CN109981263B - Distributed verifiable random number generation method based on CP-ABE - Google Patents

Distributed verifiable random number generation method based on CP-ABE Download PDF

Info

Publication number
CN109981263B
CN109981263B CN201910152889.8A CN201910152889A CN109981263B CN 109981263 B CN109981263 B CN 109981263B CN 201910152889 A CN201910152889 A CN 201910152889A CN 109981263 B CN109981263 B CN 109981263B
Authority
CN
China
Prior art keywords
node
random number
nodes
abe
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910152889.8A
Other languages
Chinese (zh)
Other versions
CN109981263A (en
Inventor
阚海斌
王君可
张亮
张新鹏
刘百祥
沈清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN201910152889.8A priority Critical patent/CN109981263B/en
Publication of CN109981263A publication Critical patent/CN109981263A/en
Application granted granted Critical
Publication of CN109981263B publication Critical patent/CN109981263B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Abstract

The invention belongs to the technical field of passwords, and particularly relates to a distributed verifiable random number generation method based on CP-ABE. The invention is based on a distributed random number generation system, takes a multi-attribute authorization center CP-ABE as a basic framework, and realizes a highly centralized generation scheme of a third-party verifiable distributed random number by using multiple nodes to participate in attribute distribution, key generation, information encryption, secret text list broadcasting, decryption and random number generation. In the whole process, false information or no information provided by the rogue node can be effectively avoided through mutual authentication of multiple users and a preset standard value t/n, so that the safety and the stability of the system are ensured.

Description

Distributed verifiable random number generation method based on CP-ABE
Technical Field
The invention belongs to the technical field of passwords, and particularly relates to a distributed verifiable random number generation method.
Background
The problem of how to generate random numbers that are trustworthy to everyone between a group of mutually untrusted participants was first proposed by Blum, which also proposes a well-known coin-throw protocol (i.e. a prototype of the distributed random number scheme). Distributed random numbers are dedicated to propose an unpredictable and anti-cheating random number generation mechanism, and have great requirements on the transparency and the fairness of the whole generation process.
First, a concept of beacon was introduced, which refers to a reliable random number generating service, first proposed by Rabin. The process of designing the distributed random number generation scheme is the building beacon process. Some researchers have proposed building beacon from publicly observable phenomena such as stock market, cosmic background radiation, etc., which strategies have been applied to random audits in actual elections, most notably municipal elections at tacoma parks in washington. Meanwhile, as the binary coin increases in recent years, it is a highly decentralized and secure virtual currency, and has attracted researchers as a source for generating distributed random numbers, such as the well-known web site bitcoi nega lottery, which is a block of the binary coin system to implement a verifiable lottery. It can be said that distributed random numbers have attracted a great deal of attention and have achieved preliminary results in both academic research and the market.
The development of blockchains undoubtedly provides a new perspective on how to acquire and use random numbers. As is known, the core problem of distributed random number generation is cheating resistance and unpredictability, and the block chain consistency protocol is to select some authoritative and trusted representatives to update the latest state of the network, and the high agreement between the two makes the block chain technology widely applied to random number generation. Common mechanisms represented by blockchain election are POW, i.e., workload certification, and POS, i.e., shareholder certificate name, but the former requires a lot of resources, while the latter is difficult to defend against rights and interests smashing attacks, and thus, the mechanisms have not been widely accepted.
The invention focuses on an Encryption system, namely a multi-Attribute authorization center CP-ABE (CP-ABE), which ensures the safety, verifiability and stability of an Encryption mechanism by the joint participation of multiple nodes in the Encryption, verification and decryption processes, and the good performances provide excellent technical support for the generation of distributed random numbers.
Disclosure of Invention
The invention aims to provide a distributed verifiable random number generation method with safety, unpredictability and cheat resistance.
The method of the invention is realized based on a distributed random number generation system, the system is composed of a plurality of nodes, each node runs the same method of the invention, specifically, the system comprises 2 modules, namely a point-to-point communication module and a multi-attribute authorization center CP-ABE module. The point-to-point communication module enables all nodes to be communicated and interconnected on a network topology, and honest nodes are communicated on the basis of the hypothesis premise of the invention; in multi-attribute authorizationHeart CP-ABE module[1]The system is an extended cryptosystem of CP-ABE (cipher text strategy-based attribute cipher), and comprises 5 basic functions, namely a global setting function (security parameters are provided by relevant standards), a private setting function, a key generation function, an encryption function and a decryption function. In the CP-ABE cryptosystem, decryption is possible if and only if the properties of the decryptor satisfy the access control policy in the ciphertext. In the multi-attribute authority CP-ABE, the attribute of the decryptor is given by a plurality of attribute authorities, and the method is particularly suitable for a scene without central authority. The information such as the ciphertext, the key and the like generated by the multi-attribute authorization center CP-ABE module is broadcasted through the point-to-point communication module, so that the information of each node at each time point is synchronized, and finally, the distributed random number is generated according to the method disclosed by the invention.
In the whole random number generation process, any node is ensured not to obtain input values of all honest nodes before the preset time point, and the unpredictability and unbiasedness of the final result are ensured. In addition, even if a certain node broadcasts different information or does not broadcast information to other different nodes, the normal generation of the random number can be ensured as long as the proportion of the final reliable nodes is greater than the preset standard value, and the stability and the reliability of the system are also ensured.
Usually, the distributed random numbers have the characteristics of availability, unpredictability, resistance to attack and the like, but the characteristics are often difficult to guarantee at the same time, but the above-mentioned multi-attribute-based authorization center CP-ABE can be well completed. Firstly, as long as honest nodes with more than a preset standard value t/n proportion (which is often set to 1/2 in application and is very easy to meet) exist in the method, a final random number can be generated; secondly, since a single node or a part of nodes can only obtain a trusted secret text finally, the final random number cannot be predicted in advance; finally, the mechanism of the multi-attribute authorization center does not influence the randomness and the reliability of the final random number as long as more honest nodes than t/n exist, even if part of nodes do harm like providing false secret information or even not providing secret information. In terms of performance efficiency, since the behaviors of all nodes are asynchronously performed, the communication complexity of the invention is O (1), and the list needs to be decrypted only when decrypting, so the computation complexity is O (n).
The distributed verifiable random number generation method provided by the invention is based on a distributed random number generation system, takes the multi-attribute authorization center CP-ABE as a basic framework, and ensures the safety, unpredictability and anti-cheating performance of the scheme through decentralization. The method comprises the following specific steps:
(1) firstly, a standard value t/n is preset and is used as the proportion of the minimum honest node capable of normally generating the random number to all nodes, the random number can be normally generated as long as the honest node exceeding t/n exists in the generation process, the fault tolerance and the cheating resistance of the system can be greatly improved by the mechanism, and the existence of a few malicious nodes can not generate substantial influence on the result of the final random number; in practical application, t/n is generally set to be 1/2;
(2) then, the node which is added into the system firstly calls the global setting function provided by the system, inputs the pre-published security parameter lambda, and outputs and publishes the global parameter GP of the system; then each node calls a private setting function, supposing the node i, and inputs a global parameter GP to obtain the own public key SKiAnd private key PKiThen, the public key of the node is broadcasted to other users, and finally, each node obtains a public key list (PK)1,PK2,…,PKn);
(3) Then, the user calls the encryption function, inputs the random number provided by the user, namely, the plaintext M, the access control strategy (in the form of t/n of (node 1, node 2, …, node n)), the global parameter and the public key list, and obtains the own secret text CTi(ii) a And broadcast it, finally every node gets the ciphertext list (CT)1,CT2,…,CTn);
(4) Each user node calls a key generation function, and inputs identity information GID, global parameter GP, attribute u and private key SK of a decryptoriThen generates a key for the useri(ii) a And broadcast it, finally every node getsCiphertext list (Key)1,Key2,…,Keyn);
(5) When any node obtains more than t/n keys, the node can decrypt the ciphertext list on the hand and obtain a random number by XOR operation on all the information obtained by decryption.
Drawings
FIG. 1 is a flow chart of distributed verifiable random number generation in accordance with the present invention.
Detailed Description
The distributed verifiable random number generation method based on the multi-attribute authorization center CP-ABE provided by the invention assumes that n =3 nodes A, B, C exist in the system, the threshold ratio t/n is 1/2, namely if the threshold ratio t/n is more than or equal to 2 nodes, the random number of the distributed verifiable random number generation method is generated, unpredictability, unbiasedness and public verifiability are realized. The method comprises the following specific steps:
(1) firstly, a node added into the system calls a global setting function provided by the system to obtain a global parameter GP, and the global parameter GP is published; each node calls a private setting function. Taking node B as an example, the global parameter GP is input to obtain the own public key SK2And private key PK2Private key, public key broadcast, and finally each node gets the public key list (PK)1、PK2、PK3);
(2) Each user invokes an encryption function to encrypt its own random number, which in this example is assumed to be 5 for node a (binary 101), 2 for node B (binary 010), and 3 for user C (binary 011). Also taking node B as an example, a random number provided by itself, i.e., plaintext 2 (binary representation 010), an access control policy ((1/2 of (a, B, C))), a global parameter GP, and a public key list (PK) are input1、PK2、PK3) Outputting unidentifiable secret CT2(ii) a Broadcast its ciphertext CT2Finally, each node gets the ciphertext list (CT)1,CT2,CT3);
(3) Each user node invokes a keyGenerating a function, for any node, the input including its own identity information GIDiGlobal parameter GP, attribute uiAnd a private key SKiThen generates its own Key KeyiAnd broadcasts its key to other nodesi
(4) Taking node B as an example, when it receives A, C's key, B may decrypt each ciphertext of the ciphertext list to obtain A, B, C the random numbers provided as 5, 2, and 3, respectively, and then xor the binary representations of these three numbers to obtain the final random number binary representation as 100.

Claims (2)

1. A distributed verifiable random number generation method based on CP-ABE is based on a distributed random number generation system, the distributed random number generation system is composed of a plurality of nodes, each node runs the same random number generation method, each node in the system comprises 2 modules, one is a point-to-point communication module, and the other is a multi-attribute authorization center CP-ABE module; the point-to-point communication module enables all nodes to be communicated and interconnected on a network topology, and honest nodes are assumed to be communicated; the multi-attribute authorization center CP-ABE module adopts an extended cryptosystem of CP-ABE, and comprises 5 basic functions, namely a global setting function, a private setting function, a key generation function, an encryption function and a decryption function; in the CP-ABE cryptosystem, decryption is possible if and only if the attribute of the decryptor satisfies the access control policy in the ciphertext; in the multi-attribute authorization center CP-ABE, the attribute of a decryptor is given by a plurality of attribute authorization centers, and the method is particularly suitable for a scene without central authority; information such as a ciphertext and a secret key generated by the multi-attribute authorization center CP-ABE module is broadcasted through the point-to-point communication module, so that the information of each node at each time point is synchronized, and finally, a distributed random number is generated;
in the whole random number generation process, any node is ensured not to obtain input values of all honest nodes before a preset time point, and the unpredictability and unbiasedness of a final result are ensured; in addition, even if a certain node broadcasts different information or does not broadcast information to other different nodes, the normal generation of random numbers can be ensured as long as the proportion of the final reliable nodes is greater than a preset standard value, and the stability and reliability of the system are also ensured;
firstly, as long as honest nodes with the ratio of more than a preset standard value t/n exist, a final random number can be generated certainly; secondly, since a single node or a part of nodes can only obtain a trusted secret text finally, the final random number cannot be predicted in advance; finally, even if part of nodes do malicious actions such as providing false secret information or even not providing the secret information, the randomness and the reliability of the final random number cannot be influenced as long as more than t honest nodes exist;
the method is characterized by comprising the following specific steps:
(1) firstly, presetting a standard value t/n as the proportion of the minimum honest node capable of normally generating random numbers to all nodes; n is the number of all nodes;
(2) then, the node which is added into the system firstly calls the global setting function provided by the system, inputs the pre-published security parameter lambda, and outputs and publishes the global parameter GP of the system; then each node calls a private setting function, supposing the node i, and inputs a global parameter GP to obtain the own public key SKiAnd private key PKi(ii) a Then, the public key of the node is broadcasted to other nodes, and finally, each node obtains a public key list (PK)1,PK2,…,PKn);
(3) Then, the node i calls an encryption function, inputs the random number provided by the node i, namely, the plaintext M, the access control strategy, the global parameter and the public key list to obtain the own secret text CTi(ii) a And broadcast it, finally every node gets the ciphertext list (CT)1,CT2,…,CTn);
(4) The node i calls a key generation function, and inputs the identity information GID, the global parameter GP and the attribute u of the nodeiAnd a private key SKiThen generates a key for the nodei(ii) a And broadcast, finally each node gets the ciphertext list (Key)1,Key2,…,Keyn);
(5) And when any node obtains more than t keys, decrypting the ciphertext list on the mobile terminal, and performing XOR operation on all the information obtained by decryption to obtain a random number.
2. The CP-ABE based distributed verifiable random number generation method of claim 1, wherein t/n is 1/2.
CN201910152889.8A 2019-02-28 2019-02-28 Distributed verifiable random number generation method based on CP-ABE Active CN109981263B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910152889.8A CN109981263B (en) 2019-02-28 2019-02-28 Distributed verifiable random number generation method based on CP-ABE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910152889.8A CN109981263B (en) 2019-02-28 2019-02-28 Distributed verifiable random number generation method based on CP-ABE

Publications (2)

Publication Number Publication Date
CN109981263A CN109981263A (en) 2019-07-05
CN109981263B true CN109981263B (en) 2021-10-26

Family

ID=67077604

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910152889.8A Active CN109981263B (en) 2019-02-28 2019-02-28 Distributed verifiable random number generation method based on CP-ABE

Country Status (1)

Country Link
CN (1) CN109981263B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457006B (en) * 2019-07-22 2021-08-06 上海朝夕网络技术有限公司 Distributed multi-party random number generation method and system based on hardware
CN110737424A (en) * 2019-09-10 2020-01-31 成都四方伟业软件股份有限公司 random number generation method and system
CN110780848B (en) * 2019-10-16 2023-05-12 上海链度科技有限公司 Dual-random generation method and supervision system based on block chain distributed random process
CN111614680B (en) * 2020-05-25 2021-04-02 华中科技大学 CP-ABE-based traceable cloud storage access control method and system
CN113193953B (en) * 2021-04-16 2022-09-02 南通大学 Multi-authority attribute-based encryption method based on block chain
CN113612604B (en) * 2021-07-30 2022-05-17 北京航空航天大学 Asynchronous network-oriented safe distributed random number generation method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241399A1 (en) * 2013-03-15 2016-08-18 Arizona Board Of Regents On Behalf Of Arizona State University Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption
CN108418784B (en) * 2017-12-04 2020-09-25 重庆邮电大学 Distributed cross-domain authorization and access control method based on attribute password
CN108390876B (en) * 2018-02-13 2021-12-14 西安电子科技大学 Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server

Also Published As

Publication number Publication date
CN109981263A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
CN109981263B (en) Distributed verifiable random number generation method based on CP-ABE
CN111371730B (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
Ruffing et al. P2P mixing and unlinkable bitcoin transactions
CN111092717B (en) Group authentication-based safe and reliable communication method in smart home environment
EP2984782B1 (en) Method and system for accessing device by a user
CN112784306B (en) Cross-chain escrow method and system based on key fragmentation and multi-signature
CN106301788A (en) A kind of group key management method supporting authenticating user identification
Wang et al. A regulation scheme based on the ciphertext-policy hierarchical attribute-based encryption in bitcoin system
CN101908961B (en) Multi-party secret handshaking method in short key environment
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
Trivedi et al. Design of secure authentication protocol for dynamic user addition in distributed Internet-of-Things
CN113468570A (en) Private data sharing method based on intelligent contract
Kilari et al. Robust revocable anonymous authentication for vehicle to grid communications
He et al. Non-transferable proxy re-encryption scheme
CN110945833B (en) Method and system for multi-mode identification network privacy protection and identity management
Tian et al. Accountable fine-grained blockchain rewriting in the permissionless setting
Zhu et al. Generating correlated digital certificates: framework and applications
CN113300835A (en) Encryption scheme receiver determining method and active secret sharing method
Lu et al. Quantum-resistant lightweight authentication and key agreement protocol for fog-based microgrids
Li et al. A general compiler for password-authenticated group key exchange protocol
Mehta et al. Group authentication using paillier threshold cryptography
Yi et al. ID-Based group password-authenticated key exchange
CN114598477A (en) Consensus system and method based on device-independent quantum random numbers
Wang et al. Secure single sign-on schemes constructed from nominative signatures
Zhao et al. Distributed key management for secure role based messaging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant