CN105429941A - Multi-receiver identity anonymity signcryption method - Google Patents

Multi-receiver identity anonymity signcryption method Download PDF

Info

Publication number
CN105429941A
CN105429941A CN201510705601.7A CN201510705601A CN105429941A CN 105429941 A CN105429941 A CN 105429941A CN 201510705601 A CN201510705601 A CN 201510705601A CN 105429941 A CN105429941 A CN 105429941A
Authority
CN
China
Prior art keywords
recipient
sender
pki
identity
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510705601.7A
Other languages
Chinese (zh)
Other versions
CN105429941B (en
Inventor
庞辽军
胡雨霏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201510705601.7A priority Critical patent/CN105429941B/en
Publication of CN105429941A publication Critical patent/CN105429941A/en
Application granted granted Critical
Publication of CN105429941B publication Critical patent/CN105429941B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a multi-receiver identity anonymity signcryption method. The method specifically includes steps: 1, generating password system parameters; 2, registering senders and receivers; 3, performing signcryption of the senders; 4, determining whether a validity condition of a signcryption ciphertext is established; 5, determining whether a permission verification condition is established; 6, performing de-signcryption of the receivers; and 7, exiting the de-signcryption. According to the method, the LaGrange interpolation technique is replaced by the new polynomial technique, identity anonymity between registered receivers is realized, the calculation of intermediate parameters is reduced in a signcryption process, the efficiency of encryption and decryption is improved, the overall security and the anonymity of the system are improved, the receivers can no longer verify the identity of other receivers, and the method can be applied to the application field of distributed network.

Description

Multi-receiver identity anonymous label decryption method
Technical field
The invention belongs to networking technology area, further relate to a kind of multi-receiver identity anonymous label decryption method in a kind of technical field of network security.The present invention is made as basis with the label dense body of identity-based, and the one of proposition realizes multi-receiver identity anonymous label decryption method, namely each registration recipient's identity can not victim obtain multi-receiver label decryption method.The present invention can be used in the middle of the distribute network application, provides safety guarantee effect to the privacy of Internet Service Provider and all authorized user identities.
Background technology
Many received communications occupy critical role in the distribute network application, and multi-receiver label secret skill art is considered to the effective means guaranteeing its fail safe.Multi-receiver stopover sites can be used for the scenes such as Web conference, roundtable conference, pay TV.In order to protect the privacy of identities of all participants conversated in communication system, and guarantee that session content only can be registered user and correctly decipher, and unauthorized user correctly cannot be deciphered, and needs multi-receiver label secret skill art as support.The identity that the scheme of existing multi-receiver identity anonymous adopts Lagrange's interpolation to realize recipient is mostly hidden.But; scheme based on Lagrange's interpolation has been proved to be the privacy really can not protecting recipient; because any one recipient authorized can judge the recipient whether other recipients are authorized to, this is obviously the original intention of running counter to multi-receiver scheme privacy.
A kind of multi-receiver label decryption method of full energy matries of sharable content object is proposed in the paper " CompletelyAnonymousMulti-ReceiverSigncryptionSchemewithP ublicVerification. " (periodical PLoSONE8 (5): e63562, publication date 2013.05.10) that the people such as Pang deliver at it.The key step of the method is: (1) user (comprising sender and recipient) registers to trusted third party TTP (TrustedThirdParty) with the identity information of self, TTP calculates PKI and private key for each registered user, and the PKI of user is open, corresponding private key secret is distributed to each user.(2), when signing close, first sender chooses the PKI that random number is multiplied by oneself and obtains the pseudo-PKI of sender to hide the identity information of oneself; Sender selects some registered subscriber identity informations to form the set of recipient's identity information, and is merged by recipient's identity information by Lagrange's interpolation, forms and hides set; Set, cleartext information is hidden by calculating cryptogram validation value by oneself pseudo-PKI, recipient's identity; Hide set, cryptogram validation value with the pseudo-PKI of oneself, recipient's identity information of structure and the message that will send obtains ciphertext by structure, and ciphertext is broadcasted.(3), during deciphering, first recipient verifies the validation value in ciphertext, judges whether ciphertext makes mistakes and whether self has reception authority, if ciphertext is made mistakes or oneself is not authorized receiver, is not then decrypted; If ciphertext is correct and oneself be authorized receiver, be then decrypted.The weak point that the method exists is: although the method utilizes Lagrange's interpolation, the identity information of recipient can be merged and hide in set stored in identity information, but these methods can only stop external attacker to obtain the identity information of authorized receiver, and arbitrary authorized receiver can not be stoped to judge whether the other side authorizes by the bilinear map value of the PKI contrasting oneself and other recipients, and this seriously runs counter to Receiver Anonymity.
Xian Electronics Science and Technology University and Northwestern Polytechnical University are at patent document " the multi-receiver label decryption method of participant's identity anonymous " (application number 201310167990 of its co-applications, date of application 2013.05.06, publication date 2013.10.23) in propose a kind of multi-receiver label decryption method realizing participant's identity anonymous of identity-based.The key step of the method is: first, user's (comprising sender and recipient) registers to trusted third party TTP with the identity information of self, TTP calculates PKI and private key for each registered user, and the PKI of user is open, corresponding private key secret is distributed to each user.When signing close, the some registered subscriber identity informations of sender's Stochastic choice are by the identity information set of Lagrange's interpolation algorithm construction, undertaken calculating thus obtaining ciphertext by the pseudo-PKI of oneself, recipient's identity information set of structure and the message that will send, and ciphertext is broadcasted; During deciphering, recipient first verifies after receiving ciphertext that ciphertext is to check that whether oneself is legitimate receiver, if oneself is not authorized receiver, is not then decrypted; If oneself be legitimate receiver, be then decrypted.The weak point that the method exists is: the ciphering process of the method is a large amount of calculating Middle Component, and adds and sign in dense literary composition, has had a strong impact on encryption and decryption efficiency.
Summary of the invention
The object of the invention is to overcome above-mentioned prior art can not realize the user identity anonymity of communication session problem when carrying out secure broadcast, a multi-receiver identity anonymous label decryption method is provided.
The main thought realizing this method is: the PKI of sender when each broadcast communication all according to oneself constructs a pseudo-PKI and communicate, because assailant can to inquire the identity of the sender information of its correspondence by PKI, so the true identity of sender can stash by the use of pseudo-PKI, thus achieve sender anonymity; Sender adopts new multinomial technical substitution Lagrange's interpolation technology the identity information of all authorized receivers to be merged a part as signing dense literary composition when signing close message, thus signing the identity information list directly not exposing recipient in dense literary composition, and authorized receiver no longer can verify the authorization conditions of other recipients, and then achieves the identity anonymous of real recipient.Therefore, when this method prevents broadcast communication, the identity information leakage problem of potential sender and recipient, protects the privacy of communication parties.
According to above thinking, specific implementation step of the present invention comprises as follows:
(1) generating cipher system parameters:
(1a) key generation centre chooses Big prime q, wherein a z<2 according to cryptographic system security parameter z 64and q>2 z;
(1b) key generation centre constructs the addition cyclic group and multiplication loop group that two rank are q;
(1c) addition cyclic group is mapped to multiplication loop group by key generation centre, obtains a bilinear map, random selecting generator from addition cyclic group;
(1d) master key of random selecting cryptographic system from addition cyclic group, the result be multiplied with cryptographic system master key by the generator of addition cyclic group, as cryptographic system PKI, preserves cryptographic system master key;
(1e) key generation centre constructs identity hash function H respectively 1: { 0,1} *→ G 1; Bilinearity hash function H 2: G 2→ Z q *; Weighting hash function H 3: Z q *→ { 0,1} w; Keyed hash function H 4: { 0,1} w→ { 0,1} | M|; Checking hash function H 5: G 1× G 1× { 0,1} w× { 0,1} w× Z q *→ Z q *;
(1f) key generation centre chooses one arbitrarily from existing key encrypt method, and chooses the public key decryptions method corresponding with this key encrypt method;
(1g) the cryptographic system parameter of generation is preserved and issues by key generation centre;
(2) sender and recipient's registration:
(2a) sender and recipient submit identity information to key generation centre;
(2b) key generation centre utilizes following formula to calculate private key:
D ID=s*H 1(ID)
Wherein, D iDrepresent the private key of sender and recipient, ID represents the identity information of sender and recipient, and s represents cryptographic system master key, and * represents multiplication operations, H 1(ID) PKI of sender and recipient is represented;
(2c) key generation centre externally announces the PKI of sender and recipient, and the private key of sender and recipient is sent to sender and recipient respectively safely;
(3) sender signs close:
(3a) sender chooses registered multiple recipient, and sets up recipient's identity information list of registration;
(3b) sender chooses PKI mask r, PKI mask r is multiplied with sender's PKI, obtain the pseudo-PKI of sender, PKI mask is multiplied with the cryptographic system PKI in cryptographic system parameter and obtains cryptographic system validation value, PKI mask is multiplied with the generator of addition cyclic group in cryptographic system parameter and obtains group validation value, then sender chooses pseudo-PKI random number α, pseudo-to pseudo-PKI random number α and sender PKI is multiplied and obtains pseudo-public key verifications value, wherein, r represents PKI mask, r ∈ Z q *, ∈ represents defined domain symbol, Z q *represent that the rank constructed by sender are the non-zero multiplicative group of Big prime q, q represents Big prime selected in step (1a), and α represents pseudo-PKI random number, α ∈ Z q *;
(3c) sender accesses to your password the identity hash function H in system parameters 1with recipient's identity information of each registration, according to formula Q i=H 1(ID i) calculate the PKI of each recipient, wherein, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, H 1() represents identity hash function, ID irepresent the identity information of recipient;
(3d) sender is according to formula v i=H 2(e (Q i+ J)), calculate pseudo-identity value v i, wherein, H 2() represents bilinearity hash function, and e represents the bilinear map in cryptographic system parameter, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and J represents cryptographic system validation value;
(3e) utilize following formula, key generation centre calculates recipient and hides identification parameters:
f ( x ) = &Pi; i = 1 n ( x - v i ) + p ( mod q )
Wherein, f (x) represents that recipient hides identification parameters, and x represents hiding identity seed, and Π represents that company takes advantage of operation, and n represents the recipient's number receiving ciphertext, and i represents counting vernier, v irepresent pseudo-identity value, p represents the positive integer weighting parameters of sender's Stochastic choice, and mod represents and asks modulo operation, and q represents the Big prime in cryptographic system parameter;
(3f) utilize following formula, key generation centre calculates recipient and mixes identity value:
A=f(1)
Wherein, A represents that recipient mixes identity value, and f () represents that recipient hides identification parameters;
(3g) sender chooses arbitrarily a string δ, according to formula from the string of any length be made up of 0 and 1 computation key validation value V, according to formula K=H 4(δ) calculate the key K that encryption method in cryptographic system parameter and decryption method share, wherein, δ represents the string of any length that sender chooses, represent xor operation, p represents the positive integer weighting parameters of sender's Stochastic choice, H 3() represents weighting hash function, H 4() represents keyed hash function;
(3h) public key encryption algorithm during sender utilizes selected by step (1f) cryptographic system parameter, is encrypted clear-text message to be encrypted, obtains message ciphertext;
(3i) following formula is utilized, sender's compute signature validation value:
h=H 5(X,U,Z,V,A)
Wherein, h represents signature verification value, H 5() represents checking hash function, and X represents pseudo-public key verifications value, and U represents group validation value, and Z represents message ciphertext, and V represents key authentication value, and A represents that recipient mixes identity value;
(3j) following formula is utilized, sender's compute signature parameter:
W=(α+h)*r*D s
Wherein, W represents signature parameter, and α represents pseudo-PKI random number, and h represents signature verification value, and * represents multiplication operations, and r represents cryptographic system random number, D srepresent the private key of sender;
(3k) result that step (3b), step (3d), step (3e), step (3f), step (3h), step (3i) and step (3j) obtain by sender is formed signs dense literary composition, and broadcasts the dense literary composition of label;
(4) judge whether sign dense civilian condition for validity sets up:
e(W,P)=e(X+h*Y,P pub)
Wherein, e () represents bilinear map, and W represents the signature parameter of sender, and P represents the generator of addition cyclic group, and X represents pseudo-public key verifications value, and h represents signature verification value, and Y represents the pseudo-PKI of sender, P pubexpression system PKI;
If so, then sign dense literary composition effective, perform step (5), otherwise, sign dense literary composition invalid, perform step (7);
(5) judge whether Authority Verification condition is set up:
e(W,Q i)=e(X+hY,D i)
Wherein, e () represents bilinear map, and W represents the signature parameter of sender, Q irepresent recipient's PKI, X represents pseudo-public key verifications value, and h represents signature verification value, and Y represents the pseudo-PKI of sender, D irepresent recipient's PKI;
If so, recipient has the right to decipher, then perform step (6), otherwise recipient haves no right to decipher, and performs step (7);
(6) recipient separate sign close:
(6a) according to the following formula, recipient calculates pseudo-identity value:
v i=H 2(e(D i,U))
Wherein, v irepresent pseudo-identity value, H 2() represents password one-way Hash function, and e () represents the bilinear map in system parameters, D irepresent recipient's PKI, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and U represents group validation value;
(6b) according to the following formula, recipient calculates weighting parameters:
p=f(v i)
Wherein, p represents weighting parameters, and f () represents that recipient hides identification parameters, v irepresent pseudo-identity value;
(6c) according to the following formula, recipient calculates string:
Wherein, δ represents key seed, and V represents key authentication value, represent xor operation, H 3() represents password one-way Hash function, and p represents weighting parameters;
(6d) according to the following formula, the key of recipient's secure processing device encrypts algorithm:
K=H 4(δ)
Wherein, K represents the key of public key decryptions algorithm, H 4() represents password one-way Hash function, and δ represents key seed;
(6e) the public key decryptions algorithm during recipient utilizes selected by step (1f) cryptographic system parameter, is decrypted cipher-text message, obtains clear-text message;
(7) exiting solution signs close;
The present invention compared with prior art tool has the following advantages:
First, due to the present invention sender sign in close process by calculate recipient hide identification parameters, the pseudo-identity value of all authorized receivers is converted to mixing identity value, and as signing the element of dense literary composition, make not calculate party identity information by the relation signed between dense civilian element between authorized receiver, overcome in prior art and adopt Lagrange's interpolation can not stop the problem being calculated authorized receiver's identity information between authorized receiver by the relation signed between dense civilian element, and then make the identity anonymous that present invention achieves between authorized receiver.
Second, because the present invention is by calculating identity conversion value, the mixing identity value of authorized receiver, and and then calculate the hiding identification parameters of recipient, improve existing encryption technology, decrease the calculating of intermediate parameters, overcome in prior art and use Lagrange's interpolation, need the problem calculating the encryption and decryption inefficiency that intermediate parameters causes, and then make the efficiency that invention increases encryption and decryption.
Accompanying drawing explanation
Accompanying drawing 1 is flow chart of the present invention.
Embodiment
Below in conjunction with accompanying drawing 1, the present invention will be further described.
Step 1, generating cipher system parameters.
Key generation centre chooses Big prime q, wherein a z<2 according to cryptographic system security parameter z 64and q>2 z, construct the addition cyclic group G that two rank are q 1with multiplication loop group G 2; Addition cyclic group is mapped to multiplication loop group by key generation centre, obtains bilinear map, i.e. an e:G 1× G 1→ G 2, from addition cyclic group G 1random selecting generator P; The master key of random selecting cryptographic system from addition cyclic group the result be multiplied with cryptographic system master key by the generator of addition cyclic group is as cryptographic system PKI P pub=sP, preserves cryptographic system master key s; Key generation centre constructs identity hash function H respectively 1: { 0,1} *→ G 1; Bilinearity hash function H 2: G 2→ Z q *; Weighting hash function H 3: Z q *→ { 0,1} w; Keyed hash function H 4: { 0,1} w→ { 0,1} | M|; Checking hash function H 5: G 1× G 1× { 0,1} w× { 0,1} w× Z q *→ Z q *; Key generation centre chooses arbitrarily a kind of E from existing key encrypt method, and chooses the public key decryptions method D corresponding with this key encrypt method.
Key generation centre releasing pin system parameters Params:
Params=<G 1,G 2,q,e,P,P pub,H 1,H 2,H 3,H 4,H 5,E,D>。
Step 2, sender and recipient's registration.
Sender and recipient submit identity information to key generation centre.
Key generation centre utilizes following formula computation key:
D ID=s*H 1(ID)
Wherein, D iDrepresent the private key of sender and recipient, ID represents the identity information of sender and recipient, and s represents cryptographic system master key, and * represents multiplication operations, H 1(ID) PKI of sender and recipient is represented.
Key generation centre externally announces the PKI of sender and recipient, and the private key of sender and recipient is sent to sender and recipient respectively safely.
Step 3, sender signs close.
Sender chooses registered multiple recipient, and sets up recipient's identity information list of registration.
Sender chooses PKI mask r, PKI mask r is multiplied with sender's PKI, obtain the pseudo-PKI of sender, be multiplied with the cryptographic system PKI in cryptographic system parameter by PKI mask and obtain cryptographic system validation value, being multiplied with the generator of addition cyclic group in cryptographic system parameter by PKI mask obtains group validation value, and then sender chooses pseudo-PKI random number α, pseudo-to pseudo-PKI random number α and sender PKI is multiplied and obtains pseudo-public key verifications value, wherein, r represents PKI mask, r ∈ Z q *, ∈ represents defined domain symbol, Z q *represent that the rank constructed by sender are the non-zero multiplicative group of Big prime q, q represents Big prime selected in step (1a), and α represents pseudo-PKI random number, α ∈ Z q *.
Sender accesses to your password the identity hash function H in system parameters 1with recipient's identity information of each registration, according to formula Q i=H 1(ID i) calculate the PKI of each recipient, wherein, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, H 1() represents identity hash function, ID irepresent the identity information of recipient.
Sender is according to formula v i=H 2(e (Q i+ J)), calculate pseudo-identity value v i, wherein, H 2() represents bilinearity hash function, and e represents the bilinear map in cryptographic system parameter, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and J represents cryptographic system validation value.
Utilize following formula, key generation centre calculates recipient and hides identification parameters:
f ( x ) = &Pi; i = 1 n ( x - v i ) + p ( mod q )
Wherein, f (x) represents that recipient hides identification parameters, and x represents hiding identity seed, and Π represents that company takes advantage of operation, and n represents the recipient's number receiving ciphertext, and i represents counting vernier, v irepresent pseudo-identity value, p represents the positive integer weighting parameters of sender's Stochastic choice, and mod represents and asks modulo operation, and q represents the Big prime in cryptographic system parameter.
Utilize following formula, key generation centre calculates recipient and mixes identity value:
A=f(1)
Wherein, A represents that recipient mixes identity value, and f () represents that recipient hides identification parameters.
Sender chooses arbitrarily a string δ, according to formula from the string of any length be made up of 0 and 1 computation key validation value V, according to formula K=H 4(δ) calculate the key K that encryption method in cryptographic system parameter and decryption method share, wherein, δ represents the string of any length that sender chooses, represent xor operation, p represents the positive integer weighting parameters of sender's Stochastic choice, H 3() represents weighting hash function, H 4() represents keyed hash function.
Sender utilizes the public key encryption algorithm in the cryptographic system parameter selected by step (1f), is encrypted clear-text message to be encrypted, obtains message ciphertext.
Utilize following formula, sender's compute signature validation value:
h=H 5(X,U,Z,V,A)
Wherein, h represents signature verification value, H 5() represents checking hash function, and X represents pseudo-public key verifications value, and U represents group validation value, and Z represents message ciphertext, and V represents key authentication value, and A represents that recipient mixes identity value.
Utilize following formula, sender's compute signature parameter:
W=(α+h)*r*D s
Wherein, W represents signature parameter, and α represents pseudo-PKI random number, and h represents signature verification value, and * represents multiplication operations, and r represents cryptographic system random number, D srepresent the private key of sender.
Sender utilizes above result to form and signs dense civilian C=< Y, U, X, Z, V, W, A >., and the dense literary composition of label is broadcasted.
Step 4, judges that whether sign dense civilian condition for validity sets up, and if so, then signs dense literary composition effective, performs step 5, otherwise, sign dense literary composition invalid, perform step 7.
Sign dense civilian condition for validity as follows:
e(W,P)=e(X+hY,P pub)
Wherein, e () represents bilinear map, and W represents the signature parameter of sender, and P represents the generator of addition cyclic group, and X represents pseudo-public key verifications value, and h represents signature verification value, and Y represents the pseudo-PKI of sender, P pubexpression system PKI;
Step 5, judges whether Authority Verification condition is set up, and if so, recipient has the right to decipher, then perform step 6, otherwise recipient haves no right to decipher, and performs step 7.
Authority Verification condition is as follows:
e(W,Q i)=e(X+hY,D i)
Wherein, e () represents bilinear map, and W represents the signature parameter of sender, Q irepresent recipient's PKI, X represents pseudo-public key verifications value, and h represents signature verification value, and Y represents the pseudo-PKI of sender, D irepresent recipient's PKI.
Step 6, it is close that recipient separates label.
According to the following formula, recipient calculates pseudo-identity value:
v i=H 2(e(D i,U))
Wherein, v irepresent pseudo-identity value, H 2() represents password one-way Hash function, and e () represents the bilinear map in system parameters, D irepresent recipient's PKI, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and U represents group validation value.
According to the following formula, recipient calculates weighting parameters:
p=f(v i)
Wherein, p represents weighting parameters, and f () represents that recipient hides identification parameters, v irepresent pseudo-identity value.
According to the following formula, recipient calculates string:
&delta; = V &CirclePlus; H 3 ( p )
Wherein, δ represents key seed, and V represents key authentication value, represent xor operation, H 3() represents password one-way Hash function, and p represents weighting parameters.
According to the following formula, the key of recipient's secure processing device encrypts algorithm:
K=H 4(δ)
Wherein, K represents the key of public key decryptions algorithm, H 4() represents password one-way Hash function, and δ represents key seed.
Recipient utilizes the public key decryptions algorithm in the cryptographic system parameter selected by step (1f), is decrypted, obtains clear-text message to cipher-text message.
Step 7, exits solution and signs close.

Claims (9)

1. a multi-receiver identity anonymous label decryption method, the present invention realizes on identity based cryptography, and concrete steps comprise:
(1) generating cipher system parameters:
(1a) key generation centre chooses Big prime q, wherein a z<2 according to cryptographic system security parameter z 64and q>2 z;
(1b) key generation centre constructs the addition cyclic group and multiplication loop group that two rank are q;
(1c) addition cyclic group is mapped to multiplication loop group by key generation centre, obtains a bilinear map, random selecting generator from addition cyclic group;
(1d) master key of random selecting cryptographic system from addition cyclic group, the result be multiplied with cryptographic system master key by the generator of addition cyclic group, as cryptographic system PKI, preserves cryptographic system master key;
(1e) key generation centre constructs identity hash function H respectively 1: { 0,1} *→ G 1; Bilinearity hash function H 2: G 2→ Z q *; Weighting hash function H 3: Z q *→ { 0,1} w; Keyed hash function H 4: { 0,1} w→ { 0,1} | M|; Checking hash function H 5: G 1× G 1× { 0,1} w× { 0,1} w× Z q *→ Z q *;
(1f) key generation centre chooses one arbitrarily from existing key encrypt method, and chooses the public key decryptions method corresponding with this key encrypt method;
(1g) the cryptographic system parameter of generation is preserved and issues by key generation centre;
(2) sender and recipient's registration:
(2a) sender and recipient submit identity information to key generation centre;
(2b) key generation centre utilizes following formula to calculate private key:
D ID=s*H 1(ID)
Wherein, D iDrepresent the private key of sender and recipient, ID represents the identity information of sender and recipient, and s represents cryptographic system master key, and * represents multiplication operations, H 1(ID) PKI of sender and recipient is represented;
(2c) key generation centre externally announces the PKI of sender and recipient, and the private key of sender and recipient is sent to sender and recipient respectively safely;
(3) sender signs close:
(3a) sender chooses registered multiple recipient, and sets up recipient's identity information list of registration;
(3b) sender chooses PKI mask r, PKI mask r is multiplied with sender's PKI, obtain the pseudo-PKI of sender, PKI mask is multiplied with the cryptographic system PKI in cryptographic system parameter and obtains cryptographic system validation value, PKI mask is multiplied with the generator of addition cyclic group in cryptographic system parameter and obtains group validation value, then sender chooses pseudo-PKI random number α, pseudo-to pseudo-PKI random number α and sender PKI is multiplied and obtains pseudo-public key verifications value, wherein, r represents PKI mask, r ∈ Z q *, ∈ represents defined domain symbol, Z q *represent that the rank constructed by sender are the non-zero multiplicative group of Big prime q, q represents Big prime selected in step (1a), and α represents pseudo-PKI random number, α ∈ Z q *;
(3c) sender accesses to your password the identity hash function H in system parameters 1with recipient's identity information of each registration, according to formula Q i=H 1(ID i) calculate the PKI of each recipient, wherein, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, H 1() represents identity hash function, ID irepresent the identity information of recipient;
(3d) sender is according to formula v i=H 2(e (Q i+ J)), calculate pseudo-identity value v i, wherein, H 2() represents bilinearity hash function, and e represents the bilinear map in cryptographic system parameter, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and J represents cryptographic system validation value;
(3e) utilize following formula, key generation centre calculates recipient and hides identification parameters:
f ( x ) = &Pi; i = 1 n ( x - v i ) + p ( mod q )
Wherein, f (x) represents that recipient hides identification parameters, and x represents hiding identity seed, and Π represents that company takes advantage of operation, and n represents the recipient's number receiving ciphertext, and i represents counting vernier, v irepresent pseudo-identity value, p represents the positive integer weighting parameters of sender's Stochastic choice, and mod represents and asks modulo operation, and q represents the Big prime in cryptographic system parameter;
(3f) utilize following formula, key generation centre calculates recipient and mixes identity value:
A=f(1)
Wherein, A represents that recipient mixes identity value, and f () represents that recipient hides identification parameters;
(3g) sender chooses arbitrarily a string δ, according to formula from the string of any length be made up of 0 and 1 computation key validation value V, according to formula K=H 4(δ) calculate the key K that encryption method in cryptographic system parameter and decryption method share, wherein, δ represents the string of any length that sender chooses, represent xor operation, p represents the positive integer weighting parameters of sender's Stochastic choice, H 3() represents weighting hash function, H 4() represents keyed hash function;
(3h) public key encryption algorithm during sender utilizes selected by step (1f) cryptographic system parameter, is encrypted clear-text message to be encrypted, obtains message ciphertext;
(3i) sender's compute signature validation value;
(3j) sender's compute signature parameter;
(3k) result that step (3b), step (3d), step (3e), step (3f), step (3h), step (3i) and step (3j) obtain by sender is formed signs dense literary composition, and broadcasts the dense literary composition of label;
(4) judge that whether sign dense civilian condition for validity sets up, and if so, then signs dense literary composition effective, performs step (5), otherwise, sign dense literary composition invalid, perform step (7);
(5) judge whether Authority Verification condition is set up, if so, then recipient has the right to decipher, and performs step (6), otherwise recipient haves no right to decipher, and performs step (7);
(6) recipient separate sign close:
(6a) recipient calculates pseudo-identity value;
(6b) recipient calculates weighting parameters;
(6c) recipient calculates the string of any length selected by sender;
(6d) recipient calculates the key of public key decryptions algorithm;
(6e) the public key decryptions algorithm during recipient utilizes selected by step (1f) cryptographic system parameter, is decrypted cipher-text message, obtains clear-text message;
(7) exiting solution signs close.
2. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the formula of the compute signature validation value described in step (3i) is as follows:
h=H 5(X,U,Z,V,A)
Wherein, h represents signature verification value, H 5() represents checking hash function, and X represents pseudo-public key verifications value, and U represents group validation value, and Z represents message ciphertext, and V represents key authentication value, and A represents that recipient mixes identity value.
3. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the formula of the compute signature parameter described in step (3j) is as follows:
W=(α+h)*r*D s
Wherein, W represents signature parameter, and α represents pseudo-PKI random number, and h represents signature verification value, and * represents multiplication operations, and r represents cryptographic system random number, D srepresent the private key of sender.
4. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the dense civilian condition for validity of the label described in step (4) refers to e (W, P)=e (X+h*Y, P pub), wherein, e () represents bilinear map, and W represents the signature parameter of sender, and P represents the generator of addition cyclic group, and X represents pseudo-public key verifications value, and h represents signature verification value, and * represents multiplication operations, and Y represents the pseudo-PKI of sender, P pubrepresent cryptographic system PKI.
5. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the Authority Verification condition described in step (5) refers to e (W, Q i)=e (X+h*Y, D i), wherein, e () represents bilinear map, and W represents the signature parameter of sender, Q irepresent recipient's PKI, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, and X represents pseudo-public key verifications value, and h represents signature verification value, and * represents multiplication operations, and Y represents the pseudo-PKI of sender, D irepresent recipient's PKI.
6. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the pseudo-identity value described in step (6a) is calculated as follows:
v i=H 2(e(D i,U))
Wherein, v irepresent pseudo-identity value, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext, H 2() represents bilinearity hash function, and e () represents the bilinear map operation in cryptographic system parameter, D irepresent recipient's PKI, U represents group validation value.
7. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the weighting parameters described in step (6b) is calculated as follows:
p=f(v i)
Wherein, p represents weighting parameters, and f () represents that recipient hides identification parameters, v irepresent pseudo-identity value, i represents counting vernier, i=1,2 ..., n, n represent the recipient's number receiving ciphertext.
8. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the string of any length selected by the sender described in step (6c) is calculated as follows:
&delta; = V &CirclePlus; H 3 ( p )
Wherein, δ represents the string of any length selected by sender, and V represents key authentication value, represent xor operation, H 3() represents weighting hash function, and p represents weighting parameters.
9. multi-receiver identity anonymous label decryption method according to claim 1, is characterized in that: the key of the public key decryptions algorithm described in step (6d) is calculated as follows:
K=H 4(δ)
Wherein, K represents the key of public key decryptions algorithm, H 4() represents keyed hash function, and δ represents the string of any length that sender chooses.
CN201510705601.7A 2015-10-27 2015-10-27 Multi-receiver identity anonymous label decryption method Active CN105429941B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510705601.7A CN105429941B (en) 2015-10-27 2015-10-27 Multi-receiver identity anonymous label decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510705601.7A CN105429941B (en) 2015-10-27 2015-10-27 Multi-receiver identity anonymous label decryption method

Publications (2)

Publication Number Publication Date
CN105429941A true CN105429941A (en) 2016-03-23
CN105429941B CN105429941B (en) 2018-07-27

Family

ID=55507883

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510705601.7A Active CN105429941B (en) 2015-10-27 2015-10-27 Multi-receiver identity anonymous label decryption method

Country Status (1)

Country Link
CN (1) CN105429941B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105978687A (en) * 2016-05-12 2016-09-28 长安大学 Identity-based anonymous broadcast encryption method under prime order in standard model
CN106779704A (en) * 2016-12-06 2017-05-31 杭州趣链科技有限公司 A kind of block chain anonymous deal method based on ring signatures
CN107070662A (en) * 2017-03-23 2017-08-18 西安电子科技大学 Encryption Proxy Signature method based on obfuscation
CN107294972A (en) * 2017-06-20 2017-10-24 西北工业大学 The broad sense multi-receiver anonymity label decryption method of identity-based
CN107438006A (en) * 2017-09-12 2017-12-05 西安电子科技大学 Full multi-receiver label decryption method of the anonymity without certificate
CN107483209A (en) * 2017-08-03 2017-12-15 淮阴工学院 A kind of safe label decryption method based on heterogeneous system
CN108737383A (en) * 2018-04-23 2018-11-02 同济大学 A kind of anonymous authentication method obscured
CN109088893A (en) * 2018-10-23 2018-12-25 桂林电子科技大学 Close Multiuser is signed based on polymerization under a kind of cloud environment and authenticates communication means
CN109412815A (en) * 2018-11-13 2019-03-01 南昌大学 A kind of method and system for realizing cross-domain secure communication
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN110598427A (en) * 2019-08-14 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, system and storage medium
CN111539728A (en) * 2020-04-29 2020-08-14 上海富数科技有限公司 Method for realizing anonymization identity verification based on computer software
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN111934887A (en) * 2020-08-10 2020-11-13 西安电子科技大学 Multi-receiver signcryption method based on interpolation polynomial
CN114598460A (en) * 2022-02-18 2022-06-07 中国人民解放军战略支援部队信息工程大学 SM 9-based multi-receiver signcryption method
CN115941269A (en) * 2022-11-04 2023-04-07 西安电子科技大学 Method for realizing receiver anonymity based on cMix anonymous network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345677A (en) * 2008-08-21 2009-01-14 西安西电捷通无线网络通信有限公司 Method for improving security of broadcast or multicast system
CN101599959A (en) * 2009-07-10 2009-12-09 西北工业大学 Anonymous bidirectional authentication method based on identity
CN101662366A (en) * 2009-05-27 2010-03-03 西安西电捷通无线网络通信有限公司 Method and system for mutual authentication based on hash function
CN101814991A (en) * 2010-03-12 2010-08-25 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identity
US20130051551A1 (en) * 2011-08-29 2013-02-28 Laila EL AIMANI Signcryption method and device and corresponding signcryption verification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345677A (en) * 2008-08-21 2009-01-14 西安西电捷通无线网络通信有限公司 Method for improving security of broadcast or multicast system
CN101662366A (en) * 2009-05-27 2010-03-03 西安西电捷通无线网络通信有限公司 Method and system for mutual authentication based on hash function
CN101599959A (en) * 2009-07-10 2009-12-09 西北工业大学 Anonymous bidirectional authentication method based on identity
CN101814991A (en) * 2010-03-12 2010-08-25 西安西电捷通无线网络通信股份有限公司 Mutual authentication method and system based on identity
US20130051551A1 (en) * 2011-08-29 2013-02-28 Laila EL AIMANI Signcryption method and device and corresponding signcryption verification method and device

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105978687A (en) * 2016-05-12 2016-09-28 长安大学 Identity-based anonymous broadcast encryption method under prime order in standard model
CN105978687B (en) * 2016-05-12 2020-03-06 长安大学 Identity-based anonymous broadcast encryption method under prime order in standard model
CN106779704A (en) * 2016-12-06 2017-05-31 杭州趣链科技有限公司 A kind of block chain anonymous deal method based on ring signatures
CN107070662B (en) * 2017-03-23 2019-10-25 西安电子科技大学 Encryption Proxy Signature method based on obfuscation
CN107070662A (en) * 2017-03-23 2017-08-18 西安电子科技大学 Encryption Proxy Signature method based on obfuscation
CN107294972A (en) * 2017-06-20 2017-10-24 西北工业大学 The broad sense multi-receiver anonymity label decryption method of identity-based
CN107294972B (en) * 2017-06-20 2020-04-03 西北工业大学 Identity-based generalized multi-receiver anonymous signcryption method
CN107483209A (en) * 2017-08-03 2017-12-15 淮阴工学院 A kind of safe label decryption method based on heterogeneous system
CN107483209B (en) * 2017-08-03 2020-06-16 淮阴工学院 Secure signcryption method based on heterogeneous system
CN107438006A (en) * 2017-09-12 2017-12-05 西安电子科技大学 Full multi-receiver label decryption method of the anonymity without certificate
CN107438006B (en) * 2017-09-12 2019-09-03 西安电子科技大学 Full multi-receiver label decryption method of the anonymity without certificate
CN108737383B (en) * 2018-04-23 2021-05-11 同济大学 Anonymous authentication method capable of confusing
CN108737383A (en) * 2018-04-23 2018-11-02 同济大学 A kind of anonymous authentication method obscured
CN109088893A (en) * 2018-10-23 2018-12-25 桂林电子科技大学 Close Multiuser is signed based on polymerization under a kind of cloud environment and authenticates communication means
CN109088893B (en) * 2018-10-23 2020-11-06 桂林电子科技大学 Multi-user group authentication communication method based on aggregation signcryption in cloud environment
CN109412815A (en) * 2018-11-13 2019-03-01 南昌大学 A kind of method and system for realizing cross-domain secure communication
CN109412815B (en) * 2018-11-13 2020-04-24 南昌大学 Method and system for realizing cross-domain secure communication
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN110598427B (en) * 2019-08-14 2022-09-13 腾讯科技(深圳)有限公司 Data processing method, system and storage medium
CN110598427A (en) * 2019-08-14 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, system and storage medium
CN111539728A (en) * 2020-04-29 2020-08-14 上海富数科技有限公司 Method for realizing anonymization identity verification based on computer software
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN111818039B (en) * 2020-07-03 2021-07-20 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things
CN111934887A (en) * 2020-08-10 2020-11-13 西安电子科技大学 Multi-receiver signcryption method based on interpolation polynomial
CN111934887B (en) * 2020-08-10 2022-03-04 西安电子科技大学 Multi-receiver signcryption method based on interpolation polynomial
CN114598460A (en) * 2022-02-18 2022-06-07 中国人民解放军战略支援部队信息工程大学 SM 9-based multi-receiver signcryption method
CN115941269A (en) * 2022-11-04 2023-04-07 西安电子科技大学 Method for realizing receiver anonymity based on cMix anonymous network
CN115941269B (en) * 2022-11-04 2024-03-12 西安电子科技大学 Method for realizing receiver anonymity based on cMix anonymity network

Also Published As

Publication number Publication date
CN105429941B (en) 2018-07-27

Similar Documents

Publication Publication Date Title
CN105429941B (en) Multi-receiver identity anonymous label decryption method
CN107947913B (en) Anonymous authentication method and system based on identity
CN106027239B (en) The multi-receiver label decryption method without key escrow based on elliptic curve
CN103312506B (en) The multi-receiver label decryption method of recipient&#39;s identity anonymous
CN107438006B (en) Full multi-receiver label decryption method of the anonymity without certificate
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN106301788B (en) A kind of group key management method for supporting user identity authentication
CN105163309B (en) A method of the wireless sensor network security communication based on combination pin
CN105743646A (en) Encryption method and system based on identity
CN107682145A (en) It is true anonymous without the more message multi-receiver label decryption methods of certificate
CN105743641B (en) It is a kind of can explicit authentication public key multi-receiver label decryption method
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
CN107733648A (en) The RSA digital signature generation method and system of a kind of identity-based
CN105376213A (en) Identity-based broadcast encryption scheme
CN108234445B (en) Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN101465725A (en) Key distribution method for public key system based on identification
US20140321642A1 (en) Group encryption methods and devices
CN101977380A (en) Wireless Mesh network identification method
CN103929745A (en) Wireless MESH network access authentication system and method based on privacy protection
CN102215111A (en) Method for combining identity-based cryptography and conventional public key cryptography
CN104836657A (en) Identity anonymity-based broadcast encryption method having efficient decryption characteristic
CN109068322A (en) Decryption method, system, mobile terminal, server and storage medium
CN103124215A (en) Self-certifying method with time marks
CN105763528A (en) Multi-recipient anonymous encryption apparatus under hybrid mechanism

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant