross-domain operation of digital publishing rights, the forwarding of encrypted E-mail and public cloud, secure data shares.Acting on behalf of re-encryption and receive significant attention once proposing, it has been carried out deep discussion and research by Chinese scholars.But existing act on behalf of re-encryption method mostly under conventional public-key cipher system or proposed under identity-based cryptosystems, therefore these methods or there is complicated certificate management problem, or the problem that there is key distribution and key escrow.Although and the proposed method of re-encryption without certification agency of Sur et al. efficiently solves certificate management and the key escrow of complexity in the recent period, but still suffering from the problem that key is distributed.Therefore, existing act on behalf of the application under open network environment of the re-encryption method and will be restricted.

Based on cryptographic certificate system be Gentry at the novel public-key cryptosystem of proposed one in 2003, this system has organically combined identity-based cryptosystems and the advantage of conventional public-key cipher system, and effectively overcomes the defect existed in both cipher systems.A maximum feature based on cryptographic certificate system is to provide a kind of efficient hidden certificate mechanism, and namely user certificate is only sent to holder of certificate combine with its private key final decruption key of generation or signature key.Based on this feature, the third party not only eliminating certificate status based on cryptographic certificate system inquires about problem, simplify certificate management process complicated in conventional public-key cipher system, and overcome cipher key distribution problem intrinsic in identity-based cryptosystems and key escrow simultaneously.Therefore, it is a function admirable based on cryptographic certificate system, it is simple to the novel public key cryptosystem of application in open network environment.

Summary of the invention

The technical problem to be solved is that existing agency in re-encryption method has problems, and the present invention will based on cryptographic certificate system with act on behalf of re-encryption system and combine, it is provided that a kind of based on certification agency re-encryption method.Benefiting from the premium properties based on cryptographic certificate system, method proposed by the invention not only simplify the management process of certificate, and be absent from key and distribute the problem with key escrow.

The present invention solves above-mentioned technical problem by the following technical solutions:

A kind of based on certification agency re-encryption method, comprise the steps of

Step A, generates system master key and the open parameter set of system；Detailed process is:

Step 101, certificate center is according to the security parameter k ∈ Z set⁺, select the Big prime p of a k bit, and generate an a p rank addition cyclic group G and p factorial method cyclic group G_T, and definition is at group G and group G_TOn Bilinear map e:G × G → G_T；Wherein: Z⁺It is positive integer, Bilinear map e:G × G → G_TIt is crowd G cartesian product G × G to group G with self_TMapping, i.e. Bilinear map e:G × G → G_TRefer to function z=e (P₁,P₂), wherein P₁,P₂∈ G is independent variable, z ∈ G_TFor dependent variable；

Step 102, selects two from addition cyclic group G and generates unit P and Q and randomly chooseCalculate Q_pub=α Q, g=e (P, Q) and h=e (Q, Q)；Wherein: set

Step 103, defines five hash functionsH₂:{0,1}ⁿ→{0,1}ⁿ、H₄:G_T×G_T→{0,1}ⁿAndWherein: H₁It it is cartesian product { 0,1}^*×G×G_TArriveCryptographic Hash function, H₂It is { 0,1}ⁿTo { 0,1}ⁿCryptographic Hash function, H₃It is { 0,1}^*ArriveCryptographic Hash function, H₄It is cartesian product G_T×G_TTo { 0,1}ⁿCryptographic Hash function, H₅It is cartesian product G_T×G_TArriveCryptographic Hash function, n represents bit length expressly, { 0,1}^*Represent the set of the uncertain binary string of length, { 0,1}ⁿRepresent the set of the binary string that length is n-bit, { 0,1}^*×G×G_TRepresent { 0,1}^*, group G and group G_TCartesian product, G_T×G_TRepresent group G_TCartesian product with self；

According to step 101 to step 103, the system master key that the central secret that Generates Certificate preserves is msk=α, and the open parameter set of system is params={p, G, G_T,e,n,P,Q,Q_pub,g,h,H₁,H₂,H₃,H₄,H₅}。

Step B, according to the open parameter set of described system, and the identity information of user, generating PKI and the private key pair of user, described user includes sender and recipient；Detailed process is as follows:

Identity is id_UUser first existIn randomly choose an integerPrivate key SK as oneself_U, i.e. SK_U=x_U；Then the open parameter set params of system is utilized to generate the PKI of oneself ${\mathrm{PK}}_U=({\mathrm{PK}}_U^{\left(1\right)},{\mathrm{PK}}_U^{\left(2\right)})$ $=(x_{U}Q,g^{x_U}).$

Step C, the PKI according to the open parameter set of described system master key and system, the identity information of user and user, generate the certificate of user；Detailed process is as follows:

Identity is id_UUser by the identity information id of oneself_UWith PKI PK_USubmit to certificate center；Certificate center produces user id_UCertificate Cert_U=(H₁(id_U,PK_U)+α)^-1Q, then by certificate Cert_UBeing sent to identity is id_UUser.

Step D, according to the identity information of the open parameter set of described system, plaintext to be encrypted and recipient and PKI, generates original cipher text；Detailed process is as follows:

Sender uses the identity id of recipient_VAnd PKIEncryption length is the plaintext M of n-bit, and first sender randomly chooses σ ∈ { 0,1}ⁿAnd calculate r=H₃(M,σ,id_V,PK_V)；Then calculate respectively $C_1=M\⊕H_2\left(\mathrm{\σ}\right),C_2=\mathrm{\σ}\⊕H_4(h^r,{\left({\mathrm{PK}}_V^{\left(2\right)}\right)}^r),$ C₃=rP and C₄=r(H₁(id_V,PK_V)Q+Q_Pub)；Finally by C=(C₁,C₂,C₃,C₄) it is sent to recipient id as the ciphertext of plaintext M_V。

Step E, according to the open parameter set of described system, the identity information of sender, private key and certificate, and the identity information of recipient and PKI, generate and act on behalf of re-encrypted private key；Detailed process is as follows:

Sender id_UAccording to recipient id_VPKIFirst randomly chooseAnd calculateThen the private key SK according to use oneself_UWith certificate Cert_UAnd recipient id_VPKI ${\mathrm{PK}}_V=({\mathrm{PK}}_V^{\left(1\right)},{\mathrm{PK}}_V^{\left(2\right)}),$ Calculate ${\mathrm{PRK}}_{U\→V}^{\left(1\right)}={\mathrm{SK}}_U\·{\mathrm{PK}}_V^{\left(1\right)},{\mathrm{PRK}}_{U\→V}^{\left(2\right)}=s(H_1({\mathrm{id}}_V,{\mathrm{PK}}_V)Q+Q_{\mathrm{Pub}})$ With ${\mathrm{PRK}}_{U\→V}^{\left(3\right)}={\mathrm{tCert}}_U;$ Finally will ${\mathrm{PRK}}_{U\→V}=({\mathrm{PRK}}_{U\→V}^{\left(1\right)},{\mathrm{PRK}}_{U\→V}^{\left(2\right)},{\mathrm{PRK}}_{U\→V}^{\left(3\right)})$ As acting on behalf of re-encrypted private key.

Step F, discloses parameter set, original cipher text according to described system and acts on behalf of re-encrypted private key, generates re-encryption ciphertext；Detailed process is as follows:

According to sender id_UThat submits to acts on behalf of re-encrypted private keyAnd the identity id with sender_UWith PKI PK_UOriginal cipher text C=(the C of encryption₁,C₂,C₃,C₄), put C first respectively₁′=C₁, C₂'=C₂, ${C_5}^{\′}={\mathrm{PRK}}_{U\→V}^{\left(2\right)};$ Then calculate ${C_3}^{\′}=e(C_3,{\mathrm{PRK}}_{U\→V}^{\left(1\right)})$ With ${C_4}^{\′}=e(C_4,{\mathrm{PRK}}_{U\→V}^{\left(3\right)});$ Finally by C '=(id_U,C₁′,C₂′,C₃′,C₄′,C₅') it is forwarded to recipient id as acting on behalf of re-encryption ciphertext_V。

Step G, according to the private key of the open parameter set of described system, ciphertext to be decrypted and recipient and certificate, recovers expressly, and ciphertext to be decrypted includes original cipher text or re-encryption ciphertext；Detailed process is as follows:

Identity is id_VRecipient use oneself private key SK_VWith certificate Cert_VCiphertext C is deciphered, the type according to ciphertext C, is divided into the following two kinds situation:

If ciphertext C is the original cipher text without re-encryption, i.e. C=(C₁,C₂,C₃,C₄), recipient id_VFirst calculate $\mathrm{\σ}=C_2\⊕H_4(e(C_4,{\mathrm{Cert}}_V),{(C_3,Q)}^{{\mathrm{SK}}_V}),$ And then calculate and obtain expressly $M=C_1\⊕H_2\left(\mathrm{\σ}\right);$ Then r=H is calculated₃(M,σ,id_V,PK_V), and judge C₄=r(H₁(id_V,PK_V)Q+Q_Pub) whether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully；

If C is for acting on behalf of re-encryption ciphertext, i.e. C=(id_U,C₁′,C₂′,C₃′,C₄′,C₅'), recipient id_VFirst calculate successively $t=H_5(e({C_5}^{\′},{\mathrm{Cert}}_V),e{({C_5}^{\′},{\mathrm{Cert}}_V)}^{{\mathrm{SK}}_V})$ With $\mathrm{\σ}={C_2}^{\′}\⊕H_4({\left({C_4}^{\′}\right)}^{1/t},{\left({C_3}^{\′}\right)}^{{1/\mathrm{SK}}_V}),$ And then calculate and obtain expresslyThen r=H is calculated₃(M,σ,id_U,PK_U), and judgeAnd C₄′=h^rWhether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully.

The present invention also provides for a kind of based on certification agency re-encryption system, including:

Systematic parameter generation module, for Generate Certificate according to the security parameter the inputted master key at center and the open parameter set of cryptographic system；

User key generation module, for the open parameter set generated according to systematic parameter generation module, and the identity information of user, generating PKI and the private key pair of user, described user includes sender and recipient；

Certificates constructing module, for the PKI that the master key generated according to systematic parameter generation module and open parameter set, the identity information of user and user key generation module generate, generates the certificate of user；

Encrypting module, for the PKI of the recipient that the open parameter set generated according to systematic parameter generation module, plaintext to be encrypted, the identity information of recipient and user key generation module generate, generates original cipher text expressly；

Act on behalf of re-encrypted private key generation module, the private key of the sender generated for the open parameter set generated according to systematic parameter generation module, the identity information of sender and the identity information of recipient, user key generation module and the PKI of recipient, and the certificate of the sender of certificates constructing module generation, generate and act on behalf of re-encrypted private key；

Act on behalf of re-encryption module, for the original cipher text inputted according to the open parameter set of systematic parameter generation module generation, encrypting module and the re-encrypted private key of acting on behalf of acting on behalf of the generation of re-encrypted private key generation module, generation re-encryption ciphertext；

Deciphering module, the private key of the original cipher text generated for the open parameter set generated according to systematic parameter generation module, encrypting module or the recipient acting on behalf of the re-encryption ciphertext of re-encryption module generation, the generation of user key generation module, and the certificate of the recipient of certificates constructing module generation, recover expressly.

Further, the one of the present invention is based on certification agency re-encryption system, and described deciphering module specifically includes ciphertext decryption unit and ciphertext validation verification unit；Wherein:

Ciphertext is decrypted by described ciphertext decryption unit for deciphering person, recovers expressly；

The effectiveness of ciphertext is verified by described ciphertext validation verification unit for deciphering person, and then judges that whether the plaintext that ciphertext decryption unit exports is effective.

The present invention adopts above technical scheme compared with prior art, has following technical effect that

The present invention will based on cryptographic certificate system with act on behalf of re-encryption system and combine, provide a kind of efficient hidden certificate mechanism, namely the certificate of user is only sent to holder of certificate, and the decruption key that the generation that combines with its private key is final, effectively overcome and existing act on behalf of Problems existing in re-encryption method, be a kind of be very suitable in open network environment the novel of application and act on behalf of re-encryption method.Main cause is as follows:

First, owing to user only could decipher, when obtaining certificate, the ciphertext being currently received, therefore sender also just need not obtain the up-to-date certificate status information of recipient before transmission adds confidential information, therefore the present invention not only eliminates in traditional proxy re-encryption method and the third party of certificate status is inquired problem, and what also simplify certificate cancels problem simultaneously.

Secondly as certificate center cannot know the private key of user, so this method solving identity-based to act on behalf of key escrow intrinsic in re-encryption method.

In addition, owing to certificate is intended merely to the corresponding relation between user bound PKI and user identity, user can be sent to publicly, also effectively overcome in this way identity-based act on behalf of re-encryption method and without in certification agency re-encryption method exist cipher key distribution problem.

Accompanying drawing explanation

Fig. 1 is the flow chart based on certification agency re-encryption method of the present invention.

Fig. 2 is the operational flowchart performed according to the cryptographic system of the inventive method.

Fig. 3 is the schematic diagram based on certification agency re-encryption system of the present invention.

Detailed description of the invention

Below in conjunction with accompanying drawing, technical scheme is described in further detail:

Of the present invention can realize based on Bilinear map based on certification agency re-encryption method, briefly introduce the basic definition of Bilinear map and its character that meets first below.

If G is rank is the addition cyclic group of p, G_TThe multiplication loop group of to be rank be p, and P is the generation unit of crowd G, and wherein p is a Big prime.Assume G and G_TDiscrete logarithm problem on the two group is all difficult problem.If definition is at group G and group G_TUpper one maps e:G × G → G_TMeet following three character, then claim this to be mapped as effective Bilinear map.Bilinear map e:G × G → G_TIt is crowd G cartesian product G × G to group G with self_TMapping, i.e. Bilinear map e:G × G → G_TRefer to function z=e (P₁,P₂), wherein P₁,P₂∈ G is independent variable, z ∈ G_TFor dependent variable.

Three character that bilinearity correspondence meets are:

(1) bilinearity. for arbitrary P₁,P₂∈ G andThere is e (aP₁,bP₂)=e(P₁,P₂)^ab。

(2) non-degeneracy.WhereinIt is crowd G_TIdentical element.

(3) computability. for arbitrary P₁,P₂, there is effective algorithm and calculate e (P in ∈ G₁,P₂)。

Wherein, Big prime p is not less than 160 bits of binary representation for discrete logarithm problem, and is not less than 1024 bits of binary representation for Large integer factoring problem.The concept of cyclic group is: set H as group, if there is an element P ∈ H to make H={kP | k ∈ Z}, then claiming H is addition cyclic group, and title P is the generation unit of H；If there is an element u ∈ H to make H={u^k| k ∈ Z}, then claiming H is multiplication loop group, and title u is the generation unit of H.If the rank that H is addition (multiplication) cyclic group and generation unit P (u) are n, namely n is so that the idempotent of P (u) is in the minimum positive integer of the identical element of group H, then claiming H is n rank addition (multiplication) cyclic groups.In simple terms, addition cyclic group refers to that the generation unit of this cyclic group computing can generate all elements in group with additive, and the unit that generates that multiplication loop group refers to this cyclic group can with all elements in the method generation group of power.Additionally,Wherein Z_pRefer to the residue class of integer mould prime number p, i.e. Z_p={0,1,...,p-1}。

Description according to above Bilinear map, below in conjunction with accompanying drawing and being further described based on certification agency re-encryption method of realizing that the present invention proposes by example, but not as a limitation of the invention.

The entity of the method for the invention design is as follows:

(1) certificate center: be responsible for systematic parameter and generate, namely generates system master key and the open parameter set of system, and system user is verified the trusted third party of also grant a certificate；

(2) consigner: the original receivers of encryption message, is the entity entrusting receiving party to exercise deciphering power；

(3) receiving party: receive the mandate of consigner, represents consigner and exercises the entity of deciphering power；

(4) re-encryption center is acted on behalf of: the re-encryption of acting on behalf of receiving consigner is entrusted, and exercises the semi trusted third party that the original cipher text of consigner is converted into re-encryption ciphertext；

(5) sender: the originally transmitted entity of message；

(6) recipient: the receiving entity of ciphertext, it is possible to be consigner, it is also possible to be receiving party.

Reference picture 1 and accompanying drawing 2, the step of the method for the invention is described in detail below:

Step A, generates system master key and the open parameter set of system, specifically comprises the following steps that

Step 101: according to the security parameter k ∈ Z set⁺, select the Big prime p of a k bit, and generate an a p rank addition cyclic group G and p factorial method cyclic group G_T, and definition is at group G and group G_TOn Bilinear map e:G × G → G_T, wherein Bilinear map e:G × G → G_TIt is crowd G cartesian product G × G to group G with self_TMapping.

Step 102: select two from addition cyclic group G and generate unit P and Q and randomly chooseCalculate Q_pub=α Q, g=e (P, Q) and h=e (Q, Q), wherein gather

Step 103: define five hash functionsH₂:{0,1}ⁿ→{0,1}ⁿ、H₄:G_T×G_T→{0,1}ⁿAndWherein H₁It is cartesian product { 0,1}^*×G×G_TArriveCryptographic Hash function, H₂It is { 0,1}ⁿTo { 0,1}ⁿCryptographic Hash function, H₃It is { 0,1}^*ArriveCryptographic Hash function, H₄It is cartesian product G_T×G_TTo { 0,1}ⁿCryptographic Hash function, H₅It is cartesian product G_T×G_TArriveCryptographic Hash function, n represents bit length expressly, { 0,1}^*Represent the set of the uncertain binary string of length, { 0,1}ⁿRepresent the set of the binary string that length is n-bit, { 0,1}^*×G×G_TRepresent { 0,1}^*, group G and group G_TCartesian product, G_T×G_TRepresent group G_TCartesian product with self.

Execution result according to step 101, step 102 and step 103, thus the system that obtains open parameter set params={p, G, G_T,e,n,P,Q,Q_pub,g,h,H₁,H₂,H₃,H₄,H₅And system master key msk=α.

Step B, generates PKI and the private key pair of user, specifically comprises the following steps that according to the open parameter set of described system

Step 104: for user identity id_U,In randomly choose an integerAs its private key SK_U, i.e. SK_U=x_U。

Step 105: calculate and obtain user id_UPKI

Step C, the PKI according to the open parameter set of described system master key and system, the identity of user and user, generate the certificate of user, specifically comprise the following steps that

Step 106: for user identity id_UWith PKI PK_U, calculate and obtain user id_UCertificate Cert_U=(H₁(id_U,PK_U)+α)^-1Q。

Step D, according to the identity of the open parameter set of described system, plaintext to be encrypted and recipient and PKI, generates original cipher text, specifically comprises the following steps that

Step 107: the identity id according to recipient_VAnd PKIAnd plaintext M to be sent, first randomly choose σ ∈ { 0,1}ⁿAnd calculate r=H₃(M,σ,id_V,PK_V)；Then calculate successively C₃=rP and C₄=r(H₁(id_V,PK_V)Q+Q_Pub), thus obtaining the original cipher text C=(C of plaintext M₁,C₂,C₃,C₄)。

Step E, according to the identity of the open parameter set of described system, the identity of consigner, private key and certificate and receiving party and PKI, generates and acts on behalf of re-encrypted private key, specifically comprise the following steps that

Step 108: according to consigner id_UPrivate key SK_UWith certificate Cert_UAnd receiving party id_VPKI ${\mathrm{PK}}_V=({\mathrm{PK}}_V^{\left(1\right)},{\mathrm{PK}}_V^{\left(2\right)}),$ First randomly choose $s\∈Z_p^{*}$ And calculate $t=H_5(h^s,e{(Q,{\mathrm{PK}}_V^{\left(1\right)})}^s);$ Then calculate successively ${\mathrm{PRK}}_{U\→V}^{\left(1\right)}={\mathrm{SK}}_U\·{\mathrm{PK}}_V^{\left(1\right)},{\mathrm{PRK}}_{U\→V}^{\left(2\right)}=s(H_1({\mathrm{id}}_V,{\mathrm{PK}}_V)Q+Q_{\mathrm{Pub}})$ With ${\mathrm{PRK}}_{U\→V}^{\left(3\right)}={\mathrm{tCert}}_U,$ Re-encrypted private key is acted on behalf of thus obtaining ${\mathrm{PRK}}_{U\→V}=({\mathrm{PRK}}_{U\→V}^{\left(1\right)},{\mathrm{PRK}}_{U\→V}^{\left(2\right)},{\mathrm{PRK}}_{U\→V}^{\left(3\right)}).$

Step F, discloses parameter set, original cipher text according to described system and acts on behalf of re-encrypted private key, generates re-encryption ciphertext, specifically comprises the following steps that

Step 109: according to acting on behalf of re-encrypted private keyAnd with identity id_UWith PKI PK_UOriginal cipher text C=(the C of encryption₁,C₂,C₃,C₄), calculate and obtain with identity id_VWith PKI PK_VThat encrypts acts on behalf of re-encryption ciphertext C '=(id_U,C₁′,C₂′,C₃′,C₄′,C₅'), wherein C₁′=C₁, C₂′=C₂, ${C_4}^{\′}=e(C_4,{\mathrm{PRK}}_{U\→V}^{\left(3\right)})$ And ${C_5}^{\′}={\mathrm{PRK}}_{U\→V}^{\left(2\right)}.$

Step G, according to the private key of the open parameter set of described system, ciphertext (original cipher text or re-encryption ciphertext) to be decrypted and deciphering person and certificate, recovers expressly, to specifically comprise the following steps that

When ciphertext C is the original cipher text without re-encryption, i.e. C=(C₁,C₂,C₃,C₄) time, this deciphering module 7 performs following steps:

Step 110: according to deciphering person id_VPrivate key SK_VWith certificate Cert_V, and ciphertext C=(C₁,C₂,C₃,C₄), calculate $\mathrm{\σ}=C_2\⊕H_4(e(C_4,{\mathrm{Cert}}_V),{(C_3,Q)}^{{\mathrm{SK}}_V}),$ And then calculate and obtain expressly $M=C_1\⊕H_2\left(\mathrm{\σ}\right).$

Step 111: calculate r=H₃(M,σ,id_V,PK_V), and judge C₄=r(H₁(id_V,PK_V)Q+Q_Pub) whether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully.

When ciphertext C is for acting on behalf of re-encryption ciphertext, i.e. C=(id_U,C₁′,C₂′,C₃′,C₄′,C₅') time, this deciphering module 7 performs following steps:

Step 112: according to agent id_VPrivate key SK_VWith certificate Cert_V, and ciphertext C=(id_U,C₁′,C₂′,C₃′,C₄′,C₅'), calculate successivelyWith $\mathrm{\σ}={C_2}^{\′}\⊕H_4({\left({C_4}^{\′}\right)}^{1/t},{\left({C_3}^{\′}\right)}^{{1/\mathrm{SK}}_V}),$ And then calculate and obtain expressly $M={C_1}^{\′}\⊕H_2\left(\mathrm{\σ}\right).$

Step 113: calculate r=H₃(M,σ,id_U,PK_U), and judgeAnd C₄′=h^rWhether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully.

Referring to accompanying drawing 3, present invention also offers a kind of based on certification agency re-encryption system, described system includes: systematic parameter generation module, user key generation module, certificates constructing module, encrypting module, acts on behalf of re-encrypted private key generation module, act on behalf of re-encryption module and deciphering module；

Described systematic parameter generation module Generates Certificate the master key at center and the open parameter set of cryptographic system according to the security parameter of input for certificate center.

Open parameter set that described user key generation module generates according to systematic parameter generation module for system user and the identity information of user, the PKI of generation user and private key pair.

Master key that described certificates constructing module generates according to systematic parameter generation module for certificate center and the PKI that open parameter set, the identity information of user and user key generation module generate, the certificate of generation user.

The open parameter set that described encrypting module generates according to systematic parameter generation module for sender, plaintext to be encrypted, receive the identity information of user and the PKI receiving user of user key generation module generation, generate original cipher text expressly.

Described re-encrypted private key generation module of acting on behalf of is for open parameter set that consigner generates according to systematic parameter generation module, the identity information of consigner and the identity information of receiving party, the certificate of the consigner that the private key of consigner of user key generation module generation and the PKI of receiving party and certificates constructing module generate, generates and acts on behalf of re-encrypted private key.

Described re-encryption module of acting on behalf of rushes, for acting on behalf of, the open parameter set that encryption center generates according to systematic parameter generation module, the original cipher text of encrypting module input and act on behalf of that re-encrypted private key generation module generates act on behalf of re-encrypted private key, generate re-encryption ciphertext.

The open parameter set that described deciphering module generates according to systematic parameter generation module for deciphering person, encrypting module generate original cipher text or act on behalf of re-encryption module generate re-encryption ciphertext, the certificate of the deciphering person that the private key of the deciphering person that user key generation module generates and certificates constructing module generate, recovers expressly.

Described deciphering module specifically includes ciphertext decryption unit and ciphertext validation verification unit.

Ciphertext is decrypted by described ciphertext decryption unit for deciphering person, recovers expressly.

The effectiveness of ciphertext is verified by described ciphertext validation verification unit for deciphering person, and then judges that whether the plaintext that ciphertext decryption unit exports is effective.

More than simply the preferred embodiment of the present invention is described.For those skilled in the art, other advantage and deformation can be associated easily according to embodiment of above.Therefore, the invention is not limited in above-mentioned embodiment, a kind of form of the present invention is carried out detailed, exemplary explanation as just example by it.Without departing substantially from the scope of present inventive concept, the usual variations and alternatives that those of ordinary skill in the art carry out in the aspects of the technology of the present invention, all should be included within protection scope of the present invention.

Claims (10)

1. one kind based on certification agency re-encryption method, it is characterised in that described method comprises the steps of

Step A, generates system master key and the open parameter set of system；

Step B, generates PKI and the private key pair of user according to the identity information of the open parameter set of described system and user, and described user includes sender and recipient；

Step C, according to the open parameter set of described system master key and system, and the respective identity information of sender and recipient, PKI, generate the respective certificate of sender and recipient respectively；

Step D, according to the identity information of the open parameter set of described system, plaintext to be encrypted and recipient and PKI, generates original cipher text；

Step E, according to the open parameter set of described system, the identity information of sender, private key and certificate, and the identity information of recipient and PKI, generate and act on behalf of re-encrypted private key；

Step F, discloses parameter set, original cipher text according to described system and acts on behalf of re-encrypted private key, generates re-encryption ciphertext；

Step G, according to the private key of the open parameter set of described system, ciphertext to be decrypted and recipient and certificate, recovers expressly, and ciphertext to be decrypted includes original cipher text or re-encryption ciphertext.

2. one according to claim 1 is based on certification agency re-encryption method, it is characterised in that described step A detailed process is as follows:

Step 101, certificate center is according to the security parameter k ∈ Z set⁺, select the Big prime p of a k bit, and generate an a p rank addition cyclic group G and p factorial method cyclic group G_T, and definition is at group G and group G_TOn Bilinear map e:G × G → G_T；Wherein: Z⁺It is positive integer, Bilinear map e:G × G → G_TIt is crowd G cartesian product G × G to group G with self_TMapping, i.e. Bilinear map e:G × G → G_TRefer to function z=e (P₁,P₂), wherein P₁,P₂∈ G is independent variable, z ∈ G_TFor dependent variable；

Step 102, selects two from addition cyclic group G and generates unit P and Q and randomly chooseCalculate Q_pub=α Q, g=e (P, Q) and h=e (Q, Q)；Wherein: set

Step 103, defines five hash functionsH₂: { 0,1}ⁿ→ { 0,1}ⁿ、H₄:G_T×G_T→{0,1}ⁿAndWherein H₁It is cartesian product { 0,1}^*×G×G_TArriveCryptographic Hash function, H₂It is { 0,1}ⁿTo { 0,1}ⁿCryptographic Hash function, H₃It is { 0,1}^*ArriveCryptographic Hash function, H₄It is cartesian product G_T×G_TTo { 0,1}ⁿCryptographic Hash function, H₅It is cartesian product G_T×G_TArriveCryptographic Hash function, n represents bit length expressly, { 0,1}^*Represent the set of the uncertain binary string of length, { 0,1}ⁿRepresent the set of the binary string that length is n-bit, { 0,1}^*×G×G_TRepresent { 0,1}^*, group G and group G_TCartesian product, G_T×G_TRepresent group G_TCartesian product with self；

According to step 101 to step 103, the system master key that the central secret that Generates Certificate preserves is msk=α, and the open parameter set of system is params={p, G, G_T,e,n,P,Q,Q_pub,g,h,H₁,H₂,H₃,H₄,H₅}。

3. one according to claim 2 is based on certification agency re-encryption method, it is characterised in that described step B detailed process is as follows:

Identity is id_UUser first existIn randomly choose an integerPrivate key SK as oneself_U, i.e. SK_U=x_U；Then the open parameter set params of system is utilized to generate the PKI of oneself

4. one according to claim 3 is based on certification agency re-encryption method, it is characterised in that the detailed process of described step C is as follows:

Identity is id_UUser by the identity information id of oneself_UWith PKI PK_USubmit to certificate center；Certificate center produces user id_UCertificate Cert_U=(H₁(id_U,PK_U)+α)^-1Q, then by certificate Cert_UBeing sent to identity is id_UUser.

5. one according to claim 4 is based on certification agency re-encryption method, it is characterised in that described step D detailed process is as follows:

Sender uses the identity id of recipient_VAnd PKIEncryption length is the plaintext M of n-bit, and first sender randomly chooses σ ∈ { 0,1}ⁿAnd calculate r=H₃(M,σ,id_V,PK_V)；Then C is calculated respectively₁=M H₂(σ),C₃=rP and C₄=r (H₁(id_V,PK_V)Q+Q_Pub)；Finally by C=(C₁,C₂,C₃,C₄) it is sent to recipient id as the ciphertext of plaintext M_V。

6. one according to claim 5 is based on certification agency re-encryption method, it is characterised in that the detailed process of described step E is as follows:

Sender id_UAccording to recipient id_VPKIFirst randomly chooseAnd calculateThen the private key SK according to use oneself_UWith certificate Cert_UAnd recipient id_VPKICalculateWithFinally willAs acting on behalf of re-encrypted private key.

7. one according to claim 6 is based on certification agency re-encryption method, it is characterised in that the detailed process of described step F is as follows:

According to sender id_UThat submits to acts on behalf of re-encrypted private keyAnd the identity id with sender_UWith PKI PK_UOriginal cipher text C=(the C of encryption₁,C₂,C₃,C₄), put C first respectively₁'=C₁, C₂'=C₂,Then calculateWithFinally by C '=(id_U,C₁′,C₂′,C₃′,C₄′,C₅') it is forwarded to recipient id as acting on behalf of re-encryption ciphertext_V。

8. one according to claim 7 is based on certification agency re-encryption method, it is characterised in that the detailed process of described step G is as follows:

Identity is id_VRecipient use oneself private key SK_VWith certificate Cert_VCiphertext C is deciphered, the type according to ciphertext C, is divided into the following two kinds situation:

If ciphertext C is the original cipher text without re-encryption, i.e. C=(C₁,C₂,C₃,C₄), recipient id_VFirst calculateAnd then calculate and obtain plaintext M=C₁⊕H₂(σ)；Then r=H is calculated₃(M,σ,id_V,PK_V), and judge C₄=r (H₁(id_V,PK_V)Q+Q_Pub) whether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully；

If C is for acting on behalf of re-encryption ciphertext, i.e. C=(id_U,C₁′,C₂′,C₃′,C₄′,C₅'), recipient id_VFirst calculate successivelyWithAnd then calculate and obtain plaintext M=C₁′⊕H₂(σ)；Then r=H is calculated₃(M,σ,id_U,PK_U), and judgeAnd C₄'=h^rWhether set up: if setting up, plaintext M is effective；Otherwise, ciphertext is invalid, deciphers unsuccessfully.

9. one kind based on certification agency re-encryption system, it is characterised in that including:

Systematic parameter generation module, for Generate Certificate according to the security parameter the inputted master key at center and the open parameter set of cryptographic system；

User key generation module, for the open parameter set generated according to systematic parameter generation module, and the identity information of user, generating PKI and the private key pair of user, described user includes sender and recipient；

Certificates constructing module, for the master key generated according to systematic parameter generation module and open parameter set, and the respective identity information of sender and recipient, PKI, generate the respective certificate of sender and recipient respectively；

Encrypting module, for the PKI of the recipient that the open parameter set generated according to systematic parameter generation module, plaintext to be encrypted, the identity information of recipient and user key generation module generate, generates original cipher text expressly；

Act on behalf of re-encrypted private key generation module, the private key of the sender generated for the open parameter set generated according to systematic parameter generation module, the identity information of sender and the identity information of recipient, user key generation module and the PKI of recipient, and the certificate of the sender of certificates constructing module generation, generate and act on behalf of re-encrypted private key；

Act on behalf of re-encryption module, for the original cipher text inputted according to the open parameter set of systematic parameter generation module generation, encrypting module and the re-encrypted private key of acting on behalf of acting on behalf of the generation of re-encrypted private key generation module, generation re-encryption ciphertext；

Deciphering module, the private key of the original cipher text generated for the open parameter set generated according to systematic parameter generation module, encrypting module or the recipient acting on behalf of the re-encryption ciphertext of re-encryption module generation, the generation of user key generation module, and the certificate of the recipient of certificates constructing module generation, recover expressly.

10. one according to claim 9 is based on certification agency re-encryption system, it is characterised in that described deciphering module specifically includes ciphertext decryption unit and ciphertext validation verification unit；Wherein:

Ciphertext is decrypted by described ciphertext decryption unit for deciphering person, recovers expressly；

The effectiveness of ciphertext is verified by described ciphertext validation verification unit for deciphering person, and then judges that whether the plaintext that ciphertext decryption unit exports is effective.