CN115296792A - Identity-based signcryption method for protecting secret key - Google Patents

Identity-based signcryption method for protecting secret key Download PDF

Info

Publication number
CN115296792A
CN115296792A CN202210703552.3A CN202210703552A CN115296792A CN 115296792 A CN115296792 A CN 115296792A CN 202210703552 A CN202210703552 A CN 202210703552A CN 115296792 A CN115296792 A CN 115296792A
Authority
CN
China
Prior art keywords
sender
private key
receiver
key
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210703552.3A
Other languages
Chinese (zh)
Inventor
陈剑洪
肖绍章
张海艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202210703552.3A priority Critical patent/CN115296792A/en
Publication of CN115296792A publication Critical patent/CN115296792A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses an identity-based signcryption method for protecting a secret key, which is characterized in that two credible assistors are arranged, the two assistors alternately help a sender and a receiver to generate an initial private key and a public key and update the private key at the starting point of each time period, the sender generates a signcryption ciphertext, and the receiver generates a plaintext by using a signcryption algorithm and performs signature verification. The invention sets two independent and physically safe credible assistors for the sender and the receiver respectively, and the two assistors help the sender and the receiver to generate the initial private key of the cryptosystem by using the secret value selected by the sender and the receiver, thereby avoiding the problem of identity revocation and realizing the function of resisting key leakage; the invention utilizes two assistors to alternately and respectively update the real-time private keys of the sender and the receiver in different time periods, thereby on one hand, allowing frequent real-time private key update, and on the other hand, reducing the secret key leakage probability of the assistors.

Description

Identity-based signcryption method for protecting secret key
Technical Field
The invention relates to information security, in particular to an identity-based signcryption method for protecting a secret key.
Background
Cryptography is the underlying support technology for information security and is also the core of authentication and access control. Privacy and authentication are two important security goals in cryptography. In the public key cryptosystem, the encryption and decryption schemes are the two basic schemes, which are used to provide two security targets, i.e. the confidentiality of the message and the authentication of the message. In some applications, such as e-mail, e-commerce, etc., it is desirable to achieve both security goals. The signcryption cryptosystem can complete the encryption and signature functions simultaneously in one logic step, and the calculated amount and the data amount are less than the sum of the two. And the sender generates a signed cipher text through signed cipher calculation. The recipient generates plaintext by a de-signcryption calculation and verifies the signature.
The closest prior art to this method is the Identity-Based Key-Insulated signature information, 23 (1): 27-45, which is provably secure under standard models. The method is suitable for application scenes and the like of which the private keys of a sender and a receiver need to be protected. The method mainly comprises the following steps: first, generating a public system parameter and a system master key; secondly, generating initial private keys of a sender and a receiver and an assistor key; thirdly, generating real-time private key updating information of a sender and a receiver; fourthly, generating real-time private keys of a sender and a receiver; fifthly, the sender generates a signature text; sixth, the recipient generates the ciphertext using a de-signcryption algorithm and verifies the signature. In the method, the private keys of the sender and the receiver are updated in each time slice, so that the capability of a system for defending the private key from being leaked is enhanced. However, the method has some defects, and the method cannot be used in an application scenario where an assistor key is leaked, so that the problem of private key protection in the application scenario cannot be solved.
Disclosure of Invention
The invention aims to: the invention aims to provide an identity-based signcryption method for protecting a secret key, so that the problem of private key protection in an application scene of realizing encryption and signature in one logic step is solved.
The technical scheme is as follows: the invention relates to an identity-based signcryption method for protecting a secret key, which has the following principle: setting two assistor keys, generating real-time private key updating information at the starting point of each time period by the two assistors, updating the real-time private keys, generating real-time private keys of a sender and a receiver, generating a ciphertext by the sender by using a signcryption algorithm, and generating a plaintext by the receiver by using a signcryption-free algorithm and verifying a signature. The method comprises the following steps:
(1) Establishing system parameters:
G 1 and G 2 Are all multiplicative groups of prime order p, G being G 1 A generator of (2); g 2 Is a multiplication loop group of order q, and e G 1 ×G 1 →G 2 Is a bilinear map; z p Represents the set {0,1,2.,. P-1}, used in this specification
Figure BDA0003705315260000021
Represents Z p \ {0}; two hash functions H are selected u :{0,1} * →{0,1} nu ,H v :{0,1} nm →{0,1} nv Nu, nm and nv are safety parameters; setting the identity as a bit string with the length nu and setting the message as a bit string with the length nm; define a bijection V:Γ → G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv A subset of p elements; selecting a pseudo-random function F: given an input parameter x of k bits and a seed of k bits, the function F will output a random string F of k bits long s (x) (ii) a Randomly selecting an integer alpha epsilon Z p Randomly choosing an integer g 2 ∈G 1 Setting g 1 =g α Setting Y = e (g) 1 ,g 2 ) (ii) a Randomly selecting u' epsilon to G 1 When i =1,.. Nu, u is randomly selected i ∈G 1 Setting nu-dimensional vector
Figure BDA0003705315260000022
Randomly selecting m' epsilon from G 1 When i =1 i ∈G 1 Setting nv dimension vector
Figure BDA0003705315260000023
Setting a master private key
Figure BDA0003705315260000024
Setting system disclosure parameters as
Figure BDA0003705315260000025
(2) Private key extraction:
(2.1) setting u as a bit string of length nu representing identity; let u [ i ]]I-th bit of u; definition of
Figure BDA0003705315260000026
So that u [ i ]]Set of subscript i of = 1; let w u,-1 Is H u (u | | -1) and w u,-1 [i]Is w u,-1 The ith bit; let w u,0 Is H u (u | | 0) and w u,0 [i]Is w u,0 The ith bit; definition of
Figure BDA0003705315260000027
To make w u,-1 [i]Set of subscript i = 1; definition of
Figure BDA0003705315260000028
To make w u,0 [i]Set of subscript i of = 1; randomly selecting two helper keys HK u,1 ,HK u,0 ∈{0,1} κ And calculate
Figure BDA0003705315260000029
Random selection
Figure BDA00037053152600000210
Initial private key for computing identity u
Figure BDA00037053152600000211
(2.2) the facilitator key and initial private key of the sender are HK a,1 ,HK a,0 And
Figure BDA00037053152600000212
(2.3) helper Key and initial private Key of receiver HK, respectively b,1 ,HK b,0 And
Figure BDA00037053152600000213
(3) Generating real-time facilitator update information for the sender and recipient at time slice t:
(3.1) setting w u,t Is H u (u | | t) and w u,t [i]Is w u,t I th bit of (1), define
Figure BDA0003705315260000031
Figure BDA0003705315260000032
To make w u,t [i]Set of subscript i = 1; is also provided with w u,t-2 Is H u (u | | t-2) and w u,t-2 [i]Is w u,t-2 The ith bit of (1), define
Figure BDA0003705315260000033
To make w u,t-2 [i]Set of subscript i of = 1; computing
Figure BDA0003705315260000034
And
Figure BDA0003705315260000035
to construct a temporal private key update information UI for a time slice t of a user u u,t And calculating:
Figure BDA0003705315260000036
(3.2) the temporary private key updating information of the time slices t of the sender and the receiver are respectively as follows:
Figure BDA0003705315260000037
Figure BDA0003705315260000038
(4) Generating real-time private keys of the sender and the receiver at a time slice t:
decomposing temporary private key of user u in time slice t-1 into
Figure BDA0003705315260000039
Decomposing temporary private key updating information of time slice t into
Figure BDA00037053152600000310
In order to construct a temporary private key d of a user u at a time slice t u,t And the user u calculates:
Figure BDA00037053152600000311
temporary private key d for arbitrary identity u and arbitrary time slice t u,t Has the following form:
Figure BDA00037053152600000312
likewise, the temporary private keys of the sender and the receiver in the time slice t are respectively:
Figure BDA00037053152600000313
Figure BDA00037053152600000314
(5) And (3) signing and sealing:
for message m, sender a signs a as follows:
sender A decomposes his ephemeral private key into
Figure BDA00037053152600000315
Random selection of r m ,r′ t-1 ,
Figure BDA00037053152600000316
Randomly selecting r epsilon {0,1} nv So that a m r is the same as Γ
Order to
Figure BDA0003705315260000041
To make from H v (m) a set of indices j whose j th bit is different from the j th bit of r, i.e.
Figure BDA0003705315260000042
And (3) calculating:
Figure BDA0003705315260000043
Figure BDA0003705315260000044
Figure BDA0003705315260000045
Figure BDA0003705315260000046
Figure BDA0003705315260000047
Figure BDA0003705315260000048
Figure BDA0003705315260000049
Figure BDA00037053152600000410
Figure BDA00037053152600000411
let r be t-1 =r′ t-1 +k a,t-1 ,r t =r′ t +k a,t
Figure BDA00037053152600000412
Figure BDA00037053152600000413
Figure BDA00037053152600000414
Sender a outputs a ciphertext:
Figure BDA00037053152600000415
Figure BDA0003705315260000051
and sends it to recipient B;
(6) And (3) de-signing and encrypting:
receiver B decomposes the received ciphertext (t, σ) into (t, (σ) <1><2><3><4><5><6><7><8><9> ) ); the receiver B willHis temporary private key is decomposed into
Figure BDA0003705315260000052
Computing
Figure BDA0003705315260000053
Generating
Figure BDA0003705315260000054
If the following equation holds, then message m is output, otherwise "the de-signcryption failed" is output;
Figure BDA0003705315260000055
a computer storage medium having stored thereon a computer program which, when executed by a processor, implements an identity-based signcryption method for protecting a secret key as described above.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a method of identity-based signcryption for protecting a key as described above when the computer program is executed by the processor.
Has the advantages that: compared with the prior art, the invention has the following advantages:
1. two independent and physically safe trusted assistors are respectively arranged for a sender and a receiver, and the two assistors help the sender and the receiver to generate an initial private key of a cryptosystem when the sender and the receiver use the secret value selected by the sender and the receiver, so that the problem of identity revocation is avoided, and a function of resisting key leakage is realized;
2. the password system alternately and respectively updates the real-time private keys of a sender and a receiver by using two assistors in different time periods, so that frequent real-time private key updating is allowed on one hand, and the key leakage probability of the assistors can be reduced on the other hand;
3. the sender implements encryption and signing in one logical step, which reduces the total computation and communication cost of encrypting and signing the message.
Drawings
FIG. 1 is a flow chart of the steps of the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
As shown in fig. 1, an identity-based signcryption method for protecting a key includes the following steps:
(1) Establishing system parameters:
G 1 and G 2 Are all multiplicative groups of prime order p, G being G 1 The generator of (2); g 2 Is a multiplication loop group of order q, and e G 1 ×G 1 →G 2 Is a bilinear map; z p Represents the set {0,1,2.,. P-1}, used in this specification
Figure BDA00037053152600000612
Represents Z p \ {0}; two hash functions H are selected u :{0,1} * →{0,1} nu ,H v :{0,1} nm →{0,1} nv Nu, nm and nv are safety parameters; setting the identity as a bit string with the length nu and setting the message as a bit string with the length nm; define a bijection V:Γ → G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv A subset of p elements; selecting a pseudo-random function F: given an input parameter x of k bits and a seed of k bits, the function F will output a random string F of k bits long s (x) (ii) a Randomly selecting an integer alpha epsilon Z p Randomly choosing an integer g 2 ∈G 1 Setting g 1 =g α Setting Y = e (g) 1 ,g 2 ) (ii) a Randomly selecting u' epsilon as G 1 When i =1 i ∈G 1 Setting nu-dimensional vector
Figure BDA0003705315260000061
Randomly selecting m' belonged to G 1 When i =1Machine selection m i ∈G 1 Setting nv dimension vector
Figure BDA0003705315260000062
Setting a master private key
Figure BDA0003705315260000063
Setting system disclosure parameters as
Figure BDA0003705315260000064
(2) Private key extraction:
(2.1) setting u as a bit string of length nu representing identity; let u [ i ]]I-th bit of u; definition of
Figure BDA0003705315260000065
So that u [ i ]]Set of subscript i of = 1; let w u,-1 Is H u (u | | -1) and w u,-1 [i]Is w u,-1 The ith bit; let w u,0 Is H u (u | | 0) and w u,0 [i]Is w u,0 The ith bit; definition of
Figure BDA0003705315260000066
To make w u,-1 [i]Set of subscript i of = 1; definition of
Figure BDA0003705315260000067
To make w u,0 [i]Set of subscript i of = 1; randomly selecting two helper keys HK u,1 ,HK u,0 ∈{0,1} κ And calculate
Figure BDA0003705315260000068
Random selection
Figure BDA0003705315260000069
Initial private key for computing identity u
Figure BDA00037053152600000610
(2.2) helper Key and of senderThe initial private keys are HK respectively a,1 ,HK a,0 And
Figure BDA00037053152600000611
(2.3) receiver helper Key and initial private Key HK, respectively b,1 ,HK b,0 And
Figure BDA0003705315260000071
(3) Generating real-time facilitator update information for the sender and recipient at time slice t:
(3.1) setting w u,t Is H u (u | | t) and w u,t [i]Is w u,t I th bit of (1), define
Figure BDA0003705315260000072
Figure BDA0003705315260000073
To make w u,t [i]Set of subscript i of = 1; is also provided with w u,t-2 Is H u (u | | t-2) and w u,t-2 [i]Is w u,t-2 I th bit of (1), define
Figure BDA0003705315260000074
To make w u,t-2 [i]Set of subscript i = 1; computing
Figure BDA0003705315260000075
And
Figure BDA0003705315260000076
to construct a temporal private key update information UI for a time slice t of a user u u,t And calculating:
Figure BDA0003705315260000077
(3.2) the temporary private key updating information of the time slices t of the sender and the receiver are respectively as follows:
Figure BDA0003705315260000078
Figure BDA0003705315260000079
(4) Generating real-time private keys of the sender and the receiver at a time slice t:
decomposing temporary private key of user u in time slice t-1 into
Figure BDA00037053152600000710
Decomposing temporary private key updating information of time slice t into
Figure BDA00037053152600000711
In order to construct a temporary private key d of a user u at a time slice t u,t And the user u calculates:
Figure BDA00037053152600000712
temporary private key d for arbitrary identity u and arbitrary time slice t u,t Has the following form:
Figure BDA00037053152600000713
likewise, the temporary private keys of the sender and the receiver in the time slice t are respectively:
Figure BDA00037053152600000714
Figure BDA00037053152600000715
(5) And (3) signing and sealing:
for message m, sender a signs a as follows:
sender A decomposes his temporary private key into
Figure BDA00037053152600000716
Random selection of r m ,r′ t-1 ,
Figure BDA00037053152600000717
Randomly selecting r epsilon {0,1} nv So that a m r is the same as Γ
Order to
Figure BDA0003705315260000081
To make from H v (m) a set of indices j whose j th bit is different from the j th bit of r, i.e.
Figure BDA0003705315260000082
And (3) calculating:
Figure BDA0003705315260000083
Figure BDA0003705315260000084
Figure BDA0003705315260000085
Figure BDA0003705315260000086
Figure BDA0003705315260000087
Figure BDA0003705315260000088
Figure BDA0003705315260000089
Figure BDA00037053152600000810
Figure BDA00037053152600000811
let r be t-1 =r′ t-1 +k a,t-1 ,r t =r′ t +k a,t
Figure BDA00037053152600000812
Figure BDA00037053152600000813
Figure BDA00037053152600000814
Sender a outputs a ciphertext:
Figure BDA00037053152600000815
Figure BDA0003705315260000091
and sends it to recipient B;
(6) And (3) unfastening and encrypting:
the receiver B willThe received ciphertext (t, σ) is decomposed into (t, (σ) <1><2><3><4><5><6><7><8><9> ) ); receiver B decomposes his temporary private key into
Figure BDA0003705315260000092
Computing
Figure BDA0003705315260000093
Generating
Figure BDA0003705315260000094
If the following equation holds, then message m is output, otherwise "the de-signcryption failed" is output;
Figure BDA0003705315260000095

Claims (3)

1. an identity-based signcryption method for protecting a key, comprising the steps of:
(1) Establishing system parameters:
G 1 and G 2 Are all multiplicative groups of prime order p, G being G 1 A generator of (2); g 2 Is a multiplication loop group of order q, and e G 1 ×G 1 →G 2 Is a bilinear map; z p Represents the set {0,1,2.,. P-1}, used in this specification
Figure FDA0003705315250000011
Represents Z p \ {0}; two hash functions H are selected u :{0,1} * →{0,1} nu ,H v :{0,1} nm →{0,1} nv Nu, nm and nv are safety parameters; setting the identity as a bit string with the length nu and setting the message as a bit string with the length nm; statorMeaning a bijection V: Γ → G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv A subset of p elements; selecting a pseudo-random function F: given an input parameter x of k bits and a seed of k bits, the function F will output a random string F of k bits long s (x) (ii) a Randomly selecting an integer alpha epsilon Z p Randomly choosing an integer g 2 ∈G 1 Setting g 1 =g α Setting Y = e (g) 1 ,g 2 ) (ii) a Randomly selecting u' epsilon as G 1 When i =1 i ∈G 1 Setting nu-dimensional vector
Figure FDA0003705315250000012
Randomly selecting m' belonged to G 1 When i =1 i ∈G 1 Setting nv dimension vector
Figure FDA0003705315250000013
Setting a master private key
Figure FDA0003705315250000014
Setting system disclosure parameters as
Figure FDA0003705315250000015
(2) Private key extraction:
(2.1) setting u as a bit string of length nu representing identity; let u [ i ]]The ith position of u; definition of
Figure FDA0003705315250000016
So that u [ i ]]Set of subscript i of = 1; let w u,-1 Is H u (u | | -1) and w u,-1 [i]Is w u,-1 The ith bit; let w u,0 Is H u (u | | 0) and w u,0 [i]Is w u,0 The ith bit; definition of
Figure FDA0003705315250000017
To make w u,-1 [i]Set of subscript i of = 1; definition of
Figure FDA0003705315250000018
To make w u,0 [i]Set of subscript i of = 1; randomly selecting two helper keys HK u,1 ,HK u,0 ∈{0,1} κ And calculate
Figure FDA0003705315250000019
Random selection
Figure FDA00037053152500000110
Initial private key for computing identity u
Figure FDA00037053152500000111
(2.2) the facilitator key and initial private key of the sender are HK a,1 ,HK a,0 And
Figure FDA00037053152500000112
(2.3) helper Key and initial private Key of receiver HK, respectively b,1 ,HK b,0 And
Figure FDA00037053152500000113
(3) Generating real-time facilitator update information for the sender and recipient at time slice t:
(3.1) setting w u,t Is H u (u | | t) and w u,t [i]Is w u,t I th bit of (1), define
Figure FDA0003705315250000021
Figure FDA0003705315250000022
To make w u,t [i]Set of subscript i of = 1; is also provided with w u,t-2 Is H u (u | | t-2) and w u,t-2 [i]Is w u,t-2 I th bit of (1), define
Figure FDA0003705315250000023
To make w u,t-2 [i]Set of subscript i of = 1; computing
Figure FDA0003705315250000024
And
Figure FDA0003705315250000025
to construct a temporal private key update information UI for a time slice t of a user u u,t And calculating:
Figure FDA0003705315250000026
(3.2) the temporary private key updating information of the time slices t of the sender and the receiver are respectively as follows:
Figure FDA0003705315250000027
Figure FDA0003705315250000028
(4) Generating real-time private keys of the sender and the receiver at a time slice t:
decomposing temporary private key of user u in time slice t-1 into
Figure FDA0003705315250000029
Decomposing temporary private key updating information of time slice t into
Figure FDA00037053152500000210
To make up ofEstablishing temporary private key d of user u in time slice t u,t And the user u calculates:
Figure FDA00037053152500000211
temporary private key d for arbitrary identity u and arbitrary time slice t u,t Has the following form:
Figure FDA00037053152500000212
likewise, the temporary private keys of the sender and the receiver in the time slice t are respectively:
Figure FDA00037053152500000213
Figure FDA00037053152500000214
(5) And (3) signing and sealing:
for message m, sender a signs a as follows:
sender A decomposes his temporary private key into
Figure FDA00037053152500000215
Random selection
Figure FDA00037053152500000216
Randomly selecting r epsilon {0,1} nv So that a m r is the same as Γ
Order to
Figure FDA00037053152500000217
To make from H v (m) a set of indices j whose j th bit is different from the j th bit of r, i.e.
Figure FDA00037053152500000218
And (3) calculating:
Figure FDA0003705315250000031
Figure FDA0003705315250000032
Figure FDA0003705315250000033
Figure FDA0003705315250000034
Figure FDA0003705315250000035
Figure FDA0003705315250000036
Figure FDA0003705315250000037
Figure FDA0003705315250000038
Figure FDA0003705315250000039
let r be t-1 =r′ t-1 +k a,t-1 ,r t =r t ′+k a,t
Figure FDA00037053152500000310
Figure FDA00037053152500000311
Figure FDA00037053152500000312
Sender a outputs a ciphertext:
Figure FDA00037053152500000313
and sends it to recipient B;
(6) And (3) de-signing and encrypting:
receiver B decomposes the received ciphertext (t, σ) into
Figure FDA0003705315250000041
Receiver B decomposes his temporary private key into
Figure FDA0003705315250000042
Computing
Figure FDA0003705315250000043
Generating
Figure FDA0003705315250000044
If the following equation holds, then message m is output, otherwise "the de-signcryption failed" is output;
Figure FDA0003705315250000045
2. a computer storage medium on which a computer program is stored, which computer program, when being executed by a processor, carries out an identity-based signcryption method for protecting a key according to any one of claims 1-5.
3. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements an identity-based signcryption method for protecting a key according to any of claims 1-5 when executing the computer program.
CN202210703552.3A 2022-06-21 2022-06-21 Identity-based signcryption method for protecting secret key Pending CN115296792A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210703552.3A CN115296792A (en) 2022-06-21 2022-06-21 Identity-based signcryption method for protecting secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210703552.3A CN115296792A (en) 2022-06-21 2022-06-21 Identity-based signcryption method for protecting secret key

Publications (1)

Publication Number Publication Date
CN115296792A true CN115296792A (en) 2022-11-04

Family

ID=83820590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210703552.3A Pending CN115296792A (en) 2022-06-21 2022-06-21 Identity-based signcryption method for protecting secret key

Country Status (1)

Country Link
CN (1) CN115296792A (en)

Similar Documents

Publication Publication Date Title
Baek et al. Public key encryption with keyword search revisited
JP4809598B2 (en) Use of isojani in the design of cryptographic systems
CN102811125B (en) Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
US7221758B2 (en) Practical non-malleable public-key cryptosystem
US20080052521A1 (en) Hierarchical identity-based encryption and signature schemes
US20060126832A1 (en) ID-based signature, encryption system and encryption method
CA2819211C (en) Data encryption
Lin et al. Identity-based encryption with equality test and datestamp-based authorization mechanism
Diffie et al. New Directions in cryptography (1976)
CN109831305B (en) Anti-quantum computation signcryption method and system based on asymmetric key pool
Shen et al. Identity-based authenticated encryption with identity confidentiality
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
US6931126B1 (en) Non malleable encryption method and apparatus using key-encryption keys and digital signature
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
CN111431715A (en) Policy control signature method supporting privacy protection
CN116743358A (en) Repudiation multi-receiver authentication method and system
Wu et al. ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography
CN109787773B (en) Anti-quantum computation signcryption method and system based on private key pool and Elgamal
Rivest et al. 9. A Method for Obtaining Digital Signatures and
CN115296792A (en) Identity-based signcryption method for protecting secret key
CN109787772B (en) Anti-quantum computation signcryption method and system based on symmetric key pool
JP2004246350A (en) Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method
CN112733176A (en) Identification password encryption method based on global hash
CN116074016A (en) Secret key protection method based on threshold mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination