CN111092725A - Certificateless signature method suitable for Internet of things - Google Patents
Certificateless signature method suitable for Internet of things Download PDFInfo
- Publication number
- CN111092725A CN111092725A CN201911377444.6A CN201911377444A CN111092725A CN 111092725 A CN111092725 A CN 111092725A CN 201911377444 A CN201911377444 A CN 201911377444A CN 111092725 A CN111092725 A CN 111092725A
- Authority
- CN
- China
- Prior art keywords
- signature
- bits
- pub
- key
- sensor node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a certificateless signature method suitable for the Internet of things, which comprises the following steps: the method comprises the steps of system initialization, partial private key analysis, secret value and public key establishment, signature generation and signature verification. Aiming at the problem of privacy security authentication existing in the Internet of things, the invention constructs a safe and efficient certificateless signature scheme based on an elliptic curve cryptosystem, eliminates the problems of complicated certificate management and key escrow, and can resist the counterfeiting attack of two types of super adversaries in a certificateless public key cryptosystem. Compared with the existing certificateless signature scheme, the scheme constructed by the invention has better performance, is the optimal combination of high safety and high efficiency, is more suitable for various application environments of the Internet of things with limited resources, and provides a first safety barrier for the integrity of the transmission data of the Internet of things and the identity authentication of the user.
Description
Technical Field
The invention belongs to the field of network space security disciplines, and particularly relates to an Internet of things, cryptography, certificateless public key cryptography and a signature method.
Background
With the rapid popularization of the internet of things in various fields, the safety of the internet of things is concerned widely. The safety certification is the basis for the development of the internet of things technology. The certificateless signature is a digital signature under a certificateless public key cryptosystem, solves the problem of key escrow existing in the identity-based digital signature, avoids the problem of complicated public key certificate management, and is one of practical methods for providing data integrity and identity authentication for the Internet of things. At present, many certificateless signature schemes are proposed, but few of the certificateless signature schemes are safe and suitable for the application environment of the internet of things.
The first certificateless signature schemes were designed by Al-Riyami and Paterson, and then many certificateless signature schemes were proposed, such as those of Yum, gorntla, Yap, Park, Choi, Tso, zhangfeng, etc., which are all constructed based on bilinear pairs, which are expensive to compute, resulting in inefficient implementation of these schemes. Therefore, there is a great deal of interest in designing certificateless signature schemes without bilinear pairings. Hodgko et al proposed the first certificateless signature scheme without bilinear pairings. But this solution is not resistant to forgery attacks by Strong adversaries of the second kind. Zhang et al constructed an RSA-based certificateless signature scheme, but the scheme was still inefficient to implement and is not suitable for the resource-constrained environment of the Internet of things. Yeh, Wang, Gong, Jia, etc. have designed certificateless signature schemes using elliptic curve cryptosystem, but the security of these schemes is questioned. At present, a certificateless signature scheme which is suitable for the environment of the Internet of things and can resist Super adversary attacks does not exist.
Based on the method, the invention provides a method for providing security authentication for multiple application environments of the Internet of things, namely a safe and efficient certificateless signature scheme.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a certificateless signature method suitable for the Internet of things.
The technical scheme for solving the technical problems comprises the following steps:
A. system initialization
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160-256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0,
p belongs to E and is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with l bits, the discrete logarithm problem on G is difficult to solve, and l is a positive integer with the length of 160-256 bits;
(A3) generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,H1is thatRepresenting that 0 and 1 formed by non-fixed length 0 and 1 bit strings and three elements on G are connected from left to right and then transformed into the data by a Hash algorithmThe above elements; h2Is thatThe representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithmThe above elements. H3Is thatRepresents that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs and oneThe elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithmThe above elements;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
B. Analyzing partial private key, inputting system parameter Params and ID of sensor node SN, wherein the ID belongs to {0,1}*;
(B1) Choose random number α
α∈{1,2,…,q-1}
Wherein q is the order of the elliptic curve group G;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
(B5) Determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 };
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is equal to {0,1}*Is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
(D5) Determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3;
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
In the system initialization step A, the large prime number r takes the values of 160 bits, 200 bits and 256 bits; in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D, the length value of the order q of the elliptic curve group is 160 bits, 200 bits and 256 bits.
Compared with the prior art, the invention has the following advantages:
the invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using a time-consuming bilinear pairing and a MapToPoint hash function, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Drawings
Fig. 1 is a flow chart of one embodiment 1 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and examples, but the present invention is not limited to these examples.
Example 1
The certificateless signature method suitable for the Internet of things comprises the following steps (as shown in figure 1) by taking the length value of a large prime number r as 256 bits and the length value of an order q of an elliptic curve group as 256 bits:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0;
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 256 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,H1is thatThe representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithmThe above elements; h2Is thatThe representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithmThe above elements. H3Is thatRepresents that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs and oneThe elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithmThe above elements; q takes 256 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 256 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length of q is 256 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
In the formula, the length q is 256 bits;
(B5) it doesPartial private key D of fixed sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 256 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 256 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 256 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) (E1) the recipient obtains the message-signature pair (m, σ) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3;
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
The invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using time-consuming bilinear pairings and MapToPoint hash functions, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Example 2
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0;
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 160 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 160 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
in the formula, q takes 160 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 160 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length of q is 160 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
In the formula, the length q is 160 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 160 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 160 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 160 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the value h of the Ha chi is calculated1、h2、h3;
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
Example 3
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 200 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0,
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 200 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
in the formula, q takes 200 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 200 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length q is 200 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=a+h1x(modq)
In the formula, the length q is 200 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 200 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 200 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 200 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the value h of the Ha chi is calculated1、h2、h3;
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
Claims (2)
1. A certificateless signature method suitable for the Internet of things is characterized by comprising the following steps:
A. system initialization
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160-256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0,
p belongs to E and is a point on an elliptic curve, P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with one bit, the discrete logarithm problem on G is difficult to solve, and l is a positive integer with the length of 160-256 bits;
(A3) generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,H1is thatThe representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithmThe above elements; h2Is thatThe representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithmThe above elements. H3Is thatIndicating that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs, and oneThe elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithmThe above elements;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
B. Analyzing partial private key, inputting system parameter Params and ID of sensor node SN, wherein the ID belongs to {0,1}*;
(B1) Choose random number α
α∈{1,2,…,q-1}
Wherein q is the order of the elliptic curve group G;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
(B5) Determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to a sensor node SN, and receiving part of private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 };
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is equal to {0,1}*Is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
(D5) Determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3;
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
2. The certificateless signing method for internet of things of claim 1, wherein: the large prime number r in the system initialization step A takes the values of 160 bits, 200 bits and 256 bits; in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D, the length value of the order q of the elliptic curve group is 160 bits, 200 bits and 256 bits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911377444.6A CN111092725B (en) | 2019-12-27 | 2019-12-27 | Certificateless signature method suitable for Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911377444.6A CN111092725B (en) | 2019-12-27 | 2019-12-27 | Certificateless signature method suitable for Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111092725A true CN111092725A (en) | 2020-05-01 |
CN111092725B CN111092725B (en) | 2021-12-10 |
Family
ID=70398287
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911377444.6A Active CN111092725B (en) | 2019-12-27 | 2019-12-27 | Certificateless signature method suitable for Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111092725B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112055333A (en) * | 2020-10-21 | 2020-12-08 | 西南交通大学 | LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature |
CN113221130A (en) * | 2021-01-28 | 2021-08-06 | 武汉大学 | Certificateless online and offline signature method and medium for food safety Internet of things |
CN111092725B (en) * | 2019-12-27 | 2021-12-10 | 宝鸡文理学院 | Certificateless signature method suitable for Internet of things |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110401531A (en) * | 2019-07-31 | 2019-11-01 | 国网电子商务有限公司 | A kind of collaboration signature and decryption system based on SM9 algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111092725B (en) * | 2019-12-27 | 2021-12-10 | 宝鸡文理学院 | Certificateless signature method suitable for Internet of things |
-
2019
- 2019-12-27 CN CN201911377444.6A patent/CN111092725B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110401531A (en) * | 2019-07-31 | 2019-11-01 | 国网电子商务有限公司 | A kind of collaboration signature and decryption system based on SM9 algorithm |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111092725B (en) * | 2019-12-27 | 2021-12-10 | 宝鸡文理学院 | Certificateless signature method suitable for Internet of things |
CN112055333A (en) * | 2020-10-21 | 2020-12-08 | 西南交通大学 | LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature |
CN113221130A (en) * | 2021-01-28 | 2021-08-06 | 武汉大学 | Certificateless online and offline signature method and medium for food safety Internet of things |
Also Published As
Publication number | Publication date |
---|---|
CN111092725B (en) | 2021-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4809598B2 (en) | Use of isojani in the design of cryptographic systems | |
Hu et al. | Key replacement attack against a generic construction of certificateless signature | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
CN102387019B (en) | Certificateless partially blind signature method | |
CN111092725B (en) | Certificateless signature method suitable for Internet of things | |
He et al. | An efficient certificateless designated verifier signature scheme. | |
Yeo et al. | Comments on" analysis and improvement of a secure and efficient handover authentication based on bilinear pairing functions" | |
Cheng et al. | An Improved Certificateless Signcryption in the Standard Model. | |
WO2009145732A1 (en) | A method of signing a message | |
Teng et al. | A High-efficiency Discrete Logarithm-based Multi-proxy Blind Signature Scheme via Elliptic Curve and Bilinear Mapping. | |
He et al. | On the Security of a RSA-based Certificateless Signature Scheme. | |
Gong et al. | Practical Certificateless Aggregate Signatures from Bilinear Maps. | |
CN116346328A (en) | Digital signature method, system, equipment and computer readable storage medium | |
Zhang et al. | Efficient and provably secure distributed signing protocol for mobile devices in wireless networks | |
Tian et al. | Multidimensional Data Aggregation Scheme For Smart Grid with Differential Privacy. | |
Xiong | Toward certificateless signcryption scheme without random oracles | |
Yang et al. | Threshold proxy re-signature schemes in the standard model | |
Yang et al. | Certificateless universal designated verifier signature schemes | |
Xiao et al. | Certificateless strong designated verifier signature scheme | |
CN115580408A (en) | SM 9-based certificateless signature generation method and system | |
Wei et al. | Forward-secure threshold attribute-based signature scheme | |
Datta et al. | Efficient attribute-based signatures for unbounded arithmetic branching programs | |
Bohli et al. | On subliminal channels in deterministic signature schemes | |
Fan et al. | Strongly secure certificateless signature scheme supporting batch verification | |
Zhang et al. | Efficient designated confirmer signature from bilinear pairings |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |