CN108768625A - With pre- arbitration functions without certificate multi-receiver anonymity label decryption method - Google Patents

With pre- arbitration functions without certificate multi-receiver anonymity label decryption method Download PDF

Info

Publication number
CN108768625A
CN108768625A CN201810419120.3A CN201810419120A CN108768625A CN 108768625 A CN108768625 A CN 108768625A CN 201810419120 A CN201810419120 A CN 201810419120A CN 108768625 A CN108768625 A CN 108768625A
Authority
CN
China
Prior art keywords
indicate
recipient
sender
key
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810419120.3A
Other languages
Chinese (zh)
Other versions
CN108768625B (en
Inventor
庞辽军
魏萌萌
李慧贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810419120.3A priority Critical patent/CN108768625B/en
Publication of CN108768625A publication Critical patent/CN108768625A/en
Application granted granted Critical
Publication of CN108768625B publication Critical patent/CN108768625B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The invention discloses a kind of with pre- arbitration functions without certificate multi-receiver anonymity label decryption method, the technical problem for solving existing no certificate multi-receiver anonymity label decryption method fairness difference.Technical solution is registration phase, and user and key generation centre KGC generate the private key and public key of user jointly.The close stage is signed, sender generates parameter related with hiding recipient's identity information judges authorized receiver's parameter in advance, and judges ciphertext signature verification parameter in advance using the private key of oneself generation, then to being encrypted in plain text.Solution signs the close stage, recipient calculates first with the private key of oneself, judge the recipient oneself whether authorized by the pre- judgement authorized receiver parameter in ciphertext, recipient again by judging that ciphertext signature verification parameter judges whether informed source is legal and whether ciphertext is complete in advance in advance, otherwise, it exits solution and signs close process.The present invention realizes and prejudges the function whether recipient of breaking authorizes under the premise of satisfaction judges justice.

Description

With pre- arbitration functions without certificate multi-receiver anonymity label decryption method
Technical field
It is the present invention relates to a kind of no certificate multi-receiver anonymity label decryption method, more particularly to a kind of with pre- arbitration functions Without certificate multi-receiver anonymity label decryption method.
Background technology
Multi-receiver communication occupies an important position in distributed network application, and multi-receiver label secret skill art is considered as Ensure its safety and improves the effective means of communication efficiency.In practice, multi-receiver label secret skill art can be used for browsing of paying The scenes such as system, Web conference.Close calculating effect is signed in order to reduce the close calculating of the solution label of recipient in varied situations, improve solution Rate needs multi-receiver label secret skill art as support.
Document " Efficient anonymous multireceiver certificateless encryption.IEEE Systems Journal.2017,11(4):2602-2613 " discloses a kind of effective much more anonymous connect Receipts person is without certificate encryption method.In encrypting stage, the parameter for hiding each recipient's identity information is included in ciphertext by this method In be sent to recipient.In decryption phase, after each recipient receives the ciphertext that sender sends over, the private key of oneself is utilized And known parameters calculate the hiding identity information parameter of oneself, and this value has been searched whether in ciphertext.If so, explanation Oneself it is authorized receiver and continues to execute decrypting process, otherwise, illustrating oneself not is authorized receiver and exits decrypting process. This method causes pre- judgement authorized receiver to be inequitable.Once the partial parameters in ciphertext are destroyed, it is possible to lead A part of authorized receiver is caused to may determine that whether oneself authorizes, another part authorized receiver neutralizes oneself phase due to ciphertext The parameter for the pre- judgement authorized receiver closed is destroyed, then can not judge whether oneself authorizes.In addition, this method does not judge in advance The function of informed source and ciphertext integrality.
Invention content
In order to overcome the shortcomings of that existing no certificate multi-receiver anonymity label decryption method fairness is poor, the present invention provides a kind of tool Have pre- arbitration functions without certificate multi-receiver anonymity label decryption method.This method registration phase, user and key generation centre KGC The common private key and public key for generating user.The close stage is signed, sender generates parameter related with hiding recipient's identity information Judge authorized receiver's parameter in advance, and judges ciphertext signature verification parameter in advance using generations such as the private key parameters of oneself, it is finally right It is encrypted in plain text.Solution signs the close stage, and recipient calculates first with parameters such as the private keys of oneself, passes through the anticipation in ciphertext Disconnected authorized receiver's parameter judges the recipient oneself whether authorized.It is otherwise moved back if so, continuing to execute solution and signing close process Go out solution and signs close process;Recipient again by judging that ciphertext signature verification parameter judges whether informed source legal and ciphertext in advance in advance It is whether complete.If so, continuing to execute solution signs close process, otherwise, exits solution and sign close process.The first, the present invention is realized full It is sufficient to judge to prejudge the function whether recipient of breaking authorizes under the premise of justice, avoid the anticipation that recipient carries out because unauthorized The unnecessary operation such as disconnected informed source and decryption;Second while realizing pre- judgement informed source and ciphertext integrality Function avoids the unnecessary operations such as the decryption carried out because informed source is illegal or ciphertext is imperfect.
The technical solution adopted by the present invention to solve the technical problems:A kind of more receiving without certificate with pre- arbitration functions Person's anonymity label decryption method, its main feature is that including the following steps:
Step 1: user U randomly selects an integer xUAs the secret value of oneself, the public key of oneself is calculated according to the following formula Parameter XU
XU=xUP
Wherein, user U includes sender S and recipient Ri, i indicate count vernier, be greater than 0 integer, XUIndicate user The public key parameter of U, xUIndicate that the secret value of user U, P indicate the generation on the elliptic curve E that key generation centre KGC chooses Member;
Step 2: user U is by the identity information ID of oneselfUWith public key parameter XUKey is sent to by overt channel to generate Center KGC;
Step 3: key generation centre KGC receives the identity information ID that user U is sended overUWith public key parameter XUAfterwards, with Machine chooses an integer vU, the part public key V of user U is calculated separately according to the following formulaUWith part private key yU
VU=vUP
yU=sH0(XU+VU,IDU)+vUmodp
Wherein, VUIndicate that key generation centre KGC is the part public key that user U is generated, vUIndicate key generation centre KGC For the integer that user U is randomly selected, yUIndicate that key generation centre KGC is the part private key that user U is generated, s indicates key life At the system master key that center KGC chooses, H0Indicate the password one-way Hash function chosen by key generation centre KGC, IDUTable Show that the identity information of user U, mod indicate that modulus operation, p indicate the Big prime that key generation centre KGC chooses;
Step 4: key generation centre KGC is by the part public key V of user UUIt is sent to user U by overt channel, simultaneously By the part private key y of user UUIt is sent to user U by safe lane;
Step 5: user U receives the part public key V that key generation centre KGC is sended overUWith part private key yUAfterwards, judge Part private key yUWhether following equation is met.It otherwise reports an error to key generation centre KGC, and move back if so, executing step 6 Go out user registration course:
yUP=H0(XU+VU,IDU)Ppub+VU
Wherein, PpubIndicate the system public key that key generation centre KGC is generated;
Step 6: according to the following formula, user U calculates separately the private key SK of oneselfUWith public key PKU, and to private key SKUInto Row is securely held, while by public key PKUBe sent to key generation centre KGC by safe lane, backed off after random user's registration mistake Journey;
SKU=xU+yUmodp
PKU=XU+VU
Wherein, SKUIndicate the private key of user U, PKUIndicate the public key of user U;
Step 7: key generation centre KGC receives the public key PK that user U is sentUWith part private key yUMessage after, externally Announce the public key PK of user UU, and exit user registration course;
Step 8: sender S judges whether oneself has executed step 1 to the user registration course of step 7 and obtained It is derived from oneself public key PKSWith private key SKS.If so, directly executing step 9, otherwise, sender S executes user registration course and obtains It is derived from oneself public key PKSWith private key SKSAfterwards, then step 9 is executed;
Step 9: sender S randomly selects n recipient R in registered user U1,R2,...,Rn, wherein n tables The number for showing the registered recipient that sender S is randomly selected, is greater than 0 integer;
Step 10: sender S randomly selects an integer t, the close verification share T of label, often is calculated separately according to the following formula One recipient RiPublic key hide parameter KiAnd each recipient RiFalse identity value ui
T=tP
Ki=t (PKi+H0(PKi,IDi)Ppub)
ui=H0(Ki,IDi)
Wherein, T indicates that the close verification share of label that sender S is calculated, t indicate the integer that sender S is randomly selected, KiIt indicates I-th of recipient R that sender S is calculatediPublic key hide parameter, PKiIndicate i-th of recipient RiPublic key, IDiIndicate i-th A recipient RiIdentity information, uiIndicate i-th of recipient R that sender S is calculatediFalse identity value, i indicate count vernier, I=1,2 ..., n, n indicate the number for the registered recipient that sender S is randomly selected, are greater than 0 integer;
Step 11: sender S randomly selects an integer l, according to the following formula, construction recipient RiIdentity information is mixed Conjunction value f (ξ) and calculating judge authorized receiver's parameter L in advance:
Wherein ai∈Zp *, A={ a0,a1,…an-1}
L=H1(T,l)
Wherein, l indicates that the integer that sender S is randomly selected, f (ξ) indicate the recipient R that sender S is calculatediIdentity information Mixed number, ξ indicate that independent variable, ∏ indicate even to multiply operation, and L indicates the pre- judgement authorized receiver parameter that sender S is calculated, H1Table Show that the password one-way Hash function chosen by key generation centre KGC, A indicate the recipient R that sender S is calculatediIdentity information Each term coefficient a of mixed number f (ξ)0,a1,…,an-1Set, a0,a1,…,an-1Indicate the recipient R that sender S is calculatediBody Every coefficient of part information mixed number f (ξ);
Step 12: according to the following formula, sender S calculates separately parameter σ, the identity information for hiding oneself identity information Certificate parameter Z, symmetric key k and cipher-text message δ:
σ=H2(L,l,A)
K=H0(T,σ)
δ=Ek(M)
Wherein, σ indicates that the parameter for hiding oneself identity information that sender S is calculated, Z indicate that sender's S identity informations are tested Parameter is demonstrate,proved,Indicate binary system xor operation by turn, IDSIndicate that the identity information of sender S, k indicate pair that sender S is calculated Key, δ is claimed to indicate the cipher-text message that sender S is calculated, Ek() indicates the symmetric encipherment algorithm that key generation centre KGC chooses, M indicates clear-text message, H2,H3Indicate the password one-way Hash function chosen by key generation centre KGC;
Step 13: according to the following formula, sender S calculates separately pre- judgement ciphertext signature section parameter beta and pre- judgement Ciphertext signature verification parameter w:
β=H4(T,A,σ,L,Z,δ,IDS)
W=t+SKS+βmodp
Wherein, β indicates that the pre- judgement ciphertext signature section parameter that sender S is calculated, w indicate the anticipation that sender S is calculated Disconnected ciphertext signature verification parameter, SKSIndicate the private key of sender S, H4Indicate that the password chosen by key generation centre KGC is unidirectional Hash function;
Step 14: sender S will sign close verification share T, recipient RiEach term coefficient of identity information mixed number f (ξ) a0,a1,...,a1Set A, pre- judge authorized receiver's parameter L, identity information certificate parameter Z, cipher-text message δ and pre- judgement Ciphertext signature verification parameter w constitutes label ciphertext C=<T,A,L,Z,δ,w>, and to label ciphertext C broadcast, backed off after random Sender signs close process;
Step 15: according to the following formula, recipient RiIt calculates separately public key and hides parameter Ki', the false identity value of oneself ui', recipient RiThe integer l ' that identity information mixed number f (ξ) and sender S are randomly selected:
Ki'=SKiT
ui'=H0(Ki′,IDi)
F (ξ)=ξn+an-1ξn-1+…+a1ξ+a0
L '=f (ui′)
Wherein, Ki' indicate i-th of recipient RiThe public key of oneself calculated hides parameter, SKiIndicate i-th of recipient Ri Private key, ui' indicate i-th of recipient RiThe false identity value of oneself calculated, i-th of recipient R of l ' expressionsiThe transmission of calculating The integer that person S is randomly selected, i indicate that counting vernier, i=1,2 ..., τ, τ expression are registered and connect in key generation centre KGC The number for receiving the recipient of message is greater than 0 integer;
Step 16: recipient RiJudge whether equation is true in advance, if so, it executes step 10 eight and otherwise exits Recipient, which solves, signs close process:
L=H1(T,l′)
Step 17: according to the following formula, recipient RiCalculate separately parameter σ ', the hair of hiding sender S identity informations The person's of sending S identity informations IDS' and it is pre- judge ciphertext signature section parameter beta ':
σ '=H2(L,l′,A)
IDS'=H3(σ′,L)⊕Z
β '=H4(T,A,σ′,L,Z,δ,IDS′)
Wherein, i-th of recipient R of σ ' expressionsiThe parameter of the hiding sender S identity informations calculated, IDS' indicate i-th Recipient RiThe identity information of the sender S of calculating, i-th of recipient R of β ' expressionsiThe pre- judgement ciphertext signature section ginseng calculated Number, i indicate to count vernier, i=1,2 ..., n;
Step 18: recipient RiJudge whether equation is true in advance.If so, it executes step 10 nine and otherwise exits Recipient, which solves, signs close process:
(w- β ') P=T+PKS+H0(PKS,IDS)Ppub
Wherein, PKSIndicate the public key of sender S;
Step 19: according to the following formula, recipient RiIt calculates separately symmetric key k ' and clear-text message M ' and exits and connect Receipts person, which solves, signs close process:
K '=H0(T, σ ')=k
M '=Dk′(δ)=Dk(δ)=M
Wherein, i-th of recipient R of k ' expressionsiThe symmetric key of calculating, i-th of recipient R of M ' expressionsiDecryption obtains bright Literary message, Dk() and Dk′() indicates the symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetric solution Close algorithm.
The beneficial effects of the invention are as follows:This method registration phase, user and key generation centre KGC generate user's jointly Private key and public key.The close stage is signed, parameter related with hiding recipient's identity information is generated pre- judgement and authorizes reception by sender Person's parameter, and ciphertext signature verification parameter is judged in advance using generations such as the private key parameters of oneself, finally to being encrypted in plain text.Solution The close stage is signed, recipient calculates first with parameters such as the private keys of oneself, joins by the pre- judgement authorized receiver in ciphertext Number judges the recipient oneself whether authorized.If so, continuing to execute solution signs close process, otherwise, exits solution and sign close process;It connects Receipts person again by judging that ciphertext signature verification parameter judges whether informed source is legal and whether ciphertext is complete in advance in advance.If It is to continue to execute solution to sign close process, otherwise, exits solution and sign close process.The present invention realizes under the premise of meeting judgement justice The function whether disconnected recipient of anticipation authorizes avoids pre- judgement informed source and decryption etc. that recipient carries out because unauthorized Unnecessary operation;The function of realizing pre- judgement informed source and ciphertext integrality simultaneously, avoids because of informed source not The unnecessary operations such as the decryption that legal or ciphertext is imperfect and carries out.
Specific first, this method uses n-order polynomial technology, and the parameter for hiding each recipient's identity information is carried out Mixing generates judge authorized receiver's parameter in advance later, each recipient for judge oneself be authorized receiver ginseng Number is the same, judges whether oneself authorizes with different parameters rather than the different recipient of the method in background technology Recipient.In the method, when label ciphertext is destroyed in transmission process, all recipients can judge or not It can judge the recipient oneself whether authorized, therefore, this method is realized prejudges disconnecting under the premise of meeting judgement justice It is unnecessary to avoid pre- judgement informed source and decryption that recipient carries out because unauthorized etc. for the function whether receipts person authorizes Operation, such as non authorized recipients need not execute Step 17: 18,19.
The second, this method realizes the function of pre- judgement informed source and ciphertext integrality, i.e. step 10 eight, avoids The unnecessary operations such as the decryption carried out because informed source is illegal or ciphertext is imperfect, for example, informed source it is illegal or In the case of ciphertext is incomplete, recipient need not execute the decryption of step 10 nine and obtain operation in plain text.And the method in background technology There is no verifications to judge the function of informed source and ciphertext integrality in advance, if informed source is illegal or ciphertext integrality It is destroyed, recipient will still execute decryption and obtain operation in plain text.
It elaborates with reference to the accompanying drawings and detailed description to the present invention.
Description of the drawings
Fig. 1 is the flow chart without certificate multi-receiver anonymity label decryption method that the present invention has pre- arbitration functions.
Specific implementation mode
Explanation of nouns:
KGC:Key Generation Center, key generation centre, be trusted third party, be responsible for generate sender S and Recipient RiPublic key and part private key, i indicate count vernier, be greater than 0 integer;
γ:The system security parameter that key generation centre KGC chooses;
Fp:The rank that key generation centre KGC chooses is the finite field of Big prime p;
E:The finite field F that key generation centre KGC choosespOn safety elliptic curve;
Gp:The addition cyclic group on elliptic curve E that key generation centre KGC chooses;
P:Generation member on the elliptic curve E that key generation centre KGC chooses;
p:The Big prime that key generation centre KGC chooses;
s:The system master key that key generation centre KGC chooses;
∈:Defined domain symbol, such as z ∈ Zp *, indicate that z is non-zero multiplicative group Zp *In an element;
Zp *:The non-zero multiplicative group constituted based on Big prime p;
Ppub:The system public key that key generation centre KGC is generated;
Hj:The 5 password one-way Hash functions chosen by key generation centre KGC, wherein j=0,1,2,3,4;
{0,1}*:The string that arbitrarily long " 0 " or " 1 " is constituted;
×:Cartesian product, such as set A={ a, b }, set B={ 0,1 }, then two set cartesian products be A × B={ (a, 0), (a, 1), (b, 0), (b, 1) };
F→B:Mappings of the domain F to codomain B;
params:The systematic parameter of key generation centre KGC constructions;
i:Vernier is counted, 0 integer is greater than;
n:The number for the registered recipient that sender S is randomly selected, is greater than 0 integer;
τ:The number for having registered and having received the recipient of message in key generation centre KGC, is greater than 0 integer, In, recipient includes authorized receiver and non authorized recipients, and what authorized receiver indicated that sender S is randomly selected registered connects Receipts person, non authorized recipients indicate the registered recipient not chosen by sender S;
k:The symmetric key that sender S is calculated;
k′:I-th of recipient RiThe symmetric key of calculating, i indicate counting vernier, and i=1,2 ..., n are awarded in recipient Power, informed source is legal and ciphertext it is complete under the premise of it is equal with the symmetric key k that sender S is calculated;
Ek(.):The symmetric encipherment algorithm that key generation centre KGC chooses, such as des encryption algorithm;
Dk(.):The symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetrical decipherment algorithm, example Such as DES decipherment algorithms;
Dk′(.):The symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetrical decipherment algorithm, example Such as DES decipherment algorithms, k '=k under the premise of recipient authorizes, informed source is legal and ciphertext is complete;
U:User, including sender S and recipient Ri, i indicate count vernier, be greater than 0 integer;
S:Sender;
Ri:Recipient, i indicate counting vernier, are greater than 0 integer;
xU:The secret value of user U is chosen by user U oneself, for generating the private key SK of user UUParameter;
XU:The public key parameter of user U is generated by user U oneself, for generating the public key PK of user UUParameter;
IDU:The identity information of user U;
vU:Key generation centre KGC is the integer that user U is randomly selected;
VU:Key generation centre KGC is the part public key that user U is generated, for generating the public key PK of user UUParameter;
PKU:The public key of user U is generated jointly by user U and key generation centre KGC;
yU:Key generation centre KGC is the part private key that user U is generated, for generating the private key SK of user UUParameter;
SKU:The private key of user U is generated jointly by user U and key generation centre KGC;
IDS:The identity information of sender S;
IDS′:I-th of recipient RiThe identity information of the sender S of calculating, i indicate to count vernier, i=1,2 ..., n, n The number for indicating the registered recipient that sender S is randomly selected, is greater than 0 integer;
PKS:The public key of sender S is generated jointly by originator S and key generation centre KGC;
SKS:The private key of sender S is generated jointly by sender S and key generation centre KGC;
IDi:I-th of recipient RiIdentity information, i indicate count vernier, be greater than 0 integer;
PKi:I-th of recipient RiPublic key, by i-th of recipient RiIt is generated jointly with key generation centre KGC, i is indicated Vernier is counted, 0 integer is greater than;
SKi:I-th of recipient RiPrivate key, by i-th of recipient RiIt is generated jointly with key generation centre KGC, i is indicated Vernier is counted, 0 integer is greater than;
t:The integer that sender S is randomly selected;
T:The close verification share of label that sender S is calculated is the part for signing ciphertext C;
Ki:I-th of recipient R that sender S is calculatediPublic key hide parameter, i=1,2 ..., n, n indicate sender S The number of the registered recipient randomly selected is greater than 0 integer;
Ki′:I-th of recipient RiThe public key of oneself calculated hides parameter, and i indicates to count vernier, i=1,2 ..., τ, τ The recipient of message number is registered and received to expression in key generation centre KGC, is greater than 0 integer;
ui:I-th of recipient R that sender S is calculatediFalse identity value, i indicate count vernier, i=1,2 ..., n, n tables The number for showing the registered recipient that sender S is randomly selected, is greater than 0 integer;
ui′:I-th of recipient RiThe false identity value of oneself calculated, i indicate to count vernier, i=1,2 ..., τ, τ expression The number for having registered and having received the recipient of message in key generation centre KGC, is greater than 0 integer;
f(ξ):The recipient R that sender S is calculatediIdentity information mixed number, ξ indicate that independent variable, i indicate to count vernier, i The number for the registered recipient that=1,2 ..., n, n expression sender S is randomly selected, is greater than 0 integer;
∏:Company multiplies operation, such as
l:The integer that sender S is randomly selected;
l′:I-th of recipient RiThe integer that the sender S of calculating is randomly selected, for judging what whether recipient authorized Parameter, i indicate that counting vernier, i=1,2 ..., τ, τ expression are registered in key generation centre KGC and receive connecing for message The number of receipts person is greater than 0 integer;
mod:Modulus operates, such as 7mod4=3;
A:The recipient R that sender S is calculatediEach term coefficient a of identity information mixed number f (ξ)0,a1,...,an-1Collection Close, be the part for signing ciphertext C, ξ indicates independent variable, and i indicates to count vernier, i=1,2 ..., n, n indicate sender S with The number for the registered recipient that machine is chosen, is greater than 0 integer;
a0,a1,...,an-1:The recipient R that sender S is calculatediEvery coefficient of identity information mixed number f (ξ), ξ tables Showing that independent variable, i indicate to count vernier, i=1,2 ..., n, n indicate the number for the registered recipient that sender S is randomly selected, It is greater than 0 integer;
L:The pre- judgement authorized receiver parameter that sender S is calculated is the part for signing ciphertext C, for judging to receive Whether person authorizes;
σ:The parameter for hiding oneself identity information that sender S is calculated;
σ′:I-th of recipient RiThe parameter of the hiding sender S identity informations calculated, for whether judging informed source The whether complete parameter of legal, ciphertext, i=1,2 ..., n, n indicate the number for the registered recipient that sender S is randomly selected Mesh is greater than 0 integer;
Z:Sender's S identity information certificate parameters are the parts for signing ciphertext C;
⊕:Binary system xor operation, such as 110 ⊕ 010=100 by turn;
δ:The cipher-text message that sender S is calculated is the part for signing ciphertext C;
M:Clear-text message;
M′:I-th of recipient RiObtained clear-text message is decrypted, recipient authorizes, informed source is legal and ciphertext Equal with clear-text message M under the premise of complete, i indicates to count vernier, i=1, and 2 ..., n, n indicate what sender S was randomly selected The number of registered recipient is greater than 0 integer;
β:The pre- judgement ciphertext signature section parameter that sender S is calculated;
β′:I-th of recipient RiThe pre- judgement ciphertext signature section parameter calculated, for judging whether informed source closes The whether complete parameter of method, ciphertext, i indicate counting vernier, and i=1, it is registered that 2 ..., n, n indicate that sender S is randomly selected The number of recipient is greater than 0 integer;
w:The pre- judgement ciphertext signature verification parameter that sender S is calculated is the part for signing ciphertext C;
C:Sign ciphertext;
<T,A,L,Z,δ,w>:The close verification share T of label, the recipient R calculated by sender SiIdentity information mixed number f (ξ) Each term coefficient a0,a1,...,an-1Set A, the pre- identity information certificate parameter for judging authorized receiver's parameter L, sender S Z, the cipher-text message δ and the pre- Sequential Elements collection for signing ciphertext C for judging ciphertext signature verification parameter w and constituting that sender S is calculated It closes, ξ indicates that independent variable, i indicate to count vernier, i=1, and 2 ..., n, n indicate the registered recipient that sender S is randomly selected Number, be greater than 0 integer.
Referring to Fig.1.The present invention has being as follows without certificate multi-receiver anonymity label decryption method for pre- arbitration functions:
Firstly, it is necessary to do the preparation that key generation centre KGC generates this step of systematic parameter.
Key generation centre KGC chooses a Big prime p according to the system security parameter γ of selection, determines that rank is Big prime The finite field F of pp, and choose finite field FpOn safety elliptic curve E, determine the addition cyclic group G on elliptic curve Ep, choose The generation member P of elliptic curve E;Randomly select system master key s ∈ Zp *And it is securely held, and calculate Ppub=sP is as system public affairs Key;5 password one-way Hash functions are chosen, are denoted as respectively:
H0:GP×{0,1}*→Zp *;H1:GP×ZP *→ZP *;H2:ZP *×ZP *×Zp *×Zp *×…×Zp *→{0,1}*
H3:{0,1}*×Zp *→{0,1}*;H4:Gp×Zp *×Zp *×…×Zp *×{0,1}*×Zp *×{0,1}*×{0, 1}*×{0,1}*→Zp *;Key generation centre KGC arbitrarily chooses a kind of symmetric encipherment algorithm Ek() and corresponding symmetric solution Close algorithm Dk(.);Key generation centre KGC construction systematic parameters params=<p,Fp,E,Gp,P,H0,H1,H2,H3,H4,Ppub, Ek(.),Dk(.)>And disclosure is carried out to it;
Wherein, KGC indicates that key generation centre, γ indicate the system security parameter that key generation centre KGC chooses, p tables Show the Big prime that key generation centre KGC chooses, FpIndicate the finite field that the rank that key generation centre KGC chooses is Big prime p, E indicates the finite field F that key generation centre KGC choosespOn safety elliptic curve, GpIndicate what key generation centre KGC chose Addition cyclic group on elliptic curve E, P indicate that the generation member on the elliptic curve E that key generation centre KGC chooses, s indicate close Key generates the system master key that center KGC chooses, and ∈ indicates defined domain symbol, Zp *Indicate that the non-zero constituted based on Big prime p is multiplied Method group, PpubIndicate the system public key that key generation centre KGC is generated, H0,H1,H2,H3,H4Expression is selected by key generation centre KGC The 5 password one-way Hash functions taken, { 0,1 }*Indicate the string that arbitrarily long " 0 " or " 1 " is constituted, × indicate cartesian product, F → B indicates domain F to the mapping of codomain B, Ek() indicates the symmetric encipherment algorithm that key generation centre KGC chooses, Dk() table Show the symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetrical decipherment algorithm, k indicate sender's S meters The symmetric key of calculation, params indicate the systematic parameter of key generation centre KGC constructions.
After above-mentioned steps completion, you can execute following steps:
It is noted that step 1 to step 7 is user registration course, and the user U in user's registration step includes sender S and recipient Ri, this also means that sender S belongs to user U, recipient R during execution label are close and solution label are closei Also belong to user U;
Step 1: user U randomly selects an integer xU∈Zp *As the secret value of oneself, oneself is calculated according to the following formula Public key parameter XU
XU=xUP
Wherein, XUIndicate the public key parameter of user U, xUIndicate that the secret value of user U, P indicate key generation centre KGC choosings Generation member on the elliptic curve E taken;
Step 2: user U is by the identity information ID of oneselfU, public key parameter XUIt is sent in key generation by overt channel Heart KGC;
Step 4: key generation centre KGC receives the identity information ID that user U is sended overU, public key parameter XUAfterwards, at random Choose an integer vU∈Zp *, the part public key V of user U is calculated separately according to the following formulaUWith part private key yU
VU=vUP
yU=sH0(XU+VU,IDU)+vUmodp
Wherein, VUIndicate that key generation centre KGC is the part public key that user U is generated, vUIndicate key generation centre KGC For the integer that user U is randomly selected, yUIndicate that key generation centre KGC is the part private key that user U is generated, IDUIndicate user U Identity information, mod indicate modulus operation;
Step 4: key generation centre KGC is by the part public key V of user UUIt is sent to user U by overt channel, simultaneously By the part private key y of user UUIt is sent to user U by safe lane;
Step 5: user U receives the part public key V that key generation centre KGC is sended overUWith part private key yUAfterwards, judge Part private key yUWhether following equation is met.It otherwise reports an error to key generation centre KGC, and move back if so, executing step 7 Go out user registration course:
yUP=H0(XU+VU,IDU)Ppub+VU
Step 6: according to the following formula, user U calculates separately the private key SK of oneselfUWith public key PKU, and to private key SKUInto Row is securely held, while by public key PKUBe sent to key generation centre KGC by safe lane, backed off after random user's registration mistake Journey;
SKU=xU+yUmodp
PKU=XU+VU
Wherein, SKUIndicate the private key of user U, PKUIndicate the public key of user U;
Step 7: key generation centre KGC receives the public key PK that user U is sentUWith part private key yUMessage after, externally Announce the public key PK of user UU, and exit user registration course;
Step 8: sender S judges whether oneself has executed step 1 to the user registration course of step 7 and obtained The public key PK of oneself is takenSWith private key SKS.If so, directly executing step 9, otherwise, sender S executes user registration course Obtain the public key PK of oneselfSWith private key SKSAfterwards, then step 9 is executed;
Step 9: sender S randomly selects n recipient R in registered user U1,R2,...,Rn, wherein n tables The number for showing the registered recipient that sender S is randomly selected, is greater than 0 integer;
Step 10: sender S randomly selects an integer t ∈ Zp *, the close verification share of label is calculated separately according to the following formula T, each recipient RiPublic key hide parameter KiAnd each recipient RiFalse identity value ui
T=tP
Ki=t (PKi+H0(PKi,IDi)Ppub)
ui=H0(Ki,IDi)
Wherein, T indicates that the close verification share of label that sender S is calculated, t indicate the integer that sender S is randomly selected, KiIt indicates I-th of recipient R that sender S is calculatediPublic key hide parameter, PKiIndicate i-th of recipient RiPublic key, IDiIndicate i-th A recipient RiIdentity information, uiIndicate i-th of recipient R that sender S is calculatediFalse identity value, i indicate count vernier, I=1,2 ..., n, n indicate the number for the registered recipient that sender S is randomly selected, are greater than 0 integer;
Step 11: sender S randomly selects an integer l ∈ Zp *, according to the following formula, construction recipient RiIdentity is believed Breath mixed number f (ξ) and calculating judge authorized receiver's parameter L in advance:
Wherein ai∈Zp *, A={ a0,a1,…an-1}
L=H1(T,l)
Wherein, l indicates that the integer that sender S is randomly selected, f (ξ) indicate the recipient R that sender S is calculatediIdentity information Mixed number, ξ indicate that independent variable, ∏ indicate even to multiply operation, and L indicates the pre- judgement authorized receiver parameter that sender S is calculated, A tables Show the recipient R that sender S is calculatediEach term coefficient a of identity information mixed number f (ξ)0,a1,…,an-1Set, a0,a1,…, an-1Indicate the recipient R that sender S is calculatediEvery coefficient of identity information mixed number f (ξ);
Step 12: according to the following formula, sender S calculates separately parameter σ, the identity information for hiding oneself identity information Certificate parameter Z, symmetric key k and cipher-text message δ:
σ=H2(L,l,A)
K=H0(T,σ)
δ=Ek(M)
Wherein, σ indicates that the parameter for hiding oneself identity information that sender S is calculated, Z indicate that sender's S identity informations are tested Parameter is demonstrate,proved, ⊕ indicates binary system xor operation by turn, IDSIndicate that the identity information of sender S, k indicate pair that sender S is calculated Key, δ is claimed to indicate the cipher-text message that sender S is calculated, Ek() indicates the symmetric encipherment algorithm that key generation centre KGC chooses, M indicates clear-text message;
Step 13: according to the following formula, sender S calculates separately pre- judgement ciphertext signature section parameter beta and pre- judgement Ciphertext signature verification parameter w:
β=H4(T,A,σ,L,Z,δ,IDS)
W=t+SKS+βmodp
Wherein, β indicates that the pre- judgement ciphertext signature section parameter that sender S is calculated, w indicate the anticipation that sender S is calculated Disconnected ciphertext signature verification parameter, SKSIndicate the private key of sender S;
Step 14: sender S will sign close verification share T, recipient RiEach term coefficient of identity information mixed number f (ξ) a0,a1,...,an-1Set A, pre- judge authorized receiver's parameter L, identity information certificate parameter Z, cipher-text message δ and pre- judgement Ciphertext signature verification parameter w constitutes label ciphertext C=<T,A,L,Z,δ,w>, and to label ciphertext C broadcast, backed off after random Sender signs close process;
Recipient RiAfter receiving label ciphertext C, judge oneself whether to have executed step 1 to the user's registration of step 7 Process and the public key PK for obtaining oneselfiWith private key SKi.If so, directly executing step 15, otherwise, recipient's solution is exited Sign close process;
Step 15: according to the following formula, recipient RiIt calculates separately public key and hides parameter Ki', the false identity value of oneself ui', recipient RiThe integer l ' that identity information mixed number f (ξ) and sender S are randomly selected:
Ki'=SKiT
ui'=H0(Ki′,IDi)
F (ξ)=ξn+an-1ξn-1+…+a1ξ+a0
L '=f (ui′)
Wherein, Ki' indicate i-th of recipient RiThe public key of oneself calculated hides parameter, SKiIndicate i-th of recipient Ri Private key, ui' indicate i-th of recipient RiThe false identity value of oneself calculated, i-th of recipient R of l ' expressionsiThe transmission of calculating The integer that person S is randomly selected, i indicate that counting vernier, i=1,2 ..., τ, τ expression are registered and connect in key generation centre KGC The number for receiving the recipient of message is greater than 0 integer;
Step 16: recipient RiJudge whether equation is true in advance, if so, it executes step 10 eight and otherwise exits Recipient, which solves, signs close process:
L=H1(T,l′)
Step 17: according to the following formula, recipient RiCalculate separately parameter σ ', the hair of hiding sender S identity informations The person's of sending S identity informations IDS' and it is pre- judge ciphertext signature section parameter beta ':
σ '=H2(L,l′,A)
β '=H4(T,A,σ′,L,Z,δ,IDS′)
Wherein, i-th of recipient R of σ ' expressionsiThe parameter of the hiding sender S identity informations calculated, IDS' indicate i-th Recipient RiThe identity information of the sender S of calculating, i-th of recipient R of β ' expressionsiThe pre- judgement ciphertext signature section ginseng calculated Number, i indicate to count vernier, i=1,2 ..., n;
Step 18: recipient RiJudge whether equation is true in advance.If so, it executes step 10 nine and otherwise exits Recipient, which solves, signs close process:
(w- β ') P=T+PKS+H0(PKS,IDS)Ppub
Wherein, PKSIndicate the public key of sender S;
Step 19: according to the following formula, recipient RiIt calculates separately symmetric key k ' and clear-text message M ' and exits and connect Receipts person, which solves, signs close process:
K '=H0(T, σ ')=k
M '=Dk′(δ)=Dk(δ)=M
Wherein, i-th of recipient R of k ' expressionsiThe symmetric key of calculating, i-th of recipient R of M ' expressionsiDecryption obtains bright Literary message, Dk() and Dk′() indicates the symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetric solution Close algorithm.

Claims (1)

1. it is a kind of with pre- arbitration functions without certificate multi-receiver anonymity label decryption method, it is characterised in that include the following steps:
Step 1: user U randomly selects an integer xUAs the secret value of oneself, the public key parameter of oneself is calculated according to the following formula XU
XU=xUP
Wherein, user U includes sender S and recipient Ri, i indicate count vernier, be greater than 0 integer, XUIndicate user U's Public key parameter, xUIndicate that the secret value of user U, P indicate the generation member on the elliptic curve E that key generation centre KGC chooses;
Step 2: user U is by the identity information ID of oneselfUWith public key parameter XUIt is sent to key generation centre by overt channel KGC;
Step 3: key generation centre KGC receives the identity information ID that user U is sended overUWith public key parameter XUAfterwards, random choosing Take an integer vU, the part public key V of user U is calculated separately according to the following formulaUWith part private key yU
VU=vUP
yU=sH0(XU+VU,IDU)+vUmodp
Wherein, VUIndicate that key generation centre KGC is the part public key that user U is generated, vUIndicate that key generation centre KGC is to use The integer that family U is randomly selected, yUIndicate that key generation centre KGC is the part private key that user U is generated, during s indicates that key generates The system master key that heart KGC chooses, H0Indicate the password one-way Hash function chosen by key generation centre KGC, IDUIt indicates to use The identity information of family U, mod indicate that modulus operation, p indicate the Big prime that key generation centre KGC chooses;
Step 4: key generation centre KGC is by the part public key V of user UUIt is sent to user U by overt channel, while will be used The part private key y of family UUIt is sent to user U by safe lane;
Step 5: user U receives the part public key V that key generation centre KGC is sended overUWith part private key yUAfterwards, judgment part Private key yUWhether following equation is met;It otherwise reports an error to key generation centre KGC, and exit use if so, executing step 6 Family registration process:
yUP=H0(XU+VU,IDU)Ppub+VU
Wherein, PpubIndicate the system public key that key generation centre KGC is generated;
Step 6: according to the following formula, user U calculates separately the private key SK of oneselfUWith public key PKU, and to private key SKUPacified All risk insurance is deposited, while by public key PKUBe sent to key generation centre KGC by safe lane, backed off after random user registration course;
SKU=xU+yUmodp
PKU=XU+VU
Wherein, SKUIndicate the private key of user U, PKUIndicate the public key of user U;
Step 7: key generation centre KGC receives the public key PK that user U is sentUWith part private key yUMessage after, externally announce The public key PK of user UU, and exit user registration course;
Step 8: sender S judges whether oneself has executed step 1 to the user registration course of step 7 and be obtained from Oneself public key PKSWith private key SKS;If so, directly executing step 9, otherwise, sender S executes user registration course and is obtained from Oneself public key PKSWith private key SKSAfterwards, then step 9 is executed;
Step 9: sender S randomly selects n recipient R in registered user U1,R2,...,Rn, wherein n indicates hair The number for the registered recipient that the person of sending S is randomly selected, is greater than 0 integer;
Step 10: sender S randomly selects an integer t, according to the following formula calculate separately the close verification share T of label, each Recipient RiPublic key hide parameter KiAnd each recipient RiFalse identity value ui
T=tP
Ki=t (PKi+H0(PKi,IDi)Ppub)
ui=H0(Ki,IDi)
Wherein, T indicates that the close verification share of label that sender S is calculated, t indicate the integer that sender S is randomly selected, KiIt indicates to send I-th of recipient R that person S is calculatediPublic key hide parameter, PKiIndicate i-th of recipient RiPublic key, IDiIt indicates to connect for i-th Receipts person RiIdentity information, uiIndicate i-th of recipient R that sender S is calculatediFalse identity value, i indicate count vernier, i= 1,2 ..., n, n indicate the number for the registered recipient that sender S is randomly selected, and are greater than 0 integer;
Step 11: sender S randomly selects an integer l, according to the following formula, construction recipient RiIdentity information mixed number f (ξ) and calculating judge authorized receiver's parameter L in advance:
Wherein ai∈Zp *, A={ a0,a1,…an-1}
L=H1(T,l)
Wherein, l indicates that the integer that sender S is randomly selected, f (ξ) indicate the recipient R that sender S is calculatediIdentity information mixes Value, ξ indicate that independent variable, ∏ indicate even to multiply operation, and L indicates the pre- judgement authorized receiver parameter that sender S is calculated, H1Indicate by The password one-way Hash function that key generation centre KGC chooses, A indicate the recipient R that sender S is calculatediIdentity information mixes Each term coefficient a of value f (ξ)0,a1,…,an-1Set, a0,a1,…,an-1Indicate the recipient R that sender S is calculatediIdentity is believed Cease every coefficient of mixed number f (ξ);
Step 12: according to the following formula, sender S calculates separately the parameter σ for hiding oneself identity information, identity information verification Parameter Z, symmetric key k and cipher-text message δ:
σ=H2(L,l,A)
Z=H3(σ,L)⊕IDS
K=H0(T,σ)
δ=Ek(M)
Wherein, σ indicates that the parameter for hiding oneself identity information that sender S is calculated, Z indicate sender's S identity informations verification ginseng Number, ⊕ indicate binary system xor operation by turn, IDSIndicate that the identity information of sender S, k indicate that sender S is calculated symmetrical close Key, δ indicate the cipher-text message that sender S is calculated, Ek() indicates the symmetric encipherment algorithm that key generation centre KGC chooses, M tables Show clear-text message, H2,H3Indicate the password one-way Hash function chosen by key generation centre KGC;
Step 13: according to the following formula, sender S calculates separately pre- judgement ciphertext signature section parameter beta and judges ciphertext in advance Signature verification parameter w:
β=H4(T,A,σ,L,Z,δ,IDS)
W=t+SKS+βmod p
Wherein, β indicates that the pre- judgement ciphertext signature section parameter that sender S is calculated, w indicate that the pre- judgement that sender S is calculated is close Literary signature verification parameter, SKSIndicate the private key of sender S, H4Indicate the password one-way hash function chosen by key generation centre KGC Function;
Step 14: sender S will sign close verification share T, recipient RiEach term coefficient a of identity information mixed number f (ξ)0, a1,...,an-1Set A, judge authorized receiver's parameter L, identity information certificate parameter Z, cipher-text message δ in advance and judge in advance close Literary signature verification parameter w constitutes label ciphertext C=<T,A,L,Z,δ,w>, and to label ciphertext C broadcast, backed off after random hair The person of sending signs close process;
Step 15: according to the following formula, recipient RiIt calculates separately public key and hides parameter Ki', the false identity value u of oneselfi', connect Receipts person RiThe integer l ' that identity information mixed number f (ξ) and sender S are randomly selected:
Ki'=SKiT
ui'=H0(Ki′,IDi)
F (ξ)=ξn+an-1ξn-1+…+a1ξ+a0
L '=f (ui′)
Wherein, Ki' indicate i-th of recipient RiThe public key of oneself calculated hides parameter, SKiIndicate i-th of recipient RiPrivate Key, ui' indicate i-th of recipient RiThe false identity value of oneself calculated, i-th of recipient R of l ' expressionsiThe sender S of calculating with The integer that machine is chosen, i indicate that counting vernier, i=1,2 ..., τ, τ expression are registered and received in key generation centre KGC The number of the recipient of message is greater than 0 integer;
Step 16: recipient RiJudge whether equation is true in advance, if so, it executes step 10 eight and otherwise exits reception Person, which solves, signs close process:
L=H1(T,l′)
Step 17: according to the following formula, recipient RiCalculate separately parameter σ ', the sender S of hiding sender S identity informations Identity information IDS' and it is pre- judge ciphertext signature section parameter beta ':
σ '=H2(L,l′,A)
IDS'=H3(σ′,L)⊕Z
β '=H4(T,A,σ′,L,Z,δ,IDS′)
Wherein, i-th of recipient R of σ ' expressionsiThe parameter of the hiding sender S identity informations calculated, IDS' indicate i-th of reception Person RiThe identity information of the sender S of calculating, i-th of recipient R of β ' expressionsiThe pre- judgement ciphertext signature section parameter calculated, i It indicates to count vernier, i=1,2 ..., n;
Step 18: recipient RiJudge whether equation is true in advance;If so, it executes step 10 nine and otherwise exits reception Person, which solves, signs close process:
(w- β ') P=T+PKS+H0(PKS,IDS)Ppub
Wherein, PKSIndicate the public key of sender S;
Step 19: according to the following formula, recipient RiIt calculates separately symmetric key k ' and clear-text message M ' and exits recipient's solution Sign close process:
K '=H0(T, σ ')=k
M '=Dk′(δ)=Dk(δ)=M
Wherein, i-th of recipient R of k ' expressionsiThe symmetric key of calculating, i-th of recipient R of M ' expressionsiObtained plaintext is decrypted to disappear Breath, Dk() and Dk′() indicates the symmetric encipherment algorithm E chosen with key generation centre KGCk() corresponding symmetrical decryption is calculated Method.
CN201810419120.3A 2018-05-04 2018-05-04 Certificateless multi-receiver anonymous signcryption method with pre-judgment function Active CN108768625B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810419120.3A CN108768625B (en) 2018-05-04 2018-05-04 Certificateless multi-receiver anonymous signcryption method with pre-judgment function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810419120.3A CN108768625B (en) 2018-05-04 2018-05-04 Certificateless multi-receiver anonymous signcryption method with pre-judgment function

Publications (2)

Publication Number Publication Date
CN108768625A true CN108768625A (en) 2018-11-06
CN108768625B CN108768625B (en) 2021-03-30

Family

ID=64010016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810419120.3A Active CN108768625B (en) 2018-05-04 2018-05-04 Certificateless multi-receiver anonymous signcryption method with pre-judgment function

Country Status (1)

Country Link
CN (1) CN108768625B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811125A (en) * 2012-08-16 2012-12-05 西北工业大学 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN104734857A (en) * 2015-03-25 2015-06-24 南京邮电大学 Multi-receiver hybrid signcryption algorithm without bilinear pairings

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811125A (en) * 2012-08-16 2012-12-05 西北工业大学 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN104734857A (en) * 2015-03-25 2015-06-24 南京邮电大学 Multi-receiver hybrid signcryption algorithm without bilinear pairings

Also Published As

Publication number Publication date
CN108768625B (en) 2021-03-30

Similar Documents

Publication Publication Date Title
CN106027239B (en) The multi-receiver label decryption method without key escrow based on elliptic curve
CN107682145B (en) It is true anonymous without the more message multi-receiver label decryption methods of certificate
CN107438006B (en) Full multi-receiver label decryption method of the anonymity without certificate
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
US6377688B1 (en) Cryptographic communication method and system
CN105429941B (en) Multi-receiver identity anonymous label decryption method
CN107733648A (en) The RSA digital signature generation method and system of a kind of identity-based
CN106936593A (en) Based on the efficient anonymity of elliptic curve without certificate multi-receiver label decryption method
CN110011995A (en) Encryption and decryption approaches and device in multi-casting communication
CN105763528A (en) Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN108696362B (en) Certificateless multi-message multi-receiver signcryption method capable of updating secret key
CN108809650A (en) Without safe lane without certificate anonymity multi-receiver label decryption method
CN104009841B (en) A kind of message encryption method under instant messaging situation
Meier The elgamal cryptosystem
KR20040009766A (en) Apparatus and method for transmitting and receiving in encryption system
CN116743358A (en) Repudiation multi-receiver authentication method and system
Shimbo et al. Cryptanalysis of several conference key distribution schemes
Bultel et al. A posteriori openable public key encryption
JP4563037B2 (en) ENCRYPTION APPARATUS, DECRYPTION APPARATUS, ENCRYPTION SYSTEM HAVING THEM, ENCRYPTION METHOD, AND DECRYPTION METHOD
Mu et al. Robust non-interactive oblivious transfer
CN109495478A (en) A kind of distributed security communication means and system based on block chain
CN108768625A (en) With pre- arbitration functions without certificate multi-receiver anonymity label decryption method
JP4146252B2 (en) Anonymous communication method capable of identifying unauthorized persons, user device used in the method, and relay server device
Boyd Enforcing traceability in software
Kester et al. A novel cryptographic key technique

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant