CN111092725A - Certificateless signature method suitable for Internet of things - Google Patents

Certificateless signature method suitable for Internet of things Download PDF

Info

Publication number
CN111092725A
CN111092725A CN201911377444.6A CN201911377444A CN111092725A CN 111092725 A CN111092725 A CN 111092725A CN 201911377444 A CN201911377444 A CN 201911377444A CN 111092725 A CN111092725 A CN 111092725A
Authority
CN
China
Prior art keywords
signature
bits
pub
key
sensor node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911377444.6A
Other languages
Chinese (zh)
Other versions
CN111092725B (en
Inventor
杜红珍
赵天绪
刘淳安
张姗姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baoji University of Arts and Sciences
Original Assignee
Baoji University of Arts and Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baoji University of Arts and Sciences filed Critical Baoji University of Arts and Sciences
Priority to CN201911377444.6A priority Critical patent/CN111092725B/en
Publication of CN111092725A publication Critical patent/CN111092725A/en
Application granted granted Critical
Publication of CN111092725B publication Critical patent/CN111092725B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a certificateless signature method suitable for the Internet of things, which comprises the following steps: the method comprises the steps of system initialization, partial private key analysis, secret value and public key establishment, signature generation and signature verification. Aiming at the problem of privacy security authentication existing in the Internet of things, the invention constructs a safe and efficient certificateless signature scheme based on an elliptic curve cryptosystem, eliminates the problems of complicated certificate management and key escrow, and can resist the counterfeiting attack of two types of super adversaries in a certificateless public key cryptosystem. Compared with the existing certificateless signature scheme, the scheme constructed by the invention has better performance, is the optimal combination of high safety and high efficiency, is more suitable for various application environments of the Internet of things with limited resources, and provides a first safety barrier for the integrity of the transmission data of the Internet of things and the identity authentication of the user.

Description

Certificateless signature method suitable for Internet of things
Technical Field
The invention belongs to the field of network space security disciplines, and particularly relates to an Internet of things, cryptography, certificateless public key cryptography and a signature method.
Background
With the rapid popularization of the internet of things in various fields, the safety of the internet of things is concerned widely. The safety certification is the basis for the development of the internet of things technology. The certificateless signature is a digital signature under a certificateless public key cryptosystem, solves the problem of key escrow existing in the identity-based digital signature, avoids the problem of complicated public key certificate management, and is one of practical methods for providing data integrity and identity authentication for the Internet of things. At present, many certificateless signature schemes are proposed, but few of the certificateless signature schemes are safe and suitable for the application environment of the internet of things.
The first certificateless signature schemes were designed by Al-Riyami and Paterson, and then many certificateless signature schemes were proposed, such as those of Yum, gorntla, Yap, Park, Choi, Tso, zhangfeng, etc., which are all constructed based on bilinear pairs, which are expensive to compute, resulting in inefficient implementation of these schemes. Therefore, there is a great deal of interest in designing certificateless signature schemes without bilinear pairings. Hodgko et al proposed the first certificateless signature scheme without bilinear pairings. But this solution is not resistant to forgery attacks by Strong adversaries of the second kind. Zhang et al constructed an RSA-based certificateless signature scheme, but the scheme was still inefficient to implement and is not suitable for the resource-constrained environment of the Internet of things. Yeh, Wang, Gong, Jia, etc. have designed certificateless signature schemes using elliptic curve cryptosystem, but the security of these schemes is questioned. At present, a certificateless signature scheme which is suitable for the environment of the Internet of things and can resist Super adversary attacks does not exist.
Based on the method, the invention provides a method for providing security authentication for multiple application environments of the Internet of things, namely a safe and efficient certificateless signature scheme.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a certificateless signature method suitable for the Internet of things.
The technical scheme for solving the technical problems comprises the following steps:
A. system initialization
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160-256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0,
p belongs to E and is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with l bits, the discrete logarithm problem on G is difficult to solve, and l is a positive integer with the length of 160-256 bits;
(A3) generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
H1:
Figure BDA0002341366120000021
H2:
Figure BDA0002341366120000022
H3:
Figure BDA0002341366120000023
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,
Figure BDA0002341366120000024
H1is that
Figure BDA0002341366120000025
Representing that 0 and 1 formed by non-fixed length 0 and 1 bit strings and three elements on G are connected from left to right and then transformed into the data by a Hash algorithm
Figure BDA0002341366120000031
The above elements; h2Is that
Figure BDA0002341366120000032
The representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithm
Figure BDA0002341366120000033
The above elements. H3Is that
Figure BDA0002341366120000034
Represents that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs and one
Figure BDA0002341366120000035
The elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure BDA0002341366120000036
The above elements;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
B. Analyzing partial private key, inputting system parameter Params and ID of sensor node SN, wherein the ID belongs to {0,1}*
(B1) Choose random number α
α∈{1,2,…,q-1}
Wherein q is the order of the elliptic curve group G;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
(B5) Determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 };
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is equal to {0,1}*Is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
(D5) Determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
In the system initialization step A, the large prime number r takes the values of 160 bits, 200 bits and 256 bits; in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D, the length value of the order q of the elliptic curve group is 160 bits, 200 bits and 256 bits.
Compared with the prior art, the invention has the following advantages:
the invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using a time-consuming bilinear pairing and a MapToPoint hash function, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Drawings
Fig. 1 is a flow chart of one embodiment 1 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and examples, but the present invention is not limited to these examples.
Example 1
The certificateless signature method suitable for the Internet of things comprises the following steps (as shown in figure 1) by taking the length value of a large prime number r as 256 bits and the length value of an order q of an elliptic curve group as 256 bits:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0;
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 256 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
H1:
Figure BDA0002341366120000061
H2:
Figure BDA0002341366120000062
H3:
Figure BDA0002341366120000063
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,
Figure BDA0002341366120000064
H1is that
Figure BDA0002341366120000065
The representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithm
Figure BDA0002341366120000066
The above elements; h2Is that
Figure BDA0002341366120000067
The representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithm
Figure BDA0002341366120000071
The above elements. H3Is that
Figure BDA0002341366120000072
Represents that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs and one
Figure BDA0002341366120000073
The elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure BDA0002341366120000074
The above elements; q takes 256 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 256 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length of q is 256 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
In the formula, the length q is 256 bits;
(B5) it doesPartial private key D of fixed sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 256 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 256 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 256 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) (E1) the recipient obtains the message-signature pair (m, σ) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
The invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using time-consuming bilinear pairings and MapToPoint hash functions, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Example 2
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0;
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 160 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 160 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
H1:
Figure BDA0002341366120000101
H2:
Figure BDA0002341366120000102
H3:
Figure BDA0002341366120000103
in the formula, q takes 160 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 160 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length of q is 160 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(modq)
In the formula, the length q is 160 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 160 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 160 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 160 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the value h of the Ha chi is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
Example 3
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 200 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)modr≠0,
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 200 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
H1:
Figure BDA0002341366120000131
H2:
Figure BDA0002341366120000132
H3:
Figure BDA0002341366120000133
in the formula, q takes 200 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 200 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by the key generation center;
(B1) choose random number α
α∈{1,2,…,q-1}
Wherein the length q is 200 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=a+h1x(modq)
In the formula, the length q is 200 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to the sensor node SN, and receiving part of the private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number v is randomly selected by sensor node SN with IDIDE {1,2, …, q-1} as its secret value; in the formula, the length q is 200 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 }; in the formula, the length q is 200 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)modq
In the formula, the length q is 200 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the value h of the Ha chi is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.

Claims (2)

1. A certificateless signature method suitable for the Internet of things is characterized by comprising the following steps:
A. system initialization
(A1) Determination of finite Zr
Zr∈{0,1,2,…,r-1}
Wherein r is a large prime number, and the length of r is 160-256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(modr),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0,
p belongs to E and is a point on an elliptic curve, P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with one bit, the discrete logarithm problem on G is difficult to solve, and l is a positive integer with the length of 160-256 bits;
(A3) generating a random number x
The key generation center selects a random number x belonging to {1,2, …, q-1}, wherein x is a system master key;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
H1:
Figure RE-FDA0002416650450000011
H2:
Figure RE-FDA0002416650450000012
H3:
Figure RE-FDA0002416650450000013
wherein {0,1}*Is a 0,1 bit string composed of 0 and 1 and having a non-fixed length,
Figure RE-FDA0002416650450000014
H1is that
Figure RE-FDA0002416650450000015
The representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithm
Figure RE-FDA0002416650450000021
The above elements; h2Is that
Figure RE-FDA0002416650450000022
The representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithm
Figure RE-FDA0002416650450000023
The above elements. H3Is that
Figure RE-FDA0002416650450000024
Indicating that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs, and one
Figure RE-FDA0002416650450000025
The elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure RE-FDA0002416650450000026
The above elements;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
B. Analyzing partial private key, inputting system parameter Params and ID of sensor node SN, wherein the ID belongs to {0,1}*
(B1) Choose random number α
α∈{1,2,…,q-1}
Wherein q is the order of the elliptic curve group G;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
(B5) Determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to a sensor node SN, and receiving part of private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number is randomly selected by sensor node SN with ID
Figure RE-FDA0002416650450000031
As its own secret value;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1,2, …, q-1 };
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is equal to {0,1}*Is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
(D5) Determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
2. The certificateless signing method for internet of things of claim 1, wherein: the large prime number r in the system initialization step A takes the values of 160 bits, 200 bits and 256 bits; in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D, the length value of the order q of the elliptic curve group is 160 bits, 200 bits and 256 bits.
CN201911377444.6A 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things Active CN111092725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911377444.6A CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911377444.6A CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Publications (2)

Publication Number Publication Date
CN111092725A true CN111092725A (en) 2020-05-01
CN111092725B CN111092725B (en) 2021-12-10

Family

ID=70398287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911377444.6A Active CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Country Status (1)

Country Link
CN (1) CN111092725B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112055333A (en) * 2020-10-21 2020-12-08 西南交通大学 LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature
CN113221130A (en) * 2021-01-28 2021-08-06 武汉大学 Certificateless online and offline signature method and medium for food safety Internet of things
CN111092725B (en) * 2019-12-27 2021-12-10 宝鸡文理学院 Certificateless signature method suitable for Internet of things

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401531A (en) * 2019-07-31 2019-11-01 国网电子商务有限公司 A kind of collaboration signature and decryption system based on SM9 algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092725B (en) * 2019-12-27 2021-12-10 宝鸡文理学院 Certificateless signature method suitable for Internet of things

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401531A (en) * 2019-07-31 2019-11-01 国网电子商务有限公司 A kind of collaboration signature and decryption system based on SM9 algorithm

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092725B (en) * 2019-12-27 2021-12-10 宝鸡文理学院 Certificateless signature method suitable for Internet of things
CN112055333A (en) * 2020-10-21 2020-12-08 西南交通大学 LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature
CN113221130A (en) * 2021-01-28 2021-08-06 武汉大学 Certificateless online and offline signature method and medium for food safety Internet of things

Also Published As

Publication number Publication date
CN111092725B (en) 2021-12-10

Similar Documents

Publication Publication Date Title
JP4809598B2 (en) Use of isojani in the design of cryptographic systems
Hu et al. Key replacement attack against a generic construction of certificateless signature
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
CN102387019B (en) Certificateless partially blind signature method
CN111092725B (en) Certificateless signature method suitable for Internet of things
He et al. An efficient certificateless designated verifier signature scheme.
Yeo et al. Comments on" analysis and improvement of a secure and efficient handover authentication based on bilinear pairing functions"
Cheng et al. An Improved Certificateless Signcryption in the Standard Model.
WO2009145732A1 (en) A method of signing a message
Teng et al. A High-efficiency Discrete Logarithm-based Multi-proxy Blind Signature Scheme via Elliptic Curve and Bilinear Mapping.
He et al. On the Security of a RSA-based Certificateless Signature Scheme.
Gong et al. Practical Certificateless Aggregate Signatures from Bilinear Maps.
CN116346328A (en) Digital signature method, system, equipment and computer readable storage medium
Zhang et al. Efficient and provably secure distributed signing protocol for mobile devices in wireless networks
Tian et al. Multidimensional Data Aggregation Scheme For Smart Grid with Differential Privacy.
Xiong Toward certificateless signcryption scheme without random oracles
Yang et al. Threshold proxy re-signature schemes in the standard model
Yang et al. Certificateless universal designated verifier signature schemes
Xiao et al. Certificateless strong designated verifier signature scheme
CN115580408A (en) SM 9-based certificateless signature generation method and system
Wei et al. Forward-secure threshold attribute-based signature scheme
Datta et al. Efficient attribute-based signatures for unbounded arithmetic branching programs
Bohli et al. On subliminal channels in deterministic signature schemes
Fan et al. Strongly secure certificateless signature scheme supporting batch verification
Zhang et al. Efficient designated confirmer signature from bilinear pairings

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant