CN116743358A - Repudiation multi-receiver authentication method and system - Google Patents
Repudiation multi-receiver authentication method and system Download PDFInfo
- Publication number
- CN116743358A CN116743358A CN202310593403.0A CN202310593403A CN116743358A CN 116743358 A CN116743358 A CN 116743358A CN 202310593403 A CN202310593403 A CN 202310593403A CN 116743358 A CN116743358 A CN 116743358A
- Authority
- CN
- China
- Prior art keywords
- identity
- receiver
- key
- information
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000007246 mechanism Effects 0.000 claims abstract description 30
- 238000004364 calculation method Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000013507 mapping Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 229910002056 binary alloy Inorganic materials 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 9
- 230000006872 improvement Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application relates to a repudiation multi-receiver authentication method and a repudiation multi-receiver authentication system, wherein the method comprises the following steps: s1, initializing public parameters, hash functions, key generation mechanisms and using members which need to be used; s2, each user member obtains an identity key pair through public parameters, a key generation mechanism and identity information, locally stores a private key and sends the public key to other user members; s3, the sender selects a plurality of receivers from the using members, constructs intermediate parameters for each receiver and the information to be sent respectively, generates corresponding ciphertext information by utilizing the intermediate parameters and the identity public key of each receiver, and sends the ciphertext information to each receiver; s4, each receiver receives the corresponding ciphertext information transmitted by the sender, and the ciphertext information is decrypted and verified by using the identity key pair of the receiver. The sender of the application can decrypt a plurality of receivers only by packaging the message once, thereby avoiding the repeated encryption of the sent message by the sender and protecting the confidentiality and the security of the information.
Description
Technical Field
The present application relates to the field of secure communications, and in particular, to a method and system for repudiation of multiple recipients.
Background
With the rapid development of internet communication technology and intelligent equipment computing and storage capability, a large amount of information and data exist on the internet, the information and the data can come from different sources, a receiver has a great relationship between the credibility of the data and the credibility of the source to which the receiver belongs, and ensuring the verifiability of the data is an important measure for ensuring that the data comes from a credible party. Second, in some special scenarios, data such as personal medical records, network access records, and enterprise production planning, etc., are sensitive data that is private and confidential to the owner, and anonymity of the data must be considered in specific transmission use to ensure privacy of the subject to which it belongs.
The repudiation authentication encryption technology is a branch of the cryptography technology, and has important application in many fields due to the special cryptographic properties, and mainly comprises an interactive repudiation authentication protocol and a non-interactive repudiation authentication protocol. During communication, the recipient can determine the true identity of the sender of the transmission and the true source of the transmission, but the sender can deny the transmission that has been sent, and even if the recipient colludes with a third party, it is not possible for the other person to fully trust the source of the transmission he claims to be, because the nature of the denial is that the recipient can also generate the transmission generated by the sender, so that the sender can claim that the transmission received by the recipient is forged by the recipient, thereby denying the existence of the communication activity.
However, the work of applying the repudiation authentication protocol to the actual scene is only heavy, the security and the anonymity thereof, the efficiency of the protocol is ignored, and in the internet environment in which the communication technology and the computing capability of the equipment are rapidly developed, the efficiency becomes an important consideration factor for a plurality of users to evaluate whether the protocol meets the scene requirement.
Multiple-receiver encryption is a hotspot studied in the field of modern cryptography, and can achieve that a sender encrypts an authentication message once and sends the authentication message to multiple receivers for decryption, so that the communication efficiency of the system is greatly improved.
Disclosure of Invention
In order to solve the above technical problems, the present application provides a repudiation multi-receiver authentication method and system.
The aim of the application is achieved by the following technical scheme:
the application provides a repudiation multi-receiver authentication method, which comprises the following steps:
s1, initializing public parameters, hash functions, key generation mechanisms and using members including a sender and a receiver to be used;
s2, each user member obtains an identity key pair through public parameters, a key generation mechanism and own identity information, locally stores a private key of the identity key pair, and sends the public key to other user members;
s3, the sender selects a plurality of receivers from the using members, constructs intermediate parameters for each receiver and the information to be sent respectively, generates corresponding ciphertext information respectively by using the intermediate parameters and the identity public key of each receiver, and sends the ciphertext information to each receiver;
s4, each receiver receives the corresponding ciphertext information transmitted by the sender, decrypts the ciphertext information by using the identity key pair of the receiver to recover the original information, and verifies the recovered original information.
As a further improvement, in the step S1, the common parameter is initialized by first inputting the security parameter λ to generate two large primesp and q are respectively used as elliptic curve group addition group G 1 And multiplication group G 2 Selecting P as G 1 And determining a bilinear pair e: G 1 ×G 1 →G 2 。
As a further improvement, in said step S1, initializing a hash function comprises determining four hash functions, in particular H 1 :{0,1} * →G 1 Representing mapping binary of arbitrary length to group G 1 A calculation for using the membership public key; h 2 :G 1 →{0,1} p Representative will group G 1 Mapping the points in (a) to a binary system with a specified length for ciphertext encryption and decryption operations;representing binary mapping of any length into an integer domain for ciphertext parameter operation;for encrypting the transmitted information and allowing the recipient to verify the authenticity of the information, wherein +.>Is an infinite loop group.
As a further improvement, in the step S1, initializing the key generation mechanism includes randomly selecting a public-private keyPublic key pk=sk·p is calculated by the public private key.
As a further improvement, in the step S2, each user member obtains an identity key pair through a public parameter, a key generating mechanism and identity information of the user member, and the method includes the following steps:
s21, each using member selects a random numberAs a member private key, a member public key X is calculated in combination with the member private key i =x i P, then member public key X i And using the identity ID of the member i Sending to a key generation mechanism;
s22, the key generating mechanism receives the member public key X of each using member i And identity ID i Respectively calculating identity public keys Y corresponding to using members i =H 1 {X i ,ID i ' and identity private key y i =SK·Y i And the identity key pair { Y containing the identity public key and the identity private key is transmitted through the secure channel i ,y i Returning to the corresponding use member;
s23, after each user receives the identity key pair, the user verifies e (y i ,P)=e(Y i PK), and accepting the identity key pair if true.
As a further improvement, in the step S3, an intermediate parameter is respectively configured for each receiver and the information to be transmitted, and corresponding ciphertext information is respectively generated by using the intermediate parameter and the identity public key of each receiver, and the method includes the following steps:
s31, the sender selects and generates the random number of the first parameterThen calculate the first parameter L of the ciphertext information s =l s ·P;
S32, the sender determines the set R of the information receivers and the information m to be sent, and passes through a hash function H 4 Calculate the second parameter H 4 (m);
S33, respectively performing the following calculation for each receiver
R si =l s ·Y ri
g si =e(y s ,R si )
E ri =l s ·(X ri +Y ri ·PK)
e ri =H 3 (E ri )
Wherein R is si Is the product of the random number selected by the sender and the public key of the identity of the receiver, i represents the count of the members in the set R of receivers, i= {1,2, …, n }, n being the total number of members in the set of receivers, Y ri Representing the identity public key, y, of the ith recipient s Private key, g, representing the identity of the sender si Representing y s And R is R si Bilinear map value, sigma si Representing information m and g to be transmitted si Results after exclusive or of hash values of (2), Y s Representing the public key of the identity of the sender,representing the product of a sender-selected random number and its own identity public key, X ri Member public key representing the ith recipient, E ri E represents the product of the random number selected by the sender and the member public key of the ith receiver plus the identity public key multiplied by the system public key ri Is E ri Input hash function H 3 The result after hash operation will +.>As a third parameter;
s34, the sender obtains a coefficient (a) according to the following polynomial 0 ,a 2 ,…,a n-1 ) As a fourth parameter, a third parameter is provided,
wherein F (x) represents the polynomial constructed by the sender, x represents the unknowns in the polynomial;
s35, the sender encapsulates ciphertext informationAnd sends it to each recipient separately.
As a further improvement, in the step S4, the decryption of the ciphertext information by using the identity key of the receiver to recover the original information includes the following steps:
s41, the receiver receives the first parameter L according to the ciphertext s And a third parameterRecipient identity private key calculation η ri =L s ·x ri ,/>Mu is then calculated from the recipient identity key s =H 2 (g ri ),E r =(η r +L s ·y ri ),e r =H 3 (E r ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein eta ri Representing the product of the ith receiver member private key and the first ciphertext parameter transmitted by the sender, x ri Represents the ith recipient member private key, g ri Bilinear map value, y, representing the ith recipient identity private key and third ciphertext parameter ri Represents the i-th recipient identity private key, μ s G represents g ri Input hash function H 2 As a result of (E) r Representing eta r And the sum of the result of the multiplication of the first ciphertext parameter with the recipient identity private key, e r Representation E r Input hash function H 3 The results after that;
s42, through e r Constructing the following polynomial F (e) in combination with the ciphertext fourth parameter r ) To calculate sigma s :
Wherein F (e) r ) Representing a polynomial used by the recipient for the decryption construct;
s43, the receiver obtains the recovered original message m through the following calculation:
as a further improvement, in the step S4, after the verification of the recovered original information is that the receiver obtains the recovered original message, the hash function H is used 4 The original message is subjected to hash operation and then is judged with the content of the ciphertext information, and if the original message is consistent with the ciphertext information, the received message is verified; if not, the received message fails to verify.
The application provides a repudiation multi-receiver authentication method, which comprises the following steps: s1, initializing public parameters, hash functions, key generation mechanisms and using members including a sender and a receiver to be used; s2, each user member obtains an identity key pair through public parameters, a key generation mechanism and own identity information, locally stores a private key of the identity key pair, and sends the public key to other user members; s3, the sender selects a plurality of receivers from the using members, constructs intermediate parameters for each receiver and the information to be sent respectively, generates corresponding ciphertext information respectively by using the intermediate parameters and the identity public key of each receiver, and sends the ciphertext information to each receiver; s4, each receiver receives the corresponding ciphertext information transmitted by the sender, decrypts the ciphertext information by using the identity key pair of the receiver to recover the original information, and verifies the recovered original information. In the application, when information transmission is needed in multi-receiver encryption, a sender can select a plurality of receivers according to the requirement, calculates an intermediate parameter for each receiver according to an identity public key, information to be transmitted and a public parameter, and realizes information encryption according to the intermediate parameter and the identity public key of each receiver; the receiver decrypts according to the received encrypted information without the relevant information of other receivers except the receiver. The method and the device have the advantages that the sender can decrypt and verify a plurality of receivers only by packaging the message once, the repeated encryption of the sent message by the sender is avoided, the calculation cost is reduced, the method and the device can be applied to the scenes of realizing safe group communication, multiparty information sharing and the like, the information can be ensured to be decrypted by only authorized receivers, and the confidentiality and the safety of the information are protected.
The application also provides a repudiation multi-receiver authentication system, which comprises any one of the further improvements of the repudiation multi-receiver authentication method, and the technical content is adopted, so that the technical content has the same or corresponding technical effects and is not repeated.
As a further improvement, the system comprises a system parameter module, a key generation mechanism, a sending module, a receiving module and a verification module,
the parameter module is as follows: initializing public parameters, hash functions, public key pairs of a key generation mechanism and using member information containing a sender and a receiver which need to be used by a system;
the key generation mechanism: generating an identity key pair according to the public key pair and the using member information;
the sending module: encrypting the transmitted message according to the identity public key of the receiver to form ciphertext information, and transmitting the ciphertext information to the receiver;
the receiving module: receiving ciphertext information sent by a sender, and decrypting and recovering the original message according to the ciphertext information and an identity private key;
the verification module: the receiver verifies the decrypted original message according to the ciphertext information
Drawings
FIG. 1 is a schematic flow chart of the present application.
Detailed Description
In order to make the technical solution of the present application better understood by those skilled in the art, the present application will be described in further detail with reference to the accompanying drawings and the specific embodiments, and it should be noted that the embodiments of the present application and features in the embodiments may be combined with each other without conflict.
Referring to fig. 1, an embodiment of the present application provides a repudiatable multi-receiver authentication method, which includes the following steps:
s1, initializing public parameters, hash functions, key generation mechanisms and using members comprising a sender and a receiver to be used.
Specifically, the initialization of the common parameters, optionally but not limited to, includes first inputting the security parameter λ, generating two large prime numbers p and q and respectively serving as elliptic curve group addition groups G 1 And multiplication group G 2 Selecting P as G 1 And determining a bilinear pair e: G 1 ×G 1 →G 2 。
Initializing a hash function, optionally but not limited to, includes determining four hash functions, where H 1 :{0,1} * →G 1 Representing mapping binary of arbitrary length to group G 1 A calculation for using the membership public key; h 2 :G 1 →{0,1} p Representative will group G 1 Mapping the points in (a) to a binary system with a specified length for ciphertext encryption and decryption operations;representing binary mapping of any length into an integer domain for ciphertext parameter operation; />For encrypting the transmitted information and allowing the recipient to verify the authenticity of the information, wherein +.>Is an infinite loop group.
Initializing a key generation mechanism, optionally but not limited to including randomly selecting a public private keyPublic key pk=sk·p is calculated by public private key SK.
Initializing user members including sender and receiver, each user member being provided with a corresponding unique identity ID i And identity information, each member of use being a sender or receiver of information to be sent when the sender is a senderThe sent message is encrypted into ciphertext information and sent to a receiver, and the ciphertext information is received and decrypted when the message is used as the receiver, and then the original message is recovered.
S2, each user member obtains an identity key pair through public parameters, a key generation mechanism and own identity information, locally stores a private key of the identity key pair, and sends the public key to other user members. Specifically, the method comprises the following steps:
s21, each using member selects a random numberAs a member private key, the member private key x is combined i Computing member public key X i =x i P, then the member public key x i And using the member's unique identity ID i And transmitted to a key generation mechanism.
S22, the key generating mechanism generates a member public key x of each user member according to the received member public key x i And identity ID i Respectively calculating identity public keys Y corresponding to using members i =H 1 {X i ,ID i ' and identity private key y i =SK·Y i And will contain the identity public key Y over a secure channel i And identity private key y i Identity key pair { Y } i ,y i Return to the corresponding usage member.
S23, after each user receives the identity key pair, the user verifies e (y i ,P)=e(Y i PK), and accepting the identity key pair if true.
S3, the sender selects at least one receiver from the using members, and it should be noted that the receivers in the embodiment of the application are optional but not limited to a plurality of receivers, and the method is also applicable to the case of one receiver, and intermediate parameters are respectively constructed for each receiver and information to be sent, wherein the intermediate parameters comprise four parameters, and are respectively: sender-selected random number l s Elliptic curve group addition group G 1 Is multiplied by a base point P to obtain a first parameter L s For constructing polynomial parameter e when receiver decrypts ciphertext information r The method comprises the steps of carrying out a first treatment on the surface of the To send and eliminateSecond parameter H obtained by Hash operation of information m 4 (m) for the recipient to verify the decrypted original message; the sender calculates a first parameter L s Time-selected random number l s Public key Y with sender identity information s Calculating to obtain a third parameter for constructing a polynomial parameter e when the receiver decrypts the ciphertext information r The method comprises the steps of carrying out a first treatment on the surface of the The sender is used for constructing a polynomial when the receiver decrypts and recovers the encrypted ciphertext according to the first parameter of the coefficient list obtained by the polynomial, and respectively generates corresponding ciphertext information by utilizing the four intermediate parameters and the identity public key of each receiver and then sends the corresponding ciphertext information to each receiver, and the method specifically comprises the following steps of:
s31, sender selects random numberThen calculate the first parameter L of the ciphertext information s =l s ·P。
S32, the sender firstly determines the information m to be sent and passes through a hash function H 4 Calculate the second parameter H 7 (m) and then determining a set r= { R1, R2, R3, … ri }, where ri represents any one of the receivers in the set of receivers, i represents the count of members in the set of receivers R, i= {1,2, …, n }, n being the total number of members in the set of receivers.
S33, respectively performing the following calculation for each receiver
R si =l s ·Y ri
g si =e(y s ,R si )
E ri =l s ·(X ri +Y ri ·PK)
e ri =H 3 (E ri )
Wherein R is si Is the product of the sender's chosen random number and the recipient's identity public key, Y ri Representing the identity public key, y, of the ith recipient s Private key, g, representing the identity of the sender si Representing y s And R is R si Bilinear map value, sigma si Representing information m and g to be transmitted si Results after exclusive or of hash values of (2), Y s Representing the public key of the identity of the sender,representing the product of a sender-selected random number and its own identity public key, X ri Member public key representing the ith recipient, E ri Random number l indicating sender selection s Member public key X with the ith recipient ri Plus identity public key Y ri Product of the result of multiplying the system public key PK, e ri Is E ri Input hash function H 3 The result after hash operation will +.>As a third parameter.
S34, the sender obtains a coefficient (a) according to the following polynomial 0 ,a 2 ,…,a n-1 ) As a fourth parameter, a third parameter is provided,
where F (x) represents the polynomial constructed by the sender and x represents the unknowns in the polynomial.
S35, sender encapsulates ciphertext informationAnd sends it to each recipient separately.
S4, each receiver receives the corresponding ciphertext information transmitted by the sender, decrypts the ciphertext information by using the identity key pair of the receiver to recover the original information, and specifically comprises the following steps:
s41, the receiver receives the first parameter L according to the ciphertext s And a third parameterRecipient identity private key calculation η ri =L s ·x ri ,/>Wherein eta ri Representing the product of the ith receiver member private key and the first ciphertext parameter transmitted by the sender, x ri Represents the private key of the receiver member g ri Bilinear map value, y, representing the ith recipient identity private key and third ciphertext parameter ri Representing the ith recipient identity private key, and then calculating mu from the recipient identity key s =H 2 (g ri ),E r =(η r +L s ·y ri ),e r =H 3 (E r ) Wherein μ is s G represents g ri Input hash function H 2 As a result of (E) r Representing eta r And the sum of the result of the multiplication of the first ciphertext parameter with the recipient identity private key, e r Representation E r Input hash function H 3 The results of the latter.
S42, through e r Combining the ciphertext fourth parameter (a 1 ,a 2 ,…,a n-1 ) The following polynomial F (e) was constructed r ) To calculate sigma si :
Wherein F (e) r ) Representing the polynomial used by the receiver to decrypt the construct.
S43, the receiver obtains the recovered original message m through the following calculation:
verifying the recovered original information, specifically, after the receivers obtain the recovered original information, each receiver uses a hash function H 4 The recovered original message is subjected to hash operation and then is judged with the second parameter, and if the recovered original message is consistent with the second parameter, the received message is verified to pass; if not, rejecting the message authentication failure.
In the multi-receiver encryption, when information transmission is needed, a sender can select a plurality of receivers according to the requirements, calculates an intermediate parameter for each receiver according to an identity public key, information to be transmitted and a public parameter, and realizes information encryption according to the intermediate parameter and the identity public key of each receiver; the receiver decrypts according to the received encrypted information without the relevant information of other receivers except the receiver. The method and the device have the advantages that the sender can decrypt and verify a plurality of receivers only by packaging the message once, the repeated encryption of the sent message by the sender is avoided, the calculation cost is reduced, the method and the device can be applied to the scenes of realizing safe group communication, multiparty data sharing and the like, the data can be ensured to be decrypted by only authorized receivers, and the confidentiality and the safety of the information are protected.
Therefore, in the internet environment where business communication is frequent and the current trend is growing, the safe and fair business cooperation is performed on the premise of protecting the privacy of key information, so that the key task of promoting the economic development of the internet is achieved. The repudiation authentication can identify information sources and ensure information privacy security, and the encryption of multiple receivers improves encryption efficiency, and the two are combined with an information security transmission protocol suitable for commercial Internet environments with outstanding privacy protection requirements.
The embodiment of the present application further provides a repudiation multi-receiver authentication system, which includes any one of the preferred embodiments of the repudiation multi-receiver authentication method, and in the case of no conflict, the combination between the further preferred embodiments, because the repudiation multi-receiver authentication system is based on the repudiation multi-receiver authentication method, the repudiation multi-receiver authentication system should have the same or corresponding technical effects and benefits, which are not described herein.
As a further preferred embodiment, the system mainly comprises a system parameter module, a key generating mechanism, a sending module, a receiving module and a verification module,
the parameter module is as follows: initializing public parameters, hash functions, public key pairs of a key generation mechanism and using member information containing a sender and a receiver which need to be used by a system;
the key generation mechanism: generating an identity key pair according to the public key pair and the using member information;
the sending module: encrypting the transmitted message according to the identity public key of the receiver to form ciphertext information, and transmitting the ciphertext information to the receiver;
the receiving module: and receiving the ciphertext information sent by the sender, and decrypting and recovering the original message according to the ciphertext information and the identity private key.
The verification module: the receiver verifies the decrypted original message according to the ciphertext information.
It should be noted that, the verification module of the system may be selectively set according to the security of the use environment.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. A repudiatable multi-receiver authentication method, comprising the steps of:
s1, initializing public parameters, hash functions, key generation mechanisms and using members including a sender and a receiver to be used;
s2, each user member obtains an identity key pair through public parameters, a key generation mechanism and own identity information, locally stores a private key of the identity key pair, and sends the public key to other user members;
s3, the sender selects a plurality of receivers from the using members, constructs intermediate parameters for each receiver and the information to be sent respectively, generates corresponding ciphertext information by utilizing the intermediate parameters and the public key and the identity public key of each receiver respectively, and sends the ciphertext information to each receiver;
s4, each receiver receives the corresponding ciphertext information transmitted by the sender, decrypts the ciphertext information by using the identity key pair of the receiver to recover the original information, and verifies the recovered original information.
2. The method of claim 1, wherein in step S1, the public parameter is a security parameter λ is input first, two large prime numbers p and q are generated and used as elliptic curve group addition groups G, respectively 1 And multiplication group G 2 Selecting P as G 1 And determining a bilinear pair e: G 1 ×G 1 →G 2 。
3. The repudiation multi-receiver authentication method of claim 2, wherein in step S1, initializing the hash function comprises determining four hash functions, wherein H 1 :{0,1} * →G 1 Representing mapping binary of arbitrary length to group G 1 A calculation for using the membership public key; h 2 :G 1 →{0,1} p Representative will group G 1 Mapping the points in (a) to a binary system with a specified length for ciphertext encryption and decryption operations; h 3 :Representing binary mapping of any length into an integer domain for ciphertext parameter operation; h 4 :/>For encrypting the transmitted information and allowing the recipient to verify the authenticity of the information, wherein +.>Is an infinite loop group.
4. A repudiation multi-receiver authentication method as claimed in claim 3, wherein in step S1, initializing a key generation mechanism comprises randomly selecting a public private keyPublic key pk=sk·p is calculated by the public private key.
5. The method of claim 4, wherein each member obtains the identity key pair through the public parameter, the key generating mechanism and the identity information of the member in step S2, and the method comprises the steps of:
s21, each using member selects a random numberAs a member private key, a member public key X is calculated in combination with the member private key i =x i P, then member public key X i And using the identity ID of the member i Sending to a key generation mechanism;
s22, the key generating mechanism receives the member public key X of each using member i And identity ID i Respectively calculating identity public keys Y corresponding to using members i =H 1 {X i ,ID i ' and identity private key y i =SK·Y i And will be transmitted over the secure channelIdentity key pair { Y comprising identity public key and identity private key i ,y i Returning to the corresponding use member;
s23, after each user receives the identity key pair, the user verifies e (y i ,P)=e(Y i PK), and accepting the identity key pair if true.
6. The method of claim 5, wherein in step S3, intermediate parameters are respectively constructed for each receiver and the information to be transmitted, and corresponding ciphertext information is respectively generated by using the intermediate parameters and the identity public key of each receiver, and the method comprises the following steps:
s31, the sender selects and generates the random number of the first parameterThen calculate the first parameter L of the ciphertext information s =l s ·P;
S32, the sender determines the set R of the information receivers and the information m to be sent, and passes through a hash function H 4 Calculate the second parameter H 4 (m);
S33, respectively performing the following calculation for each receiver
R si =l s ·Y ri
g si =e(y s ,R si )
E ri =l s ·(X ri +Y ri ·PK)
e ri =H 3 (E ri )
Wherein R is si Is the product of the random number selected by the sender and the public key of the recipient identity, i denotes the count of members in the recipient set R, i= {1,2,.. ri Representing the identity public key, y, of the ith recipient s Private key, g, representing the identity of the sender si Representing y s And R is R si Bilinear map value, sigma si Representing information m and g to be transmitted si Results after exclusive or of hash values of (2), Y s Representing the public key of the identity of the sender,representing the product of a sender-selected random number and its own identity public key, X ri Member public key representing the ith recipient, E ri E represents the product of the random number selected by the sender and the member public key of the ith receiver plus the identity public key multiplied by the system public key ri Is E ri Input hash function H 3 The result after hash operation will +.>As a third parameter;
s34, the sender obtains a coefficient (a) according to the following polynomial 0 ,a 2 ,...,a n-1 ) As a fourth parameter, a third parameter is provided,
wherein F (x) represents the polynomial constructed by the sender, x represents the unknowns in the polynomial;
s35, sender encapsulates ciphertext informationAnd sends it to each recipient separately.
7. The method of claim 6, wherein in step S4, the ciphertext information is decrypted by using the identity key of the recipient to recover the original information, and the method comprises the steps of:
s41, the receiver receives the first parameter L according to the ciphertext s And a third parameterRecipient identity private key calculation η ri =L s ·x ri ,Mu is then calculated from the recipient identity key s =H 2 (g ri ),E r =(η r +L s ·y ri ),e r =H 3 (E r ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein eta ri Representing the product of the ith receiver member private key and the first ciphertext parameter transmitted by the sender, x ri Represents the ith recipient member private key, g ri Bilinear map value, y, representing the ith recipient identity private key and third ciphertext parameter ri Represents the i-th recipient identity private key, μ s G represents g ri Input hash function H 2 As a result of (E) r Representing eta r And the sum of the result of the multiplication of the first ciphertext parameter with the recipient identity private key, e r Representation E r Input hash function H 3 The results after that;
s42, through e r Constructing the following polynomial F (e) in combination with the ciphertext fourth parameter r ) To calculate sigma s :
Wherein F (e) r ) Representing a polynomial used by the recipient for the decryption construct;
s43, the receiver obtains the recovered original message m through the following calculation:
8. the method according to any one of claims 1 to 7, wherein in step S4, the verification of the recovered original information is performed by using a hash function H after the receiver obtains the recovered original message 4 The original message is subjected to hash operation and then is judged with the content of the ciphertext information, and if the original message is consistent with the ciphertext information, the received message is verified; if not, rejecting the message authentication failure.
9. A repudiatable multi-receiver authentication system comprising a repudiatable multi-receiver authentication method as claimed in any one of claims 1 to 8.
10. The repudiation multi-receiver authentication system of claim 9, comprising a system parameters module, a key generation mechanism, a transmission module, a reception module, and a verification module,
the parameter module is as follows: initializing public parameters, hash functions, public key pairs of a key generation mechanism and using member information containing a sender and a receiver which need to be used by a system;
the key generation mechanism: generating an identity key pair according to the public key pair and the using member information;
the sending module: encrypting the transmitted message according to the identity public key of the receiver to form ciphertext information, and transmitting the ciphertext information to the receiver;
the receiving module: receiving ciphertext information sent by a sender, and decrypting and recovering the original message according to the ciphertext information and an identity private key;
the verification module: the receiver verifies the decrypted original message according to the ciphertext information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310593403.0A CN116743358A (en) | 2023-05-24 | 2023-05-24 | Repudiation multi-receiver authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310593403.0A CN116743358A (en) | 2023-05-24 | 2023-05-24 | Repudiation multi-receiver authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116743358A true CN116743358A (en) | 2023-09-12 |
Family
ID=87900273
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310593403.0A Pending CN116743358A (en) | 2023-05-24 | 2023-05-24 | Repudiation multi-receiver authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116743358A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499159A (en) * | 2023-12-27 | 2024-02-02 | 杭州字节方舟科技有限公司 | Block chain-based data transaction method and device and electronic equipment |
-
2023
- 2023-05-24 CN CN202310593403.0A patent/CN116743358A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499159A (en) * | 2023-12-27 | 2024-02-02 | 杭州字节方舟科技有限公司 | Block chain-based data transaction method and device and electronic equipment |
| CN117499159B (en) * | 2023-12-27 | 2024-03-26 | 杭州字节方舟科技有限公司 | Block chain-based data transaction method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108352015B (en) | Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems | |
| US6298153B1 (en) | Digital signature method and information communication system and apparatus using such method | |
| CN104270249B (en) | It is a kind of from the label decryption method without certificate environment to identity-based environment | |
| US5796833A (en) | Public key sterilization | |
| US8661240B2 (en) | Joint encryption of data | |
| US7239701B1 (en) | Key sharing method, secret key generating method, common key generating method and cryptographic communication method in ID-NIKS cryptosystem | |
| CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
| CN110011995A (en) | Encryption and decryption approaches and device in multi-casting communication | |
| CA2819211C (en) | Data encryption | |
| CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
| CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
| CN116743358A (en) | Repudiation multi-receiver authentication method and system | |
| CN112350820B (en) | Multi-receiver signcryption method, sending end, receiving end, system and storage medium | |
| Deshmukh et al. | Secure key sharing scheme using Hamiltonian path | |
| CN101964039B (en) | Encryption protection method and system of copyright object | |
| Qin et al. | Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing | |
| JP4485122B2 (en) | Public key cryptosystem, signature system, cryptographic communication system, secret key generator, public key generator, and computer program | |
| US6724893B1 (en) | Method of passing a cryptographic key that allows third party access to the key | |
| CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
| Boyd | Enforcing traceability in software | |
| Chetan et al. | Security framework for VANET for privacy preservation | |
| CN116781243B (en) | Unintentional transmission method based on homomorphic encryption, medium and electronic equipment | |
| JP3862397B2 (en) | Information communication system | |
| Krishna | A randomized cloud library security environment | |
| JPH0373633A (en) | Cryptographic communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |