CN100542091C - A kind of key generation method and system based on identity - Google Patents

A kind of key generation method and system based on identity Download PDF

Info

Publication number
CN100542091C
CN100542091C CNB2006100902345A CN200610090234A CN100542091C CN 100542091 C CN100542091 C CN 100542091C CN B2006100902345 A CNB2006100902345 A CN B2006100902345A CN 200610090234 A CN200610090234 A CN 200610090234A CN 100542091 C CN100542091 C CN 100542091C
Authority
CN
China
Prior art keywords
key
user
generates
identity
generator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100902345A
Other languages
Chinese (zh)
Other versions
CN1878060A (en
Inventor
曹珍富
董晓蕾
王励成
郑志彬
位继伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Shanghai Jiaotong University
Original Assignee
Huawei Technologies Co Ltd
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd, Shanghai Jiaotong University filed Critical Huawei Technologies Co Ltd
Priority to CNB2006100902345A priority Critical patent/CN100542091C/en
Publication of CN1878060A publication Critical patent/CN1878060A/en
Application granted granted Critical
Publication of CN100542091C publication Critical patent/CN100542091C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a kind of key generation method and system based on identity.Relate to computer communication and E-business applications field.There are key escrow problem and the insecure problem of safe lane in the prior art in order to solve, the invention provides a kind of key generation method based on identity, described method comprises the initialization system parameter, generates user profile, generates initial key, verifies initial key, generates the step of strengthening key and generating user key.The present invention also provides a kind of key generation system based on identity, and described system comprises the initialization system parameter module, generates subscriber information module, generates the initial key module, verifies the initial key module, generates and strengthen cipher key module and generate the user key module.Adopt technical scheme of the present invention to solve dependence and key escrow problem, effectively prevent the various attacks of pretending to be safe lane.

Description

A kind of key generation method and system based on identity
Technical field
The present invention relates to computer communication and E-business applications field, particularly a kind of key generation method and system based on identity.
Background technology
1984, Shamir proposed the cryptographic system based on identity.In theory, cryptographic system and digital signature system based on identity do not need authentication center, can be with the PKI of arbitrary string as the user, and the also feasible cryptographic system based on identity of this ability (for example is widely used the field, desirable e-mail, the application of various smart cards), and the problem such as time limit restriction, authority of office restriction, authority recovery of headache all can be readily solved in the ordinary password system.
Although the signature scheme that Shamir just provided based on identity in 1984, but the encryption system based on identity of first practicality was just provided by Boneh and Franklin up to calendar year 2001, their scheme abbreviates IBE (Identity-based encryption is based on the encryption system of identity) as in academia.The IBE scheme is based on that the bilinearity pairing that is based upon on the elliptic curve realizes.At present, many researchers are making great efforts to improve the computational efficiency of pairing.Can conclude,, will have very big development space based on the cryptographic system and the various application thereof of identity along with the raising of pairing implementation efficiency.
Afterwards, various cryptographic systems based on identity have been carried successively, for example various signature systems based on identity, label dense body system and key agreement system etc.
In the cryptographic system based on identity, PKG (Private Key Generator, private key maker) is responsible for the user and generates private key, and is sent in user's hand by safe lane.So just produced two corresponding problem: the one, the key escrow problem.Because PKG has user's private key, so PKG both can decipher any user's file, can pretend to be any user to sign again, thereby make the identity discriminating in this system lose guarantee.The 2nd, the safe lane problem.Under existing technical conditions, realize safe lane, very big difficulty is still arranged.Although quanta cryptology technique declares to realize safe lane that these new technologies all also only rest on laboratory stage, are difficult to large scale investment and use.
The prior art scheme that solves the key escrow problem is to pass through threshold technique, promptly generate the private key that central distribution formula ground generates the user by a plurality of keys, each PKG generates a burst of private key for user, and the user remerges out the private key of oneself after receiving the burst of some.Like this, single PKG just can not have user's private key.This has alleviated people's censuring based on key escrow problem in the cryptographic system of identity to a certain extent.
Yet, utilize the solution operational efficiency of threshold technique not high.Main cause is: need a plurality of key generators in this solution.On the one hand, each key generator at first needs to confirm user's true identity (this generally need finish by the mode of off-line), and promptly each key generator all must be with user interactions at least once.And in original cryptographic system based on identity, this work is only carried out between user and unique key generator.On the other hand, each key generator need calculate the burst of private key for user, and the user also will remove to calculate the private key of oneself according to the thresholding synthetic method after receiving these bursts.
In addition, the scheme based on threshold technique requires to have safe lane between each key generation center and the user.In this sense, though the key escrow problem has obtained alleviation, but aggravated dependence to safe lane.
The technology that blinds has solved well based in the cryptographic system of identity safe lane being relied on problem, the technology of blinding here is meant that the user is at first secret and selects a random number to take advantage of together with the PKI of oneself as the blind factor, and then give PKG and allow its signature, this signature just can transmit on overt channel fully so.Receive the signature of PKG as the user after, remove the secret just now blind factor of selecting again and just obtain correct private key.By this technology that blinds, key generator and user can upload the warp let-off at overt channel and cross the key that blinds.Carry out " casting off illiteracy " operation after the user obtains again, thereby recover the private key of oneself.This technology has solved the dependence problem based on the safe lane of the cryptographic system of identity well, but to the key escrow problem without any contribution.Private key after the user carries out and to cast off illiteracy is the one-way function of the private key of key generator and user's PKI, still can generate and does not add the private key for user that blinds thereby key generates the center.So the key escrow problem still exists.
Summary of the invention
In order to reach the purpose that solves key escrow and safe lane problem simultaneously, the invention provides a kind of key generation method and system based on identity, scheme of the present invention is as follows:
The invention provides a kind of key generation method, said method comprising the steps of based on identity:
Steps A: initialization system parameter;
Step B: the user generates user profile according to described system parameters, generate user's initial key by total key generator, and described user profile and initial key sent to each collaborative key generator, described user profile comprise the user identity information, blind PKI and to the described signature that blinds PKI based on password;
Step C: after described collaborative key generator is received described user profile and initial key, described user's identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then.
Step D: after described user receives described reinforcement key, described reinforcement key is carried out key extract, generate user key, and described user key is verified.
The initialization system parameter comprises the parameter of setting total key generator and each collaborative key generator in the described steps A:
Described step B specifically comprises:
Step B 1: the user generates user profile according to described system parameters, and described user profile is sent to total key generator, application adding system;
Step B2: described total key generator generates user's initial key according to described user profile, and sends to the user;
Step B3: the user verifies after receiving described initial key that if the verification passes, the user adds system's success, and described user profile and initial key are sent to each collaborative key generator; Otherwise return step B1, apply for the adding system again;
Described step B1 specifically may further comprise the steps:
Step B11: the user selects password, and generates the shadow of described password according to described password;
Step B12: described user selects to blind the factor, and generates and blind PKI according to the described factor that blinds;
Step B13: described user signs to the described PKI that blinds with password, generates to blind public key signature, and described user's identity, the signature that blinds PKI and blind PKI are sent to total key generator as user profile.
Described step B2 specifically may further comprise the steps:
Step B21: after described total key generator is received described user profile, confirm user's true identity and obtain the shadow of user password that by offline mode identity and the password shadow with the user deposits local data base in then;
Step B22: described total key generator checking user's identity after checking is passed through, generates described user's initial key and sends to the user.
Described step D specifically may further comprise the steps:
Step D1: after described user receives the reinforcement key of each collaborative key generator, carry out key and extract the described user key of generation;
Step D2: the user verifies described user key, if the verification passes, finishes key and generates; Otherwise find concrete disoperative collaborative key generator, require this collaborative key generator to resend correct reinforcement key.
The transmission of information is all finished by overt channel in the described method.
The present invention also provides a kind of key generation system based on identity, and described system comprises: initialization system parameter module, generation initial key module, generation are strengthened cipher key module and are generated the user key module;
Described initialization system parameter module is used for the initialization system parameter;
Described generation initial key module is used for the user and generates user profile according to described system parameters, generate user's initial key by total key generator, and described user profile and initial key sent to each collaborative key generator, described user profile comprise the user identity information, blind PKI and to the described signature that blinds PKI based on password;
After described generation is strengthened cipher key module and is used for described collaborative key generator and receives described user profile and initial key, described identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then;
Described generation user key module is used for described user receive described reinforcement key after, described reinforcement key is carried out key extracts, generate user key, and described user key verified.
The invention has the beneficial effects as follows:
1, removed dependence to safe lane, making can practicability based on the cryptographic system of identity;
2, solved the trustship problem of independent key generator effectively to private key for user, or the low efficiency problem of a plurality of key generators realizations, well protected user's privacy, made and adopt the cryptographic system based on identity of the present invention to be more prone to accept into the user;
3, the authentication mechanism based on password has effectively prevented the various attacks of pretending to be, and guarantees that the assailant can't obtain private key for user.
Description of drawings
Fig. 1 is the key generation method flow chart based on identity of the present invention;
Fig. 2 is the key generation system schematic diagram based on identity of the present invention.
Embodiment
With embodiment the present invention is further specified below with reference to accompanying drawings, but not as a limitation of the invention.
Three kinds of technology have been merged in the present invention: blind technology, licensing scheme and based on the authentication mechanism of password in many ways, the effect that wherein blinds is to remove the dependence to safe lane, in many ways the effect of licensing scheme is to overcome the trustship of independent key generator to private key for user, is to prevent that based on the effect of password authentication mechanism the assailant from imitating user or certain key generator.
Scheme of the present invention is specific as follows:
Referring to Fig. 1, the invention provides a kind of key generation method based on identity, described method step is as follows:
Steps A: initialization system parameter; The specific implementation step is as follows:
Step 101: set total key generator system parameters, here the key generator of a total responsible authenticating user identification is called total key generator, note is made PKG0, the key generator of a plurality of collaborative mandates is called collaborative key generator, note is made PKGi (i=1, ..., n), concrete setup parameter process is as follows:
At first, the selected work group G of total key generator PKG0 1And G 2, G 1Certain generator P and the definition from G 1* G 1To G 2On bilinearity mapping ê;
Select a prime number p greater than 512 bits to satisfy p=2 mod 3 and p=6q-1, q is a prime number here, makes that E is by equation y 2=x 3+ 1 is defined in the elliptic curve on the finite field gf (p), makes that P is a q rank element among the E/GF (p), order group G 1=<P 〉, promptly by the module on the elliptic curve of P generation;
Make 1 ≠ ζ ∈ GF (p 2) be EQUATION x 3Separate for one of-1=0 mod p, make mapping phi (x, y)=(ζ x, y); By<P, φ (P)〉group that generates is E[q], make G again 2Be GF (p 2) all rank are the set that the element of q is formed among the *, e:E[q] * E[q] → G 2Be to be defined in E/GF (p 2) on Weil pairing, the Weil that then revises pairing ê is defined as: ê (P, Q)=e (P, φ (Q)); Can prove that Ding Yi ê satisfies bilinearity, non-degeneracy and computability like this.
Secondly, total key generator PKG0 is from Z q *In select master key s0 at random, Z wherein q *Be set 1,2 ..., q-1}, and make P0=[s0] P;
Once more, selected following two the Hash functions of total key generator PKG0:
H:{0,1} *→ G 1Be the Map-to-point function, be defined as:
If h:{0,1} *→ GF (p) is Hash function of any one anti-collision (promptly can not find two different independents variable of corresponding same functional value), and described h considers that the collision of present MD5 and SHA-1 finds that all getting h is SHA-256.Calculate y=h (ID) earlier, wherein ID is the binary string of expression user identity; Calculate x=(y again 2-1) (2p-1)/3Modp; Make then that H (ID)=(x y) is G 1In the point;
H 1: G 1→ G 1Be a unidirectional Ha sh function, be defined as:
For G 1In some R (x ', y '), make y=h (x ' || y '), and x=(y 2-1) (2p-1)/3Mod p makes H then 1(x ', y ')=(x y) is G 1In new point;
At last, total key generator PKG0 public address system parameter<G 1, G 2, P, ê, H, H 1, n, P0 〉, wherein n refers to the number of collaborative key generator.
Step 102: total key generator and collaborative key generator interactive operation, generation system PKI parameter, the specific implementation step is as follows:
At first, and collaborative key generator PKGi (i=1 ..., n) from Z q *In select own key si at random, make Pi=[si] P, Yi=[si] P0, send by overt channel then that (Pi is Yi) to PKG0;
Secondly, when total key generator PKG0 receive that each collaborative key generator PKGi sends (Pi, Yi) after, carry out: Y = Σ i = 1 n Yi , The checking equation e ^ ( Y , P ) = e ^ ( Σ i = 1 n Pi , P 0 ) Whether set up, if be false, just explanation has disoperative key generator, can by checking equation ê (P0, Pi)=(Yi P) finds the key generator of making trouble to ê, gets rid of these disoperative key generators and regenerates system's PKI; After the checking equation is set up, delivery system PKI parameter<G 1, G 2, P, ê, H, H 1, n, P0, P1 ..., Pn, Y 〉, system's PKI parameter setting finishes.
Step B: the user generates user profile according to described system parameters, generates user's initial key by total key generator, and described user profile and initial key are sent to each collaborative key generator; The specific implementation step is as follows:
Step 103: the identity of user U is ID, and the user is from Z q *The middle password (character string that can select easy note earlier uses hash function h to be varied to w as password after the certain filling at random of process) of selecting a random number w conduct oneself, and according to described password calculating W=[w] P, the shadow W of generation password.
Step 104: user U is from Z q *In select random number r as blinding the factor again, and calculate D=[r according to the described factor r that blinds] H (ID), generate and blind PKI D.
Step 105: the user signs to the described PKI that blinds with password, i.e. R=[w] H 1(D), generate and to blind public key signature R, and with described user's identity ID, the signature R that blinds PKI D and blind PKI as user profile (ID, D R), sends described user profile (ID by overt channel then, D R) gives total key generator PKG0, and request adds.
Step 106: described total key generator PKG0 receive user U user profile (ID, D, R) after, confirm the true identity of user U and obtain the shadow W (x of user password by offline mode w, y w) (ID W) deposits local data base in, only allows own and remaining key generator is visited this database with two tuples of the shadow W of user's identity ID and password then.
So-called " offline mode " is with regard to the cryptographic mode of right and wrong, for example: user real identification is verified in meeting in person, perhaps make a phone call, identify user identity by the sound waveform analytical technology then, perhaps can prove the data etc. of user identity by mail system (just as sending of the topsecret papers) transmission that can guarantee to be perfectly safe.In a word, at the beginning of system registry, be to finish with the method outside the designed cryptographic system to the checking of user real identification, for designed cryptographic system, just be called " offline mode ".After authentication work at the beginning of the registration was finished, remaining work just can be finished according to the agreement flow process of designed cryptographic system itself, and so, these follow-up work are exactly so-called " online mode ".
Step 107: total key generator PKG0 is by checking equation ê (W, H 1(D))=(whether P R) becomes Rob Roy to verify user's identity to ê, does not pass through if PKG0 verifies, i.e. equation ê (W, H 1(D))=ê (R) be false, and the password shadow mistake that the user provides is described, system refuses this user and adds, and what stop this user this time adds flow process by P.If the PKG0 checking is passed through, i.e. equation ê (W, H 1(D))=and ê (P R) sets up, and calculates Q0=[s0] D generates user's initial key Q0, and by overt channel initial key Q0 sent to user U.
Step 108: after the user receives initial key Q0, checking equation ê (Q0, P)=(whether D P0) sets up ê, sets up then that the user adds success, i.e. step 109; Otherwise, illustrate that PKG0 is uncooperative, issue the message of one " PKG0 cheating ", and return step 103 and allow the user apply for again adding.If system's operation is normal, but walk out of existing equation ê to this (Q0, P)=ê (P0) be false, and illustrates that then PKG0 is uncooperative, refuses to generate private key into legal users by D.In general, can not consider this situation.But in reality, also may be, and cause this situation to occur because unknowable mistake appear in system operation, what might as well stop this user so this time adds flow process, allows the user apply for again adding.
Step 109: the user adds system's success, obtains initial key.
Step 110: after the user U adding system, by overt channel send user profile and initial key (ID, D, R, Q0) to each collaborative key generator PKGi (i=1 ..., n), ask them that key Q0 is carried out intensified operation.
Step C: after described collaborative key generator is received described user profile and initial key, described identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then; The specific implementation step is as follows:
Step 111: each collaborative key generator PKGi receive user profile that user U sends and initial key (ID, D, R, Q0) after, it is verified: ê (W, H 1(D))=ê (P, R) and ê (Q0, P)=ê (D, P0).
Step 112:, calculate to strengthen key Qi=[si if after checking is passed through] Q0, and will strengthen key Qi by overt channel and send to user U.If checking is not passed through, then reporting errors stops this agreement operation then.
Step D: after described user receives described reinforcement key, described reinforcement key is carried out key extract, generate user key, and described user key is verified; The specific implementation step is as follows:
Step 113: user U receive each collaborative key generator reinforcement key Q i (i=1,2 ..., n) after, carry out key and extract, make S '=Q1+Q2+...+Qn, again by calculating S=[r -1] S ' obtains the key S of oneself.
Step 114: user U verifies described key S, promptly check equation ê (S, P)=whether ê (Y, H (ID)) set up, if set up, illustrate that key generates correctly; Otherwise the Qi that certain collaborative key generator PKGi transmission is described is incorrect, can by checking equation ê (Q0, Pi)=(Qi P) finds concrete disoperative collaborative key generator to ê, require this collaborative key generator PKGi to resend correct reinforcement key Qi, promptly return step 112.
Step 115: finish user key and generate.
User U has obtained private key S=s0 (s1+s2+...+sn) H (ID) of oneself, because Q0=[s0] D=s0rH (ID), Qi=[si] Q0=s0sirH (ID), so S here and S=[r -1] S essence among the S ' is identical, and PKG0 and any PKGi can not obtain S.So this programme has solved key escrow problem (although thoroughly do not solve, because PKG0 and all PKGi all conspire, being the private key S that can calculate user U) effectively.And the transmission of information is all finished by overt channel in the whole key generative process, does not use safe lane.So this programme has been realized goal of the invention: both overcome based on the private key for user trustship problem in the cryptographic system in province, removed the dependence to user and the direct safe lane of PKG again.
The shadow that obtains user password in this programme is because the user can not tell password to system, but system needs to rely on password to finish the certification work of back again, and the specific implementation process is as follows:
At first, the password that the user chooses with oneself is through obtaining " password shadow " behind the monotonic transformation (carrying out being transformed into again after the hash conversion point on the elliptic curve here earlier).The certification work of back will depend on " password shadow " and finish.If certain assailant intercepted this user's " password shadow ", so just can authentication phase afterwards pretend to be this user, " so password shadow " must be also in the submission at that time of " off-line " identity verification (because supposed that the communication in that stage is safe, otherwise all work all cannot be done).On the one hand, " password shadow " is that user oneself calculates according to password, can be regarded as random number in addition, and bad memory is not so the user needs to preserve it after " password shadow " offered system.The back is calculated once just passable in needs again.
It is no doubt dangerous to leak password, and it is dangerous too to leak " password shadow ".So in system of the present invention, the occupation mode of " password shadow " is very careful.When needing authentication at every turn, all generate earlier the PKI that oneself " has blinded ", and then be multiplied by " password shadow " transmission, be equivalent to sign to blinding PKI as private key with " password shadow ", both reach the effect of authentication, guaranteed the safety of " password shadow " again.Even certain blinds the factor and has leaked, also be not easy to have influence on the safety of " password shadow ".Because in system of the present invention, to obtain " password shadow " from the message that blinds the factor and intercepting and capturing and be equivalent to and find the solution a discrete logarithm difficult problem, be impossible.
Referring to Fig. 2, the present invention also provides a kind of key generation system based on identity, it is characterized in that described system comprises: initialization system parameter module, generation initial key module, generation are strengthened cipher key module and are generated the user key module;
Described initialization system parameter module is used for the initialization system parameter;
Described generation initial key module is used for the user and generates user profile according to described system parameters, generates user's initial key by total key generator, and described user profile and initial key are sent to each collaborative key generator;
After described generation is strengthened cipher key module and is used for described collaborative key generator and receives described user profile and initial key, described identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then;
Described generation user key module is used for described user receive described reinforcement key after, described reinforcement key is carried out key extracts, generate user key, and described user key verified.
More than be that preferred implementation of the present invention is described, common variation and replacement that those skilled in the art carries out in the scheme scope of the technology of the present invention all should be included in protection scope of the present invention.

Claims (6)

1. the key generation method based on identity is characterized in that, said method comprising the steps of:
Steps A: initialization system parameter;
Step B: the user generates user profile according to described system parameters, generates user's initial key by total key generator, and described user profile and initial key are sent to each collaborative key generator; Described step B specifically comprises:
Step B1: the user generates user profile according to described system parameters, and described user profile is sent to total key generator, application adding system;
Step B2: described total key generator generates user's initial key according to described user profile, and sends to the user;
Step B3: the user verifies after receiving described initial key that if the verification passes, the user adds system's success, and described user profile and initial key are sent to each collaborative key generator; Otherwise return step B1, apply for the adding system again;
Wherein, described step B1 specifically comprises:
Step B11: the user is according to the system parameter selection password, and generates the shadow of described password according to described password;
Step B12: described user blinds the factor according to system parameter selection, and generates and to blind PKI according to the described factor that blinds;
Step B13: described user signs to the described PKI that blinds with password, generates to blind public key signature, and described user's identity information, the signature that blinds PKI and blind PKI are sent to total key generator as user profile;
Step C: after described collaborative key generator is received described user profile and initial key, described user's identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then;
Step D: after described user receives described reinforcement key, described reinforcement key is carried out key extract, generate user key, and described user key is verified.
2. a kind of key generation method based on identity as claimed in claim 1 is characterized in that, the initialization system parameter comprises the parameter of setting total key generator and each collaborative key generator in the described steps A:
3. a kind of key generation method based on identity as claimed in claim 1 is characterized in that described step B2 specifically comprises:
Step B21: after described total key generator is received described user profile, confirm user's true identity and obtain the shadow of user password, deposit user's the identity and the shadow of password in local data base then by offline mode;
Step B22: described total key generator checking user's identity after checking is passed through, generates described user's initial key and sends to the user.
4. as claim 1 or 2 or 3 described a kind of key generation methods, it is characterized in that described step D specifically comprises based on identity:
Step D1: after described user receives the reinforcement key of each collaborative key generator, carry out key and extract the described user key of generation;
Step D2: the user verifies described user key, if the verification passes, finishes key and generates; Otherwise find disoperative collaborative key generator, require this collaborative key generator to resend correct reinforcement key.
5. as claim 1 or the described a kind of key generation method of 2 or 3 any claims, it is characterized in that the transmission of information is all finished by overt channel in the described method based on identity.
6. key generation system based on identity is characterized in that described system comprises:
Initialization system parameter module, generation initial key module, generation are strengthened cipher key module and are generated the user key module;
Described initialization system parameter module is used for the initialization system parameter;
Described generation initial key module is used for the user and generates user profile according to described system parameters, generates user's initial key by total key generator, and described user profile and initial key are sent to each collaborative key generator, and it specifically comprises:
Step B1: the user generates user profile according to described system parameters, and described user profile is sent to total key generator, application adding system;
Step B2: described total key generator generates user's initial key according to described user profile, and sends to the user;
Step B3: the user verifies after receiving described initial key that if the verification passes, the user adds system's success, and described user profile and initial key are sent to each collaborative key generator; Otherwise return step B1, apply for the adding system again;
Wherein, described step B1 specifically comprises:
Step B11: the user is according to the system parameter selection password, and generates the shadow of described password according to described password;
Step B12: described user blinds the factor according to system parameter selection, and generates and to blind PKI according to the described factor that blinds;
Step B13: described user signs to the described PKI that blinds with password, generates to blind public key signature, and described user's identity information, the signature that blinds PKI and blind PKI are sent to total key generator as user profile;
After described generation is strengthened cipher key module and is used for described collaborative key generator and receives described user profile and initial key, described user's identity information and initial key are verified; If the verification passes, collaborative key generator carries out key and strengthens, and generates and strengthens key, and described reinforcement key is sent to described user; If checking is not passed through, then reporting errors stops this agreement operation then;
Described generation user key module is used for described user receive described reinforcement key after, described reinforcement key is carried out key extracts, generate user key, and described user key verified.
CNB2006100902345A 2006-07-07 2006-07-07 A kind of key generation method and system based on identity Expired - Fee Related CN100542091C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100902345A CN100542091C (en) 2006-07-07 2006-07-07 A kind of key generation method and system based on identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100902345A CN100542091C (en) 2006-07-07 2006-07-07 A kind of key generation method and system based on identity

Publications (2)

Publication Number Publication Date
CN1878060A CN1878060A (en) 2006-12-13
CN100542091C true CN100542091C (en) 2009-09-16

Family

ID=37510373

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100902345A Expired - Fee Related CN100542091C (en) 2006-07-07 2006-07-07 A kind of key generation method and system based on identity

Country Status (1)

Country Link
CN (1) CN100542091C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106034020A (en) * 2015-03-09 2016-10-19 深圳华智融科技有限公司 Key diffusion method and key diffusion device

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616001B (en) * 2008-06-23 2011-11-09 航天信息股份有限公司 Identity-based encryption method capable of reducing cipher text length
US8694771B2 (en) * 2012-02-10 2014-04-08 Connect In Private Panama Corp. Method and system for a certificate-less authenticated encryption scheme using identity-based encryption
CN103297241B (en) * 2013-05-31 2016-02-03 中国人民武装警察部队工程大学 Close building method is signed in a kind of One-off public key anonymity
CN103746810B (en) * 2013-12-27 2017-02-01 西安邮电大学 Anonymous sign-cryption method from certificate public key system to identity public key system
EP3318043B1 (en) * 2015-06-30 2020-09-16 Visa International Service Association Mutual authentication of confidential communication
CN107124269B (en) * 2017-04-05 2019-10-08 飞天诚信科技股份有限公司 A kind of tool and its working method for protecting master key
CN109359483B (en) * 2018-10-19 2021-09-10 东北大学秦皇岛分校 User privacy anonymity protection method based on block chain
CN112003696B (en) * 2020-08-25 2023-03-31 成都卫士通信息产业股份有限公司 SM9 key generation method, system, electronic equipment, device and storage medium
CN112164220B (en) * 2020-09-22 2022-08-02 江西锦路科技开发有限公司 Expressway service area congestion monitoring and automatic guidance system
CN114205081B (en) * 2021-12-03 2023-12-19 中国科学院大学 Blind collaborative signature method for protecting user privacy

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030179885A1 (en) * 2002-03-21 2003-09-25 Docomo Communications Laboratories Usa, Inc. Hierarchical identity-based encryption and signature schemes
CN1490974A (en) * 2003-09-15 2004-04-21 郑建德 Pin code system based on identity
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030179885A1 (en) * 2002-03-21 2003-09-25 Docomo Communications Laboratories Usa, Inc. Hierarchical identity-based encryption and signature schemes
CN1490974A (en) * 2003-09-15 2004-04-21 郑建德 Pin code system based on identity
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
An ID-Based Authenticated Key Agreement Protocol for Peer-to-Peer Computing. LU Rong-xing,CAO Zhen-fu,SU Ren-wang,CHAI Zhen-chuan.Journal of Shanghai Jiaotong University(Science),Vol.E-11 No.2006年第2期. 2006 *
可证安全的强壮门限部分盲签名. 曹珍富,朱浩瑾,陆荣幸.中国科学E辑 信息科学,第35卷第2005年第12期. 2005 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106034020A (en) * 2015-03-09 2016-10-19 深圳华智融科技有限公司 Key diffusion method and key diffusion device
CN106034020B (en) * 2015-03-09 2019-02-01 深圳华智融科技股份有限公司 A kind of key divergent method and device

Also Published As

Publication number Publication date
CN1878060A (en) 2006-12-13

Similar Documents

Publication Publication Date Title
CN100542091C (en) A kind of key generation method and system based on identity
US20230421375A1 (en) Threshold digital signature method and system
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Huang et al. Certificateless signatures: new schemes and security models
US7533270B2 (en) Signature schemes using bilinear mappings
EP2285040A1 (en) Two-factor combined public key generation and authentication method
CN110011781A (en) A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount
CN104184588B (en) The undetachable digital signatures method of identity-based
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN103117860B (en) Without the blind ring signatures method of certificate
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN106850198A (en) SM2 digital signature generation method and system based on the collaboration of many devices
KR20030008182A (en) Method of id-based blind signature by using bilinear parings
CN110995412B (en) Certificateless ring signcryption method based on multiplicative group
CN106656512A (en) SM2 digital signature generation method and system supporting threshold password
CN105227317A (en) A kind of cloud data integrity detection method and system supporting authenticator privacy
KR20030062401A (en) Apparatus and method for generating and verifying id-based blind signature by using bilinear parings
CN109951288A (en) A kind of classification signature method and system based on SM9 Digital Signature Algorithm
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
CN104320259A (en) Certificateless signature method based on Schnorr signature algorithm
CN106936584A (en) A kind of building method without CertPubKey cryptographic system
Au et al. Realizing fully secure unrestricted ID-based ring signature in the standard model based on HIBE
Li et al. A forward-secure certificate-based signature scheme

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090916

Termination date: 20170707