KR101601173B1 - Method and server for revocable identity-based signature - Google Patents

Abstract

The present invention discloses a method for a revocable identity-based signature. The method includes the following steps: (a) a server generates a revocation list (RL), a public constant (PP), and a master key (MSK); (b) the server generates a personal key (SK_ID) of a first terminal and transmits the personal key (SK_ID) to the first terminal; (c) the server generates a update key (UK_T,RL) and transmits the update key (UK_T,RL) to the first terminal; and (d) the first terminal generates a signature key (SSK_ID,T); and (e) the first terminal generates a signature (σ_RIBS).

Description

[0001] METHOD AND SERVER FOR REVOCABLE IDENTITY-BASED SIGNATURE [0002]

An embodiment according to the concept of the present invention relates to a discardable ID-based signature method, and more particularly, to an ID-based signature method and server capable of periodically generating an update key to revoke a key of a user.

An Identity-based Signature (IBS) is signed with the same key continuously after the user is first registered. Therefore, there is a need for a way to discard this key so that it can no longer be signed if the contract expires or the key is exposed during use. An IBS with this method is called a revocable ID-based signature. In order to transform an ID-based signature into a revocable ID-based signature, a process of continuously updating the key with respect to the non-revoked user is required, and an update key is used in this process. However, if an update key generation process is simply added to an existing ID-based signature, an update key for each of the non-revoked users must be generated. Accordingly, an update key of a size proportional to the number of revoked users is required, which is very inefficient . Accordingly, the present invention proposes a new scheme for designing an ID-based signature capable of efficiently discarding the size of an update key using an existing ID-based signature.

SUMMARY OF THE INVENTION It is an object of the present invention to provide an ID-based signature method and server capable of key revocation of a user.

)와 사용자의 집합(

)을 이용하여 폐기 목록(

), 공개 상수(

), 및 마스터키(

)를 생성하는 단계, (b) 상기 서버가 상기 마스터키(

)와 제1 단말기의 ID를 이용하여 상기 제1 단말기의 개인키(

)를 생성하고, 상기 개인키(

)를 상기 제1 단말기로 송신하는 단계, (c) 상기 서버가 상기 마스터키(

), 시간(

), 및 상기 폐기 목록(

)을 이용하여 업데이트키(

)를 생성하고, 상기 업데이트키(

)를 상기 제1 단말기로 송신하는 단계, (d) 상기 제1 단말기가 상기 업데이트키(

)와 상기 개인키(

)를 이용하여 상기 제1 단말기의 서명키(

)를 생성하는 단계, 및 (e) 상기 제1 단말기가 상기 서명키(

)를 이용하여 서명(

)을 생성하는 단계를 포함한다.A disposable ID-based signature method in accordance with an embodiment of the present invention includes the steps of: (a)

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

(B) when the server receives the master key

) Of the first terminal and the ID of the first terminal

), And the private key (

To the first terminal, (c) transmitting the master key

), time(

), And the revocation list (

) To update key (

), And the update key

) To the first terminal, (d) transmitting, by the first terminal,

) And the private key (

The signature key of the first terminal

); And (e) transmitting, by the first terminal,

) To sign (

). ≪ / RTI >

)와 사용자의 집합(

)을 이용하여 폐기 목록(

), 공개 상수(

), 및 마스터키(

)를 생성하는 단계, (b) 상기 마스터키(

)와 제1 단말기의 ID를 이용하여 상기 제1 단말기의 개인키(

)를 생성하고, 상기 개인키(

)를 상기 제1 단말기로 송신하는 단계, 및 (c) 상기 마스터키(

), 시간(

), 및 상기 폐기 목록(

)을 이용하여 업데이트키(

)를 생성하고, 상기 업데이트키(

)를 상기 제1 단말기로 송신하는 단계를 포함한다.In accordance with another embodiment of the present invention, a revocable ID-based signature scheme is implemented on a server, comprising: (a) a security constant

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

(B) generating the master key

) Of the first terminal and the ID of the first terminal

), And the private key (

) To the first terminal, and (c) transmitting the master key

), time(

), And the revocation list (

) To update key (

), And the update key

) To the first terminal.

)와 사용자의 집합(

)을 이용하여 폐기 목록(

), 공개 상수(

), 및 마스터키(

)를 생성하는 셋업 모듈, 상기 마스터키(

)와 제1 단말기의 ID를 이용하여 상기 제1 단말기의 개인키(

)를 생성하고, 상기 개인키(

)를 상기 제1 단말기로 송신하는 개인키 생성 모듈, 및 상기 마스터키(

), 시간(

), 및 상기 폐기 목록(

)을 이용하여 업데이트키(

)를 생성하고, 상기 업데이트키(

)를 상기 제1 단말기로 송신하는 업데이트키 생성 모듈을 포함한다.The disposable ID-based signature server according to an embodiment of the present invention includes a security constant (

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

A setup module for generating a master key,

) Of the first terminal and the ID of the first terminal

), And the private key (

) To the first terminal, and a master key generation module

), time(

), And the revocation list (

) To update key (

), And the update key

) To the first terminal.

The disposable ID-based signature method and server according to the embodiment of the present invention can easily design an ID-based signature scheme that can be discarded using the existing ID-based signature scheme.

In addition, since the length of the update key and the length of the signature key are short, an efficient technique can be designed.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
Figure 1 illustrates a discardable ID based signature system in accordance with an embodiment of the present invention.
2 is a functional block diagram of the server shown in FIG.
3 is a functional block diagram of the first terminal shown in FIG.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

Before going into a specific description of the present invention, the theory used in the present invention will be described as follows.

Identity-based cryptography is a kind of public-key cryptography. The existing public key cryptosystem uses a public key infrastructure (PKI) to identify the owner of the public key. ID - based cryptography has been proposed as an alternative to PKI. ID-based cryptography is a concept first introduced by Shamir in 1984, and is a cryptographic technique that uses information (Identity; ID) that identifies a user such as an e-mail address and a telephone number as a public key. Using the user's ID as a public key eliminates the need for a public certificate to solve the problem of managing the PKI.

However, the ID-based cryptosystem has a problem of key escrow (key escrow) and efficient user abandonment, and so much research is being conducted.

Identity-based Signature is an example of ID-based cryptography that uses a user's ID, such as an e-mail address, IP address, or telephone number, as a verification key for signatures. The signer obtains a signature key corresponding to its ID from a private key distribution authority (PKG), and generates a signature using the signature key. Unlike the signature scheme of the PKI structure, the ID-based signature has the advantage that no certificate is required to verify the signature on the message. The ID-based signature consists of four algorithms: Setup _IBS , KeyGen _IBS , Sign _IBS , and Verify _IBS . The description of each algorithm is as follows.

)을 입력으로 받고, 공개 상수(

)와 마스터키(

)를 출력한다. Setup_IBS 알고리즘은 다음과 같이 표현될 수 있다.Setup The _IBS algorithm (set-up algorithm) consists of a set of security constants (1 ^λ )

) As input, and an open constant (

) And the master key (

). The Setup _IBS algorithm can be expressed as:

)와

를 입력으로 받고,

에 대한 서명키(

)를 출력한다. KeyGen_IBS 알고리즘은 다음과 같이 표현될 수 있다.The KeyGen _IBS algorithm (key generation algorithm)

)Wow

As input,

Signing key for (

). The KeyGen _IBS algorithm can be expressed as:

),

, 및 서명키(

)를 입력으로 받고, 서명(σ)을 출력한다. Sign_IBS 알고리즘은 다음과 같이 표현될 수 있다. The Sign _IBS algorithm (signature algorithm)

),

, And a signature key (

) As an input, and outputs a signature sigma. The Sign _IBS algorithm can be expressed as:

),

, 서명(σ), 공개 상수(

)를 입력으로 받고, 이를 검증한다. Verify_IBS 알고리즘은 다음과 같이 표현될 수 있다.Verify The _IBS algorithm (verification algorithm)

),

, Signature (σ), and public constant (

) As input, and verifies this. The Verify _IBS algorithm can be expressed as:

Multi-signature is a technique whereby multiple signers sign on the same message. In the conventional signature scheme, when n signers sign one identical message, n signatures are generated. However, if n signers sign multiple identical messages using multiple signatures, you can reduce the length of the signature by creating a single signature. This technique can be useful for power-hungry long-distance wireless communication in a power-limited environment.

Identity-based multi-signature is an extension of ID-based signature scheme. It is a signature scheme that combines the advantages of ID-based signature scheme and the advantages of multi-signature scheme. The ID-based multi-signature consists of four algorithms such as Setup _MS , KeyGen _MS , Sign _MS , and Verify _MS . The description of each algorithm is as follows.

)을 입력으로 받고, 공개 상수(

)와 마스터키(

)를 출력한다. Setup_MS 알고리즘은 다음과 같이 표현될 수 있다.Setup The _MS algorithm (set-up algorithm) consists of a security constant (1 ^λ ) and a set of users

) As input, and an open constant (

) And the master key (

). The Setup _MS algorithm can be expressed as:

)와

를 입력으로 받고,

에 대한 서명키(

)를 출력한다. KeyGen_MS 알고리즘은 다음과 같이 표현될 수 있다.The KeyGen _MS algorithm (key generation algorithm)

)Wow

As input,

Signing key for (

). The KeyGen _MS algorithm can be expressed as:

)와 서명할

의 집합(

), 집합(

)에 포함된 사용자의 서명키(

)를 입력으로 받고, 집합(

)에 포함된 사용자들 각각의 서명키로 생성된 서명(σ)을 출력한다. Sign_MS 알고리즘은 다음과 같이 표현될 수 있다. The Sign _MS algorithm (signature algorithm)

) And sign

Set of

), Set (

) Of the user's signature key (

) As input, and sets (

) Generated by the signature key of each of the users included in the signature key. The Sign _MS algorithm can be expressed as:

), 서명한

의 집합(

), 메시지(

)을 입력으로 받고, 이 서명이 집합(

)의 모든

로 서명되었는지 여부를 검증한다. Verify_MS 알고리즘은 다음과 같이 표현될 수 있다.The Verify _MS algorithm (verification algorithm) uses the signature () and the disclosure constant (

), Signed

Set of

), message(

) As input, and this signature is set (

All of

≪ / RTI > The Verify _MS algorithm can be expressed as:

Revocable Identity-based Signature is a signature scheme that provides an efficient revocation mechanism for users whose contract term has expired or whose private key has been expired in identity-based signatures. The disposable ID-based signatures consist of seven algorithms such as Setup, PriKeyGen, UpKeyGen, DeriveKey, Sign, Verify, and Revoke.

)을 입력으로 받고, 폐기 목록(revocation list; RL), 공개 상수(public parameter; PP), 및 마스터키(

)를 출력한다. 셋업 알고리즘 단계에서 출력된 폐기 목록(

)은 비어있을 수 있다. 즉, 폐기 목록(

)은 공집합일 수 있다. Setup 알고리즘은 다음과 같이 표현될 수 있다.Setup algorithm (set-up algorithm) consists of a security constant (1 ^λ ) and a set of users

), Receives a revocation list (RL), a public parameter (PP), and a master key

). The discard list output from the setup algorithm step (

) May be empty. That is,

) May be an empty set. Setup algorithm can be expressed as follows.

)와

를 입력으로 받고,

에 대한 개인키(

)를 출력한다. PriKeyGen 알고리즘은 다음과 같이 표현될 수 있다.The PriKeyGen algorithm (the private key generation algorithm)

)Wow

As input,

Private key for

). The PriKeyGen algorithm can be expressed as:

), 시간(

), 폐기 목록(

)을 입력으로 받고, 시간(

)과 폐기 목록(

)에 대한 업데이트키(

)를 출력한다. UpKeyGen 알고리즘은 다음과 같이 표현될 수 있다.The UpKeyGen algorithm (Update Key Generation Algorithm)

), time(

), Revocation list (

) As input, and time (

) And a revocation list (

Update key (

). The UpKeyGen algorithm can be expressed as:

)와 개인키(

)를 입력으로 받고,

와 시간(

)에 대한 서명키(

)를 출력한다. DeriveKey 알고리즘은 다음과 같이 표현될 수 있다.The DeriveKey algorithm (signature key generation algorithm)

) And private key (

) As an input,

And time (

) For the signing key (

). The DeriveKey algorithm can be expressed as:

, 서명키(

), 및 메시지(

)를 입력으로 받고,

,시간(

), 및 메시지(

)에 대한 서명(

)을 출력한다. Sign 알고리즘은 다음과 같이 표현될 수 있다.The Sign algorithm (signature algorithm)

, A signature key (

), And a message

) As an input,

,time(

), And a message

Signature for (

). Sign algorithm can be expressed as follows.

),

, 및 시간(

)을 입력으로 받고, 서명(σ)을 검증한다. Verify 알고리즘은 다음과 같이 표현될 수 있다.The Verify algorithm (verification algorithm) is a signature (sigma), a message

),

, And time (

) As an input, and verifies the signature (). The Verify algorithm can be expressed as follows.

, 시간(

), 및 기존의 폐기 목록(

)을 입력으로 받고, 새로운 폐기 목록(

)을 출력한다. 즉, Revoke 알고리름은 폐기 목록을 업데이트할 수 있다. Revoke 알고리즘은 다음과 같이 표현될 수 있다.The Revoke algorithm (discard algorithm) is discarded

, time(

), And an existing revocation list (

) As input, and a new revocation list (

). That is, the Revoke algorithm can update the revocation list. The Revoke algorithm can be expressed as:

The present invention proposes a method of designing an ID-based signature scheme that can be efficiently discarded by using an existing ID-based signature scheme. When an ID-based signature scheme is designed to be discardable by simply adding an update key generation process to an existing ID-based signature, update keys for all IDs that have not been revoked must be generated. Therefore, the update key size is inefficient . In order to solve this problem, it is necessary to generate the same update key for all users who have not been revoked. At this time, the update key is used to authenticate that the ID has not been revoked at the time T, so the signature technique is applied to the authentication key. In other words, we want to use the ID-based multi-signature scheme in this process because the key generating authority (PKG) signs the user's key and also has to sign all keys.

Since the ID-based multi-signature scheme generates a signature of a certain size even if multiple signatures are repeated for one message, an update key of a certain size can be obtained by applying the ID-based multi-signature scheme to the update key generation process. However, if the signature key is generated by simply applying this technique to the update key generation process, a signature of all the private keys of all the IDs is included, so that a private key of all IDs is required to verify this signature. Therefore, in the process of generating a signature key after using a signature for all IDs that have not been revoked as an update key, it is necessary to change the signature key to a specific ID again.

That is, in addition to the original ID-based multi-signature process that has undergone the four steps of Setup, KeyGen, Sign, and Verify, in addition to the update keys for all non-revoked users, You can solve this problem by adding a ReduSet algorithm (signature deformation algorithm).

)의 모든

에 대한 서명을 입력으로 받고, 특정

에 대한 서명으로 변형하여 출력하는 알고리즘이다. ReduSet 알고리즘은 다음과 같이 표현될 수 있다.ReduSet algorithm is a set (

All of

As a signature for input,

And outputs the modified signature. The ReduSet algorithm can be expressed as:

Therefore, in the present invention, a total of nine steps including four steps of Setup, KeyGen, Sign, and Verify of the existing ID-based signature, four steps of Setup, KeyGen, Sign, and Verify of the ID-based multiple signature, Based signature using the existing ID - based multi - signature scheme.

The concrete steps included in the disposable ID-based signature method proposed by the present invention are as follows.

)1. Setup step (

)

)을 입력으로 받고, 사용자의 집합(

)에 포함되지 않은, 즉 집합(

)의 원소가 아닌 임의의 아이디(

)를 선택한다.(1) First, the security constant (1 ^λ ) and the set of users

) As input, and the set of users (

), That is, the set (

) ≪ / RTI >

).

)과 ID 기반 서명의 셋업 알고리즘(

)을 수행한다.(2) Next, an ID-based multi-signature setup algorithm

) And an ID-based signature set-up algorithm (

).

)을 수행하고, ID 기반 다중 서명의 키생성 알고리즘(

)을 수행하여

에 대한 개인키를 생성한다.(3) Next, a key generation algorithm of ID-based multiple signature

), And the key generation algorithm of ID-based multiple signature (

)

Lt; / RTI >

)을 생성한다.(4) Finally, an empty set, the revocation list (

).

), 공개 상수(

), 마스터키(

)를 출력한다.Using the output or generated values,

), Open constant (

), A master key (

).

)2. Private key generation step (

)

)와

를 입력으로 받고, ID 기반 서명의 키생성 알고리즘(

)을 수행하여, 개인키(

)를 출력한다.The master key (

)Wow

And the key generation algorithm of the ID-based signature (

), And the private key (

).

)3. Update key generation step (

)

), 시간(

), 및 폐기 목록(

)을 입력으로 받고, 전체 사용자의 집합(

)을 이용하여 폐기되지 않은 사용자의 집합(

)을 생성한 후, ID 기반 다중 서명의 서명 알고리즘(

)을 수행하여, 업데이트키(

)를 출력한다.Master key (

), time(

), And a revocation list (

) As inputs, and a set of all users

) To determine the set of non-obsolete users

), And then generates an ID-based multi-signature signature algorithm (

), And the update key (

).

)4. Signing key generation step (

)

)와 개인키(

)를 입력으로 받고, 서명변환 알고리즘(

)을 수행하여 서명키(

)를 출력한다.Update key (

) And private key (

) As input, and a signature conversion algorithm (

) To generate a signature key (

).

)5. Sign step (

)

, 서명키(

), 및 메시지(

)을 입력으로 받고, ID 기반 서명의 서명 알고리즘(

)을 수행하여, 서명(

)을 출력한다.

, A signature key (

), And a message

) As input, and the signature algorithm of the ID-based signature (

), And the signature (

).

)6. Verification step (

)

), 메시지(

), 공개 상수(

),

, 시간(

)을 입력으로 받고, ID 기반 다중 서명의 검증 알고리즘(

)과 ID 기반 서명의 검증 알고리즘(

)을 수행한다. 즉, 검증 알고리즘(

)을 수행함으로써,

가 시간(

)에서 폐기되지 않은 ID 인지 여부가 검증되고, 검증 알고리즘(

)을 수행함으로써, 메시지(

)가 ID로 서명된 것인지 검증될 수 있다. 이때, 두 개의 알고리즘의 출력이 모두 1인 경우 1을 출력하고, 그렇지 않은 경우 0을 출력한다.signature(

), message(

), Open constant (

),

, time(

) As input, and verification algorithm of ID-based multiple signature (

) And ID-based signature verification algorithm (

). That is,

),

Time (

) Is verified whether or not it is an obsolete ID, and the verification algorithm (

), The message (

) Is verified as being signed with an ID. At this time, 1 is output when all the outputs of the two algorithms are 1, and 0 is output otherwise.

)7. Discard phase (

)

, 시간(

), 및 기존의 폐기 목록(

)을 입력으로 받고, 새로운 폐기 목록(

)을 출력한다.Be discarded

, time(

), And an existing revocation list (

) As input, and a new revocation list (

).

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto.

Figure 1 illustrates a discardable ID based signature system in accordance with an embodiment of the present invention. Referring to FIG. 1, a system 10 includes a server 100, a first terminal 300, and a second terminal 500.

를 수신하고, 수신된

에 대응하는 개인키(

)를 생성하여 생성된 개인키(

)를 제1 단말기(300)로 송신한다. 또한, 서버(100)는 업데이트키(

)를 생성하고, 생성된 업데이트키(

)를 제1 단말기(300)로 송신한다. 서버(100)는 업데이트키(

)를 주기적으로 생성할 수 있다.The server 100 receives a request from the first terminal 300

Lt; RTI ID = 0.0 >

(&Quot;

) And generates the generated private key (

To the first terminal (300). The server 100 also receives the update key

), And generates the generated update key (

To the first terminal (300). The server 100 receives the update key (

) Can be periodically generated.

)와 개인키(

)를 이용하여 서명키(

)를 생성하고, 생성된 서명키(

)를 이용하여 서명(

)을 생성한다.The first terminal 300 receives the update key ("

) And private key (

) Using the signature key (

), And generates the generated signature key (

) To sign (

).

)과 메시지(

)를 수신하고, 제1 단말기(300)의

가 시간(

)에서 폐기되었는지 여부를 검증하며, 서명(

)이

를 이용하여 서명된 것인지 여부를 검증한다.The second terminal 500 receives a signature ("

) And a message

), And the first terminal 300

Time (

), And verifies whether the signature (

)this

To verify whether it is signed or not.

The first terminal 300 and the second terminal 500 may be a personal computer, a tablet PC, a notebook, a net-book, an e-reader, a personal digital assistant an assistant, a portable multimedia player (PMP), an MP3 player, an MP4 player, or a handheld device such as a mobile phone, a smart phone, .

2 is a functional block diagram of the server shown in FIG. Referring to FIGS. 1 and 2, the server 100 includes a setup module 110, a private key generation module 130, and an update key generation module 150. According to an embodiment, the server 100 may further include a revocation module 170.

)을 수행할 수 있다. 즉, 셋업 모듈(100)은 보안 상수(

)와 사용자의 집합(

)을 입력으로 하는 셋업 알고리즘을 수행하여, 폐기 목록(

), 공개 상수(

), 및 마스터키(

)를 생성할 수 있다.The setup module 110 generates a set-

) Can be performed. That is, the setup module 100 determines whether the security constant (

) And the set of users

) As an input, so that the revocation list (

), Open constant (

), And a master key (

Can be generated.

)을 수행할 수 있다. 즉, 개인키 생성 모듈(130)은 마스터키(

)와

를 입력으로 하는 개인키 생성 알고리즘을 수행하여, 개인키(

)를 생성하고, 생성된 개인키(

)를 제1 단말기(300)로 송신할 수 있다.The private key generation module 130 generates a private key < RTI ID = 0.0 >

) Can be performed. That is, the private key generation module 130 generates a private key

)Wow

To generate a private key ("

), And generates the generated private key (

To the first terminal 300.

)을 수행할 수 있다. 즉, 업데이트키 생성 모듈(150)은 마스터키(

), 시간(

), 및 폐기 목록(

)을 입력으로 하는 업데이트키 생성 알고리즘을 수행하여, 업데이트키(

)를 생성하고, 생성된 업데이트키(

)를 제1 단말기(300)로 송신할 수 있다.The update key generation module 150 generates an update key generation algorithm

) Can be performed. That is, the update key generation module 150 generates the update key

), time(

), And a revocation list (

) As an input, so that the update key

), And generates the generated update key (

To the first terminal 300.

)을 수행할 수 있다. 구체적으로, 폐기 모듈(170)은 폐기될

, 시간(

), 폐기 목록(

)을 입력으로 하는 폐기 알고리즘을 수행하여, 새로운 폐기 목록(

)을 생성할 수 있다. 즉, 폐기 모듈(170)은 폐기 목록을 주기적으로 갱신하거나 업데이트할 수 있다.The revocation module 170 may use the revocation algorithm (

) Can be performed. Specifically, the discard module 170 is discarded

, time(

), Revocation list (

) As an input, so that a new revocation list (

Can be generated. That is, the revocation module 170 may periodically update or update the revocation list.

3 is a functional block diagram of the first terminal shown in FIG. 1 to 3, the first terminal 300 includes a signature key generation module 310 and a signature module 330.

)을 수행할 수 있다. 즉, 서명키 생성 모듈(310)은 서버(100)로부터 수신된 업데이트키(

)와 개인키(

)를 입력으로 하는 서명키 생성 알고리즘을 수행하여, 서명키(

)를 생성할 수 있다.The signature key generation module 310 generates a signature key generation algorithm

) Can be performed. That is, the signature key generation module 310 generates an update key

) And private key (

) As an input, thereby generating a signature key (

Can be generated.

)을 수행할 수 있다. 즉, 서명 모듈(330)은

, 서명키(

), 메시지(

)를 입력으로 하는 서명 알고리즘을 수행하여, 서명(

)을 생성할 수 있다.Signature module 330 may use a signature algorithm

) Can be performed. That is, the signature module 330

, A signature key (

), message(

) As an input, so that the signature (

Can be generated.

Each of the configurations of the server 100 and the first terminal 300 shown in FIG. 2 and FIG. 3 may be functionally and logically separated, and each configuration may be divided into a separate physical device or a separate It should be readily apparent to one of ordinary skill in the art of the present invention that this is not meant to be written in code.

In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware.

Hereinafter, an ID-based signature-based RSA proposed by Bellare and Neven is efficiently modified using the scheme proposed in the present invention.

1. Setup Steps

알고리즘을 통해

와

을 생성한다.

는 RSA 암호 시스템에서의 키 생성 방식을 이용해서 생성되고,

는

의 원소가 아닌 임의의 문자열이며,

는 암호학적 해시함수로 임의의

에 대해

,

, 및

을 만족한다. RL은 폐기된 ID를 저장하는 집합으로 이 알고리즘에서는 공집합으로 정의되며, 이후 시간(T)에 따라 폐기된 ID를 포함한다. 알고리즘을 통해 생성된 변수를 이용하여

를 공개 상수로 공개하고,

는 마스터키로 관리자가 관리하며, 사용자의 개인키를 생성할 때 사용된다.The administrator (PKG)

Through the algorithm

Wow

.

Is generated using a key generation scheme in the RSA cryptosystem,

The

Is an arbitrary string that is not an element of "

Is a random cryptographic hash function

About

,

, And

. RL is a set that stores obsoleted IDs, which are defined as an empty set in this algorithm, and then include obsolete IDs according to time (T). Using the variables generated by the algorithm

As an open constant,

Is managed by the administrator with the master key, and is used when generating the user's private key.

2. User registration step

알고리즘을 수행한다. 사용자의 ID를 해시함수(

), 공개 상수(

), 및 마스터키(

)를 이용하여 개인키(

)를 생성하고, 생성된 개인키를 사용자에게 안전하게 전달한다.For the ID you want to register,

Algorithm. You can use the hash function (

), Open constant (

), And a master key (

) To generate a private key

), And transmits the generated private key to the user securely.

3. Update steps

알고리즘을 수행한다. 사용자의 집합(

), 폐기 목록(RL), 및

를 이용하여, 폐기되지 않은 사용자에 대한 집합(

)로 정의한다. 이때, 집합(

)에 포함된 각각의 원소(

)에 대해 임의의

를 선택한다. 선택된

들과 공개 상수(

)을 이용하여

을 계산하고, 계산된

, 시간(T), 해시함수(

)를 이용하여

를 계산하고, 집합(

)에 포함된 사용자

의 개인키(

)와 선택된

를 이용하여

를 계산한다. 계산된

가 업데이트키가 되고, 이를 이용하여 사용자의 개인키를 업데이트할 수 있다.To create an update key for a user who has not been revoked

Algorithm. The set of users (

), A revocation list (RL), and

, A set ("

). At this time,

) Contained in each element (

RTI ID = 0.0 >

. selected

And public constants (

)

Lt; RTI ID = 0.0 >

, Time (T), hash function (

)

, And the set (

User included in

Private key of

) And selected

Using

. Calculated

Becomes an update key, and can update the user's private key by using it.

4. Signing Key Generation Step

알고리즘에 사용자 등록 단계에서 받은

와 업데이트 단계에서 생성된

를 이용하여 생성된다. 사용자의 ID가 집합(

)에 포함되어 있다면

로 하고, 공개 상수(

)를 이용하여

를 계산한다. 집합(

)에서 서명키를 생성할 ID와

를 제외한 집합(

)를 생성하여

를 계산하고, 업데이트키에 포함된

를

라 한다.

를 서명키로 사용한다. The signature key of the individual

Algorithm received in the user registration phase

And the

. If the user's ID is set (

)

And an open constant (

)

. set(

), The ID to generate the signature key

Set excluding (

) Is generated

, And the update key

To

.

As a signature key.

)에 포함되어 있지 않으므로 업데이트키와 조합하여 서명키를 만들 수 없다.If the user's ID is included in the RL,

), You can not create a signature key in combination with the update key.

5. Signature step

)를 이용하여

알고리즘을 수행한다. 임의의 원소(

)를 선택하여

로 둔다. 주어진 해시함수(

)를 이용하여

을 계산하고, 서명키(

)에 포함된

을 이용하여

를 생성한다. 나머지 서명키(

)를 각각

로 하여 서명(

)을 생성한다.The user can send his or her signature key (M)

)

Algorithm. Any element (

) To select

. Given a hash function (

)

And the signature key (

Included in

Using

. The remaining signing keys (

), Respectively

To sign (

).

6. Verification phase

)에 대해

와

에 대한 서명(

)을 받으면

알고리즘을 통해 검증한다.

, 해시함수(

),

, 및

를 이용하여

을 계산하고,

, 해시함수(

),

, 및 메시지(

)을 이용하여

을 계산한다. 계산된

과

을 이용하여

를 계산했을 때,

와 동일한 결과가 나오는지 여부를 이용하여 시간(

)에서

가 폐기되지 않았음을 확인할 수 있고,

을 계산했을 때,

의 값과 동일한 결과가 나오는지 여부를 통해

와 메시지(

)에 대해 검증할 수 있다.message(

)About

Wow

Signature for (

)

Algorithm.

, Hash function (

),

, And

Using

Lt; / RTI >

, Hash function (

),

, And a message (

)

. Calculated

and

Using

Lt; / RTI >

And whether or not the same result as the time (

)in

Can not be discarded,

When calculated,

Whether the result is the same as the value of

And messages

). ≪ / RTI >

7. Disposal Phase

)에 폐기될

를 기존의

에 포함하여 새로운

을 생성한다.
time(

)

To existing

Including new

.

The correctness of the technique described above can be ascertained as follows.

은

으로 계산되고,

,

,

이고,

,

, 및

이다. 또한,

이다. 이를 이용하여 다음과 같이

을 계산할 수 있다.Calculated in the verification step

silver

Lt; / RTI >

,

,

ego,

,

, And

to be. Also,

to be. Using this,

Can be calculated.

에 대해서는

가 된다. Therefore,

For

.

은

으로 계산되고, 올바른 서명키에 대해서는

가 되고,

이 되므로, 올바른 서명키로 생성된

에 대해서는

이 된다.Calculated in the verification step

silver

, And for the correct signature key

Lt; / RTI &

, So that the

For

.

)과 시간(

)에서 폐기되지 않은

에 대한 메시지(

)의 검증이 가능하다.Through the above method,

) And time (

) Is not discarded

Message to (

) Can be verified.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: System
100: Server
110: Setup module
130: private key generation module
150: Update key generation module
170: Disposal module
300: first terminal
310: Signature Key Generation Module
330: Signature module
500: second terminal

Claims (7)

(a) If the server uses a security constant (

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

);
(b) the server sends the master key

) Of the first terminal and the ID of the first terminal

), And the private key (

To the first terminal;
(c) the server sends the master key

), time(

), And the revocation list (

) To update key (

), And the update key

To the first terminal;
(d) the first terminal transmits the update key

) And the private key (

The signature key of the first terminal

); And
(e) the first terminal transmits the signature key

) To sign (

), ≪ / RTI >
The step (a)
The set of users

) ≪ / RTI >

);
The security constant (

) And the set of users

) To obtain the first disclosure constant (

And the first master key (

), And the security constant (

) And the set of users

) To obtain a second disclosure constant (

) And the second master key (

);
The first master key (

) And the set of users

) Using the IDs belonging to the first secret key

), And the first master key (

) And the arbitrary ID (

) To the second secret key (

); And
The obsolete list (

), ≪ / RTI >
The disclosure constant (

) Is the first disclosure constant (

), The second disclosure constant (

), And the arbitrary ID (

),
The master key (

) Is transmitted to the first master key (

), The second master key (

), The first secret key (

), And the second secret key (

Lt; / RTI >
Disposable ID based signature method. delete The method according to claim 1,
The second terminal sends the signature (

), The disclosure constant (

), message(

), The ID, and the time (

), ≪ / RTI >

) And the message < RTI ID = 0.0 >

) Is verified using the ID. ≪ Desc / Clms Page number 22 > The method of claim 3,
The server sends the revocation list (

). ≪ / RTI > A method as claimed in any preceding claim, further comprising the step of: A disposable ID-based signature scheme implemented on a server,
(a) Security Constants (

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

);
(b) the master key

) Of the first terminal and the ID of the first terminal

), And the private key (

To the first terminal; And
(c) the master key

), time(

), And the revocation list (

) To update key (

), And the update key

) To the first terminal,
The step (a)
The set of users

) ≪ / RTI >

);
The security constant (

) And the set of users

) To obtain the first disclosure constant (

And the first master key (

), And the security constant (

) And the set of users

) To obtain a second disclosure constant (

) And the second master key (

);
The first master key (

) And the set of users

) Using the IDs belonging to the first secret key

), And the first master key (

) And the arbitrary ID (

) To the second secret key (

); And
The obsolete list (

), ≪ / RTI >
The disclosure constant (

) Is the first disclosure constant (

), The second disclosure constant (

), And the arbitrary ID (

),
The master key (

) Is transmitted to the first master key (

), The second master key (

), The first secret key (

), And the second secret key (

Lt; / RTI >
Disposable ID based signature method. 6. The method of claim 5,
The revocation list (

). ≪ / RTI > Security Constants (

) And the set of users

) To create a revocation list (

), Open constant (

), And a master key (

);
The master key (

) Of the first terminal and the ID of the first terminal

), And the private key (

) To the first terminal; And
The master key (

), time(

), And the revocation list (

) To update key (

), And the update key

) To the first terminal, wherein the update key generation module
The setup module includes:
The set of users

) ≪ / RTI >

) Is selected,
The security constant (

) And the set of users

) To obtain the first disclosure constant (

And the first master key (

), And the security constant (

) And the set of users

) To obtain a second disclosure constant (

) And the second master key (

),
The first master key (

) And the set of users

) Using the IDs belonging to the first secret key

), And the first master key (

) And the arbitrary ID (

) To the second secret key (

),
The obsolete list (

), ≪ / RTI >
The disclosure constant (

) Is the first disclosure constant (

), The second disclosure constant (

), And the arbitrary ID (

),
The master key (

) Is transmitted to the first master key (

), The second master key (

), The first secret key (

), And the second secret key (

Lt; / RTI >
Disposable identity-based signature server.

Images