CN101599830A - Enterprises and institutions' electric endorsement method and trusted system based on identify label - Google Patents
Enterprises and institutions' electric endorsement method and trusted system based on identify label Download PDFInfo
- Publication number
- CN101599830A CN101599830A CNA2008100621815A CN200810062181A CN101599830A CN 101599830 A CN101599830 A CN 101599830A CN A2008100621815 A CNA2008100621815 A CN A2008100621815A CN 200810062181 A CN200810062181 A CN 200810062181A CN 101599830 A CN101599830 A CN 101599830A
- Authority
- CN
- China
- Prior art keywords
- private key
- user
- mould
- signature
- calculate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Based on the enterprises and institutions' electric endorsement method and the trusted system of identify label, the present invention relates to a kind of digital signature technology of information security field, it will provide a whole set of safe and reliable solution for the information platform of enterprises and institutions.The present invention has constructed the cryptographic methods based on identity that need not to match utilizing on the basis of quadratic residue, this method is divided four steps, is respectively that initialization step Setup, private key generate step e xtract, signature step Sign and verification step Verify.Based on above-mentioned cryptography scheme, a kind of concrete enterprises and institutions' internal electron endorsement method has been proposed, and construct trusted system based on this, utilize Setup to set up master key, utilize Extract to generate private key again, and relevant informations such as subscriber identity information, private key are formed E-seal be solidified into Ukey and transfer to the user and preserve for the user.The user utilizes the private key among the Ukey that document is signed in client with finger print information.
Description
One, technical field
The present invention relates to areas of information technology, be specifically related to a kind of digital signature technology of information security field.
Two, background technology
In compunication, the each side of communication need be responsible for their motion or statement, and digital signature satisfies this requirement.Digital signature is by an one-way function message that will transmit to be handled to obtain, in order to message identifying source and examine the alpha-numeric string whether message changes.Digital signature technology is when concrete work, and at first transmit leg imposes mathematic(al) manipulation to information, and this process is called encryption, and the information of gained is only corresponding with prime information; Carry out inverse transformation the recipient, be called deciphering, obtain raw information.As long as the mathematic(al) manipulation method is good, the information after the conversion just has very strong fail safe in transmission, be difficult to be decrypted, distort.
Problems such as digital signature can solve and deny, forges, distorts and pretend to be.Specific requirement: message signature, the recipient that the sender can not deny sending afterwards can examine that message signature that the sender sends, message signature, recipient that the recipient can not forge the sender can not carry out that part is distorted to sender's message, a certain user in the network can not pretend to be another user as sender or recipient.
Realize that digital signature has a lot of methods, the general at present public key encryption system that adopts.The maximum characteristics of this system are that two different keys are adopted in encryption and decryption: a key is open as the password of encrypting, and is referred to as PKI; A key is user's special use, as clear crytpographic key, is referred to as private key.Communicating pair interchange key in advance just can carry out secure communication, go out expressly or private key from PKI or ciphertext analysis, and on calculating, be infeasible.If as encryption key, private key can realize then that as decruption key the message of a plurality of user encryptions can only be understood by a user with PKI; Otherwise, with private key as encryption key, and with PKI as decruption key, can realize that then the message by a user encryption can make a plurality of users understand.The former can be used for secure communication, and the latter can be used for digital signature.
The problem of most critical is exactly how to realize key management in the system of PKIX.Specifically, because PKI mechanism relates to PKI and private key, private key is by user oneself keeping, and PKI then is disclosed, can transmit on the net.Therefore, the key management of public key system mainly is the problem of management of PKI, and the solution that generally adopts is a certificate mechanism at present, by the CA of authentication center, as the third party's trust authority with authoritative and fairness, provides the digital certificate of client public key.Yet solving public key management by the CA of the third-party institution trusty is not a simple question.CA adopts PKIX framework technology, and the network ID authentication service need be provided specially, is responsible for signing and issuing and managing digital certificate.Also need to be responsible for the management aspect all of after certificate issuance certificate life cycle simultaneously, comprise the tracking certificate status, and when certificate need be cancelled issue certificate revocation notice or the like problem.Therefore, for solving based on the cipher key management considerations in the PKIX, Shamir[2] common key cryptosystem that proposed based on identity in 1984.In the common key cryptosystem based on identity, user's PKI no longer is insignificant random string, but has the subscriber identity information such as address name, address of certain sense.Corresponding private key for user then generates the center by a private key trusty and calculates according to subscriber identity information, is sent in user's hand by safe lane again.Therefore, compare with traditional system, simplified cipher key management considerations, be particularly suitable for an organization internal, application scenarios such as small community based on PKIX based on the common key cryptosystem of identity.So, be subjected to paying close attention to widely based on the digital signature technology of identity, based on the digital signature method emerge in multitude of identity.
But most existing is based on all based on the method for identity that Weil or Tate realize pairing.Because pairing needs very big amount of calculation, therefore, the digital signature method based on identity that structure need not to match is present research focus.Although the cryptographic methods of the existing realization that need not to match does not also have the identity endorsement method that really decomposes based on big integer.First was proposed in 1984 by Shamir based on digital signature method of identity, and the fail safe of this method is based on the RSA hypothesis, and the problem of RSA hypothesis and be not equal to big integer resolution problem.Afterwards, Cock utilizes quadratic residue to construct an encryption method based on identity, but does not provide endorsement method.In recent years, Lee and Liao had also proposed the identity digital signature that need not to match, but their method is based on discrete logarithm problem, rather than resolution problem.The method of these propositions does not all provide the assurance of approved safe, so we have constructed the identity endorsement method based on the integer resolution problem of approved safe.
Three, summary of the invention
The present invention has constructed the cryptographic methods based on identity that need not to match utilizing on the basis of quadratic residue, proposed a kind of concrete enterprises and institutions' internal electron endorsement method, and developed trusted system based on this.This method is divided four steps, is respectively that initialization step (following represent with Setup), private key generate step (following represent with Extract), signature step (following represent with Sign) and verification step (following represent with Verify).
3.1 initialization step Setup
Setup (k, l): reception input security parameter (k, l), this initialization algorithm is carried out according to following steps by the trusted center:
1. generate two big at random prime number p=2p '+1, q=2q '+l, wherein p ' and q ' they also are big prime numbers, satisfy 2
K-1≤ (p-1) (q-1) and pq<2
k, calculate N=p * q then.
2. select a ∈ Z
* N(Z
* NThe mould N multiplicative group that constitutes with the coprime element of N between the expression 1 to N), require the mould N jacobian symbol of a to equal-1.
3. calculate d=(N-p-q+5)/8.
4. select two one-way Hash function h
1(): 0,1}
*→ Z
* NAnd h
2(): 0,1}
*→ 0,1}
1
After this algorithm executes, the master key at trusted center be MK=(p, q, p ', q ', d), open parameter is: PM=(N, h
1(), h
2(), a, l).
3.2 private key generates step e xtract
(PM): given subscriber identity information ID, this private key generating algorithm is calculated user's private key S by the operation of trusted center to Extract for ID, MK
IDAnd corresponding label (c
1, c
2) ∈ 0,1}
2As follows:
1. calculate c
1If h
1(ID) mould N jacobian symbol is 1, c
1=0; If h
1(ID) mould N jacobian symbol is-1, c
1=1.
2. calculate h=a
C1H
1(ID) and c
2If the mould p of h and mould q jacobian symbol all are 1, c
2=0; If the mould p of h and mould q jacobian symbol all are-1, c
2=1.Make H (ID)=(1)
C2A
C1H
1(ID), then H (ID) is the quadratic residue under the mould N, i.e. H (ID) ∈ Q
NIn fact, H () can think a hash function H () who is mapped to the quadratic residue group: and 0,1}
*→ Q
N
3. calculate 2 of H (ID)
1Inferior root S
ID=(H (ID)
d)
1Mod N
S
IDSatisfy ((S
ID)
2)
1=H (ID) modN.
After executing this algorithm, the trusted center is with private key for user S
IDAnd label (c
1, c
2) give the user.
3.3 signature step Sign
Sign (M, S
ID, c
1, c
2, PM): this signature algorithm is carried out by the user, according to following operation message M is signed:
1. picked at random r ∈ Z
* N, calculate R=(r
2)
1ModN.
2. calculate σ=h
2(R, M).
3. calculate Z=r (S
ID) ° modN
Execute back output signature sig=(Z, σ, ID, c
1, c
2).
3.4 verification step Verify
Verfy (PM, sig): given signature for message M (Z, ID, a c
1, c
2), the legitimacy of this signature verification algorithm following steps check signature:
1. calculate H (ID)=(1)
C2A
C1H
1(ID) modN.
2. check equation σ=h
2((Z
2)
1Whether/H ° (ID) M) sets up.If equation is set up, output " signature is effectively ", otherwise output " it is invalid to sign ".
Four, description of drawings
Accompanying drawing 1 is enterprises and institutions' internal electron signature flow charts.
Five, embodiment
At first at enterprises and institutions' internal build local area network (LAN), and set up the trusted center as server.The user registers by local area network (LAN), by the trusted center to the user and signature file manage (as shown in Figure 1).
5.1 server
Enterprises and institutions set up inside the trusted center as server.The trusted center utilizes above-mentioned initialization step Setup to set up master key, utilizes private key to generate step e xtract again and generates private key for the user, and relevant informations such as subscriber identity information, private key are formed E-seal be solidified into Ukey and transfer to the user and preserve.The trusted center is kept at user's signature file in the safety database and manages.
5.2 client
The user utilizes the private key among the Ukey that document is signed in client with finger print information, and signature file is stored in the trusted center.
Claims (2)
1, a kind of electric endorsement method that is applicable to enterprises and institutions inside based on identify label, it is characterized in that, utilize on the basis of quadratic residue and constructed the digital signature method based on identify label that need not to match, this method is made up of four steps: initialization step Setup, private key generate step e xtract, signature step Sign and verification step Verify.Initialization step Setup, divided for four steps finished: (1) generates two big at random prime number p=2p '+1, q=2q '+1, wherein p ' and q ' they also are big prime numbers, satisfy 2
K-1≤ (p-1) (q-1) and pq<2
k, calculate N=p * q then; (2) select a ∈ Z
* N, require the mould N jacobian symbol of a to equal-1; (3) calculate d=(N-p-q+5)/8; (4) select two one-way Hash function h
1(): 0,1}
*→ Z
* NAnd h
2(): 0,1}
*→ 0,1}
t. after this algorithm executes, the master key at trusted center be MK=(p, q, p ', q ', d), open parameter is: PM=(N, h
1(), h
2(), a, l).Private key generates step e xtract, and (PM): given subscriber identity information ID, this private key generating algorithm is calculated user's private key S by the operation of trusted center for ID, MK
IDAnd corresponding label (c
1, c
2) ∈ 0,1}
2, concrete steps are as follows: (1) calculates c
1If h
1(ID) mould N jacobian symbol is 1, c
1=0; If h
1(ID) mould N jacobian symbol is-1, c
1=1; (2) calculate h=a
C1H
1(ID) and c
2If the mould p of h and mould q jacobian symbol all are 1, c
2=0; If the mould p of h and mould q jacobian symbol all are-1, c
2=1.Make H (ID)=(1)
C2A
C1H
1(ID), then H (ID) is the quadratic residue under the mould N, i.e. H (ID) ∈ Q
NIn fact, H () can think a hash function H () who is mapped to the quadratic residue group: and 0,1}
*→ Q
N(3) calculate 2 of H (ID)
1Inferior root S
ID=(H (ID)
d)
1Mod N, S
IDSatisfy ((S
ID)
2)
1=H (ID) mod N; (4) execute this algorithm after, the trusted center is with private key for user S
IDAnd label (c
1, c
2) give the user.Signature step Sign (M, S
ID, c
1, c
2, PM) carry out by the user, according to following operation message M is signed: (1) picked at random r ∈ Z
* N, calculate R=(r
2)
1ModN; (2) calculate σ=h
2(R, M); (3) calculate Z=r (S
ID)
oModN.Execute back output signature sig=(Z, σ, ID, c
1, c
2).(PM is sig) to given signature for message M (Z, ID, a c for verification step Verify
1, c
2) check the legitimacy of signing as follows: (1) calculates H (ID)=(1)
C2A
C1H
1(ID) modN; (2) check equation σ=h
2((Z
2)
1/ H
o(ID), M) whether set up.If equation is set up, output " signature is effectively ", otherwise output " it is invalid to sign ".
2, a kind of electric endorsement method as claimed in claim 1 makes up the inner trusted system of enterprises and institutions, utilize initialization Setup step to set up master key, utilize private key to generate step e xtract again and generate private key, and relevant informations such as subscriber identity information, private key are formed E-seal be solidified into Ukey and transfer to the user and preserve for the user.The user utilizes private key among the Ukey and Sign scheme document is signed and to verify in client with finger print information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2008100621815A CN101599830A (en) | 2008-06-04 | 2008-06-04 | Enterprises and institutions' electric endorsement method and trusted system based on identify label |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2008100621815A CN101599830A (en) | 2008-06-04 | 2008-06-04 | Enterprises and institutions' electric endorsement method and trusted system based on identify label |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101599830A true CN101599830A (en) | 2009-12-09 |
Family
ID=41421097
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2008100621815A Pending CN101599830A (en) | 2008-06-04 | 2008-06-04 | Enterprises and institutions' electric endorsement method and trusted system based on identify label |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101599830A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013139080A1 (en) * | 2012-03-20 | 2013-09-26 | 天津书生软件技术有限公司 | Electronic seal implementation system and method |
CN103457720A (en) * | 2012-05-31 | 2013-12-18 | 三星Sds株式会社 | Apparatus and method for generating secret key for id-based encryption system and recording medium having program recorded thereon for causing computer to execute the method |
CN103905189A (en) * | 2012-12-24 | 2014-07-02 | 航天信息股份有限公司 | Method and system for certificateless and pairing-free identity-based proxy signcryption |
-
2008
- 2008-06-04 CN CNA2008100621815A patent/CN101599830A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013139080A1 (en) * | 2012-03-20 | 2013-09-26 | 天津书生软件技术有限公司 | Electronic seal implementation system and method |
CN103457720A (en) * | 2012-05-31 | 2013-12-18 | 三星Sds株式会社 | Apparatus and method for generating secret key for id-based encryption system and recording medium having program recorded thereon for causing computer to execute the method |
CN103457720B (en) * | 2012-05-31 | 2017-03-01 | 三星Sds株式会社 | Key generating device for the encryption system based on ID and its method |
CN103905189A (en) * | 2012-12-24 | 2014-07-02 | 航天信息股份有限公司 | Method and system for certificateless and pairing-free identity-based proxy signcryption |
CN103905189B (en) * | 2012-12-24 | 2017-04-05 | 航天信息股份有限公司 | Without certificate and without pairing identity-based agent signcryption method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang | An identity-based data aggregation protocol for the smart grid | |
CN109584978B (en) | Information processing method and system based on signature aggregation medical health monitoring network model | |
CN106059766B (en) | A kind of car networking condition method for secret protection and system based on no certificate batch verifying | |
CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
CN104270249B (en) | It is a kind of from the label decryption method without certificate environment to identity-based environment | |
US5796833A (en) | Public key sterilization | |
CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
CN103248488B (en) | Identity-based key generation method and identity-based authentication method | |
CN107947913A (en) | The anonymous authentication method and system of a kind of identity-based | |
CN102523093B (en) | Encapsulation method and encapsulation system for certificate-based key with label | |
EP2285040A1 (en) | Two-factor combined public key generation and authentication method | |
US20120278628A1 (en) | Digital Signature Method and System | |
Roy et al. | A survey on digital signatures and its applications | |
CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
CN107659395A (en) | The distributed authentication method and system of identity-based under a kind of environment of multi-server | |
CN103746811B (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN102546173B (en) | Digital signature system and signature method based on certificate | |
CN104168114A (en) | Distributed type (k, n) threshold certificate-based encrypting method and system | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
KR20030008183A (en) | Method of id-based ring signature by using bilinear parings | |
CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
KR20030062401A (en) | Apparatus and method for generating and verifying id-based blind signature by using bilinear parings | |
CN113300856A (en) | Heterogeneous mixed signcryption method capable of proving safety | |
CN107888380A (en) | A kind of the RSA digital signature generation method and system of two sides distribution identity-based | |
CN110012443A (en) | A kind of the data encryption polymerization and its system of full homomorphism |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20091209 |