CN110176995A - Afterwards without certificate label decryption method on the lattice of quantum safety - Google Patents

Afterwards without certificate label decryption method on the lattice of quantum safety Download PDF

Info

Publication number
CN110176995A
CN110176995A CN201910519022.1A CN201910519022A CN110176995A CN 110176995 A CN110176995 A CN 110176995A CN 201910519022 A CN201910519022 A CN 201910519022A CN 110176995 A CN110176995 A CN 110176995A
Authority
CN
China
Prior art keywords
user
key
label
certificate
lattice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910519022.1A
Other languages
Chinese (zh)
Inventor
俞惠芳
白璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Posts and Telecommunications
Original Assignee
Xian University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Posts and Telecommunications filed Critical Xian University of Posts and Telecommunications
Priority to CN201910519022.1A priority Critical patent/CN110176995A/en
Publication of CN110176995A publication Critical patent/CN110176995A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

It is generated by system initialization, cipher key-extraction, key, user's label are close, verification step forms on the lattice of quantum safety without certificate label decryption method after a kind of.The present invention is used for reference without certificate label are close and lattice password thought, it has constructed on a kind of lattice of rear quantum safety without certificate label decryption method, the close efficiency of no certificate label is higher than first without the efficiency encrypted after certificate signature, and than based on increasing encryption function without certificate signature method on lattice, under assuming compared to finite field discrete logarithm and Elliptic Curve Discrete Logarithm without certificate label decryption method, can with resisting quantum computation attack and computational efficiency it is higher.The present invention overcomes certificate management problem and key escrow, has many advantages, such as that resistance quantum computation attack, operation efficiency are high, be applicable to the close field of electronics label.

Description

Afterwards without certificate label decryption method on the lattice of quantum safety
Technical field
The invention belongs to technical field of network information safety, and in particular to cryptography, lattice public-key cryptosystem or without card Bookmark decryption method.
Background technique
Sign it is close can to encrypt much lower calculating and communication cost afterwards than first signing, in a logic step simultaneously it is complete At encryption and signature operation.However, the close construction development as highly important cryptographic primitives on lattice of label is relatively slow.
1996, Ajtai had found between the worst case complexity and average case complexity of certain famous lattice problems There are a kind of connections.Later Ajtai and Dwork proposes a kind of public-key cryptosystem based on case theory, is since then just public key Cipher system opens a new field.GGH public-key cryptosystem, NTRU public-key cryptosystem, Regev public-key cryptosystem It is proposed in succession Deng the public-key cryptosystem based on case theory.Due to they have resist quantum computation attack and also operation it is simple Advantage becomes the hot spot of numerous scholar researchs and concern.2013, Yan et al. was proposed under master pattern based on the efficient of lattice Stopover sites.2015, Yan et al. proposed a kind of stopover sites of identity-based on lattice.2016, Lu Xiuhua et al. was proposed Lattice stopover sites without trapdoor.2018, G é rard and Merckx proposed the rear quantum stopover sites on lattice.With lattice The continuous development of public-key cryptosystem, the close algorithm of various label based on lattice are also more and more.
In order to solve the certificate pipe being related in key escrow and conventional public-key cryptographic algorithm in identification cipher Reason problem, in sub- secret meeting in 2003, AI-Riyami and Paterson propose to reduce raw to key without cryptographic certificate At the trust at center, key generation centre generates the part private key of user, the complete private key of user by part private key and user from The secret value that oneself randomly selects is constituted, and client public key is calculated by user oneself.Construct the cryptography scheme without certificate always It is the interested research direction of password educational circles.It is suggested however, rear quantum safety at present without certificate label are close.
Summary of the invention
Technical problem to be solved by the present invention lies in the lattice for overcoming the deficiencies of the prior art and provide a kind of rear quantum safety On without certificate label decryption method.
Technical solution used by above-mentioned technical problem is solved to be made of following step:
A, system initialization
(A1) trusted party chooses Prime Modulus q:
Q=poly (n)
Wherein n is security parameter, and poly (n) is the multinomial about n.
(A2) trusted party rounds up log q to obtain integer k, and round numbers N is the product of 2n and k.
(A3) trusted party defines the error rate α ∈ (0,1) of tape error study, chooses the deviation s of Gaussian Profile1:
(A4) trusted party defines hash function H1With hash function H2:
(A5) key generation centre trapdoor generating algorithm Gentrap (1n,1N, q) and obtain matrix R and the n row of nk row nk column The matrix A of N column:
WhereinG is the matrix of n row nk column.
(A6) trusted party defines the parameter of discrete Gaussian ProfileWherein Integer l >=5nlog q, λ are the positive integer randomly selected in integer field Z.
(A7) trusted party determines the parameter s of preimage sampling algorithm2:
Wherein S1(R) singular value of representing matrix R.
(A8) trusted party discloses system parameter params:
Params={ A, R, H1,H2,s1,s2B}
Wherein χBFor error distribution and discrete Gaussian Profile DZ,qαIdentical, B is error distribution parameter.
B, cipher key-extraction
(B1) key generation centre KGC determines randomization identity u:
U=H1(ID)
Wherein { 0,1 } ID ∈*, for the identity of user.
(B2) key generation centre KGC uses preimage sampling algorithmPart private key d is obtained,
(B3) key generation centre KGC sends part private key d to user by safe lane, and user's checking meets Ad= U and
C, key generates
(C1) identity is that the user of ID selects the secret value x of oneselfID, determine private key sk:
(C2) user determines part public key b
Wherein e1For be distributed selected from error M dimensional vector, be positive real number, B is n row M column matrix, BTFor the transposition square of matrix B Battle array, M are equal with time complexity O (nlogq).
(C3) user setting public key pk
D, user's label are close
(D1) sender randomly selects vector y:
Wherein
(D2) sign h for user setting part
Wherein m is in plain text.
(D3) user is with probabilityOutput signature sigma ':
σ '=ε+h
Wherein ε is that part is signed, and obtains σ after σ ' coding.
(D4) user determines part ciphertext V1, part ciphertext V2And part ciphertext V:
V=m+ (b, r)+(w, H1(ID))+2e modq
Wherein, r is the sequence of M long, w and e2For n-dimensional vector, e is one-dimensional vector.
(D5) user exports label ciphertext c
C=(V | V1|V2)。
E, it verifies
(E1) recipient obtains ciphertext c, with the public private key pair (pk of recipient2,sk2) carry out solution label and close obtain plaintext m:
M=[V- (V1,x)-(V2,d)]qmod2
(E2) recipient is verified parameter h ' by (ID, ε, h, m)
WhenAnd when h '=h, signature is set up, otherwise invalid.
It is generated in C, the close step D of user's label in system initialization step A of the invention, cipher key extraction step B, key, this The value of the security parameter n of invention is 128 or 256 or 512.
The present invention uses for reference under classical cryptosystem without certificate label are close and lattice cryptographic methods, constructed it is a kind of after quantum safety Lattice on without certificate label decryption method, the close efficiency of no certificate label is higher than first without the efficiency encrypted after certificate signature, and ratio is based on Encryption function is increased without certificate signature method on lattice, is assumed compared to finite field discrete logarithm and Elliptic Curve Discrete Logarithm Under without certificate label decryption method, can with resisting quantum computation attack and computational efficiency it is higher.Present invention resistance quantum computation attack, The advantages that operation efficiency is high is applicable to the close field of electronics label.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention 1.
Specific embodiment
The present invention is described in more detail with reference to the accompanying drawings and examples, but the present invention is not limited to these Examples.
Embodiment 1
By taking security parameter n is 256 as an example, it is made of (such as without certificate label decryption method following step on the lattice of rear quantum safety Shown in Fig. 1):
A, system initialization
(A1) trusted party chooses Prime Modulus q:
Q=poly (n)
Wherein n is security parameter, and n value is that 256, poly (n) is multinomial about n.
(A2) trusted party rounds up log q to obtain integer k, and round numbers N is the product of 512 with k.
(A3) trusted party defines the error rate α ∈ (0,1) of tape error study, chooses the deviation s of Gaussian Profile1:
N value is 256 in formula.
(A4) trusted party defines hash function H1With hash function H2:
N value is 256 in formula.
(A5) key generation centre trapdoor generating algorithm Gentrap (1n,1N, q) and obtain the matrix R of 256k row 256k column The matrix A arranged with 256 row N:
WhereinG is the matrix of n row nk column, and n value is 256 in formula.
(A6) trusted party defines the parameter of discrete Gaussian ProfileWherein Integer l >=5nlog q, λ are the positive integer randomly selected in integer field Z, and n value is 256 in formula.
(A7) trusted party determines the parameter s of preimage sampling algorithm2:
Wherein S1(R) singular value of representing matrix R.
(A8) trusted party discloses system parameter params:
Params={ A, R, H1,H2,s1,s2B}
Wherein χBFor error distribution and discrete Gaussian Profile DZ,qαIdentical, B is error distribution parameter.
B, cipher key-extraction
(B1) key generation centre KGC determines randomization identity u:
U=H1(ID)
Wherein { 0,1 } ID ∈*, for the identity of user.
(B2) key generation centre KGC uses preimage sampling algorithmPart private key d is obtained,
(B3) key generation centre KGC sends part private key d to user by safe lane, and user's checking meets Ad= U andN value is 256 in formula.
C, key generates
(C1) identity is that the user of ID selects the secret value x of oneselfID, determine private key sk:
N value is 256 in formula.
(C2) user determines part public key b
Wherein e1For be distributed selected from error M dimensional vector, be positive real number, B is n row M column matrix, BTFor the transposition square of matrix B Battle array, M is equal with time complexity O (nlogq), and n value is 256.
(C3) user setting public key pk
N value is 256 in formula.
D, user's label are close
(D1) sender randomly selects vector y:
Wherein
(D2) sign h for user setting part
Wherein m is in plain text.
(D3) user is with probabilityOutput signature sigma ':
σ '=ε+h
Wherein ε is that part is signed, and obtains σ after σ ' coding.
(D4) user determines part ciphertext V1, part ciphertext V2And part ciphertext V:
V=m+ (b, r)+(w, H1(ID))+2e modq
Wherein, r is the sequence of M long, w and e2For n-dimensional vector, e is one-dimensional vector, and n value is 256.
(D5) user exports label ciphertext c
C=(V | V1|V2)
E, it verifies
(E1) recipient obtains ciphertext c, with the public private key pair (pk of recipient2,sk2) carry out solution label and close obtain plaintext m
M=[V- (V1,x)-(V2,d)]qmod2
(E2) recipient is verified parameter h ' by (ID, ε, h, m)
WhenAnd when h '=h, signature is set up, otherwise invalid.
It is close without certificate label on the lattice of quantum safety after the completion.
Improved part signature h is used since the present invention signs in User Part, determines part ciphertext V1, part ciphertext V2And part ciphertext V method, so that being higher than first without the close efficiency of certificate label without the efficiency encrypted after certificate signature, and compare base In increasing encryption function without certificate signature method on lattice, compared to finite field discrete logarithm and Elliptic Curve Discrete Logarithm vacation Set without certificate label decryption method, can with resisting quantum computation attack and computational efficiency it is higher.The present invention, which has, resists quantum meter The advantages that calculation is attacked, operation efficiency is high, is applicable to the close field of electronics label.
Embodiment 2
By taking security parameter n is 128 as an example, it is made of without certificate label decryption method following step on the lattice of rear quantum safety:
A, system initialization
(A1) trusted party chooses Prime Modulus q:
Q=poly (n)
Wherein n is security parameter, and n value is that 128, poly (n) is multinomial about n.
(A2) trusted party rounds up log q to obtain integer k, and round numbers N is the product of 256 with k.
(A3) trusted party defines the error rate α ∈ (0,1) of tape error study, chooses the deviation s of Gaussian Profile1:
N value is 128 in formula.
(A4) trusted party defines hash function H1With hash function H2:
N value is 128 in formula.
(A5) key generation centre trapdoor generating algorithm Gentrap (1n,1N, q) and obtain the matrix R of 128k row 128k column The matrix A arranged with 128 row N:
WhereinG is the matrix of n row nk column, and n value is 128 in formula.
(A6) trusted party defines the parameter of discrete Gaussian ProfileWherein Integer l >=5nlog q, λ are the positive integer randomly selected in integer field Z, and n value is 128 in formula.
(A7) trusted party determines the parameter s of preimage sampling algorithm2:
Wherein S1(R) singular value of representing matrix R.
(A8) trusted party discloses system parameter params:
Params={ A, R, H1,H2,s1,s2B}
Wherein χBFor error distribution and discrete Gaussian Profile DZ,qαIdentical, B is error distribution parameter.
B, cipher key-extraction
(B1) key generation centre KGC determines randomization identity u:
U=H1(ID)
Wherein { 0,1 } ID ∈*, for the identity of user.
(B2) key generation centre KGC uses preimage sampling algorithmPart private key d is obtained,
(B3) key generation centre KGC sends part private key d to user by safe lane, and user's checking meets Ad= U andN value is 128 in formula.
C, key generates
(C1) identity is that the user of ID selects the secret value x of oneselfID, determine private key sk:
N value is 128 in formula.
(C2) user determines part public key b:
Wherein e1For be distributed selected from error M dimensional vector, be positive real number, B is n row M column matrix, BTFor the transposition square of matrix B Battle array, M is equal with time complexity O (nlogq), and n value is 128.
(C3) user setting public key pk
N value is 128 in formula.
D, user's label are close
(D1) sender randomly selects vector y:
Wherein
(D2) sign h for user setting part
Wherein m is in plain text.
(D3) user is with probabilityOutput signature sigma ':
σ '=ε+h
Wherein ε is that part is signed, and obtains σ after σ ' coding.
(D4) user determines part ciphertext V1, part ciphertext V2And part ciphertext V:
V=m+ (b, r)+(w, H1(ID))+2e modq
Wherein, r is the sequence of M long, w and e2For n-dimensional vector, e is one-dimensional vector, and n value is 128.
(D5) user exports label ciphertext c
C=(V | V1|V2)
E, it verifies
Verification step is same as Example 1.
It is close without certificate label on the lattice of quantum safety after the completion.
Embodiment 3
By taking security parameter n is 512 as an example, it is made of without certificate label decryption method following step on the lattice of rear quantum safety:
A, system initialization
(A1) trusted party chooses Prime Modulus q:
Q=poly (n)
Wherein n is security parameter, and n value is that 512, poly (n) is multinomial about n.
(A2) trusted party rounds up log q to obtain integer k, and round numbers N is the product of 1024 with k.
(A3) trusted party defines the error rate α ∈ (0,1) of tape error study, chooses the deviation s of Gaussian Profile1:
N value is 512 in formula.
(A4) trusted party defines hash function H1With hash function H2:
N value is 512 in formula.
(A5) key generation centre trapdoor generating algorithm Gentrap (1n,1N, q) and obtain the matrix R of 512k row 512k column The matrix A arranged with 512 row N:
WhereinG is the matrix of n row nk column, and n value is 512 in formula.
(A6) trusted party defines the parameter of discrete Gaussian ProfileWherein Integer l >=5nlog q, λ are the positive integer randomly selected in integer field Z, and n value is 512 in formula.
(A7) trusted party determines the parameter s of preimage sampling algorithm2:
Wherein S1(R) singular value of representing matrix R.
(A8) trusted party discloses system parameter params:
Params={ A, R, H1,H2,s1,s2B}
Wherein χBFor error distribution and discrete Gaussian Profile DZ,qαIdentical, B is error distribution parameter.
B, cipher key-extraction
(B1) key generation centre KGC determines randomization identity u:
U=H1(ID)
Wherein { 0,1 } ID ∈*, for the identity of user.
(B2) key generation centre KGC uses preimage sampling algorithmPart private key d is obtained,
(B3) key generation centre KGC sends part private key d to user by safe lane, and user's checking meets Ad= U andN value is 512 in formula.
C, key generates
(C1) identity is that the user of ID selects the secret value x of oneselfID, determine private key sk:
N value is 512 in formula.
(C2) user determines part public key b
Wherein e1For be distributed selected from error M dimensional vector, be positive real number, B is n row M column matrix, BTFor the transposition square of matrix B Battle array, M is equal with time complexity O (nlogq), and n value is 512.
(C3) user setting public key pk
N value is 512 in formula.
D, user's label are close
(D1) sender randomly selects vector y:
Wherein
(D2) sign h for user setting part
Wherein m is in plain text.
(D3) user is with probabilityOutput signature sigma ':
σ '=ε+h
Wherein ε is that part is signed, and obtains σ after σ ' coding.
(D4) user determines part ciphertext V1, part ciphertext V2And part ciphertext V:
V=m+ (b, r)+(w, H1(ID))+2e modq
Wherein, r is the sequence of M long, w and e2For n-dimensional vector, e is one-dimensional vector, and n value is 512.
(D5) user exports label ciphertext c
C=(V | V1|V2)
E, it verifies
Verification step is same as Example 1.
It is close without certificate label on the lattice of quantum safety after the completion.

Claims (2)

1. without certificate label decryption method on the lattice of quantum safety after a kind of, it is characterised in that it is made of following step:
A, system initialization
(A1) trusted party chooses Prime Modulus q:
Q=poly (n)
Wherein n is security parameter, and poly (n) is the multinomial about n;
(A2) trusted party rounds up log q to obtain integer k, and round numbers N is the product of 2n and k;
(A3) trusted party defines the error rate α ∈ (0,1) of tape error study, chooses the deviation s of Gaussian Profile1:
(A4) trusted party defines hash function H1With hash function H2:
H1:
H2:
(A5) key generation centre trapdoor generating algorithm Gentrap (1n, 1N, q) and obtain the matrix R and n row N column of nk row nk column Matrix A:
WhereinG is the matrix of n row nk column;
(A6) trusted party defines the parameter of discrete Gaussian ProfileWherein Integer l >=5nlog q, λ are the positive integer randomly selected in integer field Z;
(A7) trusted party determines the parameter s of preimage sampling algorithm2:
Wherein S1(R) singular value of representing matrix R;
(A8) trusted party discloses system parameter params:
Params={ A, R, H1, H2, s1, s2, χB}
Wherein χBFor error distribution and discrete Gaussian Profile DZ, q αIdentical, B is error distribution parameter;
B, cipher key-extraction
(B1) key generation centre KGC determines randomization identity u:
U=H1(ID)
Wherein { 0,1 } ID ∈*, for the identity of user;
(B2) key generation centre KGC uses preimage sampling algorithmPart private key d is obtained,
(B3) key generation centre KGC sends part private key d to user by safe lane, user's checking meet Ad=u and
C, key generates
(C1) identity is that the user of ID selects the secret value x of oneselfID, determine private key sk:
(C2) user determines part public key b
Wherein e1For be distributed selected from error M dimensional vector, be positive real number, B is n row M column matrix, BTFor the transposed matrix of matrix B, M It is equal with time complexity O (nlogq);
(C3) user setting public key pk
D, user's label are close
(D1) sender randomly selects vector y:
Wherein
(D2) sign h for user setting part
Wherein m is in plain text;
(D3) user is with probabilityOutput signature sigma ':
σ '=ε+h
Wherein ε is that part is signed, and obtains σ after σ ' coding;
(D4) user determines part ciphertext V1, part ciphertext V2And part ciphertext V:
V=m+ (b, r)+(w, H1(ID))+2e modq
Wherein, r is the sequence of M long, w and e2For n-dimensional vector, e is one-dimensional vector;
(D5) user exports label ciphertext c
C=(V | V1|V2);
E, it verifies
(E1) recipient obtains ciphertext c, with the public private key pair (pk of recipient2, sk2) carry out solution label and close obtain plaintext m:
M=[V- (V1, x) and-(V2, d)]qmod2
(E2) recipient is verified parameter h ' by (ID, ε, h, m)
WhenAnd when h '=h, signature is set up, otherwise invalid.
2. without certificate label decryption method on the lattice of quantum safety after according to claim 1, it is characterised in that: initial in system Change that step A, cipher key extraction step B, key generate C, user signs in close step D, the value of the security parameter n be 128 or 256 or 512.
CN201910519022.1A 2019-06-17 2019-06-17 Afterwards without certificate label decryption method on the lattice of quantum safety Pending CN110176995A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910519022.1A CN110176995A (en) 2019-06-17 2019-06-17 Afterwards without certificate label decryption method on the lattice of quantum safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910519022.1A CN110176995A (en) 2019-06-17 2019-06-17 Afterwards without certificate label decryption method on the lattice of quantum safety

Publications (1)

Publication Number Publication Date
CN110176995A true CN110176995A (en) 2019-08-27

Family

ID=67698573

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910519022.1A Pending CN110176995A (en) 2019-06-17 2019-06-17 Afterwards without certificate label decryption method on the lattice of quantum safety

Country Status (1)

Country Link
CN (1) CN110176995A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112118101A (en) * 2020-09-23 2020-12-22 山东建筑大学 Post-quantum secure dynamic data sharing method
CN115549896A (en) * 2022-05-19 2022-12-30 曲阜师范大学 Efficient heterogeneous signcryption method based on lattice code
CN117155710A (en) * 2023-10-30 2023-12-01 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system
CN115549896B (en) * 2022-05-19 2024-05-17 曲阜师范大学 Efficient heterogeneous signcryption method based on lattice password

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754205A (en) * 2009-12-25 2010-06-23 西安交通大学 Parallelized multi-receiver signcryption method
CN102970138A (en) * 2011-08-29 2013-03-13 汤姆森特许公司 Signcryption method and device and corresponding signcryption verification method and device
CN105024994A (en) * 2015-05-29 2015-11-04 西北工业大学 Secure certificateless hybrid signcryption method without pairing
US20160323100A1 (en) * 2015-04-30 2016-11-03 Hon Hai Precision Industry Co., Ltd. Key generation device, terminal device, and data signature and encryption method
US20170365193A1 (en) * 2016-06-18 2017-12-21 Lior Malka Mutable secure communication
CN109286485A (en) * 2018-10-17 2019-01-29 西安邮电大学 General Identity Proxy label decryption method that can be compound

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754205A (en) * 2009-12-25 2010-06-23 西安交通大学 Parallelized multi-receiver signcryption method
CN102970138A (en) * 2011-08-29 2013-03-13 汤姆森特许公司 Signcryption method and device and corresponding signcryption verification method and device
US20160323100A1 (en) * 2015-04-30 2016-11-03 Hon Hai Precision Industry Co., Ltd. Key generation device, terminal device, and data signature and encryption method
CN105024994A (en) * 2015-05-29 2015-11-04 西北工业大学 Secure certificateless hybrid signcryption method without pairing
US20170365193A1 (en) * 2016-06-18 2017-12-21 Lior Malka Mutable secure communication
CN109286485A (en) * 2018-10-17 2019-01-29 西安邮电大学 General Identity Proxy label decryption method that can be compound

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
HUIFANG YU ET AL.: "《Certificateless Signcryption Scheme From Lattice》", 《IEEE SYSTEMS JOURNAL ( EARLY ACCESS )》 *
MIAOMIAO TIAN ET AL.: "《Certificateless and certificate-based signatures from lattices》", 《SECRITY AND COMMUNICATION NETWORKS》 *
XIUHUA LU ET AL.: "《A lattice-based signcryption scheme without random oracles》", 《FRONTIERS OF COMPUTER SCIENCE》 *
俞惠芳等: "《可证安全的无证书混合签密》", 《计算机学报》 *
陈虎等: "《有效的格上无证书加密方案》", 《软件学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112118101A (en) * 2020-09-23 2020-12-22 山东建筑大学 Post-quantum secure dynamic data sharing method
CN112118101B (en) * 2020-09-23 2023-07-28 山东建筑大学 Post quantum security dynamic data sharing method
CN115549896A (en) * 2022-05-19 2022-12-30 曲阜师范大学 Efficient heterogeneous signcryption method based on lattice code
CN115549896B (en) * 2022-05-19 2024-05-17 曲阜师范大学 Efficient heterogeneous signcryption method based on lattice password
CN117155710A (en) * 2023-10-30 2023-12-01 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system
CN117155710B (en) * 2023-10-30 2024-01-26 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system

Similar Documents

Publication Publication Date Title
CN113364576B (en) Data encryption evidence storing and sharing method based on block chain
CN102811125B (en) Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN107911209B (en) Method for establishing security public key password for resisting quantum computing attack
EP2375628A2 (en) Signature schemes using bilinear mappings
WO2018201730A1 (en) Lattice-based cloud storage data security audit method supporting uploading of data via proxy
CN110138543B (en) Blind signcryption method under lattice public key cryptosystem
CN102263638A (en) Authentication device, authentication method, program, and signature generation device
CN109981265B (en) Identity-based ciphertext equivalence determination method without using bilinear pairings
CN108234129A (en) A kind of two-way authentication cryptographic key negotiation method and system based on lattice password
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
Zhu et al. An identity‐based proxy signature on NTRU lattice
CN110190957B (en) Certificateless multivariate broadcast multiple signature method
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
CN110176995A (en) Afterwards without certificate label decryption method on the lattice of quantum safety
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN110740034B (en) Method and system for generating QKD network authentication key based on alliance chain
CN117216805A (en) Data integrity audit method suitable for resisting Bayesian and hordeolum attacks in federal learning scene
CN110830254A (en) Signcryption method based on identity and attribute
CN113938275A (en) Quantum homomorphism signature method based on d-dimensional Bell state
CN114978515A (en) Lightweight block chain encryption method based on hybrid encryption
CN114900283A (en) Deep learning user gradient aggregation method based on multi-party security calculation
CN112398637A (en) Equality test method based on certificate-free bookmark password
CN111756539B (en) Identification encryption and decryption method capable of being repeated and random
Di et al. An anti-quantum signature scheme over ideal lattice in Blockchain
CN111355590B (en) Multivariable multiple signature method with strong designated verifier in certificateless environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190827

RJ01 Rejection of invention patent application after publication