CN110278082A - A kind of the group member dissemination method and equipment of group's digital signature - Google Patents

A kind of the group member dissemination method and equipment of group's digital signature Download PDF

Info

Publication number
CN110278082A
CN110278082A CN201810207571.0A CN201810207571A CN110278082A CN 110278082 A CN110278082 A CN 110278082A CN 201810207571 A CN201810207571 A CN 201810207571A CN 110278082 A CN110278082 A CN 110278082A
Authority
CN
China
Prior art keywords
parameter
group
key
distribution apparatus
anonymous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810207571.0A
Other languages
Chinese (zh)
Other versions
CN110278082B (en
Inventor
杜志强
张国强
颜湘
李明
李琴
万红涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN201810207571.0A priority Critical patent/CN110278082B/en
Priority to PCT/CN2019/072432 priority patent/WO2019174402A1/en
Publication of CN110278082A publication Critical patent/CN110278082A/en
Application granted granted Critical
Publication of CN110278082B publication Critical patent/CN110278082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Abstract

The invention discloses a kind of group member dissemination method of group's digital signature and equipment, it include: after group member devices receive the first random number that distribution apparatus is sent, according to the first anonymous amount, the first random generation member, group's public key and the first random number, intermediate parameter is determined;According to intermediate parameter, the second anonymous amount and prime number, the first parameter is generated;According to the first parameter, private key, prime number and the second random number, the second parameter is generated;By the first anonymous amount, the first parameter and the second parameter, it is sent to distribution apparatus and determines the first parameter, the second parameter, third parameter and the 4th parameter after distribution apparatus verifying group member devices are effective, as the Endorsement Key of group member devices, it is sent to group member devices.

Description

A kind of the group member dissemination method and equipment of group's digital signature
Technical field
The present invention relates to field of information security technology, in particular to a kind of group member dissemination method of group's digital signature And equipment.
Background technique
With the development of information technology, a large amount of sensitive informations are transmitted by network, are used for trade secret and protection The purpose of family privacy, the network securitys application such as electronic voting, e-commerce, anonymous communication, needs to protect the identity of user Information.With the development of network technology and e-commerce, many has the e-commerce initiative of secret protection demand, such as electronics coloured silk Ticket, electronic cash and game on line etc. become new research field.The demand of more and more information securities and anonymizer service, So that the research and application of anonymous digital signature technology obtain fast development.
Traditional digital signature technology need to obtain the identity information of signer when carrying out sign test, such as commercial cipher algorithm SM2 does not have anonymity, therefore cannot achieve the protection to signer privacy.The combination of digital signature and anonymity technology is formed Anonymous digital signature technology.Anonymous digital signature technology includes two kinds: one is the anonymity numbers of traceable signer identity Signature technology, wherein the anonymity of signer identity is controllable, for example, some trusted authority center can be appropriate When disclose signer identity;Another kind is unconditional anonymous digital signature technology, wherein the anonymity of signer identity is Unconditional security, the identity of signer can be disclosed without any method.
Group's digital signature is a kind of anonymous digital signature technology that can track signer identity.In the technology, group In any member key can be used represent group and anonymously sign.Group's digital signature is mainly for the protection of signer Anonymity, the internal structure of group can be hidden well, be applicable to governability, business administration, e-commerce and The fields such as military affairs, such as electronic cash, electronic bidding, vehicle safety communications etc..
In group's digital signature technology, group member devices is made to obtain the group member issuing process (Group of key Membership Issuing Process) be it is essential, how to make group member devices obtain key so that group number Word signature has anonymity, and there is presently no effective solutions.
Summary of the invention
The purpose of the application is exactly to solve the above-mentioned problems, to provide a kind of group member publisher of group's digital signature Method and equipment.
In a first aspect, one embodiment of the application provides a kind of group member dissemination method of group's digital signature, packet It includes:
Group member devices receive the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, first with Machine generates member P1, the distribution apparatus be the public key PK and described first that generates of group belonging to the group member devices with Machine number nI, intermediate parameter e is determined according to the first constraint condition, wherein the described first anonymous amount F is the group member devices' Private key f and first generates member P at random1Product, described first random generates member P1For the Bilinear Groups for meeting setting mapping function Random generation member in first Bilinear Groups of centering;
The group member devices press according to the intermediate parameter e, the second anonymous amount U and corresponding prime number q of the group The first parameter v is generated according to the second constraint condition, wherein the described second anonymous amount U is that the second random number u and described first are raw at random At first P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q is less than Or the number equal to the group member devices for including in the group;It is the private key f, described and according to the first parameter v Prime number q and the second random number u generates the second parameter w according to third constraint condition;
Described first anonymous amount F, the first parameter v and the second parameter w are sent to by the group member devices Whether the distribution apparatus, the first parameter v and the second parameter w are effective for verifying the described first anonymous amount F, described First anonymous amount F is used to generate the Endorsement Key of the group member devices;
The distribution apparatus receives the first anonymous amount F, the first parameter v and the second parameter w of group member devices' transmission;
Whether effective the distribution apparatus verifies the described first anonymous amount F according to the first parameter v and the second parameter w;
After the anonymous amount F of the distribution apparatus verifying described first is effective, member is generated according to third random number r and first at random P1, determine that the first parameter A, the third random number r are the distribution apparatus from finite field Z according to first function relationshippMiddle selection 's;It is the group key (x, y) that the group member devices generate according to the first parameter A and the distribution apparatus, according to Second function relationship determines the second parameter B;According to the first parameter A, the group key (x, y), the third random number r With the described first anonymous amount F, third parameter C is determined according to third functional relation;And according to the group key (x, y) and institute The first anonymous amount F is stated, determines the 4th parameter D according to the 4th functional relation;
The distribution apparatus is by the first parameter A, the second parameter B, the third parameter C and the 4th parameter Endorsement Key of the D as the group member devices is sent to the group member devices, and the Endorsement Key is for carrying out group Group digital signature;
The group member devices receive the Endorsement Key for the carrying group member devices that the distribution apparatus is sent Message, the Endorsement Key is for carrying out group's digital signature, wherein the Endorsement Key is the distribution apparatus to described What the first anonymous amount F was generated after being verified as effectively according to the described first anonymous amount F.
Second aspect, one embodiment of the application provide a kind of signature device, comprising:
First processing module, for receiving the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, First random generation member P1, the distribution apparatus be public key PK that group belonging to the group member devices generates and described First random number nI, intermediate parameter e is determined according to the first constraint condition, wherein the described first anonymous amount F is the group member The private key f of equipment and first generates member P at random1Product, described first random generates member P1To meet the double of setting mapping function Random generation member in first Bilinear Groups of linear group centering;
Second processing module, for measuring the U and corresponding prime number q of the group according to the intermediate parameter e, the second anonymity, The first parameter v is generated according to the second constraint condition, wherein the second anonymous amount U is the second random number u and described first random Generate member P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q is small In or equal to include in the group group member devices number;And according to the first parameter v, the private key f, institute Prime number q and the second random number u are stated, generates the second parameter w according to third constraint condition;
Sending module, for being sent to institute for the described first anonymous amount F, the first parameter v and the second parameter w State distribution apparatus, whether the first parameter v and the second parameter w are effective for verifying the described first anonymous amount F, and described the One anonymous amount F is used to generate the Endorsement Key of the group member devices;
Receiving module, the Endorsement Key of the carrying group member devices for receiving the distribution apparatus transmission disappear Breath, the Endorsement Key is for carrying out group's digital signature, wherein the Endorsement Key is the distribution apparatus to described first What anonymity amount F was generated after being verified as effectively according to the described first anonymous amount F.
The third aspect, one embodiment of the application provide a kind of distribution apparatus, and the equipment includes:
First control module, the first anonymous amount F for receiving group member devices' transmission, the ginseng of the first parameter v and second Measure w;According to the first parameter v and the second parameter w, whether effective the described first anonymous amount F is verified;
Second control module, for verify the described first anonymous amount F it is effective after, according to third random number r and first with Machine generates member P1, determine that the first parameter A, the third random number r are the distribution apparatus from limited according to first function relationship Domain ZpMiddle selection;It is the group key that the group member devices generate according to the first parameter A and the distribution apparatus (x, y) determines the second parameter B according to second function relationship;According to the first parameter A, group key (x, y), described The third random number r and first anonymous amount F, determines third parameter C according to third functional relation;And it is close according to the group Key (x, y) and the first anonymous amount F, determine the 4th parameter D according to the 4th functional relation;
Sending module, for joining the first parameter A, the second parameter B, the third parameter C and the described 4th Endorsement Key of the number D as the group member devices, is sent to the group member devices, the Endorsement Key is for carrying out Group's digital signature.
Fourth aspect, one embodiment of the application provide a kind of safety device, and described device includes:
Third processing module is used for from ZpThe middle private key f for selecting a random number as group member devices, and generate the One anonymous amount F, wherein the described first anonymous amount F is that the private key f and first of the group member devices generates member P at random1Multiply Product, the described first random generation member P1It is random in the first Bilinear Groups to meet the Bilinear Groups centering of setting mapping function Generate member;From ZpThe second random number u of middle selection, and generate the second anonymous amount U, wherein the described second anonymous amount U is second random The number u and first random generation member P1Product, the second anonymous amount U corresponds to a point on elliptic curve, by (xU, yU) indicate;
Fourth processing module, the first random number n for being sent according to distribution apparatusI, it is the first anonymous amount F, described First random generation member P1, the distribution apparatus be public key PK that group belonging to the group member devices generates, according to the One constraint condition determines intermediate parameter e;According to the intermediate parameter e, the second anonymous amount U and the corresponding prime number of the group Q generates the first parameter v according to the second constraint condition;And according to the first parameter v, the private key f, the prime number q and institute The second random number u is stated, generates the second parameter w according to third constraint condition;
Sending module, for being sent to institute for the described first anonymous amount F, the first parameter v and the second parameter w State distribution apparatus.
The group member dissemination method and equipment of a kind of group's digital signature provided through the invention, group member devices The anonymous amount of described first that itself is generated, first parameter and second parameter, are sent to the distribution apparatus, so that Distribution apparatus is that the group member devices generate for carrying out the Endorsement Key of group's digital signature, to make group member devices It treats signature information using Endorsement Key in subsequent signature to sign, since the Endorsement Key is only to the group member devices Effectively, it ensure that the anonymity of signature.
Detailed description of the invention
Fig. 1 is a kind of process signal of group member dissemination method of group's digital signature provided in an embodiment of the present invention Figure;
Fig. 2 is the configuration diagram in the embodiment of the present invention 1;
Fig. 3 is the block schematic illustration of the group member issuing process in the embodiment of the present invention 1;
Fig. 4 is a kind of schematic diagram of signature device provided in an embodiment of the present invention;
Fig. 5 is a kind of schematic diagram of distribution apparatus provided in an embodiment of the present invention;
Fig. 6 is a kind of schematic diagram of safety device provided in an embodiment of the present invention.
Specific embodiment
In the anonymity signature mechanism using group's public key, signature device is a group member in group.The group Only one group's public key.Each group member has a unique group member signature key, it by group member private Key and corresponding member certifications' composition.In signature process, signature device is given to one using group member signature key Message establishing group ranking.In verification process, verifying equipment checks whether the signature is to be formed with group using group's public key The group ranking of the signature key signature of member, and cannot reveal is the signature created with which group signature key.If tested Demonstrate,proving device authentication signature is created using the group member signature key for corresponding to group's public key, then is verified;Otherwise, Verifying does not pass through.
Group ranking mechanism (group signature is also referred to as using the anonymous data signature mechanism of group's public key mechanism).Such mechanism is related to group member and group member distribution apparatus (group membership The entities such as issuer).If necessary to trace the identity of signature device, then group member opens equipment (group membership It opener is) required for group ranking mechanism.If necessary to judge whether two signatures are signed by same signature device, then group Group signature connection equipment (group signature linker) is required for group ranking mechanism.In addition, when needed, group The private key of (revocation) group member or the certificate of group member can also be cancelled in signature mechanism.
Correspondingly, the entity composition in the group ranking system of realization mechanism can not also in different group ranking mechanism Together.But group ranking system typically at least includes following entity:
Group member devices: the group member of group is constituted;
Signature device: being any group member for generating digital signature;Signature device possesses distinguishing identifier and group Member's signature key, signature key are made of group's private key and member certifications;
Verifying equipment: being the entity for verifying digital signature;
Group member distribution apparatus: being to the entity of signature device publication group member certificate.
According to the difference of group ranking mechanism, in group ranking system, following entity is optional:
Group member opens equipment: being the entity that can identify the signature of signature device;
Group signature connects equipment: being the entity that can connect two signatures that the same signature device generates.
Group member and group member distribution apparatus are involved in the generation of the key of group member digital signature of the present invention Journey.After the completion of the process, group member will possess group member signature key;The group member distribution apparatus will be appreciated that into The distinguishing identifier of the distinguishing identifier of member certificate and member, member certifications and member are relevant.This can distinguishing identifier The format of symbol depends on group ranking mechanism, and distinguishing identifier can be and may not be the defeated of group member issuing process Enter (issuing process can be found in Fig. 3).
In addition, group member distribution apparatus should be individually created group member signature key, and it is issued group member.? In this case, the private key of group member and the ownership of member certifications are underground, and member and distribution apparatus will all be gathered around There is signature key.
May include in group's digital signature technology, in a group a believable group administrator and it is multiple commonly at Member.All members in group possess the private key of oneself, and the common parameters such as public key that can share group.Group administrator also gathers around There are group member opening side key (α, β) and group member list, includes the identity information etc. of group member in the list.Group Group administrators can determine the signer identity of anonymity signature based on opening side's key (α, β) and group member list.The present invention In embodiment, group administrator is also referred to as group member and opens equipment.
The key generation of group's digital signature is the component part of group's digital signature technology, and the key generated is used for group Group membership further generates anonymity signature, and (anonymity signature process is " a kind of in another invention applied on the same day by present invention applicant Group's digital signature and its verification method, equipment " protected).And generated anonymity signature, it can also be signed by group's number Opening or connection method in name control method are further verified, and (group's digital signature control method is by present invention applicant It is protected in another invention " a kind of control method and equipment of group's digital signature " applied on the same day).
Before dissemination method of the present invention is implemented, it usually needs parameter prepares, and is completed by key establishment process.Specifically such as Under:
Key establishment process, comprising:
The establishment process of group key.The process is executed by distribution apparatus, specific as follows:
Firstly, distribution apparatus determines a symmetrical bilinear group pair (G1,G2), wherein G1,G2Order be all p, and G1With G2Meet mapping functionG1×G2→GT。GTFor G1And G2The rank that middle element uses bilinear operation to obtain is the group of p.
Then, distribution apparatus is from G1Middle selection one is random to generate member P1, and from G2Middle selection one is random to generate member P2
Wherein, distribution apparatus determines three hash functions: H:{ 0,1 } * → G1, H1:{0,1}*→Zp, H2:{0,1}*→Zp, Wherein H1(the first hash function) and H2(the second hash function) meets the selection in SM2 signature algorithm to hash function.Publication is set It is standby from finite field (Zp) in, random number, i.e. x, y are selected, and calculate X=[x] P2With Y=[y] P2
Finally, distribution apparatus exports following parameter:
Common parameter: G1,G2,GT,P1,P2,p,H,H1,H2
Group's public key: PK, i.e. X and Y.
The group key of group member devices: x, y.
Wherein, group member devices can obtain above-mentioned parameter from distribution apparatus.
After the completion of key establishment process, dissemination method of the invention is come into effect, dissemination method of the present invention is by group member Equipment and distribution apparatus are completed jointly.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
The embodiment of the present invention is described in further detail with reference to the accompanying drawings of the specification.It should be appreciated that described herein Embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
In embodiment illustrated in fig. 1, a kind of group member dissemination method of group's digital signature, the method packet are provided It includes:
S11, group member devices receive the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, the One random generation member P1, the distribution apparatus be public key PK that group belonging to the group member devices generates and described the One random number nI, intermediate parameter e is determined according to the first constraint condition;
Wherein, the private key f and first that the described first anonymous amount F is the group member devices generates member P at random1Multiply Product, the described first random generation member P1It is random in the first Bilinear Groups to meet the Bilinear Groups centering of setting mapping function Generate member;
In the embodiment of the present invention, the private key f of the group member devices is the group member devices from preparatory finite field (it is denoted as Zp) in, the random number of selection.
In the embodiment of the present invention, the first random number nIIt is distribution apparatus from { 0,1 }tOne random number of middle selection, { 0,1 }t Indicate that length is the set of the binary number of t.
In a kind of possible implementation, first constraint condition are as follows: e=H1(PK||P1||F||nI);Wherein, e is The intermediate parameter, H1() indicates the first hash function, and PK is that the distribution apparatus is group belonging to the group member devices The public key that group generates, P1For the described first random generation member, F is the described first anonymous amount, nIFor first random number.
S12, the group member devices are according to the intermediate parameter e, the second anonymous amount U and the corresponding prime number of the group Q generates the first parameter v according to the second constraint condition, wherein the second anonymous amount U be the second random number u and described first with Machine generates member P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q Less than or equal to the number for the group member devices for including in the group;And according to the first parameter v, the private key f, The prime number q and the second random number u generates the second parameter w according to third constraint condition.
Wherein, the second anonymous amount U corresponds to a point on elliptic curve, U=[u] P1, by (xU,yU) indicate.
In the embodiment of the present invention, the corresponding prime number q of group is that (group member for including is set based on group size in group Standby number) determine any one prime number, the prime number be less than or equal to group size.
In a kind of possible implementation, second constraint condition are as follows: v=e+xUmod q;Wherein, v is described the One parameter, xUFor component of the described second anonymous amount U in X-axis, mod indicates that modulo operation, q are the prime number.
In a kind of possible implementation, the third constraint condition are as follows: w=(1+f)-1·(u-v·f)mod q;Its In, w is second parameter, and f is the private key, and u is second random number.
S13, the group member devices send out the described first anonymous amount F, the first parameter v and the second parameter w The distribution apparatus, the first parameter v and the second parameter w are given for verifying the effective of the group member devices Property, the described first anonymous amount F is used to generate the Endorsement Key of the group member devices.
S14, distribution apparatus receive the first anonymous amount F, the first parameter v and the second parameter w of group member devices' transmission; The distribution apparatus verifies the validity of the group member devices according to the first parameter v and the second parameter w.
It is random according to third random number r and first after S15, the distribution apparatus verifying group member devices are effective Generate member P1, determine that the first parameter A, the third random number r are the distribution apparatus from finite field Z according to first function relationshipp Middle selection;According to the first parameter A and the distribution apparatus be the group member devices generate group key (x, Y), the second parameter B is determined according to second function relationship;According to the first parameter A, the group key (x, y), the third The random number r and first anonymous amount F, determines third parameter C according to third functional relation;And according to the group key (x, y) and the first anonymous amount F, determines the 4th parameter D according to the 4th functional relation.
In a kind of possible mode implementation, the first function relationship are as follows: A=[r] P1, A is first parameter, R is the third random number, P1For the described first random generation member.
In a kind of possible mode implementation, the second function relationship are as follows: B=[y] A, wherein B is described second Parameter, y are the second component that the distribution apparatus is the group key (x, y) that the group generates.
In a kind of possible mode implementation, the third functional relation are as follows: C=[x] A+ [rxy] F, wherein C is The third parameter, x are the first component that the distribution apparatus is the group key (x, y) that the group generates, and F is described the One anonymous amount.
In a kind of possible mode implementation, the 4th functional relation are as follows: D=[ry] F, wherein D is the described 4th Parameter.
S16, the distribution apparatus are by the first parameter A, the second parameter B, the third parameter C and the described 4th Endorsement Key of the parameter D as the group member devices, is sent to the group member devices, the Endorsement Key be used for into Row group digital signature.
S17, the group member devices receive the voucher for the carrying group member devices that the distribution apparatus is sent The message of key, for the Endorsement Key for carrying out group's digital signature, the Endorsement Key is the distribution apparatus to described What group member devices generated after being verified as effectively according to the described first anonymous amount F.
In the embodiment of the present invention, by the above process, the described first anonymous amount that group member devices generate itself, institute The first parameter and second parameter are stated, the distribution apparatus is sent to, so that distribution apparatus is group member devices generation For carrying out the Endorsement Key of group's digital signature, so that group member devices be made to treat in subsequent signature using Endorsement Key Signature information is signed, and since the Endorsement Key is only effective to the group member devices, ensure that the anonymity of signature.
In the embodiment of the present invention, distribution apparatus should be individually for each group member devices and generate Endorsement Key, and will give birth to At Endorsement Key be sent to the group member devices.In this case, the private key of group member devices and the group member The ownership of the Endorsement Key of equipment is underground, and group member devices and distribution apparatus will all possess Endorsement Key.Such as Fruit distribution apparatus knows group member devices' Endorsement Key, which must trusty can not pretend to be group member Equipment.Otherwise, group ranking mechanism does not have the characteristic of non-repudiation.
It should be noted that each group member devices are in group's public key and the group for getting distribution apparatus output in group After group key, it is performed both by above-mentioned S11~S17.
It should be noted that distribution apparatus receives the first anonymous amount F of group member devices' transmission, the first ginseng in S13 V and the second parameter w is measured, the validity of the group member need to be verified according to the first parameter v and the second parameter w, if having Effect, then S14 is executed, to improve the reliability of entire issuing process, avoid in Practical Project environment because of invalid parameters The reduction of agreement execution efficiency and the waste of respective resources caused by the presence of possibility.
Wherein, the distribution apparatus verifies the group member devices' according to the first parameter v and the second parameter w A kind of possible mode of validity is as follows:
The distribution apparatus is according to the first parameter v, the second parameter w and the prime number q, according to the 11st function Relationship generates the 6th certificate parameter t.
If the 6th certificate parameter t is equal to 0, the distribution apparatus determines that the group member devices are invalid;Otherwise, institute Distribution apparatus is stated according to public key PK, the first random generation member P that the distribution apparatus is group generation1, described One anonymous amount F and the first random number nI, First Transition parameter e' is determined according to the 12nd functional relation;And according to described first Anonymity amount F, the first random generation member P1, the 6th certificate parameter t and the second parameter w, according to the 13rd function Relationship determines the second transition parameter xU'。
The distribution apparatus is according to the First Transition parameter e ', the second transition parameter xU' and the prime number q, it presses The certificate parameter v ' of the first parameter is determined according to the 14th functional relation.
If the certificate parameter v ' of first parameter is equal to the first parameter v, the distribution apparatus determines the group Member device is effective;Otherwise, the distribution apparatus determines that the group member devices are invalid.
In a kind of possible implementation, the 11st functional relation are as follows: t=v+w mod q;Wherein, t is described the Six certificate parameters, v are first parameter, and w is second parameter, and q is the prime number, and mod indicates modulo operation.
In a kind of possible implementation, the 12nd functional relation are as follows: e'=H1(PK||P1||F||nI);Wherein, E ' is the First Transition parameter, H1() indicates the first hash function, and PK is that the distribution apparatus is the group member devices The public key that affiliated group generates, P1For the described first random generation member, F is the described first anonymous amount, nIIt is random for described first Number.
In a kind of possible implementation, the 13rd functional relation are as follows: (x 'U,y′U)=[w] P1+[t]F;Wherein, x′UFor second transition parameter, i.e. [w] P1Component of the point on curve that+[t] F is determined in X-axis, y 'UIndicate [w] P1+ Component of the point on curve that [t] F is determined in Y-axis, w are second parameter, and t is the 6th certificate parameter.
In a kind of possible implementation, the 14th functional relation are as follows: v '=e '+x 'Umod q;Wherein, v ' is The certificate parameter of first parameter.
Based on the above embodiment, the carrying group that the distribution apparatus that the group member devices receive is sent In the message of the Endorsement Key of member device, also carries the first verifying parameter c and second for verifying the Endorsement Key and test Demonstrate,prove parameter s.By the verifying to the first verifying parameter c and the second verifying parameter s to verify the effective of the Endorsement Key Property, so as to improve the reliability of entire issuing process, avoid in Practical Project environment because Endorsement Key in vain may Property presence caused by agreement execution efficiency reduce and respective resources waste.
Wherein, a kind of possible generating mode of the first verifying parameter c and the second verifying parameter s specifically include:
The distribution apparatus is determined according to the 4th random number a' and the group key (x, y) according to the 5th functional relation First intermediate parameters h, the 4th random number a' are the distribution apparatus from the finite field ZpMiddle selection;According to described The four random number a' and first random generation member P1, the second intermediate parameters R is determined according to the 6th functional relation1;And according to institute The 4th random number a' and the first anonymous amount F are stated, determines third intermediate parameters R according to the 7th functional relation2;According to described One random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, according to the 8th functional relation Determine the 4th intermediate parameters e*
The distribution apparatus is according to the 4th intermediate parameters e*, the second intermediate parameters R1, the third intermediate parameters R2With prime number q corresponding to group belonging to the group member devices, the first verifying parameter is determined according to the 9th functional relation C, the prime number q are less than or equal to the number of the group member devices in the group included;And according to first verifying Parameter c, the first intermediate parameters h, the 4th random number a' and the prime number q, determine second according to the tenth functional relation Verify parameter s.
The first verifying parameter c and the second verifying parameter s are sent to the group member by the distribution apparatus Equipment.
In a kind of possible implementation, the 5th functional relation are as follows: h=ry, h are first intermediate parameters, r For the third random number, y is the second component that the distribution apparatus is the group key (x, y) that the group generates.
In a kind of possible implementation, the 6th functional relation are as follows: R1=[a'] P1;Wherein, R1In described second Between parameter, a' be the 4th random number, P1For the described first random generation member.
In a kind of possible implementation, the 7th functional relation are as follows: R2=[a'] F;Wherein, R2For in the third Between parameter, F is the described first anonymous amount.
In a kind of possible implementation, the 8th functional relation are as follows: e*=H1(P1||B||D||F);Wherein, e*For 4th intermediate parameters, H1() indicates the first hash function, and B is second parameter, D is the 4th parameter.
In a kind of possible implementation, the 9th functional relation are as follows:Wherein, c is institute The first verifying parameter is stated,Indicate R1Component of the point in X-axis on determining curve,Indicate R2On determining curve Component of the point in X-axis, mod indicate that modulo operation, q are the prime number.
In a kind of possible implementation, the tenth functional relation are as follows: s=(1+h)-1·(a'-c·h)mod q;Its In, s is the second verifying parameter.
Based on the above embodiment, it is that the group member is set that group member devices described in S17, which receive the distribution apparatus, After the Endorsement Key of preparation cloth, further includes:
Whether the group member devices verify the Endorsement Key effective.
In a kind of possible implementation, whether the group member devices verify the Endorsement Key effective, including with Lower process:
The group member devices according in the Endorsement Key the first parameter A and the distribution apparatus be the group The public key (X, Y) of generation, determines first function value according to the mapping functionAccording to second in the Endorsement Key Parameter B and second generates member P at random2, second function value is determined according to the mapping functionAccording to the Endorsement Key In third parameter C and second at random generate member P2, third functional value is determined according to the mapping functionAnd according to The first parameter A, the 4th parameter D in the Endorsement Key and the public key (X, Y) determine according to the mapping function Four functional values
If the first function valueWith the second function valueIt is unequal, and the third functional valueWith the 4th functional valueUnequal, the group member devices determine that the Endorsement Key is invalid; Otherwise, the group member devices verify the parameter s and prime number q according to the first verifying parameter c, described second, according to 4th constraint condition determines the first certificate parameter t+
If the first certificate parameter t+Equal to 0, the group member devices determine that the Endorsement Key is invalid;Otherwise, The group member devices are according to the second verifying parameter s, the first random generation member P1, the first certificate parameter t+ With the second parameter B, the second certificate parameter is determined according to the 5th constraint conditionAnd according to it is described second verifying parameter s, Described first anonymous amount F, the first certificate parameter t+With the 4th parameter D, determine that third is tested according to the 6th constraint condition Demonstrate,prove parameter
The group member devices are according to the described first random generation member P1, the second parameter B, the 4th parameter D With the described first anonymous amount F, the 4th certificate parameter e is determined according to the 7th constraint condition+
The group member devices are by the 4th certificate parameter e+, second certificate parameterComponent in X-axis With the third certificate parameterThe sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+It is equal, described in group member devices' determination Endorsement Key is effective;Otherwise, the group member devices determine that the Endorsement Key is invalid.
In a kind of possible implementation, the 4th constraint condition are as follows: t+=c+s mod q;Wherein, t+It is described One certificate parameter, c are the first verifying parameter, and s is the second verifying parameter, and mod indicates that modulo operation, q are the matter Number.
In a kind of possible implementation, the 5th constraint condition are as follows:Wherein,For second certificate parameter,Indicate [s] P1+[t+] component of the point in X-axis on the curve that determines of B,It indicates [s]P1+[t+] component of the point in Y-axis on the curve that determines of B, P1For the described first random generation member, B is second ginseng Number.
In a kind of possible implementation, the 6th constraint condition are as follows:Its In,For the third certificate parameter,Indicate [s] F+ [t+] component of the point in X-axis on the curve that determines of D,Table Show [s] F+ [t+] component of the point in Y-axis on the curve that determines of D, F is the described first anonymous amount, and D is the 4th parameter.
In a kind of possible implementation, the 7th constraint condition are as follows: e+=H1(P1| | B | | D | | F), wherein H1() Indicate the first hash function.
Based on the above embodiment, it is that the group member is set that group member devices described in S17, which receive the distribution apparatus, After the Endorsement Key of preparation cloth, the method can also include following revocation process:
The distribution apparatus be any group in any group member update group key, group's public key and voucher it is close Key.
It should be noted that above-mentioned revocation process is after distribution apparatus completes issuing process, if there is group updating Demand just carry out, such as there is new group member to leave or be added group and just need to update group when being, to avoid adopting Each variation of group is coped with complicated issuing process, to also improve the scalability of group, is conducive to operation management And industrialization.In order to guarantee the safety of transmission process, the undated parameter is not directly sent to group member by distribution apparatus, But any parameter in updated Endorsement Key is sent to the group member, so that the group member is according to Corresponding parameter in any parameter and the former Endorsement Key itself saved, determines the undated parameter, and according to the update The Endorsement Key of parameter update group member.
Due to updating the component y of group key, the complexity of the processing such as subsequent signature, verifying will increase, in order to reduce place Complexity is managed, the distribution apparatus only updates the one-component of group key, i.e. component x, after update when updating group key Group key be (x ', y), updated group's public key be (X ', Y), wherein X '=[x '] P2, P2Indicate that described second is random Generate member.
Specifically, the distribution apparatus be any group in any group member update group key, group's public key and Endorsement Key, comprising:
The distribution apparatus is from finite field ZpMiddle selection group key (x', y), and by the group key of the group member It is updated to group key (x', y).
Updated group key (x', y) is generated member P with second by the distribution apparatus at random2Product as update Group's public key afterwards, the described second random generation member P2For meet the mapping function Bilinear Groups centering the second double line Random generation member in group.
The distribution apparatus issues updated group's public key (X', Y) and updated group key (x', y).
The distribution apparatus according to updated group key (x', y), update before group key (x, y) and described pair The order p of linear group pair determines undated parameter θ according to the 15th functional relation.
The distribution apparatus updates the Endorsement Key (A, B, C, D) of the group member according to the undated parameter θ.
The distribution apparatus is by any parameter in updated Endorsement Key, such as C-(corresponding parameter C) is sent to institute Group member is stated, so that the group member is according to the parameter C-Determine the undated parameter θ, and according to the undated parameter Update the Endorsement Key of group member.
In a kind of possible implementation, the 15th functional relation are as follows: θ=x '/x mod p, wherein θ indicates institute Undated parameter, the one-component in the x ' expression updated group key are stated, x indicates the phase in the group key before updating Component is answered, p indicates the order of the bilinear group pair.
In a kind of possible implementation, the group member is according to the parameter C-Determine the undated parameter θ, and root After the Endorsement Key for updating group member according to the undated parameter, obtaining updated Endorsement Key is (A-,B-,C-,D-), In, C-For the updated value of C, θ=C-/ C, A-=[θ] A, B-=[θ] B, D-=[θ] D.
In a kind of possible implementation, the group member is according to any parameter C-Determine the undated parameter θ, And the Endorsement Key of group member is updated according to the undated parameter, obtaining updated Endorsement Key is (A-,B-,C-,D-), Wherein, C-For the updated value of C, θ=C-/ C, A-=[θ] A, B-=[θ] B, D-=[θ] D.
Group member devices in the embodiment of the present invention are signature device.
In the embodiment of the present invention, does not limit and determine first intermediate parameters, determine second intermediate parameters, determine institute It states third intermediate parameters and determines the sequencing of the 4th intermediate parameters.
Below by three specific embodiments, to a kind of group member of group's digital signature provided in an embodiment of the present invention Dissemination method is described in detail.
Embodiment 1: group member devices' (i.e. signature device) in the present embodiment in group include security module (also referred to as Safety chip), the computing capability that security module can support signature device all, group member devices' issuing process needs are being signed The identification communication channel an of safety is established between name equipment and distribution apparatus, as shown in Fig. 2, each group in the specific group Group membership's equipment issuing process is as follows:
1) distribution apparatus chooses a random number n firstI←{0,1}l
2) distribution apparatus sends nITo security module.
3) security module is from ZpOne random number of middle selection, generates the private key f of the group member devices, and calculate F=[f] P1, wherein F is f and P1Dot product product.
4) security module is from ZpRandom number u is chosen, and calculates U=[u] P1, wherein U is by (xU,yU) indicate, U is u and P1's Dot product product.
5) security module calculates e=H1(PK||P1||F||nI), v=e+xUMod q and w=(1+f)-1·(u-v·f) mod q。
6) security module sends (F, v, w) to distribution apparatus.
7) distribution apparatus calculates t=v+w mod q, and verifies t ≠ 0.
If authentication failed terminates process;
If be proved to be successful, execute it is following 8).
8) distribution apparatus calculates (x 'U,y′U)=[w] P1+ [t] F, e '=H1(PK||P1||F||nI) and v '=e '+x 'U Mod q, and verify v=v '.
If unequal, i.e. authentication failed then terminates process;
If be proved to be successful, execute it is following 9).
9) distribution apparatus is from ZpMiddle selection random number r, and calculate A=[r] P1, B=[y] A, C=[x] A+ [rxy] F, with And D=[ry] F.
10) distribution apparatus is from ZpMiddle selection random number a, and calculate h=ry.
11) distribution apparatus calculates R1=[a'] P1,R2=[a'] F and e*=H1(P1||B||D||F)。
12) distribution apparatus calculatesWith s=(1+h)-1(a'-ch) mod q, to obtain The Endorsement Key (i.e. A, B, C and D) of group member devices, the first verifying parameter c and the second verifying parameter s.
13) distribution apparatus sends the Endorsement Key for carrying group member devices, the first verifying parameter and the second verifying parameter Message (being denoted as (A, B, C, D, c, s)) give security module.
14) security module is verifiedAnd
If authentication failed ends processing;
If be proved to be successful, execute 15).
15) security module calculates t+=c+s mod q, and verify t+≠0。
If authentication failed ends processing;
If be proved to be successful, execute 16).
16) security module calculates
17) security module verifies c=c+
If authentication failed ends processing;
If be proved to be successful, it is determined that the Endorsement Key got is effective to group member devices.
The above process may be defined as the group signature distribution protocol based on SM2, be based on the protocol frame, input is group Group key, group's common parameter, the group's public key of member device, output be group member devices private key and Endorsement Key (i.e. the signature keys of group member devices), as shown in Figure 3.Input can also include can distinguishing identifier, wherein can distinguishing identifier It can be a string symbol, for identifying the identity of group member.
Embodiment 2: in the present embodiment, security module is not included in group member devices' (i.e. signature device) in group (also referred to as safety chip), the computing capability that signature device itself can support the signature device all, group member devices' hair Cloth process needs to establish the identification communication channel of a safety between signature device and distribution apparatus, and specific group member is set During preparation cloth, the treatment process of distribution apparatus is same as Example 1, referring specifically to the correlation of distribution apparatus in embodiment 1 Description, the treatment process of signature device is identical as the treatment process of signature blocks in embodiment 1, referring specifically to signing in embodiment 1 The associated description of name module, details are not described herein again.
Embodiment 3: in group member devices' (i.e. signature device) in the present embodiment in group (also referred to as comprising security module For safety chip), but the computing capability that security module has is limited, and security module is only responsible at part when protocol algorithm designs Reason, group member devices' issuing process need to establish the identification communication letter an of safety between signature device and distribution apparatus Road, in specific group member devices' issuing process, the treatment process of distribution apparatus is same as Example 1, referring specifically to implementation The associated description of distribution apparatus in example 1, security module execute the treatment process of (3)~(6) in embodiment 1, signature device sheet Body executes the treatment process of (14)~(17), referring specifically to the associated description in embodiment 1.In the present embodiment, signature device Including main signature blocks and assisted signature module, wherein security module can be described as assisted signature module, as described above, embodiment 1 In the treatment processes of (3)~(6) executed by assisted signature module, the treatment processes of (14)~(17) by main signature blocks Lai It executes.
Above method process flow can realize that the software program can store in storage medium with software program, when When the software program of storage is called, above method step is executed.
Based on the same inventive concept, a kind of signature device is additionally provided in the embodiment of the present invention, since equipment solution is asked The principle of topic is similar to above-mentioned embodiment of the method shown in FIG. 1, therefore the implementation of the equipment may refer to the implementation of method, repeats Place repeats no more.
In embodiment illustrated in fig. 4, a kind of signature device is provided, the equipment includes:
First processing module 41, for receiving the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, the first random generation member P1, the public key PK that generates for group belonging to the group member devices of the distribution apparatus and institute State the first random number nI, intermediate parameter e is determined according to the first constraint condition, wherein the described first anonymous amount F is group composition The private key f and first of member's equipment generates member P at random1Product, described first random generates member P1To meet setting mapping function Random generation member in first Bilinear Groups of Bilinear Groups centering;
Second processing module 42, for according to the intermediate parameter e, the second anonymous amount U and the corresponding prime number of the group Q generates the first parameter v according to the second constraint condition, wherein the second anonymous amount U be the second random number u and described first with Machine generates member P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q Less than or equal to the number for the group member devices for including in the group;And according to the first parameter v, the private key f, The prime number q and the second random number u generates the second parameter w according to third constraint condition;
Sending module 43, for being sent to the described first anonymous amount F, the first parameter v and the second parameter w The distribution apparatus, the first parameter v and the second parameter w are used to verify the validity of the group member devices, institute State the Endorsement Key that the first anonymous amount F is used to generate the group member devices;
Receiving module 44, the Endorsement Key of the carrying group member devices for receiving the distribution apparatus transmission Message, the Endorsement Key is for carrying out group's digital signature, wherein the Endorsement Key is the distribution apparatus to the group Group membership's device authentication be effectively after generated according to the described first anonymous amount F.
In a kind of possible implementation, the receiving module 44 is also used to receive for verifying the Endorsement Key One verifying parameter c and the second verifying parameter s.
In a kind of possible implementation, the equipment further include:
Authentication module 45, it is whether effective for verifying the Endorsement Key.
In a kind of possible implementation, the authentication module 45 is specifically used for:
According in the Endorsement Key the first parameter A and the distribution apparatus be the group generate public key (X, Y), First function value is determined according to the mapping functionIt is raw at random according to the second parameter B and second in the Endorsement Key At first P2, second function value is determined according to the mapping functionAccording to the third parameter C and in the Endorsement Key Two random generation member P2, third functional value is determined according to the mapping functionAnd according to the first parameter A, institute The 4th parameter D and the public key (X, Y) in Endorsement Key are stated, determines the 4th functional value according to the mapping function
If the first function valueWith the second function valueThe unequal or described third functional valueWith the 4th functional valueIt is unequal, determine that the Endorsement Key is invalid;Otherwise, according to described first Parameter c, the second verifying parameter s and prime number q are verified, determines the first certificate parameter t according to the 4th constraint condition+
If the first certificate parameter t+Equal to 0, determine that the Endorsement Key is invalid;Otherwise, the group member devices According to the second verifying parameter s, the first random generation member P1, the first certificate parameter t+With the second parameter B, The second certificate parameter is determined according to the 5th constraint conditionAnd according to the second verifying parameter s, the first anonymous amount F, the first certificate parameter t+With the 4th parameter D, third certificate parameter is determined according to the 6th constraint condition
According to the described first random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F determines the 4th certificate parameter e according to the 7th constraint condition+
By the 4th certificate parameter e+, second certificate parameterComponent and third verifying ginseng in X-axis NumberThe sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+It is equal, determine that the Endorsement Key is effective;It is no Then, determine that the Endorsement Key is invalid.
In a kind of possible implementation, after the receiving module 44 is also used to receive the update that the distribution apparatus is sent Endorsement Key in any parameter C-
The equipment further includes the first update module 46, for according to any parameter C-Determine the undated parameter θ, And the Endorsement Key of group member is updated according to the undated parameter.
Based on the same inventive concept, a kind of distribution apparatus is additionally provided in the embodiment of the present invention, since equipment solution is asked The principle of topic is similar to above-mentioned embodiment of the method shown in FIG. 1, therefore the implementation of the equipment may refer to the implementation of method, repeats Place repeats no more.
In embodiment illustrated in fig. 5, a kind of distribution apparatus is provided, the equipment includes:
First control module 51, the first anonymous amount F, the first parameter v and second for receiving group member devices' transmission Parameter w;According to the first parameter v and the second parameter w, the validity of the group member devices is verified;
Second control module 52 is used for after the verifying group member devices are effective, according to third random number r and first It is random to generate member P1, determine that the first parameter A, the third random number r are the distribution apparatus from having according to first function relationship Confinement ZpMiddle selection;It is that the group that the group member devices generate is close according to the first parameter A and the distribution apparatus Key (x, y) determines the second parameter B according to second function relationship;According to the first parameter A, the group key (x, y), institute Third random number r and the first anonymous amount F are stated, determines third parameter C according to third functional relation;And according to the group Key (x, y) and the first anonymous amount F, determine the 4th parameter D according to the 4th functional relation;
Sending module 53 is used for the first parameter A, the second parameter B, the third parameter C and the described 4th Endorsement Key of the parameter D as the group member devices, is sent to the group member devices, the Endorsement Key be used for into Row group digital signature.
In a kind of possible implementation, the equipment further include:
Authentication module 55, for the distribution apparatus verify the group member devices it is effective after, trigger second control The work of molding block.
In a kind of possible implementation, the authentication module 55 is specifically used for:
According to the first parameter v, the second parameter w and the prime number q, the 6th is generated according to the 11st functional relation Certificate parameter t;
If the 6th certificate parameter t is equal to 0, determine that the group member devices are invalid;Otherwise, it is set according to the publication The standby public key PK generated for the group, the first random generation member P1, the first anonymous amount F and the first random number nI, press First Transition parameter e' is determined according to the 12nd functional relation;And according to the described first anonymous amount F, the first random generation member P1, the 6th certificate parameter t and the second parameter w, determine the second transition parameter x according to the 13rd functional relationU';
According to the First Transition parameter e ', the second transition parameter xU' and the prime number q, according to the 14th function Relationship determines the certificate parameter v ' of the first parameter;
If the certificate parameter v ' of first parameter is equal to the first parameter v, determine that the group member devices are effective; Otherwise, it determines the group member devices are invalid.
In a kind of possible implementation, the equipment further include:
Third control module 54, for being closed according to the 5th function according to the 4th random number a' and the group key (x, y) System determines that the first intermediate parameters h, the 4th random number a' are the distribution apparatus from the finite field ZpMiddle selection;According to The 4th random number a' and first random generation member P1, the second intermediate parameters R is determined according to the 6th functional relation1;And According to the 4th random number a' and the first anonymous amount F, third intermediate parameters R is determined according to the 7th functional relation2;According to Described first random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, according to the 8th letter Number relationship determines the 4th intermediate parameters e*
The distribution apparatus is according to the 4th intermediate parameters e*, the second intermediate parameters R1, the third intermediate parameters R2With prime number q corresponding to group belonging to the group member devices, the first verifying parameter is determined according to the 9th functional relation C, the prime number q are less than or equal to the number of the group member devices in the group included;And according to first verifying Parameter c, the first intermediate parameters h, the 4th random number a' and the prime number q, determine second according to the tenth functional relation Verify parameter s;
The sending module 53 is also used to the first verifying parameter c and the second verifying parameter being sent to the group Group membership's equipment.
In a kind of possible implementation, the equipment further include:
Second update module 56, for in any group any group member update group key, group's public key and Endorsement Key.
In a kind of possible implementation, second update module is that any group member in any group updates group Group key, group's public key and Endorsement Key, are specifically used for:
From finite field ZpMiddle selection group key (x', y), and it is close that the group key of the group member is updated to group Key (x', y).
By updated group key (x', y) and the second random generation member P2Product as updated group's public key, Described second random generation member P2The random life in the second double line group to meet the Bilinear Groups centering of the mapping function Cheng Yuan.
Issue updated group's public key (X', Y) and updated group key (x', y).
According to the rank of group key (x, y) and the bilinear group pair before updated group key (x', y), update Number p determines undated parameter θ according to the 15th functional relation.
According to the undated parameter θ, the Endorsement Key (A, B, C, D) of the group member is updated.
By any parameter C in updated Endorsement Key-It is sent to the group member, so that the group member root According to any parameter C-It determines the undated parameter θ, and updates the Endorsement Key of group member according to the undated parameter.
Based on the same inventive concept, a kind of peace of corresponding security module/safety chip is additionally provided in the embodiment of the present invention Full device, since the principle that the equipment solves the problems, such as is similar to above-mentioned embodiment of the method shown in FIG. 1, the implementation of the device It may refer to the implementation of method, overlaps will not be repeated.
In embodiment illustrated in fig. 6, a kind of safety device is provided, described device includes:
Third processing module 61 is used for from ZpThe middle private key f for selecting a random number as group member devices, and generate First anonymous amount F, wherein the described first anonymous amount F is that the private key f and first of the group member devices generates member P at random1's Product, the described first random generation member P1For meet setting mapping function Bilinear Groups centering the first Bilinear Groups in Machine generates member;From ZpThe second random number u of middle selection, and generate the second anonymous amount U, wherein the described second anonymous amount U be second with The machine number u and first random generation member P1Product, the second anonymous amount U corresponds to a point on elliptic curve, by (xU, yU) indicate;
Fourth processing module 62, the first random number n for being sent according to distribution apparatusI, first anonymous the amount F, institute State the first random generation member P1, the distribution apparatus be public key PK that group belonging to the group member devices generates, according to First constraint condition determines intermediate parameter e;According to the intermediate parameter e, the second anonymous amount U and the corresponding matter of the group Number q generates the first parameter v according to the second constraint condition;And according to the first parameter v, the private key f, the prime number q and The second random number u generates the second parameter w according to third constraint condition;
Sending module 63, for being sent to the described first anonymous amount F, the first parameter v and the second parameter w The distribution apparatus.
In a kind of possible implementation, described device further include:
Receiving module 64, the Endorsement Key of the carrying group member devices for receiving the distribution apparatus transmission, first Verify the message of parameter and the second verifying parameter;
Authentication module 65, for according in the Endorsement Key the first parameter A and the distribution apparatus be the group The public key (X, Y) of generation, determines first function value according to the mapping functionAccording to second in the Endorsement Key Parameter B and second generates member P at random2, second function value is determined according to the mapping functionAccording to the Endorsement Key In third parameter C and second at random generate member P2, third functional value is determined according to the mapping functionAnd according to The first parameter A, the 4th parameter D in the Endorsement Key and the public key (X, Y) determine according to the mapping function Four functional values
If the first function valueWith the second function valueThe unequal or described third functional valueWith the 4th functional valueIt is unequal, determine that the Endorsement Key is invalid;Otherwise, according to described first Parameter c, the second verifying parameter s and prime number q are verified, determines the first certificate parameter t according to the 4th constraint condition+
If the first certificate parameter t+Equal to 0, determine that the Endorsement Key is invalid;Otherwise, the group member devices According to the second verifying parameter s, the first random generation member P1, the first certificate parameter t+With the second parameter B, The second certificate parameter is determined according to the 5th constraint conditionAnd according to the second verifying parameter s, the first anonymous amount F, the first certificate parameter t+With the 4th parameter D, third certificate parameter is determined according to the 6th constraint condition
According to the described first random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F determines the 4th certificate parameter e according to the 7th constraint condition+
By the 4th certificate parameter e+, second certificate parameterComponent and third verifying ginseng in X-axis NumberThe sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+It is equal, determine that the Endorsement Key is effective;It is no Then, determine that the Endorsement Key is invalid.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (25)

1. a kind of group member dissemination method of group's digital signature, which is characterized in that the described method includes:
Group member devices receive the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, the first random life At first P1, the distribution apparatus be public key PK and first random number that group belonging to the group member devices generates nI, intermediate parameter e is determined according to the first constraint condition, wherein the described first anonymous amount F is the private key of the group member devices F and first generates member P at random1Product, described first random generates member P1For the Bilinear Groups centering for meeting setting mapping function The first Bilinear Groups in random generation member;
The group member devices are according to the intermediate parameter e, the second anonymous amount U and corresponding prime number q of the group, according to the Two constraint conditions generate the first parameter v, wherein the described second anonymous amount U is that the second random number u and described first generate member at random P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q is less than or waits The number for the group member devices for including in the group;And according to the first parameter v, the private key f, the prime number Q and the second random number u generates the second parameter w according to third constraint condition;
Described first anonymous amount F, the first parameter v and the second parameter w are sent to described by the group member devices Distribution apparatus, the first parameter v and the second parameter w are used to verify the validity of the group member devices, and described the One anonymous amount F is used to generate the Endorsement Key of the group member devices;
The distribution apparatus receives the first anonymous amount F, the first parameter v and the second parameter w of group member devices' transmission;It is described Distribution apparatus verifies the validity of the group member devices according to the first parameter v and the second parameter w;
After the distribution apparatus verifying group member devices are effective, member P is generated according to third random number r and first at random1, Determine that the first parameter A, the third random number r are the distribution apparatus from finite field Z according to first function relationshippMiddle selection 's;It is the group key (x, y) that the group member devices generate according to the first parameter A and the distribution apparatus, according to Second function relationship determines the second parameter B;According to the first parameter A, the group key (x, y), the third random number r With the described first anonymous amount F, third parameter C is determined according to third functional relation;And according to the group key (x, y) and institute The first anonymous amount F is stated, determines the 4th parameter D according to the 4th functional relation;
The distribution apparatus makees the first parameter A, the second parameter B, the third parameter C and the 4th parameter D For the Endorsement Key of the group member devices, the group member devices are sent to, the Endorsement Key is for carrying out group Digital signature;
The group member devices receive disappearing for the Endorsement Key for the carrying group member devices that the distribution apparatus is sent Breath, the Endorsement Key is for carrying out group's digital signature, wherein the Endorsement Key is the distribution apparatus to the group What member device generated after being verified as effectively according to the described first anonymous amount F.
2. the method as described in claim 1, which is characterized in that the distribution apparatus is joined according to the first parameter v and second W is measured, the validity of the group member devices is verified, comprising:
The distribution apparatus is according to the first parameter v, the second parameter w and the prime number q, according to the 11st functional relation Generate the 6th certificate parameter t;
If the 6th certificate parameter t is equal to 0, the distribution apparatus determines that the group member devices are invalid;Otherwise, the hair Cloth equipment is according to public key PK, the first random generation member P that the distribution apparatus is that the group generates1, described first hide Name amount F and the first random number nI, First Transition parameter e' is determined according to the 12nd functional relation;And it is anonymous according to described first Measure F, the first random generation member P1, the 6th certificate parameter t and the second parameter w, according to the 13rd functional relation Determine the second transition parameter xU';
The distribution apparatus is according to the First Transition parameter e ', the second transition parameter xU' and the prime number q, according to the tenth Four functional relations determine the certificate parameter v ' of the first parameter;
If the certificate parameter v ' of first parameter is equal to the first parameter v, the distribution apparatus determines the group member Equipment is effective;Otherwise, the distribution apparatus determines that the group member devices are invalid.
3. method according to claim 2, which is characterized in that also carried for verifying the Endorsement Key in the message First verifying parameter c and the second verifying parameter s.
4. method as claimed in claim 3, which is characterized in that the method specifically includes:
The distribution apparatus determines first according to the 4th random number a' and the group key (x, y), according to the 5th functional relation Intermediate parameters h, the 4th random number a' are the distribution apparatus from the finite field ZpMiddle selection;According to the described 4th with The machine number a' and first random generation member P1, the second intermediate parameters R is determined according to the 6th functional relation1;And according to described The four random number a' and first anonymous amount F, determine third intermediate parameters R according to the 7th functional relation2;According to described first with Machine generates member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, determined according to the 8th functional relation 4th intermediate parameters e*
The distribution apparatus is according to the 4th intermediate parameters e*, the second intermediate parameters R1, the third intermediate parameters R2With Prime number q corresponding to group belonging to the group member devices determines the first verifying parameter c, institute according to the 9th functional relation State number of the prime number q less than or equal to the group member devices for including in the group;And according to the first verifying parameter C, the first intermediate parameters h, the 4th random number a' and the prime number q, determine the second verifying according to the tenth functional relation Parameter s;
The first verifying parameter c and the second verifying parameter s are sent to the group member and set by the distribution apparatus It is standby.
5. method as claimed in claim 4, which is characterized in that it is described that the group member devices, which receive the distribution apparatus, After the Endorsement Key of group member devices' publication, further includes:
The group member devices according in the Endorsement Key the first parameter A and the distribution apparatus be the group generate Public key (X, Y), determine first function value according to the mapping functionAccording to the second parameter B in the Endorsement Key With the second random generation member P2, second function value is determined according to the mapping functionAccording in the Endorsement Key Third parameter C and second generates member P at random2, third functional value is determined according to the mapping functionAnd according to described The 4th parameter D and the public key (X, Y) in first parameter A, the Endorsement Key, determine the 4th letter according to the mapping function Numerical value
If the first function valueWith the second function valueThe unequal or described third functional value With the 4th functional valueUnequal, the group member devices determine that the Endorsement Key is invalid;Otherwise, institute Group member devices are stated according to the first verifying parameter c, the second verifying parameter s and prime number q, according to the 4th constraint Condition determines the first certificate parameter t+
If the first certificate parameter t+Equal to 0, the group member devices determine that the Endorsement Key is invalid;Otherwise, the group Group membership's equipment is according to the second verifying parameter s, the first random generation member P1, the first certificate parameter t+With it is described Second parameter B determines the second certificate parameter according to the 5th constraint conditionAnd according to the second verifying parameter s, described First anonymous amount F, the first certificate parameter t+With the 4th parameter D, third verifying ginseng is determined according to the 6th constraint condition Number
The group member devices are according to the described first random generation member P1, the second parameter B, the 4th parameter D and described First anonymous amount F, determines the 4th certificate parameter e according to the 7th constraint condition+
The group member devices are by the 4th certificate parameter e+, second certificate parameterComponent and institute in X-axis State third certificate parameterThe sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+Equal, the group member devices determine that the voucher is close Key is effective;Otherwise, the group member devices determine that the Endorsement Key is invalid.
6. the method as described in claim 1, which is characterized in that
First constraint condition are as follows: e=H1(PK||P1||F||nI);Wherein, e is the intermediate parameter, H1() indicates first Hash function, PK are that the distribution apparatus is the public key that group belonging to the group member devices generates, P1It is described first Random to generate member, F is the described first anonymous amount, nIFor first random number;
Second constraint condition are as follows: v=e+xUmod q;Wherein, v is first parameter, xUFor the described second anonymous amount U Component in X-axis, mod indicate that modulo operation, q are the prime number;
The third constraint condition are as follows: w=(1+f)-1·(u-v·f)mod q;Wherein, w is second parameter, and f is described Private key, u are second random number.
The first function relationship are as follows: A=[r] P1, A is first parameter, and r is the third random number, P1It is described first It is random to generate member;
The second function relationship are as follows: B=[y] A, wherein B is second parameter, and y is that the distribution apparatus is the group The second component of the group key (x, y) of generation;
The third functional relation are as follows: C=[x] A+ [rxy] F, wherein C is the third parameter, and x is the distribution apparatus For the first component of the group key (x, y) that the group generates, F is the described first anonymous amount;
4th functional relation are as follows: D=[ry] F, wherein D is the 4th parameter.
7. method according to claim 2, which is characterized in that the 11st functional relation are as follows: t=v+w mod q;Its In, t is the 6th certificate parameter, and v is first parameter, and w is second parameter, and q is the prime number, and mod expression takes Modular arithmetic;
12nd functional relation are as follows: e'=H1(PK||P1||F||nI);Wherein, e ' is the First Transition parameter, H1() Indicate that the first hash function, PK are that the distribution apparatus is the public key that group belonging to the group member devices generates, P1For Described first random generation member, F are the described first anonymous amount, nIFor first random number;
13rd functional relation are as follows: (x 'U,y′U)←[w]P1+[t]F;Wherein, x 'UFor second transition parameter, i.e. [w] P1Component of the point on curve that+[t] F is determined in X-axis, y 'UIndicate [w] P1The point on curve that+[t] F is determined is in Y-axis Component, w be second parameter, t be the 6th certificate parameter;
14th functional relation are as follows: v '=e '+x 'Umod q;Wherein, v ' is the certificate parameter of first parameter.
8. method as claimed in claim 4, which is characterized in that the 5th functional relation are as follows: h=ry, h are described first Intermediate parameters, r are the third random number, and y is second that the distribution apparatus is the group key (x, y) that the group generates Component;
6th functional relation are as follows: R1=[a'] P1;Wherein, R1For second intermediate parameters, a' is the described 4th random Number, P1For the described first random generation member;
7th functional relation are as follows: R2=[a'] F;Wherein, R2For the third intermediate parameters, F is the described first anonymous amount;
8th functional relation are as follows: e*=H1(P1||B||D||F);Wherein, e*For the 4th intermediate parameters, H1() indicates the One hash function, B is second parameter, D is the 4th parameter;
9th functional relation are as follows:Wherein, c is the first verifying parameter,Indicate R1Really Component of the point in X-axis on fixed curve,Indicate R2Component of the point in X-axis on determining curve, mod expression take Modular arithmetic, q are the prime number;
Tenth functional relation are as follows: s=(1+h)-1·(a'-c·h)mod q;Wherein, s is the second verifying parameter.
9. method as claimed in claim 5, which is characterized in that
4th constraint condition are as follows: t+=c+s mod q;Wherein, t+For first certificate parameter, c is first verifying Parameter, s are the second verifying parameter, and mod indicates that modulo operation, q are the prime number;
5th constraint condition are as follows:Wherein,For second certificate parameter, Indicate [s] P1+[t+] component of the point in X-axis on the curve that determines of B,Indicate [s] P1+[t+] B determine curve on point Component in Y-axis, P1For the described first random generation member, B is second parameter;
6th constraint condition are as follows:Wherein,For the third certificate parameter, Indicate [s] F+ [t+] component of the point in X-axis on the curve that determines of D,Indicate [s] F+ [t+] D determine curve on point Component in Y-axis, F are the described first anonymous amount, and D is the 4th parameter;
7th constraint condition are as follows: e+=H1(P1| | B | | D | | F), wherein H1() indicates the first hash function.
10. the method as described in claim 1, which is characterized in that the method also includes:
The distribution apparatus is that any group member in any group updates group key, group's public key and Endorsement Key.
11. method as claimed in claim 10, which is characterized in that the distribution apparatus is any group of compositions in any group Member updates group key, group's public key and Endorsement Key, comprising:
The distribution apparatus is from finite field ZpMiddle selection group key (x', y), and the group key of the group member is updated For group key (x', y);
Updated group key (x', y) is generated member P with second by the distribution apparatus at random2Product as updated group Group public key, the described second random generation member P2In the second double line group to meet the Bilinear Groups centering of the mapping function It is random to generate member;
The distribution apparatus issues updated group's public key (X', Y) and updated group key (x', y);
The distribution apparatus according to updated group key (x', y), update before group key (x, y) and the bilinearity The order p of group couple determines undated parameter θ according to the 15th functional relation;
The distribution apparatus updates the Endorsement Key (A, B, C, D) of the group member according to the undated parameter θ;
The distribution apparatus is by any parameter C in updated Endorsement Key-It is sent to the group member, so that the group Group membership is according to any parameter C-Determine the undated parameter θ, and according to the undated parameter update group member with Demonstrate,prove key.
12. method as claimed in claim 11, which is characterized in that the 15th functional relation are as follows: θ=x '/x mod p, Wherein, θ indicates the undated parameter, the one-component in the x ' expression updated group key, and x indicates the group before updating Respective component in group key, p indicate the order of the bilinear group pair.
13. method as claimed in claim 12, which is characterized in that the group member is according to any parameter C-Determine institute Undated parameter θ is stated, and updates the Endorsement Key of group member according to the undated parameter, obtaining updated Endorsement Key is (A-,B-,C-,D-), wherein C-For the updated value of C, θ=C-/ C, A-=[θ] A, B-=[θ] B, D-=[θ] D.
14. a kind of signature device, which is characterized in that the equipment includes:
First processing module, for receiving the first random number n of distribution apparatus transmissionIAfterwards, according to the first anonymous amount F, first with Machine generates member P1, the distribution apparatus be the public key PK and described first that generates of group belonging to the group member devices with Machine number nI, intermediate parameter e is determined according to the first constraint condition, wherein the described first anonymous amount F is the group member devices' Private key f and first generates member P at random1Product, described first random generates member P1For the Bilinear Groups for meeting setting mapping function Random generation member in first Bilinear Groups of centering;
Second processing module, for measuring the U and corresponding prime number q of the group according to the intermediate parameter e, the second anonymity, according to Second constraint condition generates the first parameter v, wherein the described second anonymous amount U is that the second random number u and described first generate at random First P1Product, the second random number u is the group member devices from finite field ZpMiddle selection, the prime number q be less than or Equal to the number for the group member devices for including in the group;And according to the first parameter v, the private key f, the matter Number q and the second random number u generates the second parameter w according to third constraint condition;
Sending module, for being sent to the hair for the described first anonymous amount F, the first parameter v and the second parameter w Cloth equipment, the first parameter v and the second parameter w are used to verify the validity of the group member devices, and described first Anonymity amount F is used to generate the Endorsement Key of the group member devices;
Receiving module, the message of the Endorsement Key for receiving the carrying group member devices that the distribution apparatus is sent, The Endorsement Key is for carrying out group's digital signature, wherein the Endorsement Key is that the distribution apparatus forms the group Member's device authentication be effectively after generated according to the described first anonymous amount F.
15. equipment as claimed in claim 14, which is characterized in that the receiving module be also used to receive for verify it is described with Demonstrate,prove the first verifying parameter c and the second verifying parameter s of key.
16. equipment as claimed in claim 15, which is characterized in that the equipment further include:
Authentication module, for according in the Endorsement Key the first parameter A and the distribution apparatus be the group generate Public key (X, Y) determines first function value according to the mapping functionAccording in the Endorsement Key the second parameter B and Second random generation member P2, second function value is determined according to the mapping functionAccording in the Endorsement Key Three parameter C and second generate member P at random2, third functional value is determined according to the mapping functionAnd according to described The 4th parameter D and the public key (X, Y) in one parameter A, the Endorsement Key, determine the 4th function according to the mapping function Value
If the first function valueWith the second function valueThe equal or described third functional valueWith 4th functional valueIt is unequal, determine that the Endorsement Key is invalid;Otherwise, according to the first verifying parameter C, the second verifying parameter s and prime number q, determines the first certificate parameter t according to the 4th constraint condition+
If the first certificate parameter t+Equal to 0, determine that the Endorsement Key is invalid;Otherwise, according to it is described second verifying parameter s, Described first random generation member P1, the first certificate parameter t+With the second parameter B, is determined according to the 5th constraint condition Two certificate parametersAnd according to the second verifying parameter s, first anonymous the amount F, the first certificate parameter t+And institute The 4th parameter D is stated, determines third certificate parameter according to the 6th constraint condition
According to the described first random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, according to 7th constraint condition determines the 4th certificate parameter e+
By the 4th certificate parameter e+, second certificate parameterComponent and the third certificate parameter in X-axis The sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+It is equal, determine that the Endorsement Key is effective;Otherwise, it determines The Endorsement Key is invalid.
17. equipment as claimed in claim 14, which is characterized in that the receiving module is also used to receive the distribution apparatus hair Any parameter C in the updated Endorsement Key sent-
The equipment further includes the first update module, for according to any parameter C-Determine undated parameter θ, and according to described The Endorsement Key of undated parameter update group member.
18. a kind of distribution apparatus, which is characterized in that the equipment includes:
First control module, the first anonymous amount F, the first parameter v and the second parameter w for receiving group member devices' transmission; According to the first parameter v and the second parameter w, the validity of the group member devices is verified;
Second control module is used for after the verifying group member devices are effective, raw at random according to third random number r and first At first P1, determine that the first parameter A, the third random number r are the distribution apparatus from finite field Z according to first function relationshippIn It chooses;It is the group key (x, y) that the group member devices generate according to the first parameter A and the distribution apparatus, The second parameter B is determined according to second function relationship;According to the first parameter A, the group key (x, y), the third with The machine number r and first anonymous amount F, determines third parameter C according to third functional relation;And according to the group key (x, Y) and F is measured in first anonymity, determines the 4th parameter D according to the 4th functional relation;
Sending module, for making the first parameter A, the second parameter B, the third parameter C and the 4th parameter D For the Endorsement Key of the group member devices, the group member devices are sent to, the Endorsement Key is for carrying out group Digital signature.
19. equipment as claimed in claim 18, which is characterized in that the equipment further include:
Authentication module, for the distribution apparatus verify the group member devices it is effective after, trigger second control module Work.
20. equipment as claimed in claim 19, which is characterized in that the authentication module is specifically used for:
According to the first parameter v, the second parameter w and the prime number q, the 6th verifying is generated according to the 11st functional relation Parameter t;
If the 6th certificate parameter t is equal to 0, determine that the group member devices are invalid;Otherwise, it is according to the distribution apparatus Public key PK, the first random generation member P that the group generates1, the first anonymous amount F and the first random number nI, according to 12 functional relations determine First Transition parameter e';And according to the described first anonymous amount F, the first random generation member P1、 The 6th certificate parameter t and the second parameter w determines the second transition parameter x according to the 13rd functional relationU';
According to the First Transition parameter e ', the second transition parameter xU' and the prime number q, it is true according to the 14th functional relation The certificate parameter v ' of fixed first parameter;
If the certificate parameter v ' of first parameter is equal to the first parameter v, determine that the group member devices are effective;It is no Then, determine that the group member devices are invalid.
21. equipment as claimed in claim 20, which is characterized in that the equipment further include:
Third control module, for being determined according to the 5th functional relation according to the 4th random number a' and the group key (x, y) First intermediate parameters h, the 4th random number a' are the distribution apparatus from the finite field ZpMiddle selection;According to described The four random number a' and first random generation member P1, the second intermediate parameters R is determined according to the 6th functional relation1;And according to institute The 4th random number a' and the first anonymous amount F are stated, determines third intermediate parameters R according to the 7th functional relation2;According to described One random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, according to the 8th functional relation Determine the 4th intermediate parameters e*
The distribution apparatus is according to the 4th intermediate parameters e*, the second intermediate parameters R1, the third intermediate parameters R2With Prime number q corresponding to group belonging to the group member devices determines the first verifying parameter c, institute according to the 9th functional relation State number of the prime number q less than or equal to the group member devices for including in the group;And according to the first verifying parameter C, the first intermediate parameters h, the 4th random number a' and the prime number q, determine the second verifying according to the tenth functional relation Parameter s;
The sending module is also used to the first verifying parameter c and the second verifying parameter s being sent to group's composition Member's equipment.
22. equipment as claimed in claim 18, which is characterized in that the equipment further include:
Second update module, it is close for updating group key, group's public key and voucher for any group member in any group Key.
23. equipment as claimed in claim 22, which is characterized in that second update module is any group in any group Group membership updates group key, group's public key and Endorsement Key, is specifically used for:
From finite field ZpMiddle selection group key (x', y), and the group key of the group member is updated to group key (x',y)。
By updated group key (x', y) and the second random generation member P2Product as updated group's public key, it is described Second random generation member P2Random generation member in the second double line group to meet the Bilinear Groups centering of the mapping function.
Issue updated group's public key (X', Y) and updated group key (x', y).
According to updated group key (x', y), update before group key (x, y) and the bilinear group pair order p, According to the 15th functional relation, undated parameter θ is determined.
According to the undated parameter θ, the Endorsement Key (A, B, C, D) of the group member is updated.
By any parameter C in updated Endorsement Key-It is sent to the group member, so that the group member is according to institute State any parameter C-It determines the undated parameter θ, and updates the Endorsement Key of group member according to the undated parameter.
24. a kind of safety device, which is characterized in that described device includes:
Third processing module is used for from ZpThe middle private key f for selecting a random number as group member devices, and generate first and hide Name amount F, wherein the described first anonymous amount F is that the private key f and first of the group member devices generates member P at random1Product, Described first random generation member P1The random life in the first Bilinear Groups to meet the Bilinear Groups centering of setting mapping function Cheng Yuan;From ZpThe second random number u of middle selection, and generate the second anonymous amount U, wherein the described second anonymous amount U is the second random number The u and first random generation member P1Product, the second anonymous amount U corresponds to a point on elliptic curve, by (xU,yU) It indicates;
Fourth processing module, the first random number n for being sent according to distribution apparatusI, the first anonymous amount F, described first with Machine generates member P1, the distribution apparatus be public key PK that group belonging to the group member devices generates, according to the first constraint Condition determines intermediate parameter e;The U and corresponding prime number q of the group is measured according to the intermediate parameter e, second anonymity, according to Second constraint condition generates the first parameter v;And according to the first parameter v, the private key f, the prime number q and described second Random number u generates the second parameter w according to third constraint condition;
Sending module, for being sent to the hair for the described first anonymous amount F, the first parameter v and the second parameter w Cloth equipment.
25. safety device as claimed in claim 24, which is characterized in that described device further include:
Receiving module, for receiving Endorsement Key, the first verifying ginseng of the carrying group member devices that the distribution apparatus is sent The message of amount and the second verifying parameter;
Authentication module, for according in the Endorsement Key the first parameter A and the distribution apparatus be the group generate Public key (X, Y) determines first function value according to the mapping functionAccording in the Endorsement Key the second parameter B and Second random generation member P2, second function value is determined according to the mapping functionAccording in the Endorsement Key Three parameter C and second generate member P at random2, third functional value is determined according to the mapping functionAnd according to described The 4th parameter D and the public key (X, Y) in one parameter A, the Endorsement Key, determine the 4th function according to the mapping function Value
If the first function valueWith the second function valueThe unequal or described third functional value With the 4th functional valueIt is unequal, determine that the Endorsement Key is invalid;Otherwise, joined according to first verifying C, the second verifying parameter s and prime number q are measured, determines the first certificate parameter t according to the 4th constraint condition+
If the first certificate parameter t+Equal to 0, determine that the Endorsement Key is invalid;Otherwise, the group member devices are according to institute State the second verifying parameter s, the first random generation member P1, the first certificate parameter t+With the second parameter B, according to Five constraint conditions determine the second certificate parameterAnd according to the second verifying parameter s, the first anonymous amount F, described First certificate parameter t+With the 4th parameter D, third certificate parameter is determined according to the 6th constraint condition
According to the described first random generation member P1, the second parameter B, the 4th parameter D and the first anonymous amount F, according to 7th constraint condition determines the 4th certificate parameter e+
By the 4th certificate parameter e+, second certificate parameterComponent and the third certificate parameter in X-axis The sum of component in X-axis is determined as the 5th certificate parameter c+
If the first verifying parameter c and the 5th certificate parameter c+It is equal, determine that the Endorsement Key is effective;Otherwise, it determines The Endorsement Key is invalid.
CN201810207571.0A 2018-03-14 2018-03-14 Group member issuing method and device for group digital signature Active CN110278082B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810207571.0A CN110278082B (en) 2018-03-14 2018-03-14 Group member issuing method and device for group digital signature
PCT/CN2019/072432 WO2019174402A1 (en) 2018-03-14 2019-01-18 Group membership issuing method and device for digital group signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810207571.0A CN110278082B (en) 2018-03-14 2018-03-14 Group member issuing method and device for group digital signature

Publications (2)

Publication Number Publication Date
CN110278082A true CN110278082A (en) 2019-09-24
CN110278082B CN110278082B (en) 2021-11-16

Family

ID=67908589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810207571.0A Active CN110278082B (en) 2018-03-14 2018-03-14 Group member issuing method and device for group digital signature

Country Status (2)

Country Link
CN (1) CN110278082B (en)
WO (1) WO2019174402A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147240A (en) * 2019-12-28 2020-05-12 西安工业大学 Privacy protection method and system with traceability
CN111865972A (en) * 2020-07-17 2020-10-30 西安工业大学 Anonymous communication method and system
CN114844650A (en) * 2022-05-24 2022-08-02 北京宏思电子技术有限责任公司 Equipment signature method and system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111918285B (en) * 2020-06-17 2022-09-23 南京如般量子科技有限公司 Anti-quantum computing group communication method and system based on ID cryptography
CN113158176B (en) * 2021-06-02 2022-08-02 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113221193B (en) * 2021-06-02 2022-07-29 上海交通大学 SM2 digital signature and signature verification quick implementation method and system based on GPU

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359986A (en) * 2007-04-30 2009-02-04 英特尔公司 Apparatus and method for direct anonymous attestation from bilinear maps
US20090129600A1 (en) * 2007-11-15 2009-05-21 Brickell Ernie F Apparatus and method for a direct anonymous attestation scheme from short-group signatures
WO2010013699A1 (en) * 2008-07-28 2010-02-04 日本電気株式会社 Signature system
CN101800641A (en) * 2009-12-29 2010-08-11 河南城建学院 Group signature method suitable for large groups
CN102340483A (en) * 2010-07-15 2012-02-01 航天信息股份有限公司 Methods for generation, verification and tracking of democratic group signature and democratic group signature system
CN102638345A (en) * 2012-05-09 2012-08-15 四川师范大学 DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption
CN102761544A (en) * 2012-06-29 2012-10-31 郑州信大捷安信息技术股份有限公司 Method with privacy protection function for validating creditability of public terminal
US20130073873A1 (en) * 2010-05-28 2013-03-21 Nec Corporation Signature generation apparatus, signature method, non-transitory computer readable medium storing signature generation program
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN105812144A (en) * 2016-04-27 2016-07-27 南京邮电大学 Traceable attribute signature method without trusted center
CN106027241A (en) * 2016-07-08 2016-10-12 郑州轻工业学院 Flexible asymmetric group key negotiation method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101425552B1 (en) * 2010-10-04 2014-08-05 한국전자통신연구원 Group signature system and schemes with controllable linkability
KR20120070663A (en) * 2010-12-22 2012-07-02 한국전자통신연구원 Anonymous authentication method using group certificate profile based on x.509
CN104917617B (en) * 2015-05-26 2018-02-09 同济大学 A kind of encryption group ranking obscures method

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359986A (en) * 2007-04-30 2009-02-04 英特尔公司 Apparatus and method for direct anonymous attestation from bilinear maps
US20090129600A1 (en) * 2007-11-15 2009-05-21 Brickell Ernie F Apparatus and method for a direct anonymous attestation scheme from short-group signatures
WO2010013699A1 (en) * 2008-07-28 2010-02-04 日本電気株式会社 Signature system
CN101800641A (en) * 2009-12-29 2010-08-11 河南城建学院 Group signature method suitable for large groups
US20130073873A1 (en) * 2010-05-28 2013-03-21 Nec Corporation Signature generation apparatus, signature method, non-transitory computer readable medium storing signature generation program
CN102340483A (en) * 2010-07-15 2012-02-01 航天信息股份有限公司 Methods for generation, verification and tracking of democratic group signature and democratic group signature system
CN102638345A (en) * 2012-05-09 2012-08-15 四川师范大学 DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption
CN102761544A (en) * 2012-06-29 2012-10-31 郑州信大捷安信息技术股份有限公司 Method with privacy protection function for validating creditability of public terminal
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN105812144A (en) * 2016-04-27 2016-07-27 南京邮电大学 Traceable attribute signature method without trusted center
CN106027241A (en) * 2016-07-08 2016-10-12 郑州轻工业学院 Flexible asymmetric group key negotiation method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
JENS GROTH: ""Fully Anonymous Group Signatures Without Random Oracles"", 《INTERNATIONAL ASSOCIATION FOR CRYPTOLOGY RESEARCH 2007》 *
THU THU MON OO: ""A New Group Signature Scheme with Efficient Membership Revocation"", 《INTERNATIONAL JOURNAL OF SCIENCE AND ENGINEERING APPLICATIONS》 *
YUN-KYUNG LEE; SEUNG-WAN HAN: ""Anonymous Authentication System Using Group Signature"", 《2009 INTERNATIONAL CONFERENCE ON COMPLEX, INTELLIGENT AND SOFTWARE INTENSIVE SYSTEMS》 *
祝建华: ""安全群签名体制研究及安全性分析"", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147240A (en) * 2019-12-28 2020-05-12 西安工业大学 Privacy protection method and system with traceability
CN111865972A (en) * 2020-07-17 2020-10-30 西安工业大学 Anonymous communication method and system
CN114844650A (en) * 2022-05-24 2022-08-02 北京宏思电子技术有限责任公司 Equipment signature method and system
CN114844650B (en) * 2022-05-24 2023-12-01 北京宏思电子技术有限责任公司 Equipment signature method and system

Also Published As

Publication number Publication date
CN110278082B (en) 2021-11-16
WO2019174402A1 (en) 2019-09-19

Similar Documents

Publication Publication Date Title
CN110278082A (en) A kind of the group member dissemination method and equipment of group's digital signature
CN107579819B (en) A kind of SM9 digital signature generation method and system
Bernhard et al. Anonymous attestation with user-controlled linkability
CN102170356B (en) Authentication system realizing method supporting exclusive control of digital signature key
CN111654363B (en) Group signature and homomorphic encryption-based alliance chain privacy protection method
Blömer et al. Updatable anonymous credentials and applications to incentive systems
CN113221089B (en) Privacy protection attribute authentication system and method based on verifiable statement
CN104184588B (en) The undetachable digital signatures method of identity-based
US20100281267A1 (en) Image Processing Apparatus, Electronic Signature Generation System, Electronic Signature Key Generation Method, Image Processing Method, and Program
CN109547206A (en) The processing method and relevant apparatus of digital certificate
CN101626364A (en) Method for authentication for resisting secrete data disclosure and key exchange based on passwords
CN112839046B (en) Traceable anonymous crowdsourcing method and system based on block chain
CN111429138A (en) Block link point data safety interaction method and first interaction node
Li et al. Privacy‐aware PKI model with strong forward security
CN115345618B (en) Block chain transaction verification method and system based on mixed quantum digital signature
Zheng et al. An organization-friendly blockchain system
Li et al. Blockchain-based mutual authentication protocol without CA
Lin et al. Privacy-enhancing decentralized anonymous credential in smart grids
CN110278081B (en) Control method and device for group digital signature
KR102477363B1 (en) Anonymous Attribute Proof System and Method with Efficient Key Revocation
CN108259180B (en) Method for quantum specifying verifier signature
CN110278073A (en) A kind of group's digital signature, verification method and its equipment and device
Liang et al. Decentralised functional signatures
Huang et al. How to protect privacy in Optimistic Fair Exchange of digital signatures
Xu et al. Coinmingle: A decentralized coin mixing scheme with a mutual recognition delegation strategy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant