CN112491556B - Block chain agent blind signature generation method - Google Patents

Block chain agent blind signature generation method Download PDF

Info

Publication number
CN112491556B
CN112491556B CN202011342702.XA CN202011342702A CN112491556B CN 112491556 B CN112491556 B CN 112491556B CN 202011342702 A CN202011342702 A CN 202011342702A CN 112491556 B CN112491556 B CN 112491556B
Authority
CN
China
Prior art keywords
signature
signer
message
proxy
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011342702.XA
Other languages
Chinese (zh)
Other versions
CN112491556A (en
Inventor
文义红
杨伊
何德彪
罗敏
王士成
李峰
许建凯
陈金勇
徐小刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 54 Research Institute
Original Assignee
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 54 Research Institute filed Critical CETC 54 Research Institute
Priority to CN202011342702.XA priority Critical patent/CN112491556B/en
Publication of CN112491556A publication Critical patent/CN112491556A/en
Application granted granted Critical
Publication of CN112491556B publication Critical patent/CN112491556B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3257Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain agent blind signature generation method, and belongs to the technical field of information security. The method comprises the steps of firstly, generating system parameters of a whole agent blind signature scheme through a system initialization algorithm; then, the user generates a public and private key pair by himself, and obtains the public and private key pair of the original signer and the public and private key pair of the proxy signer; the original signer authorizes the proxy signer, after the authorization is successful, the user blinds the message through the blinding factor and sends the message to the proxy signer, the proxy signer signs the blinded message through the signature private key and sends the blinded message to the user, the user blindly obtains the signature of the message for the blinded signature, and the verifier can recover the message and verify the signature when verifying the signature. The invention uses blind factors to destroy the linear relation between the final signature message and the intermediate value in the signature process, thereby ensuring the blindness and the untraceability of the blind signature scheme of the invention.

Description

Block chain agent blind signature generation method
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a block chain agent blind signature generation method.
Background
With the continuous development of network technology, digital signatures are widely used. The digital signature can verify the integrity and authenticity of data sources and information and the non-repudiation of the signature, can solve the problems of counterfeiting, repudiation, impersonation, falsification and the like in a network, and is an electronic signature technology which is most commonly applied, has the most mature technology and has the strongest operability at present. However, in some specific scenarios such as electronic election, when the original signer cannot sign, the original signer needs to authorize the agent to sign, and the owner of the message does not want the agent to know the specific content of the message, and the signer only wants to let others know that the original signer signs the message. With the promotion of the requirement of protecting privacy, the proxy blind signature scheme comes into play.
The blockchain is a distributed shared account book and a database, and has the characteristics of decentralization, non-tampering, traceability, collective maintenance, public transparency and the like, and the characteristics ensure the integrity and transparency of the blockchain. Based on these characteristics, the blockchain has rich application scenarios. However, in some specific blockchain application scenarios, such as decentralized electronic election, anonymity needs to be guaranteed, and meanwhile, when the user cannot operate, the user needs to be successfully authorized to operate the application by the agent, so as to ensure the normal operation of the application. However, such a method is still lacking in the prior art.
Disclosure of Invention
In view of this, the present invention provides a block chain proxy blind signature generation method, which can authorize an original signer to sign when the original signer cannot sign, and simultaneously ensure that the proxy signer does not know the content of the signature.
In order to achieve the purpose, the invention adopts the technical scheme that:
a blind signature generation method for a blockchain agent comprises the following steps:
s1, system initialization:
(101) the certificate authority selects a group of additive cycles of order prime q
Figure GDA0003568087030000011
And multiplication loop group
Figure GDA0003568087030000012
Wherein the elements
Figure GDA0003568087030000013
Is an additive cyclic group
Figure GDA0003568087030000014
Generating element, element of
Figure GDA0003568087030000015
Is an additive cyclic group
Figure GDA0003568087030000016
Generator of (2), bilinear pair
Figure GDA0003568087030000017
(102) Given a security parameter k, the certificate authority selects four hash functions
Figure GDA0003568087030000018
Figure GDA0003568087030000019
Wherein the content of the first and second substances,
Figure GDA0003568087030000021
{0,1}*is a character string with any length consisting of 0 and 1,
Figure GDA0003568087030000022
denotes a length l consisting of 0, 11The character string of (a) is,
Figure GDA0003568087030000023
denotes a length l consisting of 0, 12The character string of (1);
(103) key generation center public system parameters:
Figure GDA0003568087030000024
s2, key generation:
the user randomly selects a number
Figure GDA0003568087030000025
And is provided withIs its own private key and the public key is Qu=suP2Then the original signer's public-private key pair is(s)o,Qo) Public and private key pair of proxy signer is(s)p,Qp);
S3, authorization:
the original signer calculates the authorization Qw to the proxy signer:
Qw=(so+H1(Mw,IDp,Qp))-1P1
wherein M iswAs an authorization book, IDpIs the identity information of the proxy signer;
s4, authorization verification and proxy blind signature key generation:
proxy signer verification equation e (P)1,P2)=e(Qw,H1(Mw,IDp,Qp)P2+Qo(ii) a If the equation is true, the authorization is accepted and D is calculatedop=spQw
S5, agent blind signature generation:
(501) signer generates random numbers
Figure GDA0003568087030000026
Calculating R ═ rP1And sending R to the user;
(502) after receiving the R, the user randomly selects alpha,
Figure GDA0003568087030000027
and (3) calculating:
Figure GDA0003568087030000028
Figure GDA0003568087030000029
v′=α-1(v+β)
and sends v' to the agentA signer; wherein m is the message to be signed, | | | represents the concatenation of character strings,
Figure GDA00035680870300000210
representing an exclusive or operation;
(503) after the proxy signer receives v ', S ═ (r + v') D is calculatedopAnd sending S' to the user;
(504) after receiving S ', the user calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M) of the message M to be signedw);
S6, signature verification:
verifier computation
Figure GDA0003568087030000031
And
Figure GDA0003568087030000032
judging equation l1|u|=F1(m') if true, verifying to pass; otherwise, the verification is not passed; wherein l1| u | represents the left end l of the string u1The value of the individual bits is then,
Figure GDA0003568087030000033
indicating the right end l of the extraction string u2A value of one bit.
The invention adopts the technical scheme to obtain the beneficial effects that:
1. most of the prior proxy blind signatures with message recovery do not have the untraceability of signatures, and a proxy signer can determine the user information of the signature through the intermediate value transmitted in the signature process, namely the proxy signer can determine which signature is signed by retaining the data. The invention can complete the successful authorization of the original signer to the proxy signer, simultaneously uses the blind factor to blindly the original message and destroys the linear relation between the signature and the intermediate value, so that the user can obtain the correct signature, the verifier can recover the original message and successfully verify the signature, but the proxy signer can not know the original message, thereby ensuring the blindness and the irretrievable traceability of the method.
2. The invention introduces the agent blind signature in the block chain application system to realize authorization and confusion service, thereby not only providing an audit certificate for improper behaviors, but also ensuring that the original message is invisible to an agent, thereby ensuring the legal anonymity of users.
In summary, the invention is a proxy blind signature generation method with message recovery suitable for block chain application, which uses a blind factor to destroy the linear relation between the final signature message and the intermediate value in the signature process, thereby ensuring the blindness and untraceability of the blind signature scheme of the invention.
Drawings
Fig. 1 is a schematic diagram of a signature flow of a proxy blind signature generation method in an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further described in detail by combining the attached drawings and the detailed description.
As shown in fig. 1, a block chain proxy blind signature generation method is implemented by an original signer OrignalSigner, a proxy signer ProxySigner and a User, in a signature process, the original signer OrignalSigner firstly authorizes the proxy signer ProxySigner, after the authorization is successful, the User blindly changes a message, the proxy signer ProxySigner signs the blinded message, then the User outputs a signature, and finally a verifier can recover the original message while verifying whether the signature is correct. Which comprises the following steps:
initializing a system:
this step is performed by the certificate authority CA, mainly to generate system parameters for the whole proxy blind signature scheme. The concrete method is as follows:
given a security parameter k, CA selects four hash functions
Figure GDA0003568087030000041
Figure GDA0003568087030000042
CA selects addition cycles of order prime q
Figure GDA0003568087030000043
And multiplication loop group
Figure GDA0003568087030000044
Wherein the elements
Figure GDA0003568087030000045
Is an additive cyclic group
Figure GDA0003568087030000046
Generating element, element of
Figure GDA0003568087030000047
Is an additive cyclic group
Figure GDA0003568087030000048
The generator of (1). Bilinear pairings
Figure GDA0003568087030000049
Key generation center KGC discloses system parameters:
Figure GDA00035680870300000410
and (3) key generation:
the step is executed by a User, and is used for generating a private and public key pair of the User. The concrete mode is as follows:
the user randomly selects a number
Figure GDA00035680870300000411
And set as its own private key, the public key is Qu=suP2. Then the original signer's publicThe private key pair is(s)o,Qo) The public and private key pair of the proxy signer is(s)p,Qp)。
Authorization:
this step is performed by the original Signer for generating an authorization Q to the proxy Signer ProxySignerw. The concrete mode is as follows:
original Signer original Signal computation Qw=(so+H1(Mw,IDp,Qp))-1P1Wherein M iswCorresponding to the authorization book.
Authorization verification and proxy blind signature key generation:
this step is performed by the proxy signer ProxySigner for verifying the authorization QwAnd if the verification is passed, the authorization is accepted. The concrete mode is as follows:
proxy signer ProxySigner verification equation e (P)1,P2)=e(Qw,H1(Mw,IDp,Qp)P2+Qo. If the equation is true, the authorization is accepted.
Proxy signer ProxySigner computation Dop=spQw
Proxy blind signature generation:
this step is essentially the generation of a signature (S, v, M) of the message M to be signedw). In the process of generating the signature, the User uses blinding the message M by using a blinding factor, and then the proxy signer ProxySigner signs the blinded message and the signature (S, v, M) of the Userw). The concrete mode is as follows:
signer generates random numbers
Figure GDA0003568087030000051
Calculating R ═ rP1And sending R to a User;
after the user receives R, randomly selects a,
Figure GDA0003568087030000052
and (3) calculating:
Figure GDA0003568087030000053
Figure GDA0003568087030000054
v′=α-1(v+β)
and sends v' to the proxy signer ProxySigner;
after the proxy signer ProxySigner receives V ', S ═ r + V') D is calculatedopAnd sending S' to a User;
after receiving S ', the User calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M)w)。
Signature verification:
this step is mainly used for the Verifier verify the message M signature (S, v, M)w) The validity of (2). The concrete mode is as follows:
verifier calculation
Figure GDA0003568087030000055
And
Figure GDA0003568087030000056
judging equation l1|u|=F1(m') if true, verifying to pass; otherwise, the verification is not passed.
The method is executed by an original signer, an agent signer and a user together, in the signing process, the original signer firstly authorizes the agent signer, after the authorization is successful, the user blinds the message, the agent signer signs the blinded message, then the user outputs the signature, and finally a verifier can recover the original message while verifying whether the signature is correct.
The invention can complete the successful authorization of the original signer to the proxy signer, simultaneously uses the blind factor to blindly the original message and destroys the linear relation between the signature and the intermediate value, so that the user can obtain the correct signature, the verifier can recover the original message and successfully verify the signature, but the proxy signer can not know the original message, thereby ensuring the blindness and the irretrievable traceability of the scheme of the invention.

Claims (1)

1. A blind signature generation method for a blockchain agent is characterized by comprising the following steps:
s1, system initialization:
(101) the certificate authority selects a group of additive cycles of order prime q
Figure FDA0003568087020000011
And multiplication loop group
Figure FDA0003568087020000012
Wherein the elements
Figure FDA0003568087020000013
Is an additive cyclic group
Figure FDA0003568087020000014
Generating element, element of
Figure FDA0003568087020000015
Is an additive cyclic group
Figure FDA0003568087020000016
Bilinear pair e:
Figure FDA0003568087020000017
(102) given a security parameter k, the certificate authority selects four hash functions H1
Figure FDA0003568087020000018
Figure FDA0003568087020000019
H2
Figure FDA00035680870200000110
F1
Figure FDA00035680870200000111
F2
Figure FDA00035680870200000112
Wherein the content of the first and second substances,
Figure FDA00035680870200000113
{0,1}*is a character string with any length consisting of 0 and 1,
Figure FDA00035680870200000114
denotes a length l consisting of 0, 11The character string of (a) is,
Figure FDA00035680870200000115
denotes a length l consisting of 0, 12The character string of (1);
(103) key generation center public system parameters:
Figure FDA00035680870200000116
s2, key generation:
the user randomly selects a number
Figure FDA00035680870200000117
And set as its own private key, the public key is Qu=suP2Then the public and private key pair of the original signer is(s)o,Qo) Proxy signaturePublic and private key pair of people as(s)p,Qp);
S3, authorization:
computing an authorization Q for a proxy signer by an original signerw
Qw=(so+H1(Mw,IDp,Qp))-1P1
Wherein M iswAs an authorization book, IDpIs the identity information of the proxy signer;
s4, authorization verification and proxy blind signature key generation:
proxy signer verification equation e (P)1,P2)=e(Qw,H1(Mw,IDp,Qp)P2+Qo(ii) a If the equation is true, the authorization is accepted and D is calculatedop=spQw
S5, agent blind signature generation:
(501) signer generates random numbers
Figure FDA00035680870200000118
Calculating R ═ rP1And sending R to the user;
(502) after receiving the R, the user randomly selects alpha,
Figure FDA00035680870200000119
and (3) calculating:
Figure FDA00035680870200000120
Figure FDA00035680870200000121
v′=α-1(v+β)
and sending v' to the proxy signer; wherein m is the message to be signed, | | | represents the concatenation of character strings,
Figure FDA0003568087020000021
representing an exclusive or operation;
(503) after the proxy signer receives v ', S ═ (r + v') D is calculatedopAnd sending S' to the user;
(504) after receiving S ', the user calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M) of the message M to be signedw);
S6, signature verification:
verifier computation
Figure FDA0003568087020000022
And
Figure FDA0003568087020000023
judging equation l1|u|=F1(m') if true, verifying to pass; otherwise, the verification is not passed; wherein l1| u | represents the left end l of the string u1The value of the individual bits is then,
Figure FDA0003568087020000024
indicating the right end l of the extraction string u2A value of one bit.
CN202011342702.XA 2020-11-26 2020-11-26 Block chain agent blind signature generation method Active CN112491556B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011342702.XA CN112491556B (en) 2020-11-26 2020-11-26 Block chain agent blind signature generation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011342702.XA CN112491556B (en) 2020-11-26 2020-11-26 Block chain agent blind signature generation method

Publications (2)

Publication Number Publication Date
CN112491556A CN112491556A (en) 2021-03-12
CN112491556B true CN112491556B (en) 2022-05-06

Family

ID=74934553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011342702.XA Active CN112491556B (en) 2020-11-26 2020-11-26 Block chain agent blind signature generation method

Country Status (1)

Country Link
CN (1) CN112491556B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098684B (en) * 2021-03-26 2022-07-05 国网河南省电力公司电力科学研究院 Intelligent power grid-oriented untraceable blind signature method and system
CN114389808B (en) * 2022-01-26 2023-07-21 南京邮电大学 OpenID protocol design method based on SM9 blind signature
CN115348033A (en) * 2022-08-12 2022-11-15 四川启睿克科技有限公司 Short identity-based designated verifier proxy signature method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333453A (en) * 2014-10-20 2015-02-04 西安电子科技大学 Partially blind signature method based on identity
CN106559211B (en) * 2016-11-22 2019-12-13 中国电子科技集团公司第三十研究所 Privacy protection intelligent contract method in block chain
CN106899412A (en) * 2017-03-30 2017-06-27 北京链银博科技有限责任公司 A kind of block chain method for secret protection, apparatus and system
CN109359483B (en) * 2018-10-19 2021-09-10 东北大学秦皇岛分校 User privacy anonymity protection method based on block chain

Also Published As

Publication number Publication date
CN112491556A (en) 2021-03-12

Similar Documents

Publication Publication Date Title
CN112491556B (en) Block chain agent blind signature generation method
US9967239B2 (en) Method and apparatus for verifiable generation of public keys
EP1958373B1 (en) Physical secret sharing and proofs of vicinity using pufs
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN112532394B (en) Block chain anti-signature traceable certificateless blind signature generation method
CN102387019A (en) Certificateless partially blind signature method
CN111342973A (en) Safe bidirectional heterogeneous digital signature method between PKI and IBC
GB2487503A (en) Authentication of digital files and associated identities using biometric information
CN111654366B (en) Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC
CN107332665A (en) A kind of Partial Blind Signature method of identity-based on lattice
JPH08328471A (en) Restoration-type electronic signature method and addition- type electronic signature method as well as authentication exchange method
CN113032844B (en) Signature method, signature verification method and signature verification device for elliptic curve
CN109064170B (en) Group signature method without trusted center
CN112511314B (en) Recoverable message blind signature generation method based on identity
CN114333137A (en) Anonymous and stress-resistant electronic voting system based on partial blind signature and block chain
CN110417555A (en) A kind of safe encryption method and system of personal electric signature
CN111147240B (en) Privacy protection method and system with traceability
CN115174102A (en) Efficient batch verification method and system based on SM2 signature
CN113849861A (en) Proxy digital signature method based on elliptic curve
CN111064581B (en) Privacy protection method and system with connection capability
Sharp Applied Cryptography
CN116389011A (en) Blind signature method and system based on identity key isolation
KR20010017358A (en) Method for making the fair blind signatures
CN115361120A (en) Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling
CN115834096A (en) Method for realizing block chain election based on verifiable random function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant