CN111404685A - Attribute-based signature method and system - Google Patents

Attribute-based signature method and system Download PDF

Info

Publication number
CN111404685A
CN111404685A CN202010305954.9A CN202010305954A CN111404685A CN 111404685 A CN111404685 A CN 111404685A CN 202010305954 A CN202010305954 A CN 202010305954A CN 111404685 A CN111404685 A CN 111404685A
Authority
CN
China
Prior art keywords
signature
signer
sigma
attribute
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010305954.9A
Other languages
Chinese (zh)
Other versions
CN111404685B (en
Inventor
王皓
王吉伟
王立伟
刘伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Suresec Information Industry Co ltd
Original Assignee
Shandong Suresec Information Industry Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Suresec Information Industry Co ltd filed Critical Shandong Suresec Information Industry Co ltd
Priority to CN202010305954.9A priority Critical patent/CN111404685B/en
Publication of CN111404685A publication Critical patent/CN111404685A/en
Application granted granted Critical
Publication of CN111404685B publication Critical patent/CN111404685B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention belongs to the field of data signature processing, and provides an attribute-based signature method and system. The attribute-based signature method comprises the steps that an attribute authority generates a public key PK and a master key MSK; the signer generates a public key UPK and a private key USK of the signer according to the public key PK and the whole attribute set; the signer applies for a private key from an attribute authorization mechanism, the attribute authorization mechanism generates an outsourced secret key OSK of the signer and then issues the OSK to the signer, and the signer transmits the OSK to an outsourced signature server in a entrusted manner; when the attribute set of the signer meets the access structure, the outsourcing signature server generates a signed intermediate result sigma 'and sends the signed intermediate result sigma' to the signer; the signer obtains a final signature sigma according to the intermediate result sigma' and the private key USK and sends the final signature sigma to the verifier; the verifier converts the signature sigma into a signature sigma 'and sends the signature sigma' to an outsourcing verification server; the outsourcing verification server performs outsourcing verification according to the converted signature sigma', obtains an intermediate result V of the verification signature and sends the intermediate result V to the verifier; and the verifier obtains a final verification result through local verification according to the intermediate result V.

Description

Attribute-based signature method and system
Technical Field
The invention belongs to the field of data signature processing, and particularly relates to an attribute-based signature method and system.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
In a traditional public key cryptosystem, a signer has a pair of a public key and a private key, the signer uses the private key to sign a message, and a verifier uses the public key to verify the signature. If the verification is passed, the identity of the signer can be authenticated. In some application scenarios, however, the user is often not concerned with the specific identity information of the signer, but rather with the specific attributes that the signer should satisfy. For example, in an online medical scenario, when verifying an electronic prescription, a pharmacy often does not care which doctor is prescribing, but does care whether the doctor (signer) satisfies certain attributes, such as the qualification of the doctor, the time of the work, the professional, and the like.
The inventor finds that the existing signature and verification are realized through a local server, and due to the fact that the capacity of the local server is limited and the calculation amount in the signature and verification process is large, the operation efficiency of the local server is reduced, and the problem that the user experience of some application scenes is poor is caused.
Disclosure of Invention
In order to solve the above problems, the present invention provides an attribute-based signature method and system, which can reduce the amount of computation in the signature and verification processes and ensure the security in the signature and verification processes.
In order to achieve the purpose, the invention adopts the following technical scheme:
a first aspect of the invention provides an attribute-based signature method.
An attribute-based signature method described from the side of an attribute authority, a signer, a verifier, an outsource signature server, and an outsource validation server, comprising:
an attribute authority generates a public key PK and a master key MSK;
the signer generates a public key UPK and a private key USK of the signer according to the public key PK and the whole attribute set;
the signer applies for a private key from an attribute authorization mechanism, the attribute authorization mechanism generates a signer outsourced secret key OSK according to an attribute set, a public key UPK and the private key USK of the signer, and then issues the signer, and the signer entrusts the private key to an outsourced signature server;
after receiving the signature entrustment of the signer, the outsourced signature server generates a signature intermediate result sigma 'and sends the signature intermediate result sigma' to the signer when verifying that the attribute set of the signer meets the access structure;
the signer obtains a final signature sigma according to the intermediate result sigma' and the private key USK and sends the final signature sigma to the verifier;
the verifier converts the signature sigma into a signature sigma 'and sends the signature sigma' to an outsourcing verification server;
the outsourcing verification server performs outsourcing verification according to the converted signature sigma', obtains an intermediate result V of the verification signature and sends the intermediate result V to the verifier;
and the verifier obtains a final verification result through local verification according to the intermediate result V.
The invention also provides an attribute-based signature method, which is described from outsourcing signature server and outsourcing verification server sides and comprises the following steps:
after receiving the signature entrustment of the signer, when the attribute set of the signer is verified to meet the access structure, generating a middle result sigma 'of the signature and sending the middle result sigma' to the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
receiving a signature sigma ' converted by a verifier from a final signature sigma ', wherein the final signature sigma is obtained by a signer according to an intermediate result sigma ' and a private key USK;
and performing outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and then locally verifying by the verifier according to the intermediate result V to obtain a final verification result.
A second aspect of the invention provides an attribute-based signature system.
An attribute-based signature system comprises an attribute authority, a signer, an outsourced signature server, a verifier and an outsourced verification server;
the attribute authority is used for generating a public key PK and a master key MSK;
the signer is used for generating a public key UPK and a private key USK of the signer;
the signer is also used for applying a private key to an attribute authorization mechanism, and the attribute authorization mechanism is used for generating a signer outsourced secret key OSK according to the attribute set and the public key UPK of the signer, then issuing the signer with the private key OSK and transmitting the private key to an outsourced signature server by entrusting of the signer;
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature entrustment of the signer;
the signer is used for obtaining a final signature sigma according to the intermediate result sigma' and the private key USK and sending the final signature sigma to the verifier;
the verifier is used for converting the signature sigma into a signature sigma 'and sending the signature sigma' to the outsourcing verification server;
the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma', obtaining an intermediate result V of the verification signature and sending the intermediate result V to the verifier;
and the verifier is also used for locally verifying to obtain a final verification result according to the intermediate result V.
The third aspect of the present invention also provides an outsourcing server.
An outsourcing server comprising:
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature request of the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
the outsourced signature server is also used for receiving a signature sigma 'converted by a final signature sigma of the verifier, wherein the final signature sigma is obtained by the signer according to the intermediate result sigma' and the private key USK;
and the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and the verifier obtains a final verification result through local verification according to the intermediate result V.
The invention has the beneficial effects that:
the signer of the invention can use the private key corresponding to the attribute to sign, and the verifier can verify that the attribute of the signer meets a specific access structure, but does not know the specific identity and attribute of the signer; meanwhile, most of the calculation amount in the signing and verifying process is borne by the outsourcing server, so that the method is suitable for lightweight equipment with low calculation capacity.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
FIG. 1 is a schematic diagram of an attribute-based signature method according to an embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
Example one
The attribute-based signature method comprises the participants of an attribute authority, a signer, a verifier, an outsourced signature server and an outsourced verification server;
an attribute authority: and the trusted authority manages the attribute private key of the signer and generates a cloud server private key related to the signer for the cloud server.
The signer: the user with the signature requirement can send an outsourcing signature request to the cloud server to obtain an intermediate result of the signature, and the intermediate result is used for calculating a final signature.
And (3) verifier: the user with the verification requirement can send an outsourcing verification request to the cloud server to obtain an intermediate result of the verification signature, and the intermediate result is used for calculating a final verification result.
Outsourcing signature server and outsourcing verification server: the cloud server can be used for assisting the signer and the verifier to generate the intermediate result of the signature and the intermediate result of the verification signature respectively.
The attribute-based signature method of the embodiment includes: (1) initialization, (2) signer individual key generation, (3) signer outsourced key generation, (4) outsourced signature generation, (5) final signature generation, (6) signature conversion, (7) outsourced verification, and (8) final verification.
In this embodiment, the attribute authority, the signer, the verifier, the outsource signature server, and the outsource verification server are described, and the attribute-based signature method includes:
an attribute authority generates a public key PK and a master key MSK;
the signer generates a public key UPK and a private key USK of the signer according to the public key PK and the whole attribute set;
the signer applies for a private key from an attribute authorization mechanism, the attribute authorization mechanism generates a signer outsourced secret key OSK according to an attribute set, a public key UPK and the private key USK of the signer, and then issues the signer, and the signer entrusts the private key to an outsourced signature server;
after receiving the signature entrustment of the signer, the outsourced signature server generates a signature intermediate result sigma 'and sends the signature intermediate result sigma' to the signer when verifying that the attribute set of the signer meets the access structure;
the signer obtains a final signature sigma according to the intermediate result sigma' and the private key USK and sends the final signature sigma to the verifier;
the verifier converts the signature sigma into a signature sigma 'and sends the signature sigma' to an outsourcing verification server;
the outsourcing verification server performs outsourcing verification according to the converted signature sigma', obtains an intermediate result V of the verification signature and sends the intermediate result V to the verifier;
and the verifier obtains a final verification result through local verification according to the intermediate result V.
Specifically, the method comprises the following steps:
(1) initialization: the algorithm is executed by the attribute authority. Let U be { 1. Selecting a p-order bilinear group G, GTThere is a bilinear map e G × G → GT. Selecting two cryptographic hash functions H1:{0,1}*→G1
Figure BDA0002455791120000061
Randomly selecting group elements G, h, u, v, W, τ from group G, randomly selecting α from { 1.,. p-1}, calculating W ═ e (G, G)αOutputting a system public parameter PK and a system master key MSK: PK ═ g, H, u, v, w, τ, e, H1,H2,W),MSK=(α)。
It is first specified what the overall set of attributes is, for example, attributes such as age, sex, profession, work unit, doctor, professor, company high management, etc. are related to a certain system, then the overall set of attributes related to the system is first specified, and of course, in the system, the attributes may be numbered, i.e., U as mentioned herein, including numbers 1 to p-1. When an attribute is reused later, its number is used.
(2) Signer individual key generation: the algorithm is executed by the signer. Randomly choosing x from { 1.,. p-1}uidThe public key of the signer is set to
Figure BDA0002455791120000062
The private key is USKuid=xuid
(3) Signer outsourcing key generation: the algorithm is executed by the attribute authority. Let attribute set of signer be S ═ S (S)1,S2,…,Sn). The attribute authority randomly selects r from { 1.,. p-1}, and calculates
Figure BDA0002455791120000071
K1=g-r
Figure BDA0002455791120000072
For each Si∈ S, the attribute authority randomly selects r from { 1.,. p-1}iCalculating
Figure BDA0002455791120000073
Outsourcing key of output signer
Figure BDA0002455791120000074
The attribute authority issues the key to the signer, and the signer entrusts the key to an outsourced signing server.
(4) Outsourcing signature generation: the algorithm is executed by the outsource signature server. After receiving an outsourcing signature request (containing an access structure A ═ M, ρ) submitted by a signer, first verifying whether a signer attribute set S satisfies the access structure A ═ M, ρ, where M is a matrix of l rows and n columns, and M is a matrix of l rows and n columnsiIs the row vector formed by the ith row of the matrix M, and ρ is a function that maps the row number of M to the corresponding attribute.
For example: the attributes of signer 1 are (A, B, C); the attributes of signer 2 are (a, C, D); the attribute of signer 3 is (D, E); when the verifier can verify against the access structure (a and C) or E, the signatures of the signers 1, 2, 3 can be verified, and the verifier does not know which signer is specific (identity privacy protection) nor what the specific attribute of the signer is (attribute privacy protection), because the set of attributes satisfying (a and C) or E can be verified.
If not, an error prompt ⊥ is output, otherwise, the calculation is as follows:
outsourcing signature server calculates a group of vectors w ═ w1,w2,…,wlSatisfy ∑i∈IwiMi(1,0, …,0), where I ═ { I: ρ (I) ∈ S }, and then a set of vectors b ═ b is selected1,b2,…,blIs caused to satisfy
Figure BDA0002455791120000075
For each I ∈ I, outsource signature server computation
Figure BDA0002455791120000076
Random selection
Figure BDA0002455791120000077
Computing
Figure BDA0002455791120000078
Σ'4=gs
Figure BDA0002455791120000079
Outputting signed intermediate results
Figure BDA00024557911200000710
(5) And (3) final signature generation: the algorithm is executed by the signer. When the signer receives the sigma', the private key USK is firstly used for calculation
Figure BDA00024557911200000711
Outputting a final signature Σ ═ m, (Σ)1,i2,i)i∈I345Therein Σ1,i=Σ1,i′,Σ2,i=Σ2,i′,Σ3=Σ3′,Σ4=Σ4′。
(6)And (3) signature conversion, namely the algorithm is executed by a verifier, after the verifier receives the signature sigma, the verifier firstly verifies whether the attribute set S meets the access structure A, if not, the output is ⊥, otherwise, the secret factor is randomly selected
Figure BDA0002455791120000081
And calculate sigma3″=Σ3 d,Σ4″=Σ4 d,Σ5″=Σ5 d. Changing Σ "(Σ) to { m1,i2,i)i∈I3″,Σ4″,Σ5And sending the outsource verification server.
(7) Outsourcing verification: the algorithm is executed by the outsource validation server. Verification server receives ∑ select
Figure BDA0002455791120000082
μ′={1,μ2′,…,μn′},
Figure BDA0002455791120000087
Where I ∈ I, and calculating:
Figure BDA0002455791120000083
Figure BDA0002455791120000084
the intermediate result V of the verification signature is equal to (V)1′,V2') to the verifier.
(8) Local authentication: the algorithm is executed by the verifier. The verifier receives V ═ V (V)1′,V2') is first calculated using a secret random factor d
Figure BDA0002455791120000085
V2=V2', and verify:
Figure BDA0002455791120000086
if the equation is true, the signature Σ is legal, and 1 is output; otherwise, Σ is an illegal signature, outputting 0.
In some practical scenarios, the user only needs to use "signature" to guarantee authentication, and does not need to use "encryption" to guarantee confidentiality, at which time the user should select a signature scheme rather than a signcryption scheme. In order to guarantee the two functions of encryption and signature, the signature is necessarily complex in design, the efficiency of the signature part is lower than that of a simple signature scheme, and the signature part cannot be separated, so that the independent signature scheme is valuable.
The present embodiment generally includes two parts, namely a "signature algorithm" and a "signature verification algorithm", which are executed by the signer and the verifier respectively during the signature process. The outsourcing calculation of the two algorithms is considered, so that the local calculation amount of both the signer and the verifier can be reduced. The signer and the verifier are often not the same party and therefore need to each invoke their own outsourcing server.
The outsourcing verification server only plays a role of auxiliary computation, namely the outsourcing verification server only helps the verifier to complete complex computation and returns the computation intermediate result (corresponding to the outsourcing verification process), the outsourcing verification server does not know whether the signature is correct or wrong from the intermediate result, and final verification is completed by the user (corresponding to the local verification process). The method has the advantages that the trust requirement on the external packet server can be reduced, and any public cloud service (Ali, Tencent, Amazon and the like) provided by a third party can be adopted. In another interpretation mode, the cloud server only helps the user to complete part of the operation, and does not know the verification result of the user. To achieve this, we need to "masquerade" the task delegated to the cloud, which corresponds to the "signature transformation" process in our application. The cloud takes not a true signature but a disguised signature Σ "which can only work on this disguised signature and therefore does not know whether the signature is correct or not. Only the user, in possession of the secret factor d, can the correctness of the signature be finally verified.
Example two
The embodiment also provides an attribute-based signature method, which is described from an outsource signature server and an outsource verification server, and comprises the following steps:
after receiving the signature entrustment of the signer, when the attribute set of the signer is verified to meet the access structure, generating a middle result sigma 'of the signature and sending the middle result sigma' to the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
receiving a signature sigma ' converted by a verifier from a final signature sigma ', wherein the final signature sigma is obtained by a signer according to an intermediate result sigma ' and a private key USK;
and performing outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and then locally verifying by the verifier according to the intermediate result V to obtain a final verification result.
EXAMPLE III
The embodiment provides an attribute-based signature system, which comprises an attribute authority, a signer, an outsourced signature server, a verifier and an outsourced verification server;
the attribute authority is used for generating a public key PK and a master key MSK;
the signer is used for generating a public key UPK and a private key USK of the signer;
the signer is also used for applying a private key to an attribute authorization mechanism, and the attribute authorization mechanism is used for generating a signer outsourced secret key OSK according to the attribute set and the public key UPK of the signer, then issuing the signer with the private key OSK and transmitting the private key to an outsourced signature server by entrusting of the signer;
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature entrustment of the signer;
the signer is used for obtaining a final signature sigma according to the intermediate result sigma' and the private key USK and sending the final signature sigma to the verifier;
the verifier is used for converting the signature sigma into a signature sigma 'and sending the signature sigma' to the outsourcing verification server;
the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma', obtaining an intermediate result V of the verification signature and sending the intermediate result V to the verifier;
and the verifier is also used for locally verifying to obtain a final verification result according to the intermediate result V.
Example four
The present embodiment provides an outsourcing server, which includes:
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature request of the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
the outsourced signature server is also used for receiving a signature sigma 'converted by a final signature sigma of the verifier, wherein the final signature sigma is obtained by the signer according to the intermediate result sigma' and the private key USK;
and the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and the verifier obtains a final verification result through local verification according to the intermediate result V.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An attribute-based signature method, comprising:
an attribute authority generates a public key PK and a master key MSK;
the signer generates a public key UPK and a private key USK of the signer according to the public key PK and the whole attribute set;
the signer applies for a private key from an attribute authorization mechanism, the attribute authorization mechanism generates a signer outsourced secret key OSK according to an attribute set, a public key UPK and the private key USK of the signer, and then issues the signer, and the signer entrusts the private key to an outsourced signature server;
after receiving the signature entrustment of the signer, the outsourced signature server generates a signature intermediate result sigma 'and sends the signature intermediate result sigma' to the signer when verifying that the attribute set of the signer meets the access structure;
the signer obtains a final signature sigma according to the intermediate result sigma' and the private key USK and sends the final signature sigma to the verifier;
the verifier converts the signature sigma into a signature sigma 'and sends the signature sigma' to an outsourcing verification server;
the outsourcing verification server performs outsourcing verification according to the converted signature sigma', obtains an intermediate result V of the verification signature and sends the intermediate result V to the verifier;
and the verifier obtains a final verification result through local verification according to the intermediate result V.
2. The attribute-based signature method of claim 1 wherein the process of generating the public key PK and the master key MSK by the attribute authority is:
let the set of global attributes be U ═ 1. Selecting p-order bilinear groups G and GTThere is a bilinear map e G × G → GT(ii) a Selecting two cryptographic hash functions H1:{0,1}*→G1,H2:
Figure FDA0002455791110000011
Randomly selecting group elements G, h, u, v, W, τ from group G, randomly selecting α from { 1.,. p-1}, calculating W ═ e (G, G)αAnd outputting a system public key PK and a master key MSK: PK ═ g, H, u, v, w, τ, e, H1,H2,W),MSK=(α)。
3. The attribute-based signature method of claim 2, wherein the process by which the signer generates the public key UPK and the private key USK of the signer is:
randomly choosing x in the set { 1.,. p-1} of the global attributesuidThe public key of the signer is set to
Figure FDA0002455791110000012
The private key is USKuid=xuid
4. The attribute-based signing method of claim 2, wherein the signer outsourcing key, OSK, is computed by:
let attribute set of signer be S ═ S (S)1,S2,…,Sn) (ii) a The attribute authority randomly selects r from { 1.,. p-1}, and calculates
Figure FDA0002455791110000021
K1=g-r
Figure FDA0002455791110000022
For each Si∈ S, the attribute authority randomly selects r from { 1.,. p-1}iCalculating
Figure FDA0002455791110000023
Signer outsourcing key
Figure FDA0002455791110000024
5. The attribute-based signature method of claim 2, wherein after receiving the signature request of the signer, the outsourced signature server generates the intermediate result Σ' of the signature when verifying that the signer attribute set satisfies the access structure by:
outsourcing signature server calculates a group of vectors w ═ w1,w2,…,wlSatisfy ∑i∈IwiMi(1,0, …,0), where I ═ { I: ρ (I) ∈ S }, and then a set of vectors b ═ b is selected1,b2,…,blIs caused to satisfy
Figure FDA0002455791110000025
For each I ∈ I, outsource signature server computation
Figure FDA0002455791110000026
Random selection
Figure FDA0002455791110000027
Computing
Figure FDA0002455791110000028
Σ'4=gs
Figure FDA0002455791110000029
Output signed intermediate result Σ '═ m, (Σ'1,i,Σ'2,i)i∈I,Σ'3,Σ'4,Σ'5};
Wherein, S is a signature verification attribute set, and a ═ M, ρ is an access structure; m is a matrix of l rows and n columns, MiIs the row vector formed by the ith row of the matrix M, and ρ is a function that maps the row number of M to the corresponding attribute.
6. The attribute-based signature method of claim 5, wherein the final signature generation is performed by:
when the signer receives the sigma', the private key USK is firstly used for calculation
Figure FDA00024557911100000210
Outputting a final signature Σ ═ m, (Σ)1,i2,i)i∈I345Therein Σ1,i=Σ1,i′,Σ2,i=Σ2,i′,Σ3=Σ3′,Σ4=Σ4′。
7. The attribute-based signature method of claim 6, wherein the converted signature Σ "is:
Σ”={m,(Σ1,i2,i)i∈I3″,Σ4″,Σ5″};
randomly selecting secret factors
Figure FDA0002455791110000036
Σ3″=Σ3 d,Σ4″=Σ4 d,Σ5″=Σ5 d
The outsourcing verification process comprises the following steps:
verification server receives ∑ select
Figure FDA0002455791110000031
μ′={1,μ2′,…,μn′},
Figure FDA0002455791110000032
Where I ∈ I, and calculating:
Figure FDA0002455791110000033
the intermediate result V of the verification signature is equal to (V)1′,V2') to a verifier;
the process of local authentication is as follows: the verifier receives V ═ V (V)1′,V2') is first calculated using a secret random factor d
Figure FDA0002455791110000034
V2=V2', and verify:
Figure FDA0002455791110000035
if the equation is true, the signature Σ is legal, and 1 is output; otherwise, Σ is an illegal signature, outputting 0.
8. An attribute-based signature system is characterized by comprising an attribute authority, a signer, an outsourced signature server, a verifier and an outsourced verification server;
the attribute authority is used for generating a public key PK and a master key MSK;
the signer is used for generating a public key UPK and a private key USK of the signer;
the signer is also used for applying a private key to an attribute authorization mechanism, and the attribute authorization mechanism is used for generating a signer outsourced secret key OSK according to the attribute set and the public key UPK of the signer, then issuing the signer with the private key OSK and transmitting the private key to an outsourced signature server by entrusting of the signer;
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature entrustment of the signer;
the signer is used for obtaining a final signature sigma according to the intermediate result sigma' and the private key USK and sending the final signature sigma to the verifier;
the verifier is used for converting the signature sigma into a signature sigma 'and sending the signature sigma' to the outsourcing verification server;
the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma', obtaining an intermediate result V of the verification signature and sending the intermediate result V to the verifier;
and the verifier is also used for locally verifying to obtain a final verification result according to the intermediate result V.
9. An attribute-based signature method, comprising:
after receiving the signature entrustment of the signer, when the attribute set of the signer is verified to meet the access structure, generating a middle result sigma 'of the signature and sending the middle result sigma' to the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
receiving a signature sigma ' converted by a verifier from a final signature sigma ', wherein the final signature sigma is obtained by a signer according to an intermediate result sigma ' and a private key USK;
and performing outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and then locally verifying by the verifier according to the intermediate result V to obtain a final verification result.
10. An outsourcing server, comprising:
the outsourcing signature server is used for generating a signature intermediate result sigma 'and sending the signature intermediate result sigma' to the signer when the attribute set of the signer meets the access structure after receiving the signature request of the signer; the signature entrustment is issued to the signer by an attribute authority according to the attribute set, the public key UPK and the private key USK of the signer to generate a signer outsourcing key OSK;
the outsourced signature server is also used for receiving a signature sigma 'converted by a final signature sigma of the verifier, wherein the final signature sigma is obtained by the signer according to the intermediate result sigma' and the private key USK;
and the outsourcing verification server is used for carrying out outsourcing verification according to the converted signature sigma' to obtain an intermediate result V of the verification signature and sending the intermediate result V to the verifier, and the verifier obtains a final verification result through local verification according to the intermediate result V.
CN202010305954.9A 2020-04-17 2020-04-17 Attribute-based signature method and system Active CN111404685B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010305954.9A CN111404685B (en) 2020-04-17 2020-04-17 Attribute-based signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010305954.9A CN111404685B (en) 2020-04-17 2020-04-17 Attribute-based signature method and system

Publications (2)

Publication Number Publication Date
CN111404685A true CN111404685A (en) 2020-07-10
CN111404685B CN111404685B (en) 2022-06-21

Family

ID=71431603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010305954.9A Active CN111404685B (en) 2020-04-17 2020-04-17 Attribute-based signature method and system

Country Status (1)

Country Link
CN (1) CN111404685B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438085A (en) * 2021-06-24 2021-09-24 福建师范大学 Efficient attribute-based server assisted signature verification method and system
CN114172654A (en) * 2021-05-13 2022-03-11 福建师范大学 Distributed attribute-based server assisted signature system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110264917A1 (en) * 2008-10-22 2011-10-27 Paycool International Ltd. Method for two step digital signature
CN103312707A (en) * 2013-06-06 2013-09-18 南京邮电大学 Attribute-based signature verification method by aid of cloud server
CN108768975A (en) * 2018-05-16 2018-11-06 东南大学 Support the data integrity verification method of key updating and third party's secret protection
CN109862559A (en) * 2019-03-02 2019-06-07 西安邮电大学 Suitable for industry internet data perception without certificate signature method and system
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110264917A1 (en) * 2008-10-22 2011-10-27 Paycool International Ltd. Method for two step digital signature
CN103312707A (en) * 2013-06-06 2013-09-18 南京邮电大学 Attribute-based signature verification method by aid of cloud server
CN108768975A (en) * 2018-05-16 2018-11-06 东南大学 Support the data integrity verification method of key updating and third party's secret protection
CN109862559A (en) * 2019-03-02 2019-06-07 西安邮电大学 Suitable for industry internet data perception without certificate signature method and system
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴章淋: "云计算环境下基于属性的签名方案研究", 《南京邮电大学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172654A (en) * 2021-05-13 2022-03-11 福建师范大学 Distributed attribute-based server assisted signature system and method
CN114172654B (en) * 2021-05-13 2023-05-05 福建师范大学 Distributed attribute-based server assisted signature system and method
CN113438085A (en) * 2021-06-24 2021-09-24 福建师范大学 Efficient attribute-based server assisted signature verification method and system
CN113438085B (en) * 2021-06-24 2023-05-19 福建师范大学 Efficient attribute-based server auxiliary signature verification method and system

Also Published As

Publication number Publication date
CN111404685B (en) 2022-06-21

Similar Documents

Publication Publication Date Title
EP3646563B1 (en) Method, system, and computer program product for determining solvency of a digital asset exchange
EP3379767B1 (en) Distributed authentication
CN1941699B (en) Cryptographic methods, host system, trusted platform module, and computer arrangement
CN110781521A (en) Intelligent contract authentication data privacy protection method and system based on zero-knowledge proof
CN110113156B (en) Traceable hierarchical multi-authorization ciphertext policy attribute-based authentication method
US9882890B2 (en) Reissue of cryptographic credentials
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
CN103856477A (en) Trusted computing system, corresponding attestation method and corresponding devices
CN109691010B (en) System and method for data transmission
CN111162912B (en) Verification method and device suitable for block chain and storage medium
CN111404685B (en) Attribute-based signature method and system
CN111080296B (en) Verification method and device based on blockchain system
CN113919008A (en) Traceable attribute-based signature method and system with fixed signature length
CN112800482B (en) Identity-based online/offline security cloud storage auditing method
CN111245594B (en) Homomorphic operation-based collaborative signature method and system
CN110278073B (en) Group digital signature and verification method, and equipment and device thereof
CN113792282B (en) Identity data verification method and device, computer equipment and storage medium
CN109768969A (en) Authority control method and internet-of-things terminal, electronic equipment
US20220345312A1 (en) Zero-knowledge contingent payments protocol for granting access to encrypted assets
CN112837064A (en) Signature method, signature verification method and device of alliance chain
CN114172654B (en) Distributed attribute-based server assisted signature system and method
CN115174239B (en) Traceable and forward secure attribute-based signature system and method with fixed length
CN114189340B (en) Attribute-based signature method based on prime order group
CN113630254B (en) ECDSA-based generalized assignment verifier signature proving method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 203, building 11, Shuntai Plaza, No. 2000, Shunhua Road, high tech Zone, Jinan, Shandong 250101

Applicant after: Confident Information Co.,Ltd.

Address before: Room 203, building 11, Shuntai Plaza, No. 2000, Shunhua Road, high tech Zone, Jinan, Shandong 250101

Applicant before: SHANDONG SURESEC INFORMATION INDUSTRY CO.,LTD.

GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Property Based Signature Method and System

Granted publication date: 20220621

Pledgee: Shandong Fuxin Financing Guarantee Co.,Ltd.

Pledgor: Confident Information Co.,Ltd.

Registration number: Y2024980000626