CN107947913A - The anonymous authentication method and system of a kind of identity-based - Google Patents

The anonymous authentication method and system of a kind of identity-based Download PDF

Info

Publication number
CN107947913A
CN107947913A CN201711132811.7A CN201711132811A CN107947913A CN 107947913 A CN107947913 A CN 107947913A CN 201711132811 A CN201711132811 A CN 201711132811A CN 107947913 A CN107947913 A CN 107947913A
Authority
CN
China
Prior art keywords
private key
calculate
key
authentication
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711132811.7A
Other languages
Chinese (zh)
Other versions
CN107947913B (en
Inventor
何德彪
王婧
冯琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201711132811.7A priority Critical patent/CN107947913B/en
Publication of CN107947913A publication Critical patent/CN107947913A/en
Application granted granted Critical
Publication of CN107947913B publication Critical patent/CN107947913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Abstract

The present invention relates to the anonymous authentication method and system of a kind of identity-based, including:Server generates two part private keys and is sent respectively to participate in the both sides P of certification1And P2。P1And P2Primary authentication code is generated in verification processAnd R, and ensure P with zero-knowledge proof1And P2Between interactive information privacy and reliability.P1After obtaining primary authentication code, dummy address A is calculatedID, generate the 3rd temporary public key R3, final authentication code α is calculated, by authentication information (AID, R, R3, α, T) and server is sent to, authentication verification information is fed back to user by server again, and after successfully completing three-way handshake, secure communication can be established between server and user.The present invention is suitable for completing the Distributed Anonymous certification of identity-based jointly in the case where two sides do not reveal respective partial authentication private key, and holding the both sides of part private key must simultaneously participate in, and need not recover complete certification private key.

Description

The anonymous authentication method and system of a kind of identity-based
Technical field
The invention belongs to information security field, the authentication method and system of identity are based particularly on.
Background technology
Anonymous authentication agreement is the important component of secure communication of network.By performing anonymous authentication agreement, two ginsengs It can be mutually authenticated on the common channels between person, and consult a session key, so that the safety realized in open network is led to Letter.In the anonymous agreement based on conventional public-key cipher authentication, communicating pair possesses a pair of public and private key:Public key and private key, wherein Private key is used to generate authentication information, and public key carrys out the legitimacy of checking information.Recognize to solve the anonymity based on conventional public-key password Demonstrate,prove there are certificate management difficult problem in agreement, the anonymous authentication that scientific research personnel proposes identity-based using the thought of public key is assisted View.In this agreement, the identity (name, ID card No., e-mail address etc.) of user is exactly the public key of user, significantly Reduce system legal person's complexity.
Private key is the most secret information of cryptographic system, is the basis of secure communication, and the degree of safety of private key, which directly determines, is The level of security of system.In order to strengthen the security of private key, security risk caused by single-point key loss is avoided, generally use is secret Shared/threshold technique designs effective key managing project.Private key is divided into multiple shares by this method, and is distributed to more In a user or equipment so that private key can just be reconstructed by only obtaining the user of enough shares, and less than threshold number Share can not then reconstruct private key.However, when recovering private key, the user for taking complete private key can be in the unwitting feelings of its other party Illegal certification is carried out under condition, threatens the rights and interests of other users and the safety of system.
For such case, the present invention devises a kind of two side's Distributed Anonymous certificate schemes of identity-based, Yong Huke Authentication information is generated in a distributed manner between both devices to realize, must be selected by authenticating party two of the authentication information are credible Equipment participates in completing jointly, and need not recover complete certification private key in the generating process of authentication information, ensure that private The security of key.
The content of the invention
The two part private keys of oneself are revealed when different it is an object of the invention to the side of being certified, and need not have been obtained In the case of whole certification private key, the identifiable information of identity-based can be generated jointly by two part private keys.
For the purpose of the present invention, the present invention proposes the authenticating party of two side's distributed informations generation of an identity-based Case, is given below specific descriptions.
A kind of anonymous authentication method of identity-based, it is characterised in that including:
Key distributing step:A random big integer for meeting security parameter is produced as main private key s, and is calculated corresponding Public key Ppub=sP, main private key secret preserve, and public key publishes, and wherein P is a basic point of circled addition point group, the point group Rank be prime number q;Then a certification private key D is generatedID=h (s, ID) P, and a random number rIDIt is allowed to meet By partial authentication keySend P1, It is sent to P2
Distributed authentication step:Participate in the both sides P of certification1And P2, a random number r is generated respectively1And r2。P1Calculate first R1=r1P, r is encrypted using homomorphic cryptography method1Obtain C1, then send C1And R1To P2。P2Calculate R2=r2P, while P2Pass through The property of homomorphic cryptography, can calculateCiphertext C2, and by this ciphertext C2And R2It is sent to P1。P1Solution Close C2, and utilize the partial authentication key of oneselfPrimary authentication code r is calculated1r2DIDMod q and R, use xor operation Dummy address A is calculated with hash algorithmID, generate the 3rd temporary public key R3=r3P, final authentication code is generated with hash algorithm Then by authentication information (AID, R, R3, α, T) and server is sent to, server is recognized verification Card information feeds back to user again, and after successfully completing three-way handshake, secure communication can be established between server and user.
In a kind of anonymous authentication method of above-mentioned identity-based, the key distributing step specifically includes:
Step 2.1, produce a random big integer for meeting security parameter as main private key s, and calculates corresponding public key Ppub=sP, main private key secret preserve, and public key publishes, and wherein P is a basic point of circled addition point group, the order of a group For prime number q;
Step 2.2, calculate private key for user DID=h (s, ID) P, wherein h (ID) represent the cryptographic Hash of user identity ID;
One step 2.3, generation random number rID, calculate Part I private keyAnd Part II is private KeyWherein
Step 2.4, a pair of of the public private key pair (pk, sk) for generating homomorphic encryption algorithm;WillIt is sent to One participant P1, willIt is sent to the second participant P2
In a kind of anonymous authentication method of above-mentioned identity-based, the distributed authentication step specifically includes:
Step 3.1, P1Generate first random number r1, calculate first temporary public key R1=r1P, is calculated using homomorphic cryptography The public key pk of method is to r1Encrypt, i.e. first ciphertext C1=Encpk(r1)。P1(R1, C1) it is sent to P2
Step 3.2, P2Generate second random number r2, calculate second temporary public key R2=r2P, calculates second ciphertextWherein ρ is random number.P2(R2, C2) it is sent to P1
Step 3.3, P1Decrypted using the private key of homomorphic encryption algorithm, calculate C2PlaintextPrimary authentication codeTarget temporary public key R=r1R2。P1Generate the 3rd random number r3, Calculate the 3rd temporary public key R3=r3P and dummy address AID=ID^h (R3, r3Ppub) and final authentication codeWherein T is current time stamp.P1By authentication information (AID, R, R3, α, T) and it is sent to server.
After step 3.4, server receive authentication information, R '=sR is calculated with its private key3, user's true address ID=AID ^h(R3, R ') and primary authentication codeCalculate final authentication codeJudge to calculate Whether authentication code α out is equal with the α that user sends over, the termination protocol if unequal, if equal calculate (β, T ') is sent to user, wherein T ' is current time stamp.
Step 3.5, P1CalculateJudge the value whether with the β that receives, if equal, Communication connection is then established, otherwise terminates this communication.
A kind of anonymous authentication system of identity-based, it is characterised in that including:
Server:For user first to server registration, server provides certification private key to the user, and server produces one completely The random big integer of sufficient security parameter calculates corresponding public key P as main private key spub=sP, main private key secret preserve, public key Publish, wherein G is a basic point of circled addition point group, which is prime number q;Server generates one for user Certification private key DID=h (s, ID) P, and a random number meet
Cipher key distribution unit:For by part private keySend P1, It is sent to P2
Distributed authentication unit:Participate in the both sides P of certification1And P2, one is generated respectively at random by distributed authentication unit Number r1And r2。P1R is calculated first1=r1P, r is encrypted using homomorphic cryptography method1Obtain C1, then send C1And R1To P2。P2Calculate R2=r2P, while P2By the property of homomorphic cryptography, can calculateCiphertext C2, and by this ciphertext C2 And R2It is sent to P1。P1Decrypt C2, and utilize the part private key of oneselfPrimary authentication code r is calculated1r2DIDMod q and R, dummy address A is calculated with xor operation and hash algorithmID, generate the 3rd temporary public key R3=r3P, is generated with hash algorithm Final authentication codeBy authentication information (AID, R, R3, α, T) and server is sent to, server will be verified Feed back to user again to authentication information, after successfully completing three-way handshake, secure communication can be established between server and user.
In the method that a kind of anonymous authentication method of above-mentioned identity-based, the cipher key distribution unit carry out key distribution Specifically include:
Step 2.1, produce a random big integer for meeting security parameter as main private key s, and calculates corresponding public key Ppub=sP, main private key secret preserve, and public key publishes, and wherein G is a basic point of circled addition point group, the order of a group For prime number q;
Step 2.2, calculate private key for user DID=h (s, ID) P, wherein h (ID) represent the cryptographic Hash of user identity ID;
One step 2.3, generation random number rID, calculate Part I private keyAnd Part II is private KeyWherein
Step 2.4, a pair of of the public private key pair (pk, sk) for generating homomorphic encryption algorithm;WillIt is sent to One participant P1, willIt is sent to the second participant P2
In a kind of anonymous authentication method of above-mentioned identity-based, the distributed authentication unit carries out distributed authentication Method specifically includes:
Step 3.1, P1Generate first random number r1, calculate first temporary public key R1=r1P, is calculated using homomorphic cryptography The public key pk of method is to r1Encrypt, i.e. first ciphertext C1=Encpk(r1)。P1(R1, C1) it is sent to P2
Step 3.2, P2Generate second random number r2, calculate second temporary public key R2=r2P, calculates second ciphertextWherein ρ is random number.P2(R2, C2) it is sent to P1
Step 3.3, P1Decrypted using the private key of homomorphic encryption algorithm, calculate C2PlaintextPrimary authentication codeTarget temporary public key R=r1R2。P1Generate the 3rd random number r3, Calculate the 3rd temporary public key R3=r3P and dummy address AID=ID^h (R3, r3Ppub) and final authentication codeWherein T is current time stamp, symbol " ^ " represents xor operation.P1By authentication information (AID, R, R3, α, T) it is sent to server.
After step 3.4, server receive authentication information, R '=sR is calculated with its private key3, user's true address ID=AID ^h(R3, R ') and primary authentication codeSo as to calculate final authentication codeSentence Whether the authentication code α calculated that breaks is equal with the α that user sends over, the termination protocol if unequal, if equal Calculate(β, T ') is sent to user, wherein T ' is current time stamp.Step 3.5, P1CalculateJudge the value whether with the β that receives, if equal, establish communication connection, otherwise eventually Only this communicates.
The present invention has the following advantages that compared with prior art and beneficial effect:1st, the security on certification private key, mesh Preceding existing threshold secret sharing scheme, although can be split certification private key, in authentication phase, private key can be resumed And grasped by one party, the leakage of private key for user is caused, so reduces the security of certification.2nd, the justice on certification Property, current existing threshold secret sharing scheme, finally holding a side of full authentication private key can independently carry out with server Certification, it is not necessary to which whole participants are participated in jointly, so reduce the fairness of certification.3rd, the present invention realizes identity-based Distributed cipher key consults and certification, ensures that both sides expose portion certification private key and will not need not recover original private in verification process Key, while verification process must simultaneously participate in by both party, be achieved in that the security and fairness of certification.4th, the present invention is based on Difficult math question, even if ensureing to have the certification private key of a side to lose, the partial authentication private key quilt that an other side will not be caused to hold Leakage, will not more reveal complete certification private key.
Brief description of the drawings
Fig. 1 is two side's identifying procedure figure of key in the present invention.
Fig. 2 is the generation of part (son) key and anonymous authentication flow chart in the present invention.
Fig. 3 is communication party in the present invention (server and user) identifying procedure figure.
Specific implementation method
The present invention is described in detail with reference to example, embodiments below only represents that the present invention is a kind of possible Embodiment, is not all of possible embodiment, not as a limitation of the invention.
In the following description of this invention, the side of being certified is referred to as user, authenticating party abbreviation server.Two integer phases Multiply (or integer symbol be multiplied), do not produce it is ambiguous in the case of, omit multiplication sign " ", such as ab is reduced to ab.mod n Represent mould n computings, the priority of mould n computings is minimum, such as a+b mod n are equal to (a+b) mod n, ab mod and are equal In (ab) mod n." ≡ " represents congruence expression, i.e. a ≡ b modn are equal to a mod n=b mod n.Gcd (a, b) represents to ask whole Number a, the greatest common factor (G.C.F.) of b, if gcd (a, b)=1 represents a, b is coprime.
For the present invention, key by server to being generated, the two side P to needing participation certification1And P2Computing device (such as PC, Intelligent mobile equipment) generating portion certification private keyWithEither party is P1Or P2It can mustn't go to Authentication information is generated in the case of whole certification private key, and server can be with the correctness of authentication verification information.Both sides are respective Preservation and the underground partial authentication private key of oneself.
In the description to authentication phase of the present invention below, P1Message is encrypted using homomorphic encryption algorithm, is used Public private key pair is (pk, sk).Define EncpkFor cryptographic calculation, DecskTo decrypt computing.DefinitionFor c1, c2Ciphertext " multiplication " computing, it is that the ciphertext in c does " index " computing with a to define c ⊙ a computings, and it is data x and data y to define x^y computings Between XOR operation, which has following property:
Public key pk does message encryption, and only unique corresponding private key sk can just be decrypted, i.e. Decsk(Encpk(m))=m;
Multiplication operation between ciphertext may map to the sum operation between plaintext, i.e.,
Ciphertext and the exponent arithmetic of certain plaintext may map to the corresponding multiplication operation with the plaintext in plain text of ciphertext, i.e. Decsk (Encpk(m1)⊙m2)=m1m2
The present invention specifically includes:
First, key distribution algorithm:
In the present invention, the private key of user anonymity certification is generated by the server registered.Two selected for user Trusted party, generating portion certification private key, operation are as follows respectively:
1st, for user first to server registration, server provides certification private key to the user, and server produces one and meets peace The random big integer of population parameter calculates corresponding public key P as main private key spub=sP, main private key secret preserve, and public key discloses Issue, wherein G is a basic point of circled addition point group, which is prime number q;
2nd, private key for user D is calculatedID=h (s, ID) P, wherein h (ID) represent the cryptographic Hash of user identity ID;
3rd, a random number r is generatedID, calculate Part I private keyAnd Part II private keyWherein
4th, a pair of of public private key pair (pk, sk) of homomorphic encryption algorithm is generated;WillIt is sent to the first participation Square P1, willIt is sent to the second participant P2
2nd, distributed authentication algorithm:
In the present invention, the user terminal authentication information of the authentication method of identity-based is by two side P1And P2It is common to complete, specifically Operation is as follows:
1、P1Generate first random number r1, calculate first temporary public key R1=r1P, uses the public affairs of homomorphic encryption algorithm Key pk is to r1Encrypt, i.e. first ciphertext C1=Encpk(r1)。P1(R1, C1) it is sent to P2
2、P2Generate second random number r2, calculate second temporary public key R2=r2P, calculates second ciphertextWherein ρ is random number.P2(R2, C2) it is sent to P1
3、P1Decrypted using the private key of homomorphic encryption algorithm, calculate C2PlaintextPrimary authentication codeTarget temporary public key R=r1R2。P1Generate the 3rd random number r3, Calculate the 3rd temporary public key R3=r3P and dummy address AID=ID^h (R3, r3Ppub) and final authentication codeWherein T is current time stamp.P1By authentication information (AID, R, R3, α, T) and it is sent to server.
4th, after server receives authentication information, R '=sR is calculated with its private key3, user's true address ID=AID^h(R3, R ') and primary authentication codeCalculate authentication codeJudge the certification calculated Whether code α is equal with the α that user sends over, the termination protocol if unequal, if equal calculate(β, T ') is sent to user, wherein T ' is current time stamp.
5、P1CalculateJudge the value whether with the β that receives, if equal, establish Communication connection, otherwise terminates this communication.
The present invention is in P1And P2In communication, zero-knowledge proof mechanism is added, for proving that the data sent are actually from Sender's, so as to reduce the risk that data are tampered, improve the security of scheme.
Specific implementation example described herein is only to spirit explanation for example of the invention.Technology belonging to the present invention The technical staff in field can do various modifications or additions to described specific implementation example or use similar side Formula substitutes, but without departing from spirit of the invention or beyond the scope of the appended claims.

Claims (6)

  1. A kind of 1. anonymous authentication method of identity-based, it is characterised in that including:
    Key distributing step:A random big integer for meeting security parameter is produced as main private key s, and calculates corresponding public key Ppub=sP, main private key secret preserve, and public key publishes, and wherein P is a basic point of circled addition point group, the order of a group For prime number q;Then a certification private key D is generatedID=h (s, ID) P, and a random number meetGenerate a certification private key DID=h (s, ID) P, and a random number rIDIt is allowed to meetBy part private keySend P1,Send To P2
    Distributed authentication step:Participate in the both sides P of certification1And P2, a random number r is generated respectively1And r2;P1R is calculated first1= r1P, r is encrypted using homomorphic cryptography method1Obtain C1, then send C1And R1To P2;P2Calculate R2=r2P, while P2Pass through homomorphism Encrypted property, can calculateCiphertext C2, and by this ciphertext C2And R2It is sent to P1;P1Decrypt C2, And utilize the part private key of oneselfPrimary authentication code r is calculated1r2DIDModq and R, with xor operation and hash algorithm Calculate dummy address AID, generate the 3rd temporary public key R3=r3P, final authentication code is generated with hash algorithmBy authentication information (AID, R, R3, α, T) and server is sent to, server believes verification to certification Breath feeds back to user again, and after successfully completing three-way handshake, secure communication can be established between server and user.
  2. A kind of 2. anonymous authentication method of identity-based according to claim 1, it is characterised in that the key distribution step Suddenly specifically include:
    Step 2.1, produce a random big integer for meeting security parameter as main private key s, and calculates corresponding public key Ppub= SP, main private key secret preserve, and public key publishes, and wherein P is a basic point of circled addition point group, which is prime number q;
    Step 2.2, calculate private key for user DID=h (s, ID) P, wherein h (ID) represent the cryptographic Hash of user identity ID;
    One step 2.3, generation random number rID, calculate Part I private keyAnd Part II private keyWherein
    Step 2.4, a pair of of the public private key pair (pk, sk) for generating homomorphic encryption algorithm;WillIt is sent to the first ginseng With square P1, willIt is sent to the second participant P2
  3. A kind of 3. anonymous authentication method of identity-based according to claim 1, it is characterised in that the distributed authentication Step specifically includes:
    Step 3.1, P1Generate first random number r1, calculate first temporary public key R1=r1P, uses the public affairs of homomorphic encryption algorithm Key pk is to r1Encrypt, i.e. first ciphertext C1=Encpk(r1);P1(R1, C1) it is sent to P2
    Step 3.2, P2Generate second random number r2, calculate second temporary public key R2=r2P, calculates second ciphertextWherein ρ is random number;P2(R2, C2) it is sent to P1
    Step 3.3, P1Decrypted using the private key of homomorphic encryption algorithm, calculate C2PlaintextPrimary authentication codeTarget temporary public key R=r1R2;P1Generate the 3rd random number r3, Calculate the 3rd temporary public key R3=r3P and dummy address AID=ID^h (R3, r3Ppub) and final authentication codeWherein T is current time stamp, and ^ represents xor operation;P1By authentication information (AID, R, R3, α, T) and hair Give server;
    After step 3.4, server receive authentication information, R '=sR is calculated with its private key3, user's true address ID=AID^h (R3, R ') and primary authentication codeCalculate authentication codeJudge what is calculated Whether authentication code α is equal with the α that user sends over, the termination protocol if unequal, if equal calculate(β, T ') is sent to user, wherein T ' is current time stamp;
    Step 3.5, P1CalculateJudge the value whether with the β that receives, if equal, build Vertical communication connection, otherwise terminates this communication.
  4. A kind of 4. anonymous authentication system of identity-based, it is characterised in that including:
    Server:For user first to server registration, server provides certification private key to the user, and server produces one and meets peace The random big integer of population parameter calculates corresponding public key P as main private key spub=sP, main private key secret preserve, and public key discloses Issue, wherein P is a basic point of circled addition point group, which is prime number q;Server generates a certification for user Private key DID=h (s, ID) P, and a random number meet
    Cipher key distribution unit:For by part of keySend P1,Hair Give P2
    Distributed authentication unit:Participate in the both sides P of certification1And P2, a random number r is generated by distributed authentication unit respectively1 And r2;P1R is calculated first1=r1P, r is encrypted using homomorphic cryptography method1Obtain C1, then send C1And R1To P2;P2Calculate P2= r2P, while P2By the property of homomorphic cryptography, can calculateCiphertext C2, and by this ciphertext C2And R2 It is sent to P1;P1Decrypt C2, and utilize the part private key of oneselfPrimary authentication code r is calculated1r2DIDModq and R, use are different Or operation and hash algorithm calculate dummy address AID, generate the 3rd temporary public key R3=r3P, is finally recognized with hash algorithm generation Demonstrate,prove codeBy authentication information (AID, R, R3, α, T) and it is sent to server, server is by verification to recognizing Card information feeds back to user again, and after successfully completing three-way handshake, secure communication can be established between server and user.
  5. 5. the anonymous authentication method of a kind of identity-based according to claim 4, it is characterised in that the key distribution is single The method that member carries out key distribution specifically includes:
    Step 2.1, produce a random big integer for meeting security parameter as main private key s, and calculates corresponding public key Ppub= SP, main private key secret preserve, and public key publishes, and wherein G is a basic point of circled addition point group, which is prime number q;
    Step 2.2, calculate private key for user DID=h (s, ID) P, wherein h (ID) represent the cryptographic Hash of user identity ID;
    One step 2.3, generation random number rID, calculate Part I private keyAnd Part II private keyWherein
    Step 2.4, a pair of of the public private key pair (pk, sk) for generating homomorphic encryption algorithm;WillIt is sent to the first ginseng With square P1, willIt is sent to the second participant P2
  6. A kind of 6. anonymous authentication method of identity-based according to claim 4, it is characterised in that the distributed authentication The method that unit carries out distributed authentication specifically includes:
    Step 3.1, P1Generate first random number r1, calculate first temporary public key R1=r1P, uses the public affairs of homomorphic encryption algorithm Key pkTo r1Encrypt, i.e. first ciphertext C1=Encpk(r1);P1(R1, C1) it is sent to P2
    Step 3.2, P2Generate second random number r2, calculate second temporary public key R2=r2P, calculates second ciphertextWherein ρ is random number;P2(R2, C2) it is sent to P1
    Step 3.3, P1Decrypted using the private key of homomorphic encryption algorithm, calculate C2PlaintextPrimary authentication codeTarget temporary public key R=r1R2;P1Generate the 3rd random number r3, Calculate the 3rd temporary public key R3=r3P and dummy address AID=ID^h (R3, r3Ppub) and final authentication codeWherein T is current time stamp;P1By authentication information (AID, R, R3, α, T) and it is sent to server;
    After step 3.4, server receive authentication information, R '=sR is calculated with its private key3, user's true address ID=AID^h (R3, R ') and primary authentication codeCalculate authentication codeJudge what is calculated Whether authentication code α is equal with the α that user sends over, the termination protocol if unequal, if equal calculate(β, T ') is sent to user, wherein T ' is current time stamp;
    Step 3.5, P1CalculateJudge the value whether with the β that receives, if equal, build Vertical communication connection, otherwise terminates this communication.
CN201711132811.7A 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity Active CN107947913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711132811.7A CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711132811.7A CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Publications (2)

Publication Number Publication Date
CN107947913A true CN107947913A (en) 2018-04-20
CN107947913B CN107947913B (en) 2020-08-07

Family

ID=61932393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711132811.7A Active CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Country Status (1)

Country Link
CN (1) CN107947913B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109523683A (en) * 2018-12-29 2019-03-26 杭州趣链科技有限公司 A kind of blank electronic voting method based on block chain technology
CN109617675A (en) * 2018-11-15 2019-04-12 国网电动汽车服务有限公司 Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
CN109861816A (en) * 2019-02-22 2019-06-07 矩阵元技术(深圳)有限公司 Data processing method and device
CN109889541A (en) * 2019-03-25 2019-06-14 郑州轻工业学院 The mobile device authentication method for having anonymous reward distribution and privacy of identities protection
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN110213036A (en) * 2019-06-17 2019-09-06 西安电子科技大学 Based on the storage of Internet of Things mist calculating-edge calculations secure data and calculation method
CN111277571A (en) * 2020-01-13 2020-06-12 熊国华 Enterprise APP login management system based on zero-knowledge proof
CN111277411A (en) * 2020-01-21 2020-06-12 南京如般量子科技有限公司 Anti-quantum computation vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN113794693A (en) * 2021-08-25 2021-12-14 浪潮云信息技术股份公司 Distributed SM9 key secure distribution method for preventing server number expansion
CN114329421A (en) * 2021-12-03 2022-04-12 北京海泰方圆科技股份有限公司 Anonymous authentication method, device, system, medium and equipment
CN114513316A (en) * 2020-10-27 2022-05-17 国家电网有限公司大数据中心 Identity-based anonymous authentication method, server and user terminal equipment
WO2022110083A1 (en) * 2020-11-28 2022-06-02 华为技术有限公司 Communication method and apparatus
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment
CN115766033A (en) * 2022-11-18 2023-03-07 电子科技大学 Threshold single sign-on method for privacy protection
CN116974624A (en) * 2023-06-28 2023-10-31 三峡科技有限责任公司 Enterprise-level interface document management system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
GB2543359A (en) * 2015-10-16 2017-04-19 Samsung Electronics Co Ltd Methods and apparatus for secure communication
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2543359A (en) * 2015-10-16 2017-04-19 Samsung Electronics Co Ltd Methods and apparatus for secure communication
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YEHUDA LINDELL: "Fast Secure Two-Party ECDSA Signing", 《ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE》 *

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617675A (en) * 2018-11-15 2019-04-12 国网电动汽车服务有限公司 Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
CN109617675B (en) * 2018-11-15 2024-02-06 国网电动汽车服务有限公司 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal
CN109523683B (en) * 2018-12-29 2021-05-04 杭州趣链科技有限公司 Anonymous electronic voting method based on block chain technology
CN109523683A (en) * 2018-12-29 2019-03-26 杭州趣链科技有限公司 A kind of blank electronic voting method based on block chain technology
CN109861816A (en) * 2019-02-22 2019-06-07 矩阵元技术(深圳)有限公司 Data processing method and device
CN109889541A (en) * 2019-03-25 2019-06-14 郑州轻工业学院 The mobile device authentication method for having anonymous reward distribution and privacy of identities protection
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN110213036A (en) * 2019-06-17 2019-09-06 西安电子科技大学 Based on the storage of Internet of Things mist calculating-edge calculations secure data and calculation method
CN111277571A (en) * 2020-01-13 2020-06-12 熊国华 Enterprise APP login management system based on zero-knowledge proof
CN111277411B (en) * 2020-01-21 2022-12-30 南京如般量子科技有限公司 Anti-quantum computing vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices
CN111277411A (en) * 2020-01-21 2020-06-12 南京如般量子科技有限公司 Anti-quantum computation vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN114513316A (en) * 2020-10-27 2022-05-17 国家电网有限公司大数据中心 Identity-based anonymous authentication method, server and user terminal equipment
CN114513316B (en) * 2020-10-27 2024-01-16 国家电网有限公司大数据中心 Anonymous authentication method based on identity, server and user terminal equipment
WO2022110083A1 (en) * 2020-11-28 2022-06-02 华为技术有限公司 Communication method and apparatus
CN113794693A (en) * 2021-08-25 2021-12-14 浪潮云信息技术股份公司 Distributed SM9 key secure distribution method for preventing server number expansion
CN114329421A (en) * 2021-12-03 2022-04-12 北京海泰方圆科技股份有限公司 Anonymous authentication method, device, system, medium and equipment
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment
CN114826614B (en) * 2022-04-22 2024-02-23 安天科技集团股份有限公司 Distributed storage method and device for authenticatable password library file and electronic equipment
CN115766033A (en) * 2022-11-18 2023-03-07 电子科技大学 Threshold single sign-on method for privacy protection
CN115766033B (en) * 2022-11-18 2024-04-16 电子科技大学 Threshold single sign-on method for privacy protection
CN116974624A (en) * 2023-06-28 2023-10-31 三峡科技有限责任公司 Enterprise-level interface document management system and method
CN116974624B (en) * 2023-06-28 2024-04-05 三峡科技有限责任公司 Enterprise-level interface document management system and method

Also Published As

Publication number Publication date
CN107947913B (en) 2020-08-07

Similar Documents

Publication Publication Date Title
CN107947913A (en) The anonymous authentication method and system of a kind of identity-based
US10903991B1 (en) Systems and methods for generating signatures
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107733648B (en) Identity-based RSA digital signature generation method and system
US8108678B1 (en) Identity-based signcryption system
CN107342859B (en) A kind of anonymous authentication method and its application
US8930704B2 (en) Digital signature method and system
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
CN107124268A (en) A kind of privacy set common factor computational methods for resisting malicious attack
CN107707358A (en) A kind of EC KCDSA digital signature generation method and system
CN104660415A (en) Multi-inter-domain asymmetric group key agreement protocol method in mobile cloud computing environment
CN110278088A (en) A kind of SM2 collaboration endorsement method
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN110113155A (en) One kind is efficiently without CertPubKey encryption method
CN109639439A (en) A kind of ECDSA digital signature method based on two sides collaboration
EP3360279A1 (en) Public key infrastructure&method of distribution
CN109547199A (en) A kind of method that multi-party joint generates SM2 digital signature
CN107888380A (en) A kind of the RSA digital signature generation method and system of two sides distribution identity-based
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
Rezaeibagha et al. Secure and privacy-preserved data collection for IoT wireless sensors
Mehta et al. Group authentication using paillier threshold cryptography
CN107294972A (en) The broad sense multi-receiver anonymity label decryption method of identity-based
Surya et al. Single sign on mechanism using attribute based encryption in distributed computer networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant