CN106789019A - A kind of Certificateless partially blind signature method and device - Google Patents
A kind of Certificateless partially blind signature method and device Download PDFInfo
- Publication number
- CN106789019A CN106789019A CN201611226746.XA CN201611226746A CN106789019A CN 106789019 A CN106789019 A CN 106789019A CN 201611226746 A CN201611226746 A CN 201611226746A CN 106789019 A CN106789019 A CN 106789019A
- Authority
- CN
- China
- Prior art keywords
- signer
- signature
- private key
- systematic parameter
- calculate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention is applied to field of information security technology, there is provided a kind of Certificateless partially blind signature method, including sets up an open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,Ppub};Signer extracts its private keyExtracting public key isSigner is randomly choosedAnd calculate z=H0(c) and R=rP, and R is sent to signature request person;After signature request person receives R, blinding factor is randomly choosedAnd calculate z=H0(c), R '=α R,H '=H2(m, z, y), h=α‑1(β h '), and h is sent to signer;After signer receives h, calculateAnd S is sent to signature request person;Signature request person carries out work of casting off illiteracy, and calculates S '=α S, and the signature for obtaining message m and negotiation message c is σ=(y, h ', S ');Verifier carries out signature verification.The present invention is efficiently solved in Certificateless partially blind signature because consulting the safety issue that public information being distorted and brought.
Description
Technical field
The invention belongs to field of information security technology, more particularly to a kind of Certificateless partially blind signature method and device.
Background technology
Proxy Signature is a kind of signature that signer is completed in the case of signature request person institute request message content is not known, this
Plant characteristic and be referred to as blind property.Proxy Signature not only has content integrity, the non repudiation and double of transaction that digital signature has
The properties such as the authenticity of square identity, can also well protect privacy of user using blind property.Signer is to signature in Proxy Signature
Message is known nothing, and easily causes signature and is illegally used by the requestor of malice.Then, the concept of Partial Blind Signature is suggested, its
Message is divided into and blinds part and common portion, therefore Partial Blind Signature is while privacy of user is ensured and to signature contents portion
Divide controllable.
In Identity- based cryptography, key generation centre (Key Generation Center, KGC) knows institute
There is the private key of user, the signature of any user can be forged, this problem is referred to as key escrow.Asked to solve this
Topic, Al-Riyam and Paterson is proposed without CertPubKey cryptography (Certificateless Public Key within 2003
Cryptography, CL-PKC) concept.For details, reference can be made to document:Al-Riyami S S,Paterson K
G.Certificateless Public Key Cryptography[J].Lecture Notes in Computer
Science,2003,2894(2):452-473. hereinafter referred to as documents 1.In CL-PKC, key generation centre is generated for user
Part private key, and the private key of user is made up of part private key and oneself randomly selected secret value, so as to solve key escrow
Problem.Proxy Signature (the Certificateless Blind referred to as without certificate will be combined without CertPubKey cryptography and Proxy Signature
Signature, CL-BS), CL-BS is used to can both to have protected the privacy of user in ecommerce, in can avoiding PKI again
Key escrow in certificate management and ID-PKC.In order to preferably be applied in electronic cash system, will be without CertPubKey
Cryptography and Partial Blind Signature are combined Partial Blind Signature (the Certificateless Partially referred to as without certificate
Blind Signature,CL-PBS)。
It is existing to have had the pertinent literature for delivering the related Partial Blind Signature without certificate, such as:
Cheng L,Wen Q.Cryptanalysis and improvement of a certificateless
partially blind signature[J].IET Information Security,2015,9(6):Below 380-386.
Abbreviation document 2.
Zhang L,Zhang F,Qin B,et al.Corrigendum:"Provably-secure electronic
cash based on certicateless partially-blind signatures"[J].Electronic
Commerce Research & applications,2011,10(1):545-552. hereinafter referred to as documents 3.
Document 2 points out that the CL-PBS schemes that document 3 is proposed can not resist the attack of user's replacement signer public key of malice
And propose improvement project.But analyzed by improvement project, find its can not the user of anti-malice distort the public letter of negotiation
Breath is attacked.
The content of the invention
The embodiment of the present invention provides a kind of Certificateless partially blind signature method, it is intended to solve existing without the blind label of certification portions
Consult the low problem of public cybersecurity in name.
The embodiment of the present invention is achieved in that a kind of Certificateless partially blind signature method, including:
Set up an open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,Ppub};Wherein, l is safety ginseng
Number, and meet prime number q > 2l, { G1,+} is the circled addition group that rank is q, and P is group G1In any generation unit;{G2, it is rank
It is the circulation multiplicative group of q, g is generation unit;Bilinear map maps e:G1×G1→G2, g=e (P, P) ∈ G2;Hash functions:H1:{0,1}*→G1,It is master key, P that KGC chooses spub=sP is
Public key;
Signer extracts its private keyPublic key is
Signer is randomly choosedAnd calculate z=H0(c) and R=rP, and R is sent to signature request person;
After signature request person receives R, blinding factor is randomly choosedAnd calculate z=H0(c)、H '=H2(m, z, y), h=α-1(β-h '), and h is sent
To signer;
After signer receives h, calculateAnd S is sent to signature request person;
Signature request person carries out work of casting off illiteracy, and calculates S '=α S, obtain the signature of message m and negotiation message c for σ=(y,
h′,S′);
Verifier carries out signature verification.
Preferably, it is described to set up an open systematic parameter params={ G1,G2,P,l,q,e,H1,H2,H3,PpubTool
Body step is:
According to security needs, the size of safety coefficient l and prime number q is determined, meeting bilinearity using elliptic curve construction reflects
Penetrate e:G1×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Selection collisionless hash functionH1:{0,1}*→G1,
The master key that an integer s generates center KGC as private key is randomly selected from the multiplication of integers group of mod q, and
Calculate Ppub=sP is used as its corresponding public key;
Open systematic parameter { G1,G2,P,e,g,H0,H1,H2,Ppub, and preserved s as master key.
Preferably, the signer extracts its private key and isPublic key isIt is specific
Step is:
Input system parameter params, the identity ID of signerB, KGC calculatingAnd handle
Part private keyIt is sent to signer;
According to the systematic parameter params and identity ID of signerB, signer random selectionAs its secret value;
According to systematic parameter params, the identity ID of signerB, part private keyAnd secret valueSigned
The private key of person is
According to systematic parameter params, the identity ID of signerBAnd secret valueObtain the public key of signer
Preferably, the verifier carries out the specific steps of signature verification includes:
Verifier receives the message-signature of signer to (m, c, σ=(y, h ', S '));
Calculate z=H0(c),
Checking equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believes (m, c, σ=(y, h ', S '))
It is that effective Proxy Signature is carried out by signer;
It is otherwise invalid.
Embodiments of the invention also provide a kind of Certificateless partially blind signature device, including:
Systematic parameter sets up unit, for setting up open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,
Ppub};
Extraction unit, private key and public key are extracted for signer;
Committing unit, for randomly choosingAnd calculate z=H0(c) and R=rP, and R is sent to signature request person;
Unit is blinded, after receiving R, blinding factor is randomly choosedAnd calculate z=H0(c)、H '=H2(m, z, y), h=α-1(β-h '), and h is sent to signer;
Partial Blind Signature unit, after receiving h, calculatesAnd S be sent to signature please
The person of asking;
Cast off illiteracy unit, for carrying out work of casting off illiteracy, calculate S '=α S, obtain the signature of message m and negotiation message c for σ=
(y,h′,S′);
Authentication unit, for carrying out signature verification.
Preferably, the systematic parameter is set up unit and is included:
Module is built, the size for determining safety coefficient l and prime number q meets bilinearity and reflects using elliptic curve construction
Penetrate e:G1×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Function selecting module, for selecting collisionless hash functionH1:{0,1}*→G1,
Cipher key module, center is generated for randomly selecting an integer s from the multiplication of integers of mod q group as private key
The master key of KGC, and calculate Ppub=sP is used as its corresponding public key, and open systematic parameter { G1,G2,P,e,g,H0,H1,H2,
Ppub, and preserved s as master key.
Preferably, the extraction unit includes:
Part private key generation module, for according to systematic parameter params, the identity ID of signerB, KGC calculating And part private keyIt is sent to signer;
Secret value generation module, for the identity ID according to systematic parameter params and signerB, random selection
As its secret value;
Private key module, for the identity ID according to systematic parameter params, signerB, part private keyAnd secret valueThe private key for obtaining signer is
Public key module, for the identity ID according to systematic parameter params, signerBAnd secret valueSigned
The public key of person
Preferably, the authentication unit includes:
Receiver module, for receiving the message-signature of signature request person's transmission to (m, c, σ=(y, h ', S '));
Computing module, for calculating z=H0(c),
Authentication module, for verifying equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believes (m, c, σ
=(y, h ', S ')) it is that effective Proxy Signature is carried out by signer, it is otherwise invalid.
Technical scheme, due to negotiation information is inserted into calculating due to signer
In, wherein z=H0(c), during by the correctness of attestation-signatures scheme, signer insertion negotiation information z=H0C () not only corresponds to
To signature request person C blind the negotiation information of signature insertionSimultaneously
Also negotiation information is consulted with the insertion used in checking equationIt is corresponding, because
This, the solution of the present invention is safe under negotiation information Tampering attack, is efficiently solved in Certificateless partially blind signature because of association
The safety issue that business's public information is distorted and brought.
Brief description of the drawings
Fig. 1 is a kind of Certificateless partially blind signature method schematic flow sheet provided in an embodiment of the present invention;
Fig. 2 is a kind of Certificateless partially blind signature method general flow chart provided in an embodiment of the present invention;
Fig. 3 is a kind of Certificateless partially blind signature apparatus structure block diagram provided in an embodiment of the present invention;
Fig. 4 is the structured flowchart that systematic parameter of the invention sets up unit;
Fig. 5 is the structured flowchart of extraction unit of the invention;
Fig. 6 is the structured flowchart of authentication unit of the invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
In order to more effectively understand technical scheme, we are briefly described the meropia in above-mentioned document 2
The process of signature:
Initially set up one and set up an open systematic parameter params={ G1,G2,P,l,q,e,H0,H1,H2,Ppub}。
Given security parameter l, and meet prime number q > 2l, { G1,+} is the circled addition group that rank is q, and P is group G1In appoint
Meaning generation unit;{G2, it is that rank is the circulation multiplicative group of q, g is generation unit;Bilinear map maps e:G1×G1→G2, g=e (P,
P)∈G2;Hash functions:
It is master key, P that KGC chooses spub=sP is public key, systematic parameter params={ G1,G2,P,l,q,e,H0,H1,H2,Ppub}。
Then key-extraction algorithm is carried out:
Part private key generating algorithm:Input system parameter params, the identity ID of signerB, KGC calculatingAnd part private keyIt is sent to signer.
Secret value-based algorithm is set:The identity ID of input system parameter params and signerB, signer random selectionAs its secret value.
Private key algorithm is set:The identity ID of algorithm input system parameter, signerB, part private keyAnd secret valueExport signer private key be
Public key algorithm is set:The identity ID of algorithm input system parameter, signerBAnd secret valueInput signer
Public key
Then Partial Blind Signature generating algorithm is carried out again:
Assuming that m is the information that signature request person asks for an autograph, c is the public information that signer is consulted with signature request person,
Signer its private keyAnd public keyMessage m and public negotiation information c are carried out with signature request person
Signature.Detailed process is as follows:
A) promise to undertake.Signer is randomly choosedAnd calculate z=H0(c) and R=rzP, and R is sent into signature request person.
B) blind.After signature request person receives R, blinding factor is randomly choosedAnd calculate z=H0(c),
R '=γ R,H=γ-1(β-h '), and h
It is sent to signer.
C) Partial Blind Signature.After receiving h, signer only needs to calculateAnd S is sent signature
Requestor.
D) cast off illiteracy.Signature request person calculates S '=γ S+ α Ppub。
After this series of interaction, signature request person obtain to the signature of message m and negotiation information c for σ=(R ', h ',
S′)。
Finally carry out signature verification algorithm:
Verifier is received by signer to the signature of message m and negotiation information c after σ=(R ', h ', S '), first to calculate z
=H0(c),Finally verify equationWhether set up.
If set up, then it is assumed that message-signature is the legal signature of signer to (m, c, σ=(R ', h ', S ')).It is otherwise invalid.
Above scheme can produce security attack, and specific attack analysis are as follows:
Because being that scheme is carried out to distort negotiation information c is c ' attacks, signer its private keyWith
Public keyMessage m and public negotiation information c signatures are carried out with signature request person, signature request person usurps negotiation information c
It is changed to c ':
A) promise to undertake.Signer is randomly choosedAnd calculate z=H0(c) and R=rzP, and R is sent into signature request
Person.
B) blind.After signature request person receives R, blinding factor is randomly choosedCalculate z=H0(c), z '=
H0(c '), R '=γ R, R "=z-1z′R′,h
=γ-1(β-h ') and h "=zz '-1H, and h " is sent to signer.
C) Partial Blind Signature.Receive h " after, signer only needs to calculateAnd S is sent label
Name requestor.
D) cast off illiteracy.Signature request person calculates S '=z-1Z ' S, S "=γ S '+α Ppub。
After this series of interaction, signature request person obtain to the signature of message m and negotiation information c ' for σ=(R ", h ',
S″)。
Signature request person to the signature of message m and negotiation information c ' for σ=(R ", h ', S ") are, it is necessary to calculateZ '=H0(c ') verifies equationWhether set up.Such as
Fruit is set up, then be effective signature, that is, distort negotiation information c ' successes.In this verification process, checking etc. is only needed in fact
FormulaWhether set up;
I.e. on the premise of unsigned person agrees to, signature request person distorts the signature formed after public information can also lead to
Cross checking equation checking, therefore verifier believe σ=(R ", h ', S ") they are signers to message m and effective label of negotiation message c '
Name.
With reference to shown in Fig. 1 and Fig. 2, embodiments of the invention provide a kind of Certificateless partially blind signature method, including following
Step:
Step S100, sets up an open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,Ppub};
Wherein, l is security parameter, and meets prime number q > 2l, { G1,+} is the circled addition group that rank is q, and P is group G1In
Any generation unit;{G2, it is that rank is the circulation multiplicative group of q, g is generation unit;Bilinear map maps e:G1×G1→G2, g=e
(P,P)∈G2;Hash functions:H1:{0,1}*→G1,KGC chooses
S is master key, Ppub=sP is public key;
Step S200, signer extracts its private key and isPublic key is
Step S300, signer random selectionAnd calculate z=H0(c) and R=rP, and R is sent to signature request
Person;
Step S400, after signature request person receives R, randomly chooses blinding factorAnd calculate z=H0(c),
R '=α R,H '=H2(m, z, y), h=α-1(β-h '), and h is sent
To signer;
Step S500, after signer receives h, calculatesAnd S is sent to signature request
Person;
Step S600, signature request person carries out work of casting off illiteracy, and calculates S '=α S, obtains the signature of message m and negotiation message c
It is σ=(y, h ', S ');
Step S700, verifier carries out signature verification.
Preferably, it is described to set up an open systematic parameter params={ G in the step S1001,G2,P,e,g,
H0,H1,H2,PpubConcretely comprise the following steps:
Step S110, according to security needs, determines the size of safety coefficient l and prime number q, is constructed using elliptic curve and met
Bilinear map e:G1×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Step S120, selection collisionless hash function H1:{0,1}*→G1,
Step S130, randomly selects an integer s as private key generation center KGC's from the multiplication of integers group of mod q
Master key, and calculate Ppub=sP is used as its corresponding public key;
Step S140, open systematic parameter { G1,G2,P,e,g,H0,H1,H2,Ppub, and preserved s as master key.
Further, the step S200 is specifically included:
Step S210, input system parameter params, the identity ID of signerB, KGC calculating And part private keyIt is sent to signer;
Step S220, according to the systematic parameter params and identity ID of signerB, signer random selectionAs
Its secret value;
Step S230, according to systematic parameter params, the identity ID of signerB, part private keyAnd secret value
The private key for obtaining signer is
Step S240, according to systematic parameter params, the identity ID of signerBAnd secret valueObtain signer
Public key
Further, in the step S700, specifically include:
Step S710, verifier receives the message-signature of signer to (m, c, σ=(y, h ', S '));
Step S720, calculates z=H0(c),
Step S730, checking equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believe (m, c, σ=
(y, h ', S ')) it is that effective Proxy Signature is carried out by signer;
It is otherwise invalid.
Because negotiation information is inserted into calculating by signerIn, wherein z=H0C (), passes through
During the correctness of attestation-signatures scheme, signer insertion negotiation information z=H is found0C () not only corresponds to signature request person and carries out
Blind the negotiation information of signature insertionAlso used with checking equation simultaneously
Negotiation information is consulted in the insertion arrivedIt is corresponding.Therefore this programme can be in case public
Negotiation information Tampering attack.
As shown in figure 3, embodiments of the invention also provide a kind of Certificateless partially blind signature device, including:
Systematic parameter sets up unit 100, for setting up open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,
Ppub};
Extraction unit 200, private key and public key are extracted for signer;
Committing unit 300, for randomly choosingAnd calculate z=H0(c) and R=rP, and R be sent to signature please
The person of asking;
Unit 400 is blinded, after receiving R, blinding factor is randomly choosedAnd calculate z=H0(c)、H '=H2(m, z, y), h=α-1(β-h '), and h is sent
To signer;
Partial Blind Signature unit 500, after receiving h, calculatesAnd S is sent to label
Name requestor;
Cast off illiteracy unit 600, for carrying out work of casting off illiteracy, calculate S '=α S, the signature for obtaining message m and negotiation message c is σ
=(y, h ', S ');
Authentication unit 700, for carrying out signature verification.
As shown in figure 4, further, the systematic parameter sets up unit 100 to be included:
Module 101 is built, the size for determining safety coefficient l and prime number q meets bilinearity using elliptic curve construction
Mapping e:G1×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Function selecting module 102, for selecting collisionless hash functionH1:{0,1}*→G1,
Cipher key module 103, for randomly selecting an integer s from the multiplication of integers of mod q group as in private key generation
The master key of heart KGC, and calculate Ppub=sP is used as its corresponding public key, and open systematic parameter { G1,G2,P,e,g,H0,H1,
H2,Ppub, and preserved s as master key.
As shown in figure 5, further, the extraction unit 200 is further included:
Part private key generation module 201, for according to systematic parameter params, the identity ID of signerB, KGC calculating And part private keyIt is sent to signer;
Secret value generation module 202, for the identity ID according to systematic parameter params and signerB, random selectionAs its secret value;
Private key module 203, for the identity ID according to systematic parameter params, signerB, part private keyAnd secret
ValueThe private key for obtaining signer is
Public key module 204, for the identity ID according to systematic parameter params, signerBAnd secret valueObtain
The public key of signer
As shown in fig. 6, further, the authentication unit 700 includes:
Receiver module 701, for receiving the message-signature of signature request person's transmission to (m, c, σ=(y, h ', S '));
Computing module 702, for calculating z=H0(c),
Authentication module 702, for verifying equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believe (m,
C, σ=(y, h ', S ')) it is that effective Proxy Signature is carried out by signer, it is otherwise invalid.
Below, the technical scheme in the present invention is carried out the comparing of computational efficiency with above-mentioned already present CL-PBS schemes,
Including the scheme in document 2 and document 3, its Literature 2 is the improvement side that there is the proposition of public key substitution attack to document 3
Case.Use the super unusual elliptic curve E (F that insertion degree is 2P):y2=x3+ x, wherein q=2159+217+ 1 is 160 bit prime numbers, p
To meet the 512 bit prime numbers of condition p+1=12qr.Hardware platform:CPU is CPIV 3-GHZ, 512MB internal memories and Windows
XP operating systems.Table 1 takes big elementary cell operation efficiency in listing cryptography scheme.
(unit is for elementary cell operation efficiency in the scheme of table 1:Millisecond)
Table 2 lists the number of computations of specific time-consuming computing in each scheme, mainly compares signer, signature request person and tests
Card person amount of calculation during scheme constructses.
Calculating Performance comparision (the unit of the various schemes of table 2:Millisecond)
To sum up, can substantially obtain the scheme for being constructed of the invention has efficiency higher.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (8)
1. a kind of Certificateless partially blind signature method, it is characterised in that including:
Set up an open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,Ppub};Wherein, l is security parameter, and
Meet prime number q > 2l, { G1,+} is the circled addition group that rank is q, and P is group G1In any generation unit;{G2, it is that rank is q
Circulation multiplicative group, g is generation unit;Bilinear map maps e:G1×G1→G2, g=e (P, P) ∈ G2;Hash functions:H1:{0,1}*→G1,It is master key, P that KGC chooses spub=sP is public key;
Signer extracts its private keyPublic key is
Signer is randomly choosedAnd calculate z=H0(c) and R=rP, and R is sent to signature request person;
After signature request person receives R, blinding factor is randomly choosedAnd calculate z=H0(c), R '=α R,H '=H2(m, z, y), h=α-1(β-h '), and h is sent to signer;
After signer receives h, calculateAnd S is sent to signature request person;
Signature request person carries out work of casting off illiteracy, and calculates S '=α S, obtain the signature of message m and negotiation message c for σ=(y, h ',
S′);
Verifier carries out signature verification.
2. Certificateless partially blind signature method as claimed in claim 1, it is characterised in that described to set up an open system ginseng
Number params={ G1,G2,P,e,g,H0,H1,H2,PpubConcretely comprise the following steps:
According to security needs, the size of safety coefficient l and prime number q is determined, bilinear map e is met using elliptic curve construction:G1
×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Selection collisionless hash functionH1:{0,1}*→G1,
An integer s is randomly selected from the multiplication of integers group of mod q and the master key of center KGC is generated as private key, and calculate
Ppub=sP is used as its corresponding public key;
Open systematic parameter { G1,G2,P,e,g,H0,H1,H2,Ppub, and preserved s as master key.
3. Certificateless partially blind signature method as claimed in claim 1, it is characterised in that the signer extracts its private key and isPublic key isConcretely comprise the following steps:
Input system parameter params, the identity ID of signerB, KGC calculatingAnd part
Private keyIt is sent to signer;
According to the systematic parameter params and identity ID of signerB, signer random selectionAs its secret value;
According to systematic parameter params, the identity ID of signerB, part private keyAnd secret valueObtain signer
Private key is
According to systematic parameter params, the identity ID of signerBAnd secret valueObtain the public key of signer
4. Certificateless partially blind signature method as claimed in claim 1, it is characterised in that the verifier carries out signature verification
Specific steps include:
Verifier receives the message-signature of signer to (m, c, σ=(y, h ', S '));
Calculate z=H0(c),
Checking equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believes that (m, c, σ=(y, h ', S ')) is by signing
Name person carries out effective Proxy Signature;
It is otherwise invalid.
5. a kind of Certificateless partially blind signature device, it is characterised in that including:
Systematic parameter sets up unit, for setting up open systematic parameter params={ G1,G2,P,e,g,H0,H1,H2,Ppub};
Extraction unit, private key and public key are extracted for signer;
Committing unit, for randomly choosingAnd calculate z=H0(c) and R=rP, and R is sent to signature request person;
Unit is blinded, after receiving R, blinding factor is randomly choosedAnd calculate z=H0(c), R '=α R,H '=H2(m, z, y), h=α-1(β-h '), and h is sent to signer;
Partial Blind Signature unit, after receiving h, calculatesAnd S is sent to signature request
Person;
Cast off illiteracy unit, for carrying out work of casting off illiteracy, calculate S '=α S, obtain the signature of message m and negotiation message c for σ=(y,
h′,S′);
Authentication unit, for carrying out signature verification.
6. Certificateless partially blind signature device according to claim 5, it is characterised in that the systematic parameter sets up unit
Including:
Module is built, the size for determining safety coefficient l and prime number q meets bilinear map e using elliptic curve construction:G1
×G1→G2Circled addition group { G1,+} and circulation multiplicative group { G2,·};
Function selecting module, for selecting collisionless hash functionH1:{0,1}*→G1,
Cipher key module, for randomly selecting an integer s from the multiplication of integers of mod q group as private key generation center KGC's
Master key, and calculate Ppub=sP is used as its corresponding public key, and open systematic parameter { G1,G2,P,e,g,H0,H1,H2,Ppub,
And preserved s as master key.
7. Certificateless partially blind signature device according to claim 5, it is characterised in that the extraction unit includes:
Part private key generation module, for according to systematic parameter params, the identity ID of signerB, KGC calculatingAnd part private keyIt is sent to signer;
Secret value generation module, for the identity ID according to systematic parameter params and signerB, random selectionAs
Its secret value;
Private key module, for the identity ID according to systematic parameter params, signerB, part private keyAnd secret value
The private key for obtaining signer is
Public key module, for the identity ID according to systematic parameter params, signerBAnd secret valueObtain signer
Public key
8. Certificateless partially blind signature device according to claim 5, it is characterised in that the authentication unit includes:
Receiver module, for receiving the message-signature of signature request person's transmission to (m, c, σ=(y, h ', S '));
Computing module, for calculating z=H0(c),
Authentication module, for verifying equation h '=H2Whether (m, z, y ') sets up, if it is, verifier just believe (m, c, σ=(y,
H ', S ')) it is that effective Proxy Signature is carried out by signer, it is otherwise invalid.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611226746.XA CN106789019B (en) | 2016-12-27 | 2016-12-27 | Certificate-free partial blind signature method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611226746.XA CN106789019B (en) | 2016-12-27 | 2016-12-27 | Certificate-free partial blind signature method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106789019A true CN106789019A (en) | 2017-05-31 |
CN106789019B CN106789019B (en) | 2020-01-17 |
Family
ID=58922071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611226746.XA Active CN106789019B (en) | 2016-12-27 | 2016-12-27 | Certificate-free partial blind signature method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789019B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108521396A (en) * | 2018-02-09 | 2018-09-11 | 天津职业技术师范大学 | The blind operation method of privacy information |
CN108989050A (en) * | 2018-08-23 | 2018-12-11 | 电子科技大学 | A kind of certificateless digital signature method |
CN110311776A (en) * | 2019-06-21 | 2019-10-08 | 矩阵元技术(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN114915426A (en) * | 2022-05-20 | 2022-08-16 | 曲阜师范大学 | Certificateless based message recoverable blind signature method |
WO2023207523A1 (en) * | 2022-04-28 | 2023-11-02 | 华为技术有限公司 | Quantum-resistant blind signature method, user equipment, signature apparatus and signature verification apparatus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102387019A (en) * | 2011-10-19 | 2012-03-21 | 西安电子科技大学 | Certificateless partially blind signature method |
CN102420810A (en) * | 2011-09-28 | 2012-04-18 | 盛乐信息技术(上海)有限公司 | Network file system and method based on certificate-free public key infrastructure |
EP2947840A1 (en) * | 2013-09-16 | 2015-11-25 | Huawei Device Co., Ltd. | Certificateless multi-agent signature method and apparatus |
-
2016
- 2016-12-27 CN CN201611226746.XA patent/CN106789019B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420810A (en) * | 2011-09-28 | 2012-04-18 | 盛乐信息技术(上海)有限公司 | Network file system and method based on certificate-free public key infrastructure |
CN102387019A (en) * | 2011-10-19 | 2012-03-21 | 西安电子科技大学 | Certificateless partially blind signature method |
EP2947840A1 (en) * | 2013-09-16 | 2015-11-25 | Huawei Device Co., Ltd. | Certificateless multi-agent signature method and apparatus |
Non-Patent Citations (1)
Title |
---|
苏万力等: "《无证书盲签名方案》", 《电子科技大学学报》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108521396A (en) * | 2018-02-09 | 2018-09-11 | 天津职业技术师范大学 | The blind operation method of privacy information |
CN108989050A (en) * | 2018-08-23 | 2018-12-11 | 电子科技大学 | A kind of certificateless digital signature method |
CN108989050B (en) * | 2018-08-23 | 2020-08-11 | 电子科技大学 | Certificateless digital signature method |
CN110311776A (en) * | 2019-06-21 | 2019-10-08 | 矩阵元技术(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN110311776B (en) * | 2019-06-21 | 2022-03-22 | 矩阵元技术(深圳)有限公司 | Range proving method, range proving device, computer equipment and storage medium |
CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN112070492B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN112070490B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
WO2023207523A1 (en) * | 2022-04-28 | 2023-11-02 | 华为技术有限公司 | Quantum-resistant blind signature method, user equipment, signature apparatus and signature verification apparatus |
CN114915426A (en) * | 2022-05-20 | 2022-08-16 | 曲阜师范大学 | Certificateless based message recoverable blind signature method |
CN114915426B (en) * | 2022-05-20 | 2023-12-15 | 曲阜师范大学 | Certificate-free message recoverable blind signature method |
Also Published As
Publication number | Publication date |
---|---|
CN106789019B (en) | 2020-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018119670A1 (en) | Method and device for certificateless partially blind signature | |
CN106789019A (en) | A kind of Certificateless partially blind signature method and device | |
Zhang et al. | Efficient ID-based public auditing for the outsourced data in cloud storage | |
JP3522447B2 (en) | Authentication exchange method and additional public electronic signature method | |
Boneh et al. | Group signatures with verifier-local revocation | |
US8433897B2 (en) | Group signature system, apparatus and storage medium | |
US8819439B2 (en) | Attributes in cryptographic credentials | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
JP4741503B2 (en) | Method and apparatus for generating verifiable public key | |
US9882890B2 (en) | Reissue of cryptographic credentials | |
CN102387019B (en) | Certificateless partially blind signature method | |
EP1710954A1 (en) | Group signature system, method, device, and program | |
CN108881279B (en) | Mobile health medical sensor data privacy protection method | |
JP2004208263A (en) | Apparatus and method of blind signature based on individual identification information employing bilinear pairing | |
CN106656508B (en) | A kind of Partial Blind Signature method and apparatus of identity-based | |
JP6043804B2 (en) | Combined digital certificate | |
KR20030062402A (en) | Apparatus and method for generating and verifying id-based proxy signature by using bilinear parings | |
US20170373847A1 (en) | Method for updating a public key | |
CN111245625A (en) | Digital signature method without certificate aggregation | |
US20150006900A1 (en) | Signature protocol | |
CN112800482B (en) | Identity-based online/offline security cloud storage auditing method | |
Tso | A new way to generate a ring: Universal ring signature | |
CN111917550A (en) | Certificateless cluster signature bilinear-free authentication method and system | |
JP4772965B2 (en) | Method for proving entity authenticity and / or message integrity | |
Amounas et al. | Proposed Developments of Blind Signature Scheme Based on ECC |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |