CN117014868A - Communication method and related device - Google Patents
Communication method and related device Download PDFInfo
- Publication number
- CN117014868A CN117014868A CN202210468992.5A CN202210468992A CN117014868A CN 117014868 A CN117014868 A CN 117014868A CN 202210468992 A CN202210468992 A CN 202210468992A CN 117014868 A CN117014868 A CN 117014868A
- Authority
- CN
- China
- Prior art keywords
- network device
- attribute
- signature
- subset
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 74
- 238000004891 communication Methods 0.000 title claims abstract description 70
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000012545 processing Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 14
- 239000013598 vector Substances 0.000 claims description 9
- 230000002708 enhancing effect Effects 0.000 abstract description 7
- 238000004422 calculation algorithm Methods 0.000 description 25
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 8
- 238000013461 design Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000002457 bidirectional effect Effects 0.000 description 5
- 230000015654 memory Effects 0.000 description 5
- 101000772194 Homo sapiens Transthyretin Proteins 0.000 description 4
- 102100029290 Transthyretin Human genes 0.000 description 4
- 238000013475 authorization Methods 0.000 description 4
- 238000012549 training Methods 0.000 description 4
- 206010000117 Abnormal behaviour Diseases 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application discloses a communication method and a related device, wherein first network equipment generates a first signature according to a first certificate, and the first certificate is generated by an authority center according to a first attribute corpus, a public key and an identity of the first network equipment; the first network device encrypts the first message according to the first attribute subset, the first strategy and the first signature to obtain a first ciphertext, and then sends the ciphertext to the second network device, wherein the first attribute subset is a subset of the first attribute subset, and the first strategy is a strategy which needs to be met by the second network device. In the application, the message sender encrypts the message based on the attribute and the strategy to obtain the ciphertext, and the message receiver can decrypt the ciphertext to obtain the message only by having the corresponding attribute key and the strategy key, thereby enhancing the communication safety. On the other hand, as the attribute shown by the message sender in the ciphertext is only one part of the attributes of the sender, the risk of attribute leakage of the sender is reduced, and the privacy protection capability is enhanced.
Description
Technical Field
The embodiment of the application relates to the technical field of communication, in particular to a communication method and a related device.
Background
Service discovery (Service discovery) is the automatic detection of devices and services provided by them within a computer network, including discovery of the name of the service, the internet protocol (internet protocol, IP) address and port number of the service, etc. The purpose of service discovery is to simplify the configuration work of users and to realize the automatic management of computer devices and services. Service discovery has wide application, including smart home, cloud services, or wireless networks.
Service discovery is essential in wireless communications. However, existing service discovery protocols do not provide privacy protection or are very limited in terms of privacy protection for clients and servers, possibly revealing sensitive information (e.g., service type, identity of the client or movement pattern) or allowing only unilateral authorization control. For example, in wireless fidelity (wireless fidelity, wiFi), bluetooth low energy (bluetooth low energy, BLE) and multicast domain name system (domain name system, DNS), sensitive device information (e.g., service hostname and service type) and user information are broadcast in plain text over the public channel, with a significant privacy disclosure risk.
Therefore, a communication scheme for improving privacy protection capability is highly demanded.
Disclosure of Invention
The embodiment of the application provides a communication method and a related device, which are used for enhancing privacy protection capability in a communication process.
In a first aspect, an embodiment of the present application provides a communication method, including:
the first network device generates a first signature according to a first certificate, wherein the first certificate is generated by an authority center according to a first attribute corpus, a public key and an identity of the first network device;
the first network device encrypts a first message according to a first attribute subset, a first strategy and a first signature to obtain a first ciphertext, wherein the first attribute subset is a subset of a first attribute corpus, and the first strategy is a strategy which needs to be met by the second network device;
the first network device sends a first ciphertext to the second network device.
In the application, the sender (first network device) of the message encrypts the message based on the attribute and the strategy to obtain the ciphertext, so that the receiver (second network device) of the message can decrypt the ciphertext to obtain the message only by having the corresponding attribute key and the strategy key, thereby enhancing the communication safety. On the other hand, since the attribute presented by the sender of the message in the text is only an attribute of a part of the sender, the risk of attribute leakage of the sender is reduced, and privacy protection capability is enhanced.
Based on the first aspect, in an optional implementation manner, the first network device generates a first signature according to the first credential, including:
the first network device generates a first signature from the first credential, a second subset of attributes, the identity, a private key of the first network device, and the first message, the second subset of attributes being a subset of the first corpus of attributes.
Based on the first aspect, in an optional implementation manner, the first network device generates a first signature according to the first credential, the second attribute subset, the identity, a private key of the first network device, and the first message, including:
the first network device generates random parameters;
the first network device generates a first random element and a second random element according to the random parameter;
the first network device generates a zero-knowledge proof credential for the first credential according to the identity, the private key of the first network device and the first message;
the first network device generates a first signature from the first random element, the second random element, a first credential, and the zero-knowledge proof credential.
Specifically, the first network device obtains a first credential (σ 1 ,σ 2 );
The first network device randomly selects random parametersCalculating a first random element from a random parameterAnd a second random element->Calculate the first credential (sigma 1 ,σ 2 ) Middle->And +.>Wherein (1)> For the second subset of attributes, n is the number of attributes in the first full set of attributes, G and h are common parameters in group G,and Y i The random number is obtained by carrying out random operation according to g;
the first network device is based on the identity, the private key of the first network device, the first credential (sigma 1 ,σ 2 ) And a first message generating a zero knowledge proof credential pi for the first credential 2 ;
First network device determinationIs the first signature.
Based on the first aspect, in an optional implementation manner, the first signature is further used by the authority center to determine the identity according to the first message, the second attribute subset and the first signature. In this embodiment, the authority center can reversely trace the identity of the ciphertext sender according to the first signature in the ciphertext, and can trace the abnormal behavior of the sender in time, thereby improving the communication security.
Based on the first aspect, in an optional implementation manner, the first network device encrypts the first message according to the first attribute subset, the first policy and the first signature to obtain a first ciphertext, and the method includes:
The first network device selects a random vector
The first network device calculating secret sharing sharesAnd select K epsilon G T ,f snd Is a first strategy;
the first network device calculates a first ciphertextWherein, ct M =SEnc(H(K),(M,tok snd )),/> Wherein W is 0 =0,/> i∈[n],/>tok snd For the first signature, M is the first message, X s Is the first subset of attributes.
Based on the first aspect, in an optional implementation manner, the first ciphertext is used for the second network device to decrypt and obtain the first message through the attribute key and the policy key, wherein the attribute key is generated by the authority center, and the policy key is generated by the authority center according to the first policy.
Based on the first aspect, in an optional implementation manner, the first ciphertext is used for the second network device to decrypt the first ciphertext according to the first signature, a policy key corresponding to the first policy, and an attribute key corresponding to the first attribute corpus, so as to obtain the first message, where the attribute key is generated by the authority center, and the policy key is generated by the authority center according to the first policy. Specifically, the second network device decodes the data by decrypting the equation (M, tok snd ) After SDec (H (K'), ct) a first message is obtained, M is the first message, ct is the ciphertext,tok snd is a first signature, wherein- >And dk i,j For the policy key corresponding to the first policy, dk 1 Dk2 and dk3 are attribute keys corresponding to the first attribute corpus, and the K' calculated by the second network device should be the same as the value of K selected when the first network device generates ciphertext, < >> ω j Sum mu j By calculation ofThe obtained product.
Based on the first aspect, in an optional implementation manner, the method further includes:
and responding to the second network equipment to obtain the first message according to the first ciphertext, and authenticating the first network equipment to be legal by the second network equipment.
In this embodiment, based on the encryption algorithm and the decryption algorithm, when the second network device successfully decrypts the first ciphertext to obtain the first message, bidirectional authentication may be implemented, that is, on one hand, it may be determined that the second network device has a legal identity for communication with the first network device, and on the other hand, it may also be determined that the first network device has a legal identity for communication with the second network device.
Based on the first aspect, in an alternative implementation, the generation of the first credential needs to use a public key to the first network device, and if the authority center generates private keys for all users (the first network device), when the authority center is broken by a hacker, the private keys of all users will be revealed. Thus, in this embodiment, the public key and the private key are generated by the first network device itself. Specifically, the user identifier (identity) of the first network device is a uid, and the first network device randomly generates a private key of the first network device Calculation upk 1 ←h usk ,upk 2 ←g usk The public key of the first network device is upk = (upk) 1 ,upk 2 ). After the first network device generates the public key, the public key is sent to the authoritative center for subsequent generation of the first credentials. And, the first network device generates a zero knowledge proof credential pi 1 ,π 1 The method is used for proving that the first network equipment has the private key corresponding to the public key, so that the private key is not required to be handed to an authoritative center for storage, and the risk of revealing the private key due to the fact that the authoritative center is broken by a hacker is reduced.
In a second aspect, an embodiment of the present application provides a communication device, for use as a first network device, including:
the processing unit generates a first signature according to a first certificate, wherein the first certificate is generated by an authority center according to a first attribute corpus, a public key and an identity of first network equipment;
the processing unit is further used for encrypting the first message according to the first attribute subset, the first strategy and the first signature to obtain a first ciphertext, wherein the first attribute subset is a subset of the first attribute corpus, and the first strategy is a strategy required to be met by the second network equipment;
and the receiving and transmitting unit is used for transmitting the first ciphertext to the second network equipment.
Based on the second aspect, in an alternative embodiment, the processing unit is specifically configured to:
A first signature is generated from the first credential, a second subset of attributes, the identity, a private key of the first network device, and the first message, the second subset of attributes being a subset of the first corpus of attributes.
Based on the second aspect, in an alternative embodiment, the processing unit is specifically configured to:
generating random parameters;
generating a first random element and a second random element according to the random parameters;
generating a zero knowledge proof credential for the first credential according to the identity, the private key of the first network device and the first message;
a first signature is generated from the first random element, the second random element, the first credential, and the zero-knowledge proof credential.
Based on the second aspect, in an alternative embodiment, the first signature is further used by the authority to determine the identity from the first message, the second subset of attributes and the first signature.
Based on the second aspect, in an alternative embodiment, the processing unit is specifically configured to:
selecting random vectors
Computing secret sharing sharesAnd select K epsilon G T ,f snd Is a first strategy;
calculate the first ciphertextWherein, ct M =SEnc(H(K),(M,tok snd )),/> Wherein W is 0 =0,/> i∈[n],/>tok snd For the first signature, M is the first message, X s Is the first subset of attributes.
Based on the second aspect, in an optional implementation manner, the first ciphertext is used for the second network device to decrypt and obtain the first message through the attribute key and the policy key, wherein the attribute key is generated by the authority center, and the policy key is generated by the authority center according to the first policy.
Based on the second aspect, in an optional implementation manner, the first ciphertext is used by the second network device according to the first signature, the policy key corresponding to the first policy, and the first attributeAnd decrypting the first ciphertext to obtain the first message by using an attribute key corresponding to the corpus, wherein the attribute key is generated by the authority center, and the strategy key is generated by the authority center according to the first strategy. Specifically, the second network device decodes the data by decrypting the equation (M, tok snd ) After SDec (H (K'), ct) a first message is obtained, M is the first message, ct is the ciphertext,tok snd is a first signature, wherein->And dk i,j For the policy key corresponding to the first policy, dk 1 Dk2 and dk3 are attribute keys corresponding to the first attribute corpus, and the K' calculated by the second network device should be the same as the value of K selected when the first network device generates ciphertext, < > > ω j Sum mu j By calculation ofThe obtained product.
Based on the second aspect, in an alternative embodiment, the public key and the private key of the first network device are generated by the first network device.
The content of the information interaction and the execution process of the embodiment shown in the present aspect is based on the same concept as the embodiment shown in the first aspect, so the description of the beneficial effects shown in the present aspect is shown in the above first aspect, and details are not repeated here.
In a third aspect, an embodiment of the present application provides a computer device, including a communication interface and a processor; the communication interface is configured to communicate with other devices under control of the processor, and the processor is configured to execute the computer program or instructions to cause the computer device to perform the method according to any of the above aspects.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored therein, which when run on a computer causes the computer to perform the communication method of any of the above aspects.
In a fifth aspect, embodiments of the present application provide a computer program product or computer program comprising computer programs or instructions which, when run on a computer, cause the computer to perform the communication method of any of the above aspects.
In a sixth aspect, embodiments of the present application provide a chip system, which includes a processor for implementing the functions involved in the above aspects, for example, transmitting or processing data and/or information involved in the above method. In one possible design, the chip system further includes a memory for holding program instructions and data necessary for the server or the communication device. The chip system can be composed of chips, and can also comprise chips and other discrete devices.
From the above technical solutions, the embodiment of the present application has the following advantages:
the application provides a communication method.A first network device generates a first signature according to a first certificate, wherein the first certificate is generated by an authority center according to a first attribute corpus, a public key and an identity of the first network device; the first network device encrypts a first message according to a first attribute subset, a first strategy and a first signature to obtain a first ciphertext, wherein the first attribute subset is a subset of a first attribute corpus, and the first strategy is a strategy which needs to be met by the second network device; the first network device sends a first ciphertext to the second network device. In the application, the sender (first network device) of the message encrypts the message based on the attribute and the strategy to obtain the ciphertext, so that the receiver (second network device) of the message can decrypt the ciphertext to obtain the message only by having the corresponding attribute key and the strategy key, thereby enhancing the communication safety. On the other hand, since the attribute presented by the sender of the message in the text is only an attribute of a part of the sender, the risk of attribute leakage of the sender is reduced, and privacy protection capability is enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an encryption scheme based on a particular identity;
FIG. 2 is a schematic flow diagram of anonymous credentials;
FIG. 3 is a schematic diagram of an anonymous identity system based on zero knowledge proof;
FIG. 4 is a flow chart of a communication method according to an embodiment of the application;
FIG. 5 is a schematic diagram of a communication method applied to a service discovery protocol according to the present application;
fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another communication device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a communication method and a related device, which are used for enhancing privacy protection capability in a communication process.
Embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. The terminology used in the description of the embodiments of the application herein is for the purpose of describing particular embodiments of the application only and is not intended to be limiting of the application. As one of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical scheme provided by the embodiment of the application is also applicable to similar technical problems.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Service discovery (Service discovery) is the automatic detection of devices and services provided by them within a computer network, including discovery of the name of the service, the internet protocol (internet protocol, IP) address and port number of the service, etc. The purpose of service discovery is to simplify the configuration work of users and to realize the automatic management of computer devices and services. Service discovery has wide application, including smart home, cloud services, or wireless networks.
Service discovery is essential in wireless communications. However, existing service discovery protocols do not provide privacy protection or are very limited in terms of privacy protection for clients and servers, possibly revealing sensitive information (e.g., service type, identity of the client or movement pattern) or allowing only unilateral authorization control. For example, in wireless fidelity (wireless fidelity, wiFi), bluetooth low energy (bluetooth low energy, BLE) and multicast domain name system (domain name system, DNS), sensitive device information (e.g., service hostname and service type) and user information are broadcast in plain text over the public channel, with a significant privacy disclosure risk.
First, a privacy preserving scheme in the existing service discovery procedure is described below.
Attribute-based Encryption (ABE): ABE can be divided into ciphertext policy attribute-based encryption systems (ciphertext policy attribute based encryption, CP-ABE) and key policy attribute-based encryption systems (key policy attribute based encryption, KP-ABE).
In the attribute encryption algorithm based on the ciphertext policy, the ciphertext is related to the access control policy, the key is related to the attribute set, and when the attribute of the user meets the access control policy of the ciphertext, the user can decrypt the ciphertext. Because ciphertext is updated frequently and data sharing based on the cloud platform usually has a plurality of users, attribute encryption based on ciphertext strategies is more consistent with data sharing in an actual cloud platform environment, and documents after attribute encryption can be well protected. Specifically, the current KP-ABE comprises four algorithms mainly:
setup (λ) → (pub, msk): the system parameter lambda is input and the key generation center generates a system master key (pub, msk).
Encrypt (m, pub, ATTR) →ct: the plaintext is encrypted using the set of attributes ATTR and the common parameter pub, generating the ciphertext CT.
Keygen (pub, msk, a) →sk: the public key pub, the master key msk and the access policy a of the user are input, and a key generation algorithm is run by a key generation center (authority center) to generate a key sk for the user.
Decrypt (CT, sk) →m: and matching the attribute set of the user with the access strategy, and if the attribute set of the user is satisfied, decrypting the ciphertext CT by the user by using the private key sk, and outputting the ciphertext m. Otherwise, the operation is stopped.
In a key policy based attribute encryption algorithm, ciphertext is associated with a user's set of attributes, and a key is associated with an access control policy. Specifically, the current CP-ABE includes four algorithms mainly:
setup (λ) → (pub, msk): the system parameter lambda is input and the key generation center generates a common parameter and a system master key (pub, msk).
Encrypt (m, pub, a) →ct: and encrypting the plaintext by using the public parameter pub and the access control strategy A to generate a ciphertext CT.
Keygen (pub, msk, ATTR) →sk: the public key pub of the user, the master key msk and the attribute set ATTR of the user are input, and a key generation center (authority center) runs a key generation algorithm to generate an attribute private key sk for the user.
Decrypt (CT, sk) →m: the user uses the attribute key distributed by the key generation center to match with the access strategy of the ciphertext, and if the attribute meets the strategy, the private key sk of the user can decrypt the ciphertext CT and output the plaintext m. If the policy is not satisfied, the decryption cannot be successfully performed.
In the current ABE scheme, only one key generation center is responsible for all attributes of the system, and corresponding private keys are distributed for each user. In this case, it is heavy and risky, and the trust requirement of the user on the key distribution center is unconditional.
Encryption scheme based on specific identity: both sender S and receiver R (each entity having its own attributes) can specify a particular policy that the other party must satisfy to display the message. During decryption, no content is revealed. Specifically, both the sender S and the receiver R, etc., communication entities may specify fine-grained access policies to the encrypted data. For example, in a social network, sender S may encrypt a file containing personal details of S and specify a policy such that the file can only be decrypted by the communication entity specified by sender S. On the other hand, the receiver R can decrypt the file only when S corresponds to the sender-specified communication entity defined by the policy. This solution needs to avoid revealing the properties and policies of sender S and receiver R to third parties that do not meet the requirements.
Referring to fig. 1, fig. 1 is a schematic diagram of an encryption scheme based on specific identities. As shown in fig. 1, a sender of a message (the identity is σ in fig. 1) acquires an encryption key corresponding to the σ identity from a rights holder center, and a receiver of the message (the identity is ρ in fig. 1) acquires a decryption key corresponding to the ρ identity from the rights holder center. In the message transmitted to the receiver, the sender designates that the identity of the receiver is ρ, encrypts the message, and generates ciphertext. The message can be decrypted if and only if it is acquired by a recipient of identity ρ.
Because the sender and the receiver must precisely limit the identity information of the other party before transmitting the message, the use scene of the strategy is single, the sender needs to pointedly deploy the privacy strategy of the message aiming at the receivers with different identities, the communication efficiency is low, and the calculation cost is high.
Anonymous credentials: a traditional credential (also commonly referred to as a certificate or attribute certificate) is a set of personal attributes, such as the date of birth, name, or personal number of a user, signed (and thereby certified) by an authority center (i.e., the issuer of the credential), and provided to its owner in an encrypted manner (by requiring the user's key to use the credential). In terms of privacy, using anonymous credentials is better than making a request directly to the authoritative center, as this may prevent the authoritative center from analyzing the user's private information. However, if the user wants to prove certain attributes, in the conventional credential generation process, the authority requires that the user disclose all of the attributes together so that the verifier can check the authority's subscription. This allows different uses of the same credential to be linked to each other. Anonymous certificates allow users to essentially "convert" a certificate into a new certificate containing only a subset of the original certificate attributes (which allows only a subset of its attributes to be certified to a verifier, i.e., selectively certified attributes).
Referring to fig. 2, fig. 2 is a schematic flow chart of anonymous credentials. As shown in fig. 2, the anonymous credential system does not reveal the exact value of the attribute, but rather allows the user to apply any mathematical function to the (original) attribute value in the conversion, allowing him to prove only that the attribute meets a certain condition without showing the attribute itself, the signature of the authority being converted into a new certificate where the signature cannot be associated with the original signature of the issuer. Thus, the verifier and/or authority cannot link different credential uses (i.e., unlinkability). Cryptographically, using anonymous credentials, a user is primarily convincing a verifier using zero knowledge proof of possession of a signature generated by the issuer on a statement containing a subset of attributes.
Anonymous identity system based on zero knowledge proof: in cryptography, zero-knowledge proof (zero-knowledgeproof) is a method by which the prover (the prover) can prove itself (the prover) to possess private data without exposing such data and any useful information, for which the verifier (the verifier) can effectively verify. In other words, the prover can trust that a certain assertion is correct without providing any useful information to the verifier. Zero knowledge proof is primarily faced with the challenge of proving possession of the information without revealing the information itself or any other information.
Referring to fig. 3, fig. 3 is a schematic diagram of an anonymous identity system based on zero knowledge proof. The anonymous identity system includes three roles: user (User), issuer (Issuer), verifier (Verifier). Wherein the user generates a certificate (proof) through the anonymous identity system, proving that the user knows a certain secret; the issuer verifies the user's attributes and then issues a certificate for the user. The verifier verifies the credentials (proof) of the user. As shown in FIG. 3, the user has a master key (Single Master Key: S U ) The user sends a certificate issuer (credential issuer: o (O) I ) Register anonymous identity N and obtain anonymous credential C (N, O) for a property I Attr). User signature to identity verifier O through zero knowledge proof V Proving that the user owns O I Endorsement attributes, all credentials are associated with the user's master key.
The zero knowledge proof process of the anonymous identity system is low in efficiency, and through testing, a user needs to take 3.4-3.9 seconds to complete the acquisition of the anonymous certificate (Get Cred), and 7.8-8.2 seconds to realize the presentation of the anonymous certificate (Show Cred), and as the security is improved, the modulus length in the zero knowledge proof algorithm is further increased, so that the efficiency is further reduced.
In view of this, the present application provides a communication method for enhancing privacy preserving capability in a communication process. The communication method of the application can be applied to a service discovery process in an extensible authentication protocol (extensible authentication protocol, EAP) to enhance the privacy protection capability of session keys generated by a first network device (which can be used as a user device) and a second network device (which can be used as a server) in the EAP process; alternatively, the method can be applied to encrypting transmission messages (such as a user private key) between two user devices (a first network device and a second network device in the application); or, the method can also be applied to other encrypted communication scenes, and is not limited herein. Referring to fig. 4, fig. 4 is a flow chart of a communication method according to an embodiment of the application, and as shown in fig. 4, the communication method according to the embodiment of the application includes:
101. the authority center generates a first credential for the first network device according to the first attribute corpus, the public key, and the identity of the first network device.
The authoritative center, as a trusted third party common to the first network device and the second network device, may be, for example, a public key infrastructure (public key infrastructure, PKI). The authority center can be an independent physical device or a distributed device cluster comprising a plurality of devices, and the application is not limited to the device form of the authority center. The authority center can generate a first certificate for the first network device, and because the first attribute subset and the first strategy of the first network device are adopted to encrypt the first message to obtain the first ciphertext, the second network device is used as a receiver of the ciphertext, and the first ciphertext can be decrypted only by acquiring the attribute key corresponding to the first attribute subset and the strategy key corresponding to the first strategy.
In the communication method of the application, a set of algorithm is provided, which is used for the authority center to generate the certificate, the attribute key and the strategy key, is used for encrypting the first message by the first network equipment to obtain the first ciphertext, and is also used for decrypting the first ciphertext by the second network equipment to obtain the first message and other scenes, and the algorithm is described below.
Authority center execution initialization Setup (1) λ ,1 n ): run group generator GGen generationWherein G is 1 ,G 2 ,G T Representation group e G 1 ×G 2 →G T Representing a bilinear pairing operation. Respectively generating groups G 1 Generation element G and group G of (a) 2 Is selected from the generator h of the random matrixRandom vector->The authority center initialization algorithm outputs a master key msk= (v, B, U) of the authority center 0 ,W 1 ,…,W n ) Master public key mpk= ([ a) of authority center] 1 ,[AU 0 ] 1 ,[AW 1 ] 1 ,…,[AW n ] 1 ,e([A] 1 ,[v] 2 )). Authoritative center selects hash function->Wherein->Is the key space of the symmetric encryption and decryption algorithm SEnc/SDec.
Further, authority center executesOutput pp= (G, h, n), where G, h are each G 1 ,G 2 N is a genus in the systemNumber of sexes. Authority center randomly selects random numbersCalculate W+.g x ,/>Private key sk= (x, { y) of output authority center i } i∈[0,n+1] ) And public key pk≡ (W, { X) i ,Y i } i∈[0,n+1] ,{Z i,j } 0≤i≠j≤n+1 ) And initializing the state as an empty setThe obtained public key pk of the authority center is used for generating a first credential for the first network device.
Next, a flow of generating the first credential by the authority center will be described.
In the application, the generation of the first certificate needs to use the public key of the first network device, and if the authority center generates the private keys for all users (the first network device), when the authority center is broken by a hacker, the private keys of all users are revealed. Thus, in the present application, the public key and the private key are generated by the first network device itself. Specifically, the user identifier (identity) of the first network device is a uid, and the first network device randomly generates a private key of the first network deviceCalculation upk 1 ←h usk ,upk 2 ←g usk The public key of the first network device is upk = (upk) 1 ,upk 2 ). After the first network device generates the public key, the public key is sent to the authoritative center for subsequent generation of the first credentials. And, the first network device generates a zero knowledge proof credential pi 1 ,π 1 The method is used for proving that the first network equipment has the private key corresponding to the public key, so that the private key is not required to be handed to an authoritative center for storage, and the risk of revealing the private key due to the fact that the authoritative center is broken by a hacker is reduced.
Specifically, the first network device generates a zero-knowledge proof credential pi 1 The way of (a) can be: first network device selects a random number Calculate->c←H(upk 1 ,upk 2 ,γ 1 ,γ 2 ),Return->The first network device generates zero knowledge proof pi 1 Thereafter, pi is 1 And the verification is carried out by the authority center. Authority center verifies zero knowledge proof evidence pi 1 The way of (a) can be: authoritative center input upk and zero knowledge proof pi 1 The verifier checks-> If the above equations are all satisfied, determining that the verification is passed, that is, determining that the first network device has the private key corresponding to the public key upk; otherwise, the verification is not passed.
In the process of generating the first certificate, the first network device also needs to send the first attribute corpus to the authority centerAnd an identification uid. Next, a first credential is generated by the authoritative center for the first network device based on the public and private keys of the authoritative center, the first corpus of attributes of the first network device, the public key, and the identity. Authoritative center randomly selects->Calculate σ1++hr, ++>The first certificate generated by the authority centre is then cred≡sigma 1 ,σ 2 ) And update status is +.>The authority center sends the first credential cred to the first network device, and the first network device calculates a verification equationIf the equation is true, the first network device determines that the first credential is verified, and can be stored and used.
The authority center may also generate the credentials for the second network device, and the manner of generating the credentials of the second network device is similar to the manner of generating the first credentials of the first network device described above, which is not described herein in detail.
102. The first network device generates a first signature from the first credential.
The first network device generates a first signature according to the first certificate, a second attribute subset, an identity, a private key of the first network device and the first message, wherein the second attribute subset is a subset of the first attribute full set, and the second attribute subset can be the same as the first attribute subset or different from the first attribute subset. Specifically, the first network device obtains a first credential (σ 1 ,σ 2 ) Aggregation of ordersThe first network device randomly selects the random parameter +.>Calculating a first random element according to the random parameters>And a second random elementCalculate the first credential (sigma 1 ,σ 2 ) Middle->And +.>Wherein (1)>For the second subset of attributes, n is the number of attributes in the first full set of attributes, G and h are common parameters in group G, +.>And Y i Is a random number obtained by performing a random operation based on g. The first network device generates a zero-knowledge proof credential pi for the first credential according to the identity identification uid, the private key of the first network device, the first credential and the first message 2 Whereby the generated first signature is +.>
Specifically, the first network device generates a zero-knowledge proof credential pi 2 The way of (a) can be: randomly selectCalculate-> And- >Obtaining zero knowledge proof certificatesCorrespondingly, the receiver (second network device) of the first ciphertext verifies the zero-knowledge proof credential pi 2 The way of (a) can be: the second network device obtains the first signature and the zero knowledge proof credential pi 2 The second network device checks whether the following equation holds: wherein->If the above equations are all true, determining that the verification is passed, i.e. the second network device can determine that the first signature is valid; otherwise, the verification is not passed.
In the application, when the first certificate is presented, the first certificate is revised by utilizing the revisable signature (redactable signature, RS), a new first signature is generated, a zero knowledge proof corresponding to the first signature is generated, and the second network equipment can verify the validity of the first signature in a verification stage. However, since the first signature generated by the first network device according to the first credential is combined with random operation, that is, the signatures generated by the first credential are different from each other, there is unlinkability, that is, the signatures cannot be presented according to different time instants are not linked to the same user (network device).
103. The first network device encrypts the first message according to the first attribute subset, the first policy and the first signature to obtain a first ciphertext.
The first network device selects a random vectorComputing secret sharing sharesSelecting K epsilon G T First ciphertext of first network device>Wherein, ct M =SEnc(H(K),(M,tok snd )),/> Wherein W is 0 =0,/> i∈[n],/>tok snd For the first signature, M is the first message and Xs is the first subset of attributes.
In conventional privacy service discovery schemes, only servers are allowed to specify authorization policies for clients, which cannot specify which server they want to connect to. This one-way policy control is unfair as it can present privacy risks to the client. The communication method of the application provides a privacy bidirectional policy, namely, under the scene that the first network equipment is used as a client and the second network equipment is used as a server, the first network equipment can realize that the client designates an authorization policy for the server by the encryption mode, so that both communication parties can designate fine-grained access policies for the other party.
The first ciphertext obtained by encrypting the first message is decrypted by the attribute key and the policy key by the receiver of the first ciphertext (the second network device). The attribute key of the second network device is generated by the authority center, and the policy key of the second network device is generated by the authority center according to the first policy, namely the first policy corresponds to the key policy. Specifically, the manner in which the authority center generates the attribute key may be: randomly selectOutput Attribute Key->Wherein dk 1 =[v+U 0 Br] 2 ,dk 2 =[Br] 2 ,
The manner in which the authoritative center generates the policy key may be:
randomly selectOutput policy key->dk j =[r j ] 2 ,dk i,j =[W i r j ] 2 . Wherein W is 0 =0,/>Representing the number of secret sharing shares. For ρ r (j) =0, formula [ n ]]\{ρ r (j)}=[n]This is true.
The attribute key and the policy key generated by the authority center are transmitted to a receiver (second network device) of the first ciphertext so that the second network device decrypts the first ciphertext.
104. The first network device sends a first ciphertext to the second network device.
After receiving the first ciphertext, the second network device decrypts the first ciphertext according to the attribute key and the policy key. The manner in which the second network device decrypts the first ciphertext may be: calculating omega j ,μ j So that the formula (VI)Establishment, calculation: />
Wherein,wherein,and dk i,j Dk as policy key corresponding to the first policy of the second network device 1 Dk2 and dk3 are attribute keys of the second network device, and the value of K' calculated by the second network device should be the same as the value of K selected when the first network device generates ciphertext. Decryption side calculation (M, tok snd )=SDec(H(K),ct),tok snd For the first signature, M is the first message and ct is the first ciphertext.
In the application, the sender (first network device) of the message encrypts the message based on the attribute and the strategy to obtain the ciphertext, so that the receiver (second network device) of the message can decrypt the ciphertext to obtain the message only by having the corresponding attribute key and the strategy key, thereby enhancing the communication safety. On the other hand, since the attribute presented by the sender of the message in the text is only an attribute of a part of the sender, the risk of attribute leakage of the sender is reduced, and privacy protection capability is enhanced.
Further, based on the encryption algorithm and the decryption algorithm, when the second network device successfully decrypts the first ciphertext to obtain the first message, bidirectional authentication can be achieved, that is, on one hand, the second network device can be determined to have a legal identity for communication with the first network device, and on the other hand, the first network device can be determined to have a legal identity for communication with the second network device.
In some of the possible embodiments of the present application,if the first message of the first network device is detected to have malicious abnormal behaviors, the authority center determines the identity according to the first message, the second attribute subset, the first signature and the master key msk of the authority center, namely, the first network device is reversely traced back according to the first signature in the first secret, so that a user with the malicious abnormal behaviors can be searched. The manner in which the authority center reversely traces the first network device according to the first certificate may be: if the first signature Verify (tok, m) →0 is verified, the algorithm returns t, indicating that the authentication token is invalid, where tok is the first signature and m is the first message decrypted from the first ciphertext. Otherwise, if there is a tuple cred is the first credential and, the condition is satisfied: (1) and (2)>Is->Is a subset of (a); (2) equation(s)Is true, wherein->The tracking algorithm recovers the user identity identification uid of the first ciphertext, thereby improving the safety in the communication process.
In order to facilitate understanding, the following description will take a first network device as a client (client) and a second network device as a server (server) as an example, where the communication method of the present application is applied to a service discovery protocol as an example.
Referring to fig. 5, fig. 5 is a schematic diagram of a communication method applied to a service discovery protocol according to the present application. As shown in fig. 5, each service broadcast event is associated with a unique broadcast identifier bid; each session has a unique session identifier sid. A Message Authentication Code (MAC) scheme includes an algorithm Is a hash function where K represents the key space of the session key. The communication method of the present application is used to generate an anonymous credential (first credential), an attribute key, and a policy key in the example, and distribute them to a server (S) and a client (C). />
The flow of the service discovery protocol in this example is described below.
1. And a service broadcasting stage.
S run group generator GGen generates group G 1 ,G 2 ,G T Selecting group G 1 Generation element G and group G of (a) 2 Is a generator h. Let n denote the number of attributes in the system. Selecting a Diffie-Hellman (DH) keyCalculate Z≡h z ∈G 2 . S generates broadcast message MSG B ={bid||Z||Service Type ||Service Par Broadcast type Service is described Type And broadcast parameter Service Par Where bid is the server identifier. In order to guarantee the privacy of the service, S uses the first credential distributed by the attribute, policy and authority center according to the communication method shown in FIG. 4 ∈>Encrypted broadcast message MSG B Obtain broadcast ciphertext CT B Then (bid, CT B ) Broadcast over a public network. From the above, broadcast type Service Type And broadcast parameter Service Par Will broadcast in the same way as ciphertext, and for the receiver of ciphertext, only after decrypting the ciphertext will the broadcast type Service be known Type And broadcast parameter Service Par Thus, only clients attempting to discover the broadcast are detected at a time that ensures theseAfter the client has access qualification, the service information (broadcast type and broadcast parameters) in the broadcast can be displayed, so that the privacy protection capability of the server is improved.
2. And a bidirectional authentication stage.
To discover the broadcast of the server, client C attempts to use its attribute key and policy key Decrypting CT B : if the decryption fails, the fact that C does not meet the authentication policy of the server is meant; otherwise, the C can decrypt the information such as the service type, the parameters and the like of the S broadcast.
Decrypting ciphertext CT at C B Thereafter, to establish a session between C and S, a single round of two-way authentication protocol is performed to establish the session key SSK c,s . The following describes the bidirectional authentication flow:
c selecting DH random numberCalculate->C generating MAC key K c . C using key K c Calculating message M by performing a MAC algorithm c =("C→S",bid,sid,X 1 ,X 2 Z), wherein 'C-S' indicates that the sending direction of the message is from the client to the server, and the sid identifies the current session identification. Let->Representing the subset of properties presented to S by C to satisfy +.>C use of cred c ,/>Policy f c (C requires the policy that S satisfies), by the encryption algorithm in step 103 shown in FIG. 4Secret keyThen output ciphertext->Wherein the authentication token tok c By calculating cred c And M c Is obtained. Then, C will->And sending to S.
S receives the data from CS decrypts ++by executing the decryption algorithm in step 104 shown in FIG. 4>Obtaining a message MSG c . S first checks sigma through MAC authentication algorithm c Is effective in the following. If sigma c Is effective, S generates a MAC key K s Calculating message M by performing a MAC algorithm s =("S→C",bid,sid,X 1 ,X 2 Y, Z), where "s→c" means that the direction of message delivery is server-side to client-side. Let->Representing the subset of attributes presented to C by S to satisfy +.>S performs the encryption algorithm in step 103 shown in FIG. 4, encrypting the messageAnd outputs ciphertext->Wherein the authentication token tok s By calculating cred s And M s Zero knowledge signature acquisition of (a)(see the manner in which the first signature is generated at step 102 of fig. 4). S will then->And C is sent. S calculates a session key using secret values y and z
C after receiving the S message, C decryptsObtaining MSG s . C checking sigma through MAC authentication algorithm s If sigma s Is valid, C uses the secret value (X1, X2) to calculate the session keyBecause of->And is also provided withThus C and S can calculate the same session key SSK c,s 。
3. Malicious user tracking stage.
In the event of anomalies or attack, the authority center can authenticate the token tok from an anonymous but trackable identity c /tok s The true identity of the client or server is recovered (see step 104 of fig. 4).
In order to better implement the above-mentioned scheme of the embodiment of the present application based on the embodiment corresponding to fig. 5, the following provides a related device for implementing the above-mentioned scheme. Specifically, referring to fig. 6, fig. 6 is a schematic structural diagram of a communication device according to an embodiment of the present application, where the communication device includes:
The processing unit 201 generates a first signature according to a first credential, the first credential being generated by an authority center according to a first property corpus of a first network device, a public key and an identity;
the processing unit 201 is further configured to encrypt the first message according to a first attribute subset, a first policy and a first signature, to obtain a first ciphertext, where the first attribute subset is a subset of the first attribute corpus, and the first policy is a policy that needs to be met by the second network device;
the transceiver unit 202 is configured to send the first ciphertext to the second network device.
In one possible design, the processing unit 201 is specifically configured to:
a first signature is generated from the first credential, a second subset of attributes, the identity, a private key of the first network device, and the first message, the second subset of attributes being a subset of the first corpus of attributes.
In one possible design, the processing unit 201 is specifically configured to:
generating random parameters;
generating a first random element and a second random element according to the random parameters;
generating a zero knowledge proof credential for the first credential according to the identity, the private key of the first network device and the first message;
a first signature is generated from the first random element, the second random element, the first credential, and the zero-knowledge proof credential.
In one possible design, the first signature is further used by the authority to determine the identity from the first message, the second subset of attributes, and the first signature.
In one possible design, the processing unit 201 is specifically configured to:
generating a random vector;
the first network device calculating a secret sharing share according to a first policy;
the first network device encrypts a first message according to the random vector, the secret sharing share, the first attribute subset, the first policy and the first signature to obtain a first ciphertext.
In one possible design, the first ciphertext is used by the second network device to decrypt the first message via the attribute key and the policy key, where the attribute key is generated by the authority center and the policy key is generated by the authority center according to the first policy.
In one possible design, a first ciphertext is used for the second network device to decrypt the first ciphertext according to the first signature, a policy key corresponding to the first policy, and an attribute key corresponding to the first attribute corpus, where the attribute key is generated by the authority center, and the policy key is generated by the authority center according to the first policy. Specifically, the second network device decodes the data by decrypting the equation (M, tok snd ) After SDec (H (K'), ct) a first message is obtained, M is the first message, ct is the ciphertext,tok snd is a first signature, wherein->And dk i,j For the policy key corresponding to the first policy, dk 1 Dk2 and dk3 are attribute keys corresponding to the first attribute corpus, ++> ω j Sum mu j By calculation ofThe obtained product.
In one possible design, the public key and the private key of the first network device are generated by the first network device.
The content of information interaction and execution process between each module/unit in the communication device, which is based on the same concept as the method embodiment corresponding to fig. 4 in the present application, and specific content can be referred to the description in the foregoing method embodiment of the present application, which is not repeated here.
Referring to fig. 7, fig. 7 is another schematic structural diagram of a communication device provided in the embodiment of the present application, where the communication device 300 may be disposed with the communication device described in the corresponding embodiment of fig. 6, for implementing the function of the first network device in the corresponding embodiment of fig. 4, specifically, the communication device 300 is implemented by one or more servers, where the communication device 300 may be relatively different due to different configurations or performances, and may include one or more central processing units (central processing units, CPU) 322 (for example, one or more processors) and a memory 332, and one or more storage media 330 (for example, one or more mass storage devices) storing application programs 342 or data 344. Wherein the memory 332 and the storage medium 330 may be transitory or persistent. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instruction operations in the communication device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 and execute a series of instruction operations in the storage medium 330 on the communication device 300.
The communication device 300 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input/output interfaces 358, and/or one or more operating systems 341, such as Windows Server TM ,Mac OS X TM ,Unix TM ,Linux TM ,FreeBSD TM Etc.
It should be noted that, content such as information interaction and execution process between each module/unit in the communication device, the method embodiment corresponding to fig. 4 in the present application is based on the same concept, and specific content may be referred to the description in the foregoing method embodiment of the present application, which is not repeated herein.
Embodiments of the present application also provide a computer program product comprising steps for causing a computer to perform the steps of the method described in the embodiment of fig. 4 as performed by the first network device when the computer program product is run on the computer.
In an embodiment of the present application, there is further provided a computer-readable storage medium having stored therein a program for performing signal processing, which when run on a computer causes the computer to perform the steps performed by the first network device in the method described in the embodiment shown in fig. 4.
The image processing device provided by the embodiment of the application can be a chip, and the chip comprises: a processing unit, which may be, for example, a processor, and a communication unit, which may be, for example, an input/output interface, pins or circuitry, etc. The processing unit may execute the computer-executable instructions stored in the storage unit to cause the chip to perform the method described in the embodiment shown in fig. 4. Optionally, the storage unit is a storage unit in the chip, such as a register, a cache, etc., and the storage unit may also be a storage unit in the wireless access device side located outside the chip, such as a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a random access memory (random access memory, RAM), etc.
It should be further noted that the above described embodiments of the apparatus are only schematic, where the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the application, the connection relation between the modules represents that the modules have communication connection, and can be specifically implemented as one or more communication buses or signal lines.
From the above description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented by means of software plus necessary general purpose hardware, or of course by means of special purpose hardware including application specific integrated circuits, special purpose CPUs, special purpose memories, special purpose components, etc. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions can be varied, such as analog circuits, digital circuits, or dedicated circuits. However, a software program implementation is a preferred embodiment for many more of the cases of the present application. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk or an optical disk of a computer, etc., comprising several instructions for causing a computer device (which may be a personal computer, a training device, a network device, etc.) to perform the method according to the embodiments of the present application.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, training device, or data center to another website, computer, training device, or data center via a wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a training device, a data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Claims (19)
1. A method of communication, comprising:
the method comprises the steps that first network equipment generates a first signature according to a first certificate, wherein the first certificate is generated by an authority center according to a first attribute corpus, a public key and an identity of the first network equipment;
the first network device encrypts a first message according to a first attribute subset, a first strategy and the first signature to obtain a first ciphertext, wherein the first attribute subset is a subset of the first attribute subset, and the first strategy is a strategy which needs to be met by the second network device;
the first network device sends the first ciphertext to the second network device.
2. The method of claim 1, wherein the first network device generating a first signature from the first credential comprises:
the first network device generates a first signature from a first credential, a second subset of attributes, the identity, a private key of the first network device, and the first message, the second subset of attributes being a subset of the first corpus of attributes.
3. The method of claim 1, wherein the first network device generating a first signature from a first credential, a second subset of attributes, the identity, a private key of the first network device, and the first message comprises:
The first network device generates random parameters;
the first network device generates a first random element and a second random element according to the random parameter;
the first network device generates a zero-knowledge proof credential for a first credential according to the identity, the private key of the first network device and the first message;
the first network device generates a first signature from the first random element, the second random element, the first credential, and the zero-knowledge proof credential.
4. A method according to claim 3, wherein the first signature is further used by the authority to determine the identity from the first message, the second subset of attributes and the first signature.
5. The method of any of claims 1-4, wherein the first network device encrypts the first message according to the first subset of attributes, the first policy, and the first signature to obtain a first ciphertext, comprising:
the first network device generates a random vector;
the first network device calculating a secret sharing share according to a first policy;
the first network device encrypts a first message according to the random vector, the secret sharing share, the first attribute subset, the first policy and the first signature to obtain a first ciphertext.
6. The method according to any one of claims 1 to 5, wherein the first ciphertext is used by the second network device to decrypt the first ciphertext according to the first signature, a policy key corresponding to the first policy, and an attribute key corresponding to the first attribute corpus, and obtain the first message, wherein the attribute key is generated by the authority center, and the policy key is generated by the authority center according to the first policy.
7. The method of claim 6, wherein the method further comprises:
and responding to the second network equipment to obtain the first message according to the first ciphertext, and authenticating the first network equipment to be legal by the second network equipment.
8. The method of any of claims 1 to 7, wherein the public key and the private key of the first network device are generated by the first network device.
9. A communication device for use as a first network device, comprising:
the processing unit generates a first signature according to a first credential generated by an authority center according to a first attribute corpus, a public key and an identity of the first network device;
The processing unit is further configured to encrypt a first message according to a first attribute subset, a first policy and the first signature to obtain a first ciphertext, where the first attribute subset is a subset of the first attribute subset, and the first policy is a policy that needs to be met by the second network device;
and the receiving and transmitting unit is used for transmitting the first ciphertext to the second network equipment.
10. The communication device according to claim 9, characterized in that the processing unit is specifically configured to:
generating a first signature according to a first credential, a second subset of attributes, the identity, a private key of the first network device and the first message, the second subset of attributes being a subset of the first full set of attributes.
11. The communication device according to claim 9, characterized in that the processing unit is specifically configured to:
generating random parameters;
generating a first random element and a second random element according to the random parameters;
generating a zero knowledge proof credential for the first credential according to the identity, the private key of the first network device and the first message;
a first signature is generated from the first random element, the second random element, the first credential, and the zero-knowledge proof credential.
12. The communication device of claim 11, wherein the first signature is further for the authority to determine the identity based on the first message, the second subset of attributes, and the first signature.
13. The communication device according to any of the claims 9 to 12, characterized in that the processing unit is specifically configured to:
generating a random vector;
calculating a secret sharing share according to a first policy;
and encrypting the first message according to the random vector, the secret sharing share, the first attribute subset, the first strategy and the first signature to obtain a first ciphertext.
14. The communication device of claim 13, wherein the first ciphertext is used by the second network device to decrypt the first ciphertext to obtain the first message according to the first signature, a policy key corresponding to the first policy, and an attribute key corresponding to the first aggregate of attributes, wherein the attribute key is generated by the authority center and the policy key is generated by the authority center according to the first policy.
15. The communication device of any of claims 9 to 14, wherein the public and private keys of the first network device are generated by the first network device.
16. A computer device comprising a processor,
the processor for executing a computer program to cause the computer device to perform the method of any of claims 1 to 8.
17. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 8.
18. A computer program product comprising a computer program which, when executed by a computer, implements the method of any one of claims 1 to 8.
19. A chip system comprising at least one processor, wherein program instructions, when executed in the at least one processor, cause the chip system to perform the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468992.5A CN117014868A (en) | 2022-04-29 | 2022-04-29 | Communication method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468992.5A CN117014868A (en) | 2022-04-29 | 2022-04-29 | Communication method and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117014868A true CN117014868A (en) | 2023-11-07 |
Family
ID=88571456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210468992.5A Pending CN117014868A (en) | 2022-04-29 | 2022-04-29 | Communication method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117014868A (en) |
-
2022
- 2022-04-29 CN CN202210468992.5A patent/CN117014868A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108565B2 (en) | Secure communications providing forward secrecy | |
| CN107948189B (en) | Asymmetric password identity authentication method and device, computer equipment and storage medium | |
| CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
| US20170244687A1 (en) | Techniques for confidential delivery of random data over a network | |
| JP2019533384A (en) | Data transmission method, apparatus and system | |
| CN111600875B (en) | Anonymous data sharing method and system based on data source and data master hiding | |
| US20160294553A1 (en) | Information delivery system | |
| CN106790261B (en) | Distributed file system and method for authenticating communication between its interior joint | |
| US11870891B2 (en) | Certificateless public key encryption using pairings | |
| CN110677240A (en) | Method and device for providing high-availability computing service through certificate issuing | |
| CN104641592A (en) | Method and system for a certificate-less authentication encryption (CLAE) | |
| JP2008250931A (en) | System for restoring distributed information, information utilizing device, and verification device | |
| CN111953479B (en) | Data processing method and device | |
| US20230188325A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| WO2024031868A1 (en) | Attribute encryption-based device security authentication method and related apparatus thereof | |
| US11528127B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| Leung et al. | Ninja: Non identity based, privacy preserving authentication for ubiquitous environments | |
| CN111656728B (en) | Device, system and method for secure data communication | |
| CN111756722B (en) | Multi-authorization attribute-based encryption method and system without key escrow | |
| Daddala et al. | Design and implementation of a customized encryption algorithm for authentication and secure communication between devices | |
| JP2016220062A (en) | Communication device, server, signature verification commission system, and signature verification commission method | |
| CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
| JP2005175992A (en) | Certificate distribution system and certificate distribution method | |
| CN113918971A (en) | Block chain based message transmission method, device, equipment and readable storage medium | |
| CN117014868A (en) | Communication method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |