CN104393996A - Certificateless-based signcryption method and certificateless-based signcryption system - Google Patents

Certificateless-based signcryption method and certificateless-based signcryption system Download PDF

Info

Publication number
CN104393996A
CN104393996A CN201410614542.8A CN201410614542A CN104393996A CN 104393996 A CN104393996 A CN 104393996A CN 201410614542 A CN201410614542 A CN 201410614542A CN 104393996 A CN104393996 A CN 104393996A
Authority
CN
China
Prior art keywords
user
arithmetic unit
private key
hash
signcryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410614542.8A
Other languages
Chinese (zh)
Other versions
CN104393996B (en
Inventor
李继国
张乐
陈超东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MAANSHAN CHENGZHI INFORMATION TECHNOLOGY Co Ltd
Original Assignee
MAANSHAN CHENGZHI INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MAANSHAN CHENGZHI INFORMATION TECHNOLOGY Co Ltd filed Critical MAANSHAN CHENGZHI INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410614542.8A priority Critical patent/CN104393996B/en
Publication of CN104393996A publication Critical patent/CN104393996A/en
Application granted granted Critical
Publication of CN104393996B publication Critical patent/CN104393996B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a certificateless-based signcryption method and a certificateless-based signcryption system, belonging to the field of signcryption technologies. The certificateless-based signcryption method and the certificateless-based signcryption system comprise a third-party KGC (Key Generation Center partial private key generation center) and a user module, wherein the third-party module comprises an online task distributor, a partial private key generator and an Hash arithmetic unit which are connected through a secure channel; the user module comprises a user secret value generator, a user full private key generator, an offline signcryption machine, an online signcryption machine and a decipher, and the signcryption operation is carried out on a user through the steps of generating system parameters, generating a user secret value, generating a user partial private key, generating a user full private key, carrying out offline signcryption, carrying out online signcryption and decoding in sequence. According to the certificateless-based signcryption method and the certificateless-based signcryption system, signcryption effectively replaces a simple method of combining encryption and a signature through a logic unit, so that the online/offline signcryption can be implemented under the certificateless environment safely and effectively, and determination of identity of a receiver is not needed in an offline stage, and the certificateless-based signcryption method and the certificateless-based signcryption system have the advantages of high efficiency, good safety, large flexibility and strong applicability.

Description

A kind of based on without the label decryption method of certificate and system
Technical field
The present invention relates to and a kind of sign close technical field, especially design a kind of based on without the label decryption method of certificate and system.
Background technology
In ecommerce, authentication property and confidentiality are substantially the most also important requirements.Ecommerce relates to mobile device and smart card unavoidably, but their physical layer is vulnerable to attack, and therefore, some effective cryptography protections are necessary.But because these equipment itself exist the essence of power limited, cause and design the low algorithm of cost and seem particularly important.
Zheng first time proposes to sign close primitive, and it has unforgeable and confidentiality simultaneously, relative to the simple combination of signature with encryption, has less computation complexity and lower communication cost.The label that Malone-Lee proposes identity-based are first close, and the stopover sites of some identity-based is suggested in succession, efficiency to obtain corresponding improvement in fail safe.
The label that the people such as An propose on-line/off-line are close.The principle of on-line/off-line primitive is that the calculation cost of on-line stage is as far as possible little, and in other words, the operation that major part is complicated, as index, Bilinear map operation, should complete in off-line phase.For improving the flexibility of system, wait that the identity information signing close message and recipient should be unknown in off-line phase.But 2002, the people such as An only proposed the close security model of on-line/off-line label, and the analysis of general construction, but do not provide the close concrete scheme of on-line/off-line label.2005, the people such as Zhang gave the stopover sites of concrete on-line/off-line, but the program needs extra symmetric key encryption scheme could obtain the confidentiality of overall plan.
For overcoming the inherent key escrow of ID-based cryptosystem, the people such as Al-Riyami proposed without cryptographic certificate system in 2003.First the concept close without certificate label proposed in 2008 by Barbosa.At present, most dangerous without certificate stopover sites, 2010, the people such as Selvi indicate the safety issue that pertinent literature exists.
2010, the on-line/off-line label that Luo proposes without certificate were close, but were known in the identity of its off-line phase recipient, and such condition decreases the flexibility of scheme, causes the degeneration of its practicality.Further, in 2014, Shi points out that the scheme of Luo exists safety issue, and assailant can obtain the private key of user by eavesdropping message, fail safe is not enough.
Summary of the invention
1. the technical problem that will solve
For current most of be all realize under the environment of identity-based without certificate stopover sites, there is minority scheme based on without certificate, efficiency is low, the problem of poor stability, the invention provides a kind of based on without the label decryption method of certificate and system, it can realize one, and without under certificate environment, on-line/off-line label are close safely, efficiently, and realize off-line phase without the need to determining the identity of recipient, efficiency is high, fail safe good, flexibility is large, application is strong.
2. technical scheme
Based on the label decryption method without certificate, comprise the steps:
A () system parameters generates:
PKG operational system parameter generation algorithm: first system chooses Big prime p, p factorial method cyclic group G 1and G 2, bilinear map e:G 1× G 1→ G 2.From G 1middle selection generator P, Stochastic choice calculate P pub=sP, g=e (P, P), system parameters generating algorithm generation system parameter, wherein openly parameter is params=(G 1, G 2, e, q, P, P pub), system master key be msk=s;
B () user secret value generates:
Step 1: user's Stochastic choice as secret value, calculate PK=xP as its corresponding PKI;
C () User Part private key generates:
Step 2: online task distributor sender and recipient's identity send to User Part key generator;
Step 3: tuple (ID, PK) sends to Hash arithmetic unit to carry out computing by User Part key generator, calculates hash value q, that is: (H 1{ 0,1} *× G 1arrive cryptographic Hash function, { 0,1} *× G 1expression is input as uncertain set, and { Ka Dier of 0,1} amasss and G 1element in group, expression set 1,2 ..., p-2, p-1});
The value q calculated is sent to User Part key generator by step 4:Hash arithmetic unit, and user is sender and recipient;
Step 5: User Part key generator utilizes main private key msk=s to calculate the part private key of user then online task distributor is sent to;
D the complete private key of () user generates:
Step 6: the certain customers' private key obtained is sent to corresponding user by safe lane by online task distributor, and user is by (x, D) the complete private key as oneself;
E () off-line label are close:
Step 7: the complete private key of oneself is all sent to the close maker of off-line label by sender, r selected by the close maker of off-line label 1, β, calculate c 1-1r 1p, C 2=r 1(β+s) P=r 1(β P+P pub), T=γ -1μ D a;
Step 8: sender's Stochastic choice r 2∈ { 0,1} *, calculate U=μ P, by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit, obtain that is: (H 2{ 0,1} *× G 1× G 1arrive cryptographic Hash function, { Ka Dier of 0,1} is long-pending with two G to be input as uncertain set 1element in group, expression set 1,2 ..., p-2, p-1});
Step 9: the close maker of off-line label obtains cryptographic Hash α from Hash arithmetic unit;
Step 10: sender is by σ '=(U, W, C 1, C 2, T, μ, α, beta, gamma, r 2) be stored in internal memory as off-line ciphertext, by the time on-line stage and recipient mutual time be retrieved use;
F () is signed close online:
Step 11: sender retrieves off-line ciphertext σ '=(U, W, C from internal memory 1, C 2, T, μ, α, beta, gamma, r 2);
Step 12: sender will by message m ∈ { 0,1} *send to recipient, obtain the cryptographic Hash q of Hash arithmetic unit from online task distributor b=H 1(ID b, PK b);
Step 13: sender obtains cryptographic Hash q from Hash arithmetic unit b;
Step 14: sender's calculated value μ PK b, by tuple (U, W, PK b, μ PK b) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 15: sender obtains cryptographic Hash k from Hash arithmetic unit;
Step 16: sender calculates C=k ⊕ (m||r 2|| ID a), by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit, obtain h ∈ Z p * , That is: H 4 : Z p * × { 0,1 } * × G 1 × G 1 × G 1 × G 1 → Z p * (H 4be arrive cryptographic Hash function, be input as set 1,2 ..., p-2, p-1} element, uncertain set { cartesian product of 0,1} and four each and every one G 1group in element, export into set 1,2 ..., p-2, p-1} element);
Step 17: sender obtains cryptographic Hash h from Hash arithmetic unit;
Step 18: sender is by ciphertext σ=(C 1, C 2, C 3, C, U, T, t) and send to recipient by channel;
G () deciphers:
Step 19: recipient receives ciphertext σ=(C from online task distributor 1, C 2, C 3, C, U, T, t);
Step 20: the ciphertext received sends to decipher to be decrypted and checking by recipient;
Step 21: recipient utilizes the complete private key of oneself to distinguish calculated value W=e (C 1c 3+ C 2, D b), x bu, then by tuple (U, W, PK b, x bu) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 22: recipient obtains cryptographic Hash k from Hash arithmetic unit;
Step 23: recipient deciphers m||r 2|| ID a=C ⊕ k, by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit;
Step 24: recipient obtains cryptographic Hash h from Hash arithmetic unit;
Step 25: recipient is by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit;
Step 26: recipient obtains cryptographic Hash α from Hash arithmetic unit;
Step 27: recipient verifies equation e (P pub+ q ap, Tt)=e (U, hP) e (U, PK a), e (C 1, P) αwhether=W sets up, if all set up, message m is legal, otherwise message is illegal, rejection.
Based on the close system of label without certificate, comprise third party's part private key generating center, line module, wherein third party's part private key generating center comprises online task distributor, part private key generator, Hash arithmetic unit; Line module comprises user's secret value maker, the complete private key generator of user, the close device of off-line label, the close device of online label and decipher, online task distributor, part private key generator and Hash arithmetic unit that third party's part private key generating center is connected by safe lane.
Further, described safe lane, by X.509 certificate, symmetric cryptographic algorithm, IKE or eap-message digest safe practice build.
3. beneficial effect
Compared to prior art, the invention has the advantages that:
(1) Measures compare, the inventive method is compared with former method, in stochastic model, our scheme is provable security under safety supposes q-mBDHI, CDH and q-CAA, by increasing the degree of coupling of scheme signature process and ciphering process, make the ciphertext produced can not be tampered and steal content.Former method security is poor, assailant can eavesdrop the secret value that the ciphertext transmitted in the channel can extract sender, thus can decrypting ciphertext, obtain confidential information, the inventive method is in conjunction with the method for on-line/off-line, complex calculations mechanism is transferred to off-line phase calculate, so its efficiency and former method are more or less the same, high safety;
(2) the present invention be directed to the existing existing deficiency without certificate on-line/off-line stopover sites, propose a kind of completely newly without certificate on-line/off-line label decryption method and system, this programme does not need in the off-line label close stage identity knowing recipient, the flexibility of increase system and practicality, and be provable security in stochastic model, computational efficiency close to existing without certificate stopover sites, high safety, flexibility and practicality high.
Accompanying drawing explanation
Fig. 1 be standard without certificate on-line/off-line stopover sites quick-reading flow sheets;
Fig. 2 is invention system block flow diagram.
Embodiment
Below in conjunction with Figure of description and specific embodiment, the present invention is described in detail.
Embodiment 1
First related notion is described below:
Bilinear map (Bilinear Pairing)
Here the character that the basic definition introducing bilinear map need meet with it.
Make P, Q ∈ G 1, G 2be two p rank cyclic groups, wherein p is prime number, and P is G 1generator.The bilinear map defined on two groups is: e:G 1× G 1→ G 2, and meet character below:
Two mapping .e (aP, bP)=e (P, P) ab, to all all set up.
Non-degeneracy. there is P and make e (P, P) ≠ 1.
Computability. there is efficient algorithm to calculate e (P 1, P 2), wherein P 1, P 2∈ G 1.
Can notice: Bilinear map computing is tradable, because e (aP, bP)=e (P, P) ab=e (bP, aP).
2, difficult problem supposition
Definition 1CDH (Computational Diffie-Hellman)-problem: given p rank cyclic group G 1, wherein p is prime number, and P is G 1generator, then group G 1on CDH-problem be: known aP, bP ∈ G 1, wherein a, b be from stochastic choice, calculate abP.
Definition 2q-mBDHI (Modified Bilinear Diffie-Hellman Inversion for q-values)-problem: given p rank cyclic group G 1, wherein p is prime number, and P is G 1generator, then group G 1, G 2on q-mBDHI-problem be: known tuple ( P , αP , ( ω 1 + α ) - 1 P , . . . , ( ω q + α ) - 1 P , ω 1 , . . . , ω q ) ∈ G 1 q + 2 × ( Z p * ) q , Wherein α ∈ Z p * Be unknown, calculate
e ( P , P ) ( ω * + α ) - 1 , ω * ∈ Z p * .
Definition 3q-CAA (Collusion Attack Algorithm with q-traitors)-problem: given p rank cyclic group G 1, wherein p is prime number, and P is G 1generator, then group G 1on q-CAA-problem be: known ( P , αP , ( ω 1 + α ) - 1 P , . . . , ( ω q + α ) - 1 P , ω 1 , . . . , ω q ) ∈ G 1 q + 2 × ( Z p * ) q , Wherein α ∈ Z p * Be unknown, calculate
( ω * + α ) - 1 P , ω * ∈ Z p * .
According to the description that above-mentioned Bilinear Pairing and difficult problem are supposed.
As shown in Figure 1, for an existing standard without certificate on-line/off-line stopover sites quick-reading flow sheets.
System parameter setting module (Setup), user's secret value generation module (SecretValue Extract), User Part private key generation module (Partial Private Key Extract), the close module of off-line label (OfflineSigncrypt), the close module of online label (Online Signcrypt), deciphering module (Decrypt) is comprised without the close system of certificate on-line/off-line label.
1, system parameter setting module (Setup):
Make G 1, G 2be rank be respectively p addition cyclic group and multiplication loop group, P is G 1a generator.KGC Stochastic choice calculate P pub=sP.Then the open parameter of KGC is params=(G 1, G 2, e, q, P, P pub), main private key is msk=s.
2, user's secret value generation module (Secret Value Extract):
User U selects a random number calculate PK u=x up pub, be the PKI of user U, x ufor its secret value.
3, User Part private key generation module (Partial Private Key Extract):
KGC is by tuple (ID u, PK u) send to Hash arithmetic unit, obtain Q u, i.e. H 1: { 0,1} n× G 1→ G 1(H 1{ 0,1} n× G 1to G 1cryptographic Hash function, { 0,1} nexpression n the cartesian product of 0,1}).KGC calculates D u=sQ uas the part private key of user U.
4, the close module of off-line label (Offline Signcrypt):
Sender A determines message to be sent to B, first A Stochastic choice one number calculate static signature R=kP pub, S=k -1(D a+ (x a) -1q a), u=e (D a, Q b), by tuple (Q a, Q b, kPK b, x apK b, u) send to Hash arithmetic unit, obtain k ∈ { 0,1} n, that is: H 2: (G 1) 4× G 2→ { 0,1} n(H 2(G 1) 4× G 2to { 0,1} ncryptographic Hash function, { 0,1} nexpression n the cartesian product of 0,1}).So off-line label close be (R, S).
5, the close module of online label (Online Signcrypt):
Message m is sent to B by sender A, the basis of off-line label close (R, S) calculates ciphertext y=key ⊕ m, by tuple (y, Q a, Q b, R, S) and send to Hash arithmetic unit, obtain that is: H 3: { 0,1} n× (G 1) 4→ { 0,1} n(H 3{ 0,1} n× (G 1) 4to { 0,1} ncryptographic Hash function, { 0,1} nexpression n the cartesian product of 0,1}).And calculate σ=khx a.Finally export and sign close SC=(σ, y, R, S).
6, deciphering module (Decrypt):
The B open parameter p arams=(G of PKG 1, G 2, e, q, P, P pub) and sender A authentication signature (σ, y, R) validity.Checking equation e (S, σ P)=e (Q a, hPK a+ hP) whether set up, if set up, then signature is effectively, otherwise invalid.If B, after certifying signature is effective, is decrypted ciphertext y.Calculate u=e (D b, Q a), obtain key=H from Hash arithmetic unit 2(Q a, Q b, x br,x bpK a, u), then export expressly m=key ⊕ y (wherein cryptographic Hash Q a, h sends to Hash arithmetic unit to calculate).
According to above-mentioned <Setup, Secret Value Extract, Partial Private Key Extract, Offline Signcrypt, Online Signcrypt, Decrypt> algorithm, namely achieve without certificate on-line/off-line label decryption method.At this without in certificate on-line/off-line label decryption method, the secret value that user oneself produces and the part private key that KGC produces form whole private keys of user jointly, overcome the key escrow under identity-based environment.
But the program just needs to determine recipient's identity in off-line phase, decrease flexibility and the practicality of system, the program has been noted and has there is safety issue simultaneously, assailant can by eavesdropping the ciphertext of the sender's transmission transmitted in the channel, just can extract the private key of sender, this is fatal concerning system.
Therefore, the present invention provide one brand-new without certificate on-line/off-line label decryption method and system, in off-line phase without the need to determining recipient's identity, improve flexibility and the practicality of system, in stochastic model, fail safe is high.
As Fig. 2, provide a kind of concrete steps based on the label decryption method without certificate of the present invention:
A () system parameters generates (Setup):
PKG operational system parameter generation algorithm: first system chooses Big prime p, p factorial method cyclic group G 1and G 2, bilinear map e:G 1× G 1→ G 2.From G 1middle selection generator P, Stochastic choice calculate P pub=sP, g=e (P, P).System parameters generating algorithm generation system parameter, wherein openly parameter is params=(G 1, G 2, e, q, P, P pub), system master key be msk=s.
B () user secret value generates (Secret Value Extract):
Step 1: user's Stochastic choice as secret value, calculate PK=xP as its corresponding PKI.
C () User Part private key generates (Partial Private Key Extract):
Step 2: online task distributor sender and recipient's identity send to key generator;
Tuple (ID, PK) sends to Hash arithmetic unit to carry out computing by step 3:KGC, calculates hash value q, that is: (H 1{ 0,1} *× G 1arrive cryptographic Hash function, { 0,1} *× G 1expression is input as uncertain set, and { Ka Dier of 0,1} amasss and G 1element in group, expression set 1,2 ..., p-2, p-1}).
The value q calculated is sent to User Part key generator by step 4:Hash arithmetic unit; User Part key generator english abbreviation is KGC;
Step 5:KGC utilizes main private key msk=s to calculate the part private key of user then online task distributor is sent to;
D the complete private key of () user generates (Full Private Key Extract):
Step 6: the certain customers' private key obtained is sent to corresponding user by safe lane by online task distributor, and user is by (x, D) the complete private key as oneself;
(e) off-line label close (Offline Signcrypt):
Step 7: suppose that sender is that the complete private key of oneself is all sent to the close maker of off-line label by Alice, Alice, r selected by the close maker of off-line label 1, β, calculate c 1-1r 1p, C 2=r 1(β+s) P=r 1(β P+P pub), T=γ -1μ D a;
Step 8:Alice Stochastic choice r 2∈ { 0,1} *, calculate U=μ P, by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit, obtain that is: (H 2{ 0,1} *× G 1× G 1arrive cryptographic Hash function, { Ka Dier of 0,1} is long-pending with two G to be input as uncertain set 1element in group, expression set 1,2 ..., p-2, p-1});
Step 9: the close maker of off-line label obtains cryptographic Hash α from Hash arithmetic unit;
Step 10:Alice is by σ '=(U, W, C 1, C 2, T, μ, α, beta, gamma, r 2) be stored in internal memory as off-line ciphertext, by the time on-line stage and recipient mutual time be retrieved use; This off-line phase without the need to determining recipient's identity, efficiency improve, eliminate off-line confirm restriction, flexibility and practicality higher, in stochastic model, fail safe is good.
F () signs close (Online Signcrypt) online:
Step 11:Alice retrieves off-line ciphertext σ '=(U, W, C from internal memory 1, C 2, T, μ, α, beta, gamma, r 2);
Step 12:Alice will by message m ∈ { 0,1} *send to Bob, obtain the cryptographic Hash q of Hash arithmetic unit from online task distributor b=H 1(ID b, PK b);
Step 13:Alice obtains cryptographic Hash q from Hash arithmetic unit b;
Step 14:Alice calculated value μ PK b, by tuple (U, W, PK b, μ PK b) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 15:Alice obtains cryptographic Hash k from Hash arithmetic unit;
Step 16:Alice calculates C=k ⊕ (m||r 2|| ID a), by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit, obtain h &Element; Z p * , That is: H 4 : Z p * &times; { 0,1 } * &times; G 1 &times; G 1 &times; G 1 &times; G 1 &RightArrow; Z p * (H 4be arrive cryptographic Hash function, be input as set 1,2 ..., p-2, p-1} element, uncertain set { cartesian product of 0,1} and four each and every one G 1group in element, export into set 1,2 ..., p-2, p-1} element);
Step 17:Alice obtains cryptographic Hash h from Hash arithmetic unit;
Step 18:Alice is by ciphertext σ=(C 1, C 2, C 3, C, U, T, t) and send to Bob by channel;
(g) deciphering (Decrypt):
Step 19:Bob receives σ=(C from online task distributor 1, C 2, C 3, C, U, T, t);
The ciphertext received sends to decipher to be decrypted and checking by step 20:Bob;
Step 21: the complete private key calculated value W=e (C respectively utilizing oneself 1c 3+ C 2, D b), x bu, then by tuple (U, W, PK b, x bu) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 22:Bob obtains cryptographic Hash k from Hash arithmetic unit;
Step 23:Bob deciphers m||r 2|| ID a=C ⊕ k, by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit;
Step 24:Bob obtains cryptographic Hash h from Hash arithmetic unit;
Step 25:Bob is by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit;
Step 26:Bob obtains cryptographic Hash α from Hash arithmetic unit;
Step 27:Bob verifies equation e (P pub+ q ap, Tt)=e (U, hP) e (U, PK a), e (C 1, P) α=W sets up, and all set up, message m is legal, receives.
Therefore, the present invention provide one brand-new without certificate label decryption method, in off-line phase without the need to determining recipient's identity, improve flexibility and the practicality of system, in stochastic model, fail safe is high.
A kind of based on the close system of label without certificate, comprise: third party KGC (Key Generation Center part private key generating center), line module, wherein third party's module comprises the online task distributor, part private key generator, the Hash arithmetic unit that are connected by safe lane; Safe lane, is built by X.509 certificate technique.Line module comprises user's secret value maker, the complete private key generator of user, the close device of off-line label, the close device of online label and decipher.
Sign and closely in a logic, achieve signature to message and encryption, message can secret ground, send to recipient to certification while, system also can be operably quite efficient.Meanwhile, we realize under without the environment of certificate, overcome the problem of the key escrow of ID-based cryptosystem.Moreover, use the primitive of on-line/off-line, more improve the efficiency of system, electronic cash payment, email authentication and encryption key distribution etc. can be made to be applied on the limited equipment of intelligent machine constant power efficiently, use quite general today at intelligent machine, have very important meaning.
Embodiment 2
Embodiment 2 is substantially the same manner as Example 1, and difference is, safe lane is built by symmetric cryptographic algorithm, step 27, and Bob verifies equation e (P pub+ q ap, Tt)=e (U, hP) e (U, PK a), e (C 1, P) α=W is false, and message m is illegal, rejection.
Embodiment 3
Embodiment 3 is substantially the same manner as Example 1, and difference is, safe lane is built by IKE.
Embodiment 4
Embodiment 4 is substantially the same manner as Example 1, and difference is, safe lane is built by eap-message digest safe practice.

Claims (3)

1., based on the label decryption method without certificate, comprise the steps:
A () system parameters generates:
PKG operational system parameter generation algorithm: first system chooses Big prime p, p factorial method cyclic group G 1and G 2, bilinear map e:G 1× G 1→ G 2.From G 1middle selection generator P, Stochastic choice calculate P pub=sP, g=e (P, P), system parameters generating algorithm generation system parameter, wherein openly parameter is params=(G 1, G 2, e, q, P, P pub), system master key be msk=s;
B () user secret value generates:
Step 1: user's Stochastic choice as secret value, calculate PK=xP as its corresponding PKI;
C () User Part private key generates:
Step 2: online task distributor sender and recipient's identity send to User Part key generator;
Step 3: tuple (ID, PK) sends to Hash arithmetic unit to carry out computing by User Part key generator, calculates hash value q, that is: (H 1{ 0,1} *× G 1arrive cryptographic Hash function, { 0,1} *× G 1expression is input as uncertain set, and { Ka Dier of 0,1} amasss and G 1element in group, expression set 1,2 ..., p-2, p-1});
The value q calculated is sent to User Part key generator by step 4:Hash arithmetic unit, and user is sender and recipient;
Step 5: User Part key generator utilizes main private key msk=s to calculate the part private key of user then online task distributor is sent to;
D the complete private key of () user generates:
Step 6: the certain customers' private key obtained is sent to corresponding user by safe lane by online task distributor, and user is by (x, D) the complete private key as oneself;
E () off-line label are close:
Step 7: the complete private key of oneself is all sent to the close maker of off-line label by sender, r selected by the close maker of off-line label 1, β, calculate c 1-1r 1p, C 2=r 1(β+s) P=r 1(β P+P pub), T=γ -1μ D a;
Step 8: sender's Stochastic choice 2∈ { 0,1} *, calculate U=μ P, by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit, obtain that is: (H 2{ 0,1} *× G 1× G 1arrive cryptographic Hash function, { Ka Dier of 0,1} is long-pending with two G to be input as uncertain set 1element in group, expression set 1,2 ..., p-2, p-1});
Step 9: the close maker of off-line label obtains cryptographic Hash α from Hash arithmetic unit;
Step 10: sender is by σ '=(U, W, C 1, C 2, T, μ, α, beta, gamma, r 2) be stored in internal memory as off-line ciphertext;
F () is signed close online:
Step 11: sender retrieves off-line ciphertext σ '=(U, W, C from internal memory 1, C 2, T, μ, α, beta, gamma, r 2);
Step 12: sender will by message m ∈ { 0,1} *send to recipient, obtain the cryptographic Hash q of Hash arithmetic unit from online task distributor b=H 1(ID b, PK b);
Step 13: sender obtains cryptographic Hash q from Hash arithmetic unit b;
Step 14: sender's calculated value μ PK b, by tuple (U, W, PK b, μ PK b) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 15: sender obtains cryptographic Hash k from Hash arithmetic unit;
Step 16: sender calculates by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit, obtain that is: H 4 : Z p * &times; { 0,1 } * &times; G 1 &times; G 1 &times; G 1 &times; G 1 &RightArrow; Z p * (H 4be arrive cryptographic Hash function, be input as set 1,2 ..., p-2, p-1} element, uncertain set { cartesian product of 0,1} and four each and every one G 1group in element, export into set 1,2 ..., p-2, p-1} element);
Step 17: sender obtains cryptographic Hash h from Hash arithmetic unit;
Step 18: sender is by ciphertext σ=(C 1, C 2, C 3, C, U, T, t) and send to recipient by channel;
G () deciphers:
Step 19: recipient receives ciphertext σ=(C from online task distributor 1, C 2, C 3, C, U, T, t);
Step 20: the ciphertext received sends to decipher to be decrypted and checking by recipient;
Step 21: recipient utilizes the complete private key of oneself to distinguish calculated value W=e (C 1c 3+ C 2, D b), x bu, then by tuple (U, W, PK b, x bu) send to Hash arithmetic unit, obtain k ∈ { 0,1} *, that is: H 3: G 1× G 1× G 1× G 1→ { 0,1} *(H 3g 1× G 1× G 1× G 1to { 0,1} *cryptographic Hash function, be input as four G 1element in group, { 0,1} *indicate uncertain set the cartesian product of 0,1});
Step 22: recipient obtains cryptographic Hash k from Hash arithmetic unit;
Step 23: recipient deciphers by tuple (C 3, C, r 2, ID a, ID b, C 1, C 2, PK a, PK b) send to Hash arithmetic unit;
Step 24: recipient obtains cryptographic Hash h from Hash arithmetic unit;
Step 25: recipient is by tuple (r 2, ID a, U, PK a) send to Hash arithmetic unit;
Step 26: recipient obtains cryptographic Hash α from Hash arithmetic unit;
Step 27: recipient verifies equation e (P pub+ q ap, Tt)=e (U, hP) e (U, PK a), e (C 1, P) αwhether=W sets up, if all set up, message m is legal, otherwise message is illegal, rejection.
2. based on the close system of label without certificate, it is characterized in that: comprise third party's part private key generating center, line module, wherein third party's part private key generating center comprises online task distributor, part private key generator, Hash arithmetic unit; Line module comprises user's secret value maker, the complete private key generator of user, the close device of off-line label, the close device of online label and decipher, online task distributor, part private key generator and Hash arithmetic unit that third party's part private key generating center is connected by safe lane.
3. according to claim 2ly a kind ofly to it is characterized in that: described safe lane based on the close system of label without certificate, by X.509 certificate, symmetric cryptographic algorithm, IKE or eap-message digest safe practice build.
CN201410614542.8A 2014-11-04 2014-11-04 A kind of label decryption method and system based on no certificate Active CN104393996B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410614542.8A CN104393996B (en) 2014-11-04 2014-11-04 A kind of label decryption method and system based on no certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410614542.8A CN104393996B (en) 2014-11-04 2014-11-04 A kind of label decryption method and system based on no certificate

Publications (2)

Publication Number Publication Date
CN104393996A true CN104393996A (en) 2015-03-04
CN104393996B CN104393996B (en) 2018-10-23

Family

ID=52611832

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410614542.8A Active CN104393996B (en) 2014-11-04 2014-11-04 A kind of label decryption method and system based on no certificate

Country Status (1)

Country Link
CN (1) CN104393996B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743641A (en) * 2016-04-01 2016-07-06 西安电子科技大学 Multi-receiver signcryption method for explicit verification of public key
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN107171788A (en) * 2017-04-08 2017-09-15 西安邮电大学 A kind of identity-based and the constant online offline aggregate signature method of signature length
CN107682145A (en) * 2017-09-12 2018-02-09 西安电子科技大学 It is true anonymous without the more message multi-receiver label decryption methods of certificate
CN108847933A (en) * 2018-06-26 2018-11-20 西安电子科技大学 Mark based on SM9 cryptographic algorithm signs and issues method
CN110234093A (en) * 2019-07-04 2019-09-13 南京邮电大学 Internet of things equipment encryption method based on IBE under a kind of car networking environment
CN110650017A (en) * 2019-09-02 2020-01-03 西安电子科技大学 Non-bilinear pairing multi-message multi-receiver signcryption method and Internet of things communication system
CN112398637A (en) * 2020-07-08 2021-02-23 电子科技大学 Equality test method based on certificate-free bookmark password
CN113301520A (en) * 2021-05-21 2021-08-24 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN114039724A (en) * 2021-11-05 2022-02-11 淮阴工学院 Online and offline signcryption method from CLC environment to IBC environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023648A (en) * 2012-11-27 2013-04-03 中国科学技术大学苏州研究院 Certificateless signature method based on elliptic curve discrete logarithm problem
KR20140029070A (en) * 2012-08-31 2014-03-10 고려대학교 산학협력단 Apparatus and method for managing firmware of device using certificateless signature

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140029070A (en) * 2012-08-31 2014-03-10 고려대학교 산학협력단 Apparatus and method for managing firmware of device using certificateless signature
CN103023648A (en) * 2012-11-27 2013-04-03 中国科学技术大学苏州研究院 Certificateless signature method based on elliptic curve discrete logarithm problem

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JOONSANG BAEK等: "An Authentication Framework for Automatic Dependent Surveillance-Broadcast Based on Online/Offline Identity-Based Signature", 《2013 EIGHTH INTERNATIONAL CONFERENCE ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING》 *
于刚: "若干签密方案研究", 《中国博士学位论文全文数据库 信息科技辑》 *
赵晶晶等: "结合在线/离线方法的无证书签密", 《计算机应用》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN105763528B (en) * 2015-10-13 2018-11-13 北方工业大学 The encryption device of diversity person's anonymity under a kind of mixed mechanism
CN105743641B (en) * 2016-04-01 2018-11-16 西安电子科技大学 It is a kind of can explicit authentication public key multi-receiver label decryption method
CN105743641A (en) * 2016-04-01 2016-07-06 西安电子科技大学 Multi-receiver signcryption method for explicit verification of public key
CN107171788B (en) * 2017-04-08 2020-06-30 西安邮电大学 Identity-based online and offline aggregated signature method with constant signature length
CN107171788A (en) * 2017-04-08 2017-09-15 西安邮电大学 A kind of identity-based and the constant online offline aggregate signature method of signature length
CN107682145A (en) * 2017-09-12 2018-02-09 西安电子科技大学 It is true anonymous without the more message multi-receiver label decryption methods of certificate
CN107682145B (en) * 2017-09-12 2019-09-03 西安电子科技大学 It is true anonymous without the more message multi-receiver label decryption methods of certificate
CN108847933A (en) * 2018-06-26 2018-11-20 西安电子科技大学 Mark based on SM9 cryptographic algorithm signs and issues method
CN110234093A (en) * 2019-07-04 2019-09-13 南京邮电大学 Internet of things equipment encryption method based on IBE under a kind of car networking environment
CN110234093B (en) * 2019-07-04 2021-11-26 南京邮电大学 Internet of things equipment encryption method based on IBE (Internet of things) in Internet of vehicles environment
CN110650017A (en) * 2019-09-02 2020-01-03 西安电子科技大学 Non-bilinear pairing multi-message multi-receiver signcryption method and Internet of things communication system
CN112398637A (en) * 2020-07-08 2021-02-23 电子科技大学 Equality test method based on certificate-free bookmark password
CN113301520A (en) * 2021-05-21 2021-08-24 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN113301520B (en) * 2021-05-21 2023-02-28 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN114039724A (en) * 2021-11-05 2022-02-11 淮阴工学院 Online and offline signcryption method from CLC environment to IBC environment

Also Published As

Publication number Publication date
CN104393996B (en) 2018-10-23

Similar Documents

Publication Publication Date Title
CN104393996A (en) Certificateless-based signcryption method and certificateless-based signcryption system
CN102811125B (en) Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN101977112B (en) Public key cipher encrypting and decrypting method based on neural network chaotic attractor
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN103312506B (en) The multi-receiver label decryption method of recipient&#39;s identity anonymous
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN104363218A (en) Proxy re-encryption method and system on basis of certificate conditions
CN104821880A (en) Certificate-free generalized proxy signcryption method
EP3664360A1 (en) Certificateless public key encryption using pairings
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN110545169B (en) Block chain method and system based on asymmetric key pool and implicit certificate
CN104519071A (en) Group encryption and decryption method and system with selection and exclusion functions
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN102215111A (en) Method for combining identity-based cryptography and conventional public key cryptography
CN103414559A (en) Identity authentication method based on IBE-like system in cloud computing environment
CN105763528A (en) Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN104836657A (en) Identity anonymity-based broadcast encryption method having efficient decryption characteristic
CN101882996B (en) Information encryption and decryption method in distributed system based on identity
CN103746810B (en) Anonymous sign-cryption method from certificate public key system to identity public key system
CN103269272B (en) A kind of key encapsulation method based on short-lived certificates
CN101964039B (en) Encryption protection method and system of copyright object
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
CN104320249A (en) Anti-elastic-leakage encryption method and system based on identification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant