TWI593267B - Certificateless public key management method with timestamp verification - Google Patents

Certificateless public key management method with timestamp verification Download PDF

Info

Publication number
TWI593267B
TWI593267B TW104142576A TW104142576A TWI593267B TW I593267 B TWI593267 B TW I593267B TW 104142576 A TW104142576 A TW 104142576A TW 104142576 A TW104142576 A TW 104142576A TW I593267 B TWI593267 B TW I593267B
Authority
TW
Taiwan
Prior art keywords
public key
key
verification
time stamp
parameter
Prior art date
Application number
TW104142576A
Other languages
Chinese (zh)
Other versions
TW201724803A (en
Inventor
孫宏民
鍾乙瑄
廖哲輝
Original Assignee
國立清華大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立清華大學 filed Critical 國立清華大學
Priority to TW104142576A priority Critical patent/TWI593267B/en
Publication of TW201724803A publication Critical patent/TW201724803A/en
Application granted granted Critical
Publication of TWI593267B publication Critical patent/TWI593267B/en

Links

Description

具有時戳驗證的免憑證公開金鑰管理方法 Voucher-free public key management method with time stamp verification

本發明是關於一種具有時戳驗證的免憑證公開金鑰管理方法,特別是關於一種經由公正第三方之時戳驗證以達到免憑證公開金鑰不可否認性之管理方法。 The invention relates to a voucher-free public key management method with time stamp verification, in particular to a management method for realizing the non-repudiation of a voucher-free public key by means of a fair third party time stamp verification.

在現今電腦科技持續發展的同時,為了確保利用電腦、網路通訊進行資料傳輸的安全性,對資料文件之加密、數位簽章等已成為不可或缺的技術。以傳統的公開金鑰密碼系統而言,傳送者利用金鑰對傳送資料進行加密,接收者必須擁有同樣的金鑰才能對收到的資料進行解密,進而取得原始的資料內容。然而此種方式當中,傳送者的公開金鑰需要經由憑證來確保其可靠性,管理憑證所需的大量儲存空間與計算時間,成為傳統公開金鑰密碼系統的最大問題。 At the same time as the continuous development of computer technology today, in order to ensure the security of data transmission using computers and network communication, encryption of data files and digital signatures have become indispensable technologies. In the traditional public key cryptosystem, the sender encrypts the transmitted data by using the key, and the recipient must have the same key to decrypt the received data and obtain the original data content. However, in this way, the sender's public key needs to be credential to ensure its reliability, and the large storage space and calculation time required to manage the voucher become the biggest problem of the traditional public key cryptosystem.

為解決上述公開金鑰密碼系統之問題,提出了基於使用者身分認證的加密系統,利用使用者的公開資料,例如電子郵件、電話號碼、身分證字號等來產生公鑰,使用者的金鑰則經由密鑰產生中心(Private Key Generation Center,PKG)生成,此種方式雖然能省去了公鑰憑證的手續, 避開憑證管理的問題,但此密鑰產生中心能產生使用者的完整金鑰,因此衍生出金鑰託管的問題,若是密鑰產生中心的資料遭到盜用,此加密系統之安全性也會遭到質疑。 In order to solve the above problem of the public key cryptosystem, an encryption system based on user identity authentication is proposed, which uses the public information of the user, such as an email, a phone number, an identity card number, etc. to generate a public key, the user's key. It is generated by the Private Key Generation Center (PKG). This method can save the procedure of the public key certificate. Avoiding the problem of credential management, but this key generation center can generate the user's complete key, thus deriving the problem of key escrow. If the data of the key generation center is stolen, the security of the encryption system will also be Was questioned.

針對上述問題,S.S.Al-Riyami,K.G.Paterson,“Certificateless public key cryptography”,Asiacrypt 2003,Springer-Verlag,LNCS 2894,pp.452-473,2003提出一種免憑證的密碼系統,如第1圖所示,使用者端10利用手機或電腦將個人識別碼12傳送至金鑰產生中心(Key Generation Center,KGC)11,金鑰產生中心11將其個人的公開資料運算後產生部分使用者金鑰13,將此部分使用者金鑰13回傳給使用者端10,使用者端10自行設定秘密值與部分使用者金鑰13結合後,形成完整密鑰14,不需要憑證,也不須擔心金鑰產生中心11掌握完整密鑰14。然而,此密碼系統仍有金鑰管理上的問題,使用者端10可自行改變設定的秘密值來產生無限多組完整密鑰14,金鑰產生中心11也可隨機選擇秘密值來偽造多組的完整密鑰14,因而產生多金鑰之狀況,在管理上無法確保其不可否認性。 In response to the above problem, SSAl-Riyami, KGPaterson, "Certificateless public key cryptography", Asiacrypt 2003, Springer-Verlag, LNCS 2894, pp. 452-473, 2003 proposes a voucher-free cryptosystem, as shown in Figure 1. The user terminal 10 transmits the personal identification number 12 to the Key Generation Center (KGC) 11 by using a mobile phone or a computer, and the key generation center 11 calculates a personal user data 13 to generate a partial user key 13 . The partial user key 13 is transmitted back to the user terminal 10. The user terminal 10 sets the secret value and combines the partial user key 13 to form a complete key 14, which does not require a certificate, and does not need to worry about the key. The production center 11 grasps the complete key 14. However, this cryptosystem still has a problem in key management. The user terminal 10 can change the set secret value to generate an infinite number of complete keys 14 by itself, and the key generation center 11 can also randomly select the secret value to forge multiple groups. The complete key 14, thus creating a multi-key condition, cannot be guaranteed to be non-repudiation.

綜觀前所述,本發明之發明人思索並設計一種具有時戳驗證的免憑證公開金鑰管理方法,以針對現有技術之缺失加以改善,進而增進產業上之實施利用。 As described above, the inventor of the present invention contemplates and designs a voucher-free public key management method with time stamp verification to improve the lack of the prior art, thereby enhancing the implementation and utilization of the industry.

有鑑於上述習知技藝之問題,本發明之目的就是在提供一種具有時戳驗證之免憑證公開金鑰管理方法,以解決習知之金鑰密碼系統無法確保其不可否認性之問題。 In view of the above-mentioned problems of the prior art, it is an object of the present invention to provide a voucher-free public key management method with time stamp verification to solve the problem that the conventional key cryptosystem cannot ensure its non-repudiation.

根據本發明之一目的,提出一種具有時戳驗證之免憑證公開金鑰管理方法,係適用於通訊網路中文件傳送時之簽章及驗證,該方法包含下列步驟:藉由金鑰產生中心設定主密鑰及公開系統參數;藉由金鑰產生中心設定之主密鑰及公開系統參數,加上使用者端之識別碼,提取部分密鑰並傳送至使用者端;使用者端設定秘密值,藉由祕密值與部分密鑰共同產生私鑰,並藉由祕密值及系統參數產生公鑰;將公鑰傳送至公正第三方,由公正第三方藉由時戳進行運算產生部份公鑰驗證參數,回傳至使用者端;使用者端將公鑰及部份公鑰驗證參數傳送至驗證者端,驗證者端進行一組雙線性運算以檢驗公鑰是否通過驗證;使用者端藉由私鑰、祕密值及系統參數對文件產生免憑證簽章,並透過通訊網路傳送至驗證者端;驗證者端透過公鑰及系統參數驗證免憑證簽章之正確性。 According to an aspect of the present invention, a voucher-free public key management method with time stamp verification is provided, which is applicable to signature and verification during file transfer in a communication network, and the method comprises the following steps: setting by a key generation center The master key and the public system parameters; the master key set by the key generation center and the public system parameter, plus the identification code of the user end, extract part of the key and transmit it to the user end; the user end sets the secret value The private key is generated by the secret value and the partial key, and the public key is generated by the secret value and the system parameter; the public key is transmitted to the fair third party, and the fair third party performs the operation by the time stamp to generate the partial public key. The verification parameter is transmitted back to the user end; the user end transmits the public key and part of the public key verification parameter to the verifier, and the verifier performs a set of bilinear operations to verify whether the public key passes the verification; the user end The voucher-free signature is generated by the private key, the secret value and the system parameter, and transmitted to the verifier through the communication network; the verifier uses the public key and the system parameter to verify the voucher-free signature Correctness.

較佳地,公開系統參數可包含橢圓曲線之加法群、橢圓曲線之乘法群、哈希函數以及金鑰產生中心之公開金鑰。 Preferably, the disclosed system parameters may include an additive group of elliptic curves, a multiplicative group of elliptic curves, a hash function, and a public key of a key generation center.

較佳地,時戳可記錄於該公正第三方當中。 Preferably, the time stamp can be recorded in the impartial third party.

較佳地,時戳可進行運算產生時戳參數,時戳參數包含公正第三方主密鑰與時戳接黏運算之單向雜湊函數值。 Preferably, the time stamp can be operated to generate a time stamp parameter, and the time stamp parameter includes a one-way hash function value of the fair third party master key and the time stamp glue operation.

較佳地,部份公鑰驗證參數可包含第一公鑰驗證參數及第二公鑰驗證參數。 Preferably, the partial public key verification parameter may include a first public key verification parameter and a second public key verification parameter.

較佳地,第一公鑰驗證參數可包含公正第三方主密鑰、時戳參數以及加法循環群之生成元。 Preferably, the first public key verification parameter may include a fair third party master key, a time stamp parameter, and a generator of the addition loop group.

較佳地,第二公鑰驗證參數可包含時戳參數以及公鑰之單向雜湊函數值。 Preferably, the second public key verification parameter may include a time stamp parameter and a one-way hash function value of the public key.

承上所述,依本發明之具有時戳驗證之免憑證公開金鑰管理方法,其可具有一或多個下述優點: As described above, the voucher-free public key management method with time stamp verification according to the present invention may have one or more of the following advantages:

(1)此具有時戳驗證之免憑證公開金鑰管理方法能將有效解決使用者端自行產生多組未經認證之金鑰,因而造成管理上之問題,確保實際產生之密鑰能經過公正第三方之時戳記錄而具有不可否認性。 (1) The voucher-free public key management method with time stamp verification can effectively solve the problem that the user end generates multiple sets of unauthenticated keys, thus causing management problems and ensuring that the actually generated keys can be fair. Third-party time stamp records are non-repudiation.

(2)此具有時戳驗證之免憑證公開金鑰管理方法能解決金鑰密碼系統金鑰託管之問題,同時防止金鑰產生中心隨機選擇秘密值來偽造完整密鑰,提高金鑰密碼系統之安全性。 (2) The certificate-free public key management method with time stamp verification can solve the problem of key escrow system key escrow, and prevent the key generation center from randomly selecting the secret value to forge the complete key, and improve the key cryptosystem. safety.

10、30‧‧‧使用者端 10, 30‧‧‧User end

11、22、31‧‧‧金鑰產生中心 11, 22, 31‧‧‧ Key Generation Center

12‧‧‧個人識別碼 12‧‧‧Personal Identification Number

13‧‧‧部分使用者金鑰 13‧‧‧Part user key

14‧‧‧完整密鑰 14‧‧‧Complete key

20、34‧‧‧接收者端 20, 34‧‧‧Recipients

21‧‧‧傳送者端 21‧‧‧Transporter

23、33‧‧‧公正第三方 23, 33‧‧‧ Fair third parties

32‧‧‧完整金鑰 32‧‧‧Complete key

PK‧‧‧公鑰 PK‧‧‧ public key

A‧‧‧第二公鑰驗證參數 A‧‧‧Second public key verification parameters

T‧‧‧第一公鑰驗證參數 T‧‧‧first public key verification parameters

t‧‧‧時戳參數 T‧‧‧ time stamp parameters

S1~S7、S6’、S7’‧‧‧步驟 S1~S7, S6’, S7’‧‧‧ steps

第1圖係為習知之免憑證公開金鑰管理方法之示意圖。 Figure 1 is a schematic diagram of a conventional certificate-free public key management method.

第2圖係為本發明之具有時戳驗證之免憑證公開金鑰管理方法之流程圖。 2 is a flow chart of the method for managing a voucher-free public key with time stamp verification according to the present invention.

第3圖係為本發明之具有時戳驗證之免憑證公開金鑰管理方法之示意圖。 Figure 3 is a schematic diagram of the voucher-free public key management method with time stamp verification of the present invention.

第4圖係為本發明之具有時戳驗證之免憑證公開金鑰進行加解密方法之示意圖。 FIG. 4 is a schematic diagram of a method for encrypting and decrypting a voucher-free public key with time stamp verification according to the present invention.

第5圖係為本發明之公正第三方時戳驗證方法之示意圖。 Figure 5 is a schematic diagram of the fair third party time stamp verification method of the present invention.

第6圖係為本發明之驗證公開金鑰之方法之示意圖。 Figure 6 is a schematic diagram of a method of verifying a public key of the present invention.

為利貴審查委員瞭解本發明之技術特徵、內容與優點及其所能達成之功效,茲將本發明配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本發明實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係解讀、侷限本發明於實際實施上的權利範圍,合先敘明。 The technical features, contents, advantages and advantages of the present invention will be understood by the reviewing committee, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and description. It is not intended to be a true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be interpreted or limited. First described.

請參閱第2圖,其係為本發明之具有時戳驗證之免憑證公開金鑰管理方法之流程圖。如圖所示,免憑證公開金鑰管理方法包含以下步驟(S1~S7): Please refer to FIG. 2, which is a flowchart of the voucher-free public key management method with time stamp verification according to the present invention. As shown in the figure, the voucher-free public key management method includes the following steps (S1~S7):

步驟S1:藉由金鑰產生中心設定主密鑰及公開系統參數。金鑰產生中心可藉由伺服器執行演算法,選擇一個安全參數,產生僅有金鑰產生中心能知曉之主密鑰,並產生公開系統參數,其中,公開系統參數可包含橢圓曲線之加法群、橢圓曲線之乘法群、哈希函數以及金鑰產生中心之公開金鑰。 Step S1: setting the master key and exposing system parameters by the key generation center. The key generation center may perform an algorithm by the server, select a security parameter, generate a master key that only the key generation center can know, and generate a public system parameter, wherein the public system parameter may include an addition group of the elliptic curve. , the multiplicative group of elliptic curves, the hash function, and the public key of the key generation center.

步驟S2:藉由金鑰產生中心設定之主密鑰及公開系統參數,加上使用者之識別碼,提取部分密鑰並傳送至使用者。金鑰產生中心藉由前述之主密鑰、公開系統參數,再加上使用者之識別碼,執行演算法來產生一密鑰,此密鑰為使用者之部分密鑰。這裡使用者之識別碼可為使用者公開資料,包括電話號碼、電子郵件、身分證號碼等。待產生部分密鑰後,使用者可提取此部分密鑰,進行後續之設定步驟。 Step S2: extracting part of the key and transmitting it to the user by using the master key set by the key generation center and the public system parameter, plus the user's identification code. The key generation center executes the algorithm to generate a key by using the aforementioned master key, the public system parameter, and the user's identification code, and the key is a partial key of the user. Here, the user's identification code can be used to disclose information to the user, including phone number, email, ID card number, and the like. After the partial key is generated, the user can extract the partial key and perform subsequent setting steps.

步驟S3:使用者設定秘密值,藉由祕密值與部分密鑰共同產生私鑰,並藉由祕密值及系統參數產生公鑰。此步驟是於使用者端執行, 藉由使用者自行選定之秘密值,結合提取之部分密鑰以及公開系統參數,可自行結合以產生私鑰及公鑰。 Step S3: The user sets a secret value, and the private key is generated by the secret value and the partial key, and the public key is generated by the secret value and the system parameter. This step is performed on the user side. The secret value selected by the user, combined with the extracted partial key and the public system parameters, can be combined to generate the private key and the public key.

步驟S4:將公鑰傳送至公正第三方,由公正第三方藉由時戳進行運算產生部份公鑰驗證參數,回傳至使用者。為避免使用者選擇不同秘密值來產生大量位認證之金鑰,使用者須先將產生之公鑰傳送到一公正第三方之伺服器,由公正第三方加入時戳來進行運算,產生部分公鑰驗證參數,回傳至使用者端。此時公正第三方會記錄每次驗證所加入的時戳,作為驗證之憑據。本發明所使用之時戳,不單指與時間相關之訊息戳記,在所屬技術領域當中具有通常知識者可以理解之時戳,亦可為與時間不相關之訊息戳記,例如任意產生之亂碼。在進行驗證時之所使用之時戳,不論是否與時間相關,均可儲存於公正第三方當中,作為驗證之記錄。 Step S4: The public key is transmitted to the fair third party, and the fair third party performs the operation of the time stamp to generate a partial public key verification parameter, which is transmitted back to the user. In order to prevent the user from selecting different secret values to generate a large number of key authentication keys, the user must first transmit the generated public key to a server of a fair third party, and the fair third party adds the time stamp to perform the operation, and generates a partial public The key verification parameters are passed back to the user. At this time, the fair third party will record the time stamp added by each verification as the verification credential. The time stamp used in the present invention does not only refer to a time-related message stamp, but has a time stamp that can be understood by a person of ordinary skill in the art, and can also be a stamp that is not related to time, such as arbitrarily generated garbled characters. The time stamp used in the verification, whether or not related to time, can be stored in a fair third party as a record of verification.

步驟S5:使用者將公鑰及部份公鑰驗證參數傳送至驗證者,驗證者進行一組雙線性運算以檢驗公鑰是否通過驗證。使用者在取得部分公鑰驗證參數後,將公鑰與部分公鑰驗證參數一同傳送至驗證者端,驗證者必須在接收後,進行一組雙線性函數運算,檢驗此公鑰是否為經過公正第三方驗證之公鑰,若是,則可做為驗證簽章之公鑰;若否,則需通知使用者重新傳送經驗證過之公鑰。 Step S5: The user transmits the public key and part of the public key verification parameter to the verifier, and the verifier performs a set of bilinear operations to verify whether the public key passes the verification. After obtaining the partial public key verification parameters, the user transmits the public key together with the partial public key verification parameters to the verifier. The verifier must perform a set of bilinear function operations after receiving, and check whether the public key is passed. The public key of the fair third party verification, if it is, can be used as the public key of the verification signature; if not, the user must be notified to retransmit the verified public key.

步驟S6:使用者藉由私鑰、祕密值及系統參數對一文件產生免憑證簽章,並傳送至驗證者。在使用者通過公正第三方驗證公鑰後,若需傳送簽章文件給驗證者,則可藉由私鑰、秘密值及系統參數對文件進行簽章,產生免憑證簽章,再將其傳送至驗證者端。 Step S6: The user generates a certificate-free signature for a file by using a private key, a secret value, and a system parameter, and transmits the certificate to the verifier. After the user authenticates the public key through a fair third party, if the signature file needs to be transmitted to the verifier, the document can be signed by the private key, the secret value and the system parameter, and the certificate-free signature is generated and then transmitted. To the verifier.

步驟S7:驗證者透過公鑰及系統參數驗證免憑證簽章之正確性。驗證者收到後,可以透過之前接收到以驗證之公鑰來確認接收之免憑證簽章是否正確,若是正確,則確認免憑證簽章為有效,文件為正確簽署之有效文件;若是免憑證簽章無法通過驗證,則通知使用者免憑證簽章無法通過驗證,須重新傳送新的免憑證簽章進行驗證。 Step S7: The verifier verifies the correctness of the voucher-free signature through the public key and the system parameter. After receiving the verifier, the certifier can confirm whether the received voucher is correct by receiving the public key verified. If it is correct, confirm that the voucher is valid, and the file is a valid document signed correctly; If the signature fails to pass the verification, the user is notified that the certificate-free signature cannot be verified, and the new certificate-free signature must be re-transmitted for verification.

上述各種金鑰及簽章文件之管理方法,係適用於通訊網路中的文件傳送,亦即其透過通訊網路於使用者端及驗證者端之主機或電腦之間,或是金鑰產生中心及公正第三方之伺服器之間進行傳送及接收。同時,針對上述免憑證簽章之步驟,除了應用於傳送文件時,驗證傳送者的身分,亦適用於文件之加密解密當中。舉例來說,將步驟S6當中對文件進行簽章之步驟改為驗證者端對文件進行加密,產生密文,再將其傳送至使用者端。在步驟S7當中對文件進行簽章驗證時改為使用者端對文件進行解密,則可將上述免憑證公開金鑰管理方法之步驟轉為應用於文件的加密解密上。 The above-mentioned various key and signature file management methods are applicable to file transfer in a communication network, that is, through a communication network between a host computer and a certifier side host or a computer, or a key generation center and Transmit and receive between fair third party servers. At the same time, in response to the above-mentioned steps of exempting the voucher, in addition to being applied to the transfer of the file, the identity of the sender is also applied to the encryption and decryption of the file. For example, the step of signing the file in step S6 is changed to the certifier side to encrypt the file, and the ciphertext is generated, and then transmitted to the user end. When the signature verification is performed in step S7 and the user side decrypts the file, the step of the voucher-free public key management method may be converted to the encryption and decryption of the file.

請參閱第3圖,其係為本發明之具有時戳驗證之免憑證公開金鑰管理方法之示意圖。如圖所示,此免憑證公開金鑰管理方法包含接收者端20、傳送者端21、金鑰產生中心22以及公正第三方23。首先,金鑰產生中心22執行步驟S1,設定主密鑰及公開系統參數。此處進行之步驟同於前一實施例之內容,因此步驟細節參閱第1圖之說明而不重複描述。接著步驟S2係提取主密鑰及公開系統參數至傳送者端21,這裡之傳送者端21即為前一實施例之使用者端,其可為使用者之電腦、手機等裝置。傳送者端21於步驟S3當中自行選定個人之秘密值,並以此秘密值為基礎,產生公鑰及私鑰。此時,傳送者端21必須執行步驟S4,將產生公鑰傳送到公正第三方23 之伺服器進行時戳驗證,此時公正第三方23紀錄時戳資訊,並產生部分公鑰驗證參數回傳給傳送者端21。接著,傳送者端21將產生之公鑰及公正第三方23傳送之部分公鑰驗證參數傳到接收者端20,由接收者執行步驟S5來驗證公鑰是否通過公正第三方23之時戳驗證,接收者端20可同樣為接收者之電腦、手機等裝置。當上述步驟完成後,傳送者端21即可執行步驟S6之免憑證簽章,利用私鑰、秘密值產生對將想要傳給接收者端20之文件的免憑證簽章,再利用通訊網路將其傳至接收者端20。最後,接收者端20利用先前收到之公鑰來執行步驟S7,驗證免憑證簽章之正確性,進而以此免憑證簽章來作為文件正確性之依據。 Please refer to FIG. 3, which is a schematic diagram of a voucher-free public key management method with time stamp verification according to the present invention. As shown, the voucher-free public key management method includes a receiver 20, a sender 21, a key generation center 22, and a fair third party 23. First, the key generation center 22 performs step S1 to set the master key and disclose system parameters. The steps performed here are the same as those of the previous embodiment, and therefore the details of the steps are referred to the description of FIG. 1 without repeating the description. Then, in step S2, the master key is extracted and the system parameters are disclosed to the transmitter terminal 21. The transmitter terminal 21 is the user terminal of the previous embodiment, and may be a user's computer, mobile phone or the like. The sender 21 selects the secret value of the individual by itself in step S3, and generates a public key and a private key based on the secret value. At this time, the transmitter 21 must perform step S4 to transmit the generated public key to the fair third party 23 The server performs time stamp verification. At this time, the third party 23 records the time stamp information, and generates a partial public key verification parameter to be transmitted back to the transmitter terminal 21. Next, the sender 21 transmits the generated public key and part of the public key verification parameter transmitted by the impartial third party 23 to the receiver 20, and the receiver performs step S5 to verify whether the public key is verified by the time stamp of the impartial third party 23. The receiver 20 can also be a receiver computer, a mobile phone, or the like. After the above steps are completed, the transmitter 21 can perform the certificate-free signature of step S6, and generate a certificate-free signature for the file to be transmitted to the receiver 20 by using the private key and the secret value, and then use the communication network. It is passed to the receiver end 20. Finally, the receiver 20 performs the step S7 by using the previously received public key to verify the correctness of the certificate-free signature, thereby eliminating the voucher signature as the basis for the correctness of the document.

以實際狀況而言,傳送者端21在對文件進行簽章前,必須先進行上述步驟S1至步驟S4之準備程序,產生本身之公鑰、私鑰以及部分公鑰驗證參數。接著才將公鑰與公鑰驗證參數傳送給接收者端20進行驗證,當接收者已完成公鑰的驗證後,傳送者端21即可利用原本產生之私鑰對欲傳送之文件或檔案進行簽章,再將其傳送給接收者端20,接收者端20接到簽章與文件後,則可利用已通過驗證之公鑰進行文件簽章之驗證,進而確認文件的正確性與否。同樣地,對文件進行簽章之步驟,也可適用於文件之加密解密當中,如第4圖所示,其係為本發明之具有時戳驗證之免憑證公開金鑰進行加解密方法之示意圖。其中步驟S1至步驟S5之內容與前述實施例類似因此不再重複描述,其差異處在於步驟S6’改為接收者端對文件進行加密,利用經過驗證之公鑰來對文件進行加密,產生密文後再將其傳送給傳送者端,而原接收者端進行驗證則改為步驟S7’由傳送者端對密文進行解密,亦即利用原本產生之私鑰來對加密文件進行解密而得到原始文件,進 而將原本之簽章方式轉為應用在對文件進行加密解密,使得具有時戳驗證之免憑證公開金鑰管理方法也能應用於加密文件上。 In the actual situation, the transmitter 21 must perform the preparation procedures of the above steps S1 to S4 before signing the file, and generate its own public key, private key and partial public key verification parameters. Then, the public key and public key verification parameters are transmitted to the receiver 20 for verification. After the recipient has completed the verification of the public key, the transmitter 21 can use the originally generated private key to perform the file or file to be transmitted. The signature is transmitted to the receiver 20, and after the recipient 20 receives the signature and the file, the verified public key can be used to verify the document signature, thereby confirming the correctness of the file. Similarly, the step of signing the file may also be applied to the encryption and decryption of the file. As shown in FIG. 4, it is a schematic diagram of the method for encrypting and decrypting the voucher-free public key with time stamp verification of the present invention. . The content of step S1 to step S5 is similar to that of the foregoing embodiment, so the description is not repeated. The difference is that step S6' is changed to the recipient side to encrypt the file, and the verified public key is used to encrypt the file to generate a secret. After the text is transmitted to the transmitter side, the original receiver side performs the verification to the step S7' to decrypt the ciphertext by the sender side, that is, the encrypted key is decrypted by using the original generated private key. Original file The original signature method is applied to the encryption and decryption of the file, so that the voucher-free public key management method with time stamp verification can also be applied to the encrypted file.

請參閱第5圖,其係為本發明之公正第三方時戳驗證方法之示意圖。如圖所示,使用者端30將個人之識別碼傳送至金鑰產生中心31,金鑰產生中心31藉由本身之主密鑰、公開系統參數等進行演算而產生部分密鑰回傳給使用者端30,此部分與第1圖所示類似因此不再重複描述。當使用者端30接收到此部分密鑰後,可以依照自己選定之秘密值產生完整金鑰32,包括私鑰及公鑰。然而此處並非直接產生免憑證簽章給接收者進行驗證,而是先將公鑰PK送至公正第三方33進行時戳驗證,經過公正第三方33運算產生之部分公鑰驗證參數T、A再回傳至使用者端30。 Please refer to FIG. 5, which is a schematic diagram of the fair third party time stamp verification method of the present invention. As shown in the figure, the user terminal 30 transmits the personal identification code to the key generation center 31, and the key generation center 31 generates a partial key back to the use by calculating the master key and the public system parameters. End 30, this part is similar to that shown in Fig. 1 and therefore will not be described again. When the user terminal 30 receives the partial key, the complete key 32, including the private key and the public key, can be generated according to the secret value selected by the user. However, instead of directly generating a certificate-free signature for the recipient to verify, the public key PK is sent to the fair third party 33 for time stamp verification, and the partial public key verification parameters T and A generated by the fair third party 33 operation. Then pass back to the user end 30.

這裡所述之公正第三方33係為獨立於金鑰產生中心31之機構,其可儲存進行驗證之時戳資料,在後續加密過程產生爭議時,提供時戳驗證的記錄作為佐證,避免使用者無限制的選擇秘密值來產生公鑰,以未驗證之金鑰來進行簽章。在公正第三方33進行運算時,可利用選定之時戳來運算產生時戳參數,此時戳參數可由t=H1(s∥timestamp)來表示,其中s為公正第三方的主密鑰,timestamp為時戳,∥為接黏運算,H1為單向雜湊函數,H1(X)為訊息X之雜湊值,H1:{0,1}*→Zq*。因此,時戳參數可為公正第三方主密鑰與時戳接黏運算之單向雜湊函數值。而此時戳參數可進一步運算產生第一公鑰驗證參數T及第二公鑰驗證參數A,此處之第一公鑰驗證參數T=stP,其中P為G1中的一個點,為系統參數中的一項參數,而G1為加法循環群,是第三方系統參數中的一項參數;而第二公鑰驗證參 數A=t H2(PK),其中H2為單向雜湊函數,H2(X)為訊息X之雜湊值,H2:G1→G1The fair third party 33 described herein is a mechanism independent of the key generation center 31, which can store the time stamp data for verification, and provides a record of the time stamp verification as evidence in the event of a dispute arising from the subsequent encryption process, thereby avoiding the user. Unlimited selection of secret values to generate a public key, signed with an unverified key. When the fair third party 33 performs the operation, the time stamp parameter may be generated by using the selected time stamp, and the stamp parameter may be represented by t=H 1 (s∥timestamp), where s is the master key of the impartial third party. Timestamp is a time stamp, ∥ is a sticky operation, H 1 is a one-way hash function, H 1 (X) is the hash value of message X, H 1 : {0, 1} * → Zq *. Therefore, the timestamp parameter can be a one-way hash function value of a fair third-party master key and a time-stack glue operation. At a time stamp parameter may further generate a first public key to verify the operational parameters of a public key and a second authentication parameters T A, where the first public key of the authentication parameter T = stP, wherein P 1 is a point G, the system One parameter in the parameter, and G 1 is an addition cycle group, which is a parameter in the third-party system parameters; and the second public key verification parameter A=t H 2 (PK), where H 2 is a one-way hash function , H 2 (X) is the hash value of the message X, and H 2 : G 1 → G 1 .

請再參閱第6圖,其係為本發明之驗證公開金鑰之方法之示意圖。如圖所示,使用者端30將公鑰PK、包含第一公鑰驗證參數T及第二公鑰驗證參數A之部分公鑰驗證參數傳送給接收者端34,接收者端藉由一組雙線性運算來檢驗公鑰PK是否通過驗證。雙線性函數是橢圓曲線中的一種特性,由一個群對應到另一個群,G1為橢圓曲線上的加法循環群,G2為橢圓曲線上的乘法循環群,G1、G2之階數(order)為相同的質數q,其中P是G1的生成元。雙線性配對可表示為:e:G1×G1→G2,並應具有下列三種性質:(1)雙線性:對任意整數x,yZ*q,存在e(xP,yP)=e(P,P)xy,PG1;(2)非退化性:假設P是G1的生成元,則e(P,P)是G2的生成元;(3)可計算性:P,QG1,存在一個多項式時間有效率的演算法去計算出e(P,Q)G2Please refer to FIG. 6 again, which is a schematic diagram of the method for verifying the public key of the present invention. As shown in the figure, the user terminal 30 transmits the public key PK, the partial public key verification parameter including the first public key verification parameter T and the second public key verification parameter A to the receiver end 34, and the receiver end is provided by a group. A bilinear operation is performed to verify whether the public key PK has passed verification. A bilinear function is a property of an elliptic curve, from one group to another, G 1 is an additive cycle group on an elliptic curve, G 2 is a multiplicative cycle group on an elliptic curve, and the order of G 1 and G 2 The order is the same prime number q, where P is the generator of G 1 . Bilinear pairing can be expressed as: e: G 1 × G 1 → G 2 and should have the following three properties: (1) bilinear: for any integer x, y Z*q, there exists e(xP, yP)=e(P,P) xy ,P G 1 ; (2) Non-degenerate: Assuming P is a generator of G 1 , then e(P, P) is the generator of G 2 ; (3) Computability: P, Q G 1 , there is a polynomial time efficient algorithm to calculate e(P, Q) G 2 .

接收者端34接收到公鑰PK、第一公鑰驗證參數T及第二公鑰驗證參數A後,進行一組雙線性運算e(A,Ppub)=e(H(PK),T)來檢驗公開金鑰,其中Ppub為第三方的公開金鑰,系統參數中的值Ppub=sP。若兩個雙線性函數的結果相等,則確認為認證過之公鑰PK,使用者端30可接著藉由私鑰產生對文件之免憑證簽章,傳送至接收者端34,由接收者端34利用經過認證之公鑰PK來驗證免憑證簽章之正確性。 After receiving the public key PK, the first public key verification parameter T and the second public key verification parameter A, the receiver side 34 performs a set of bilinear operations e(A, P pub )=e(H(PK), T ) to verify the public key, where P pub is the public key of the third party, and the value in the system parameter is P pub = sP. If the results of the two bilinear functions are equal, it is confirmed as the authenticated public key PK, and the client 30 can then generate a certificate-free signature for the file by the private key, and transmit it to the receiver 34, and the recipient End 34 uses the authenticated public key PK to verify the correctness of the voucher-free signature.

以上所述僅為舉例性,而非為限制性者。任何未脫離本發明之精神與範疇,而對其進行之等效修改或變更,均應包含於後附之申請專利範圍中。 The above is intended to be illustrative only and not limiting. Any equivalent modifications or alterations to the spirit and scope of the invention are intended to be included in the scope of the appended claims.

S1~S7‧‧‧步驟 S1~S7‧‧‧ steps

Claims (6)

一種具有時戳驗證之免憑證公開金鑰認證管理方法,係適用於一通訊網路中文件傳送時之簽章及驗證,該方法包含下列步驟:藉由一金鑰產生中心設定一主密鑰及一公開系統參數;藉由該金鑰產生中心設定之該主密鑰及該公開系統參數,加上一使用者端之一識別碼,提取一部分密鑰並傳送至該使用者端;經由該使用者端設定一秘密值,藉由該祕密值與該部分密鑰共同產生一私鑰,並藉由該祕密值及一系統參數產生一公鑰;將該公鑰傳送至一公正第三方,由該公正第三方藉由一時戳進行運算產生一部份公鑰驗證參數,回傳至該使用者端;該使用者端將該公鑰及該部份公鑰驗證參數傳送至一驗證者端,由該驗證者端進行一組雙線性運算以檢驗該公鑰是否通過驗證;該使用者端藉由該私鑰、該祕密值及該系統參數對一文件產生一免憑證簽章,並透過該通訊網路傳送至該驗證者端;以及該驗證者端透過該公鑰及該系統參數驗證該免憑證簽章之正確性;其中該部份公鑰驗證參數包含一第一公鑰驗證參數及一第二公鑰驗證參數。 A voucher-free public key authentication management method with time stamp verification is applicable to signature and verification of file transfer in a communication network, and the method comprises the following steps: setting a master key by a key generation center and a public system parameter; the master key set by the key generation center and the public system parameter, plus a user end identification code, extract a part of the key and transmit to the user end; via the use Setting a secret value by using the secret value together with the partial key to generate a private key, and generating a public key by using the secret value and a system parameter; transmitting the public key to an impartial third party, The unbiased third party generates a part of the public key verification parameter by using a time stamp to be transmitted back to the user end; the user end transmits the public key and the part of the public key verification parameter to a verifier. Performing a set of bilinear operations by the verifier to verify whether the public key passes the verification; the user end generates a voucher-free signature for a file by using the private key, the secret value, and the system parameter, and The pass The network transmits to the verifier; and the verifier verifies the correctness of the voucher-free signature through the public key and the system parameter; wherein the partial public key verification parameter includes a first public key verification parameter and a The second public key verification parameter. 如申請專利範圍第1項所述之具有時戳驗證之免憑證公開金鑰認證管理方法,其中該公開系統參數包含橢圓曲線之加法群、 橢圓曲線之乘法群、哈希函數以及該金鑰產生中心之一公開金鑰。 The method for managing certificate-free public key authentication with time stamp verification as described in claim 1, wherein the disclosed system parameter includes an additive group of elliptic curves, The multiplicative group of elliptic curves, the hash function, and one of the key generation centers expose the key. 如申請專利範圍第1項所述之具有時戳驗證之免憑證公開金鑰認證管理方法,該時戳記錄於該公正第三方當中。 The method for managing a certificate-free public key certificate with time stamp verification as described in claim 1 of the patent application scope, wherein the time stamp is recorded in the impartial third party. 如申請專利範圍第1項所述之具有時戳驗證之免憑證公開金鑰認證管理方法,其中該時戳進行運算產生一時戳參數,該時戳參數包含一公正第三方主密鑰與該時戳接黏運算之一單向雜湊函數值。 The method for managing a certificate-free public key authentication with time stamp verification as described in claim 1, wherein the time stamp is operated to generate a time stamp parameter, wherein the time stamp parameter includes a fair third party master key and the time One of the one-way hash function values. 如申請專利範圍第4項所述之具有時戳驗證之免憑證公開金鑰認證管理方法,其中該第一公鑰驗證參數包含一公正第三方主密鑰、該時戳參數以及加法循環群之一生成元。 The voucher-free public key authentication management method with time stamp verification as described in claim 4, wherein the first public key verification parameter includes a fair third party master key, the time stamp parameter, and an addition cycle group A generator. 如申請專利範圍第4項所述之具有時戳驗證之免憑證公開金鑰認證管理方法,其中該第二公鑰驗證參數包含該時戳參數以及該公鑰之一單向雜湊函數值。 The voucher-free public key authentication management method with time stamp verification according to claim 4, wherein the second public key verification parameter includes the time stamp parameter and a one-way hash function value of the public key.
TW104142576A 2015-12-17 2015-12-17 Certificateless public key management method with timestamp verification TWI593267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104142576A TWI593267B (en) 2015-12-17 2015-12-17 Certificateless public key management method with timestamp verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104142576A TWI593267B (en) 2015-12-17 2015-12-17 Certificateless public key management method with timestamp verification

Publications (2)

Publication Number Publication Date
TW201724803A TW201724803A (en) 2017-07-01
TWI593267B true TWI593267B (en) 2017-07-21

Family

ID=60047411

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104142576A TWI593267B (en) 2015-12-17 2015-12-17 Certificateless public key management method with timestamp verification

Country Status (1)

Country Link
TW (1) TWI593267B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI734729B (en) * 2017-01-19 2021-08-01 香港商阿里巴巴集團服務有限公司 Method and device for realizing electronic signature and signature server
JP7372938B2 (en) * 2018-05-14 2023-11-01 エヌチェーン ライセンシング アーゲー Computer-implemented systems and methods for performing atomic swaps using blockchain
TWI695293B (en) * 2019-03-29 2020-06-01 天逸財金科技服務股份有限公司 Method, system and server for protection mechanism of digital signature certificate
CN110414192B (en) * 2019-06-14 2023-09-26 尚承科技股份有限公司 Control and management system and method applied to safety manufacture

Also Published As

Publication number Publication date
TW201724803A (en) 2017-07-01

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
US11108565B2 (en) Secure communications providing forward secrecy
CN107947913B (en) Anonymous authentication method and system based on identity
CN109257184B (en) Linkable ring signature method based on anonymous broadcast encryption
US8914643B2 (en) Anonymous authentication system and anonymous authentication method
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN108989054B (en) Cipher system and digital signature method
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN102970144B (en) The authentication method of identity-based
CN106936584B (en) Method for constructing certificateless public key cryptosystem
CN107094108A (en) The method for being connected to the part of data/address bus and encryption function being realized in the part
CN112087428B (en) Anti-quantum computing identity authentication system and method based on digital certificate
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
TWI593267B (en) Certificateless public key management method with timestamp verification
JP2006109107A (en) Signature formation method, signature verification method, public key distribution method, and information processing apparatus
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
US7971234B1 (en) Method and apparatus for offline cryptographic key establishment
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
CN114095181A (en) Threshold ring signature method and system based on state cryptographic algorithm
US20150006900A1 (en) Signature protocol
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees