CN101969377B - Zero-knowledge identity authentication method and system - Google Patents

Zero-knowledge identity authentication method and system Download PDF

Info

Publication number
CN101969377B
CN101969377B CN201010508071A CN201010508071A CN101969377B CN 101969377 B CN101969377 B CN 101969377B CN 201010508071 A CN201010508071 A CN 201010508071A CN 201010508071 A CN201010508071 A CN 201010508071A CN 101969377 B CN101969377 B CN 101969377B
Authority
CN
China
Prior art keywords
entity
proof
checking
authentication
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010508071A
Other languages
Chinese (zh)
Other versions
CN101969377A (en
Inventor
杨华镝
佘堃
莫超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Huawei Technology Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CN201010508071A priority Critical patent/CN101969377B/en
Publication of CN101969377A publication Critical patent/CN101969377A/en
Application granted granted Critical
Publication of CN101969377B publication Critical patent/CN101969377B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a zero-knowledge identity authentication method and a system. The method comprises the following steps: leading a verifying entity to receive an identity authentication request sent by a proving entity; leading the verifying entity to provide a random number for the proving entity and receive a first verification value returned by the proving entity, wherein the first verification value is obtained by leading the proving entity to calculate according to the random number and a public key of the proving entity; leading the verifying entity to obtain an identifier of the proving entity from the identity authentication request, calculating an identity authentication value of the proving entity according to the identifier of the proving entity and calculating a second verification value according to the identify authentication value and the random number; and leading the verifying entity to judge whether the first verification value is equal to the second verification value or not, if so, determining that the identify authentication of the proving entity passes. The zero-knowledge identity authentication scheme provided by the embodiment of the invention has less operation and can save resources of a system and improve the authentication efficiency.

Description

Zero Knowledge Authentication method and system
Technical field
The embodiment of the invention relates to the zero-knowledge proof technology, relates in particular to a kind of zero Knowledge Authentication method and system.
Background technology
Zero-knowledge proof (zero-knowledge proof) is the notion that is proposed in early 1980s by people such as Goldwasser.So-called zero-knowledge proof is meant that the proof entity can not provide under the situation of any useful information to the checking entity, makes the checking entity believe that certain judgement is correct, for zero Knowledge Authentication, makes the checking entity believe the proof identity of entity exactly.Zero-knowledge proof comes down to a kind of two sides or agreement more in many ways of relating to, i.e. two sides or the required series of steps of taking that accomplishes a task more in many ways.The proof entity is to checking entity proof and it is believed oneself know or have a certain message, but proof procedure can not leak any about being proved to be the information of message to the checking entity.
The scheme of multiple realization zero Knowledge Authentication has been proposed, for example: the Shnorr identity verification scheme at present; The S.C zero-knowledge proof scheme that proposes by Sultan Almuhammadi and Clifford Neuman etc.But in carrying out research process of the present invention, the inventor finds that the problem that existing zero Knowledge Authentication scheme exists is that amount of calculation is big, and authentication efficient is low.For example, in the Shnorr identity verification scheme, the PKI that proves entity A is v, and private key is s, wherein v=a -sMod p, a are q rank units.The proof entity A is following to the detailed process of its identity of checking entity B proof:
(1) proves that entity A chooses a random number r ∈ [1, q-1] wantonly, calculate x=a rMod p sends to the checking entity B with result of calculation then;
(2) the optional integer e ∈ [1,2 of checking entity B 1] send to the proof entity A;
(3) prove that entity A sends to checking entity B: y=(r+se) mod q;
(4) checking entity B checking x=a y* v eWhether mod p sets up.
Exist the step that a large amount of moulds (mod) calculate in the such scheme, amount of calculation is very big, has taken bigger computational resource.
Summary of the invention
The embodiment of the invention provides a kind of zero Knowledge Authentication method and system, to reduce the amount of calculation in the zero Knowledge Authentication process, improves authentication efficient.
The embodiment of the invention provides a kind of zero Knowledge Authentication method, comprising:
The checking entity receives the ID authentication request that the proof entity sends, and said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key at least;
Said checking entity provides a random number to said proof entity, and receives first validation value that said proof entity returns, and said first validation value is that calculating gets said proof entity with the proof entity public key according to said random number;
Said checking entity obtains the proof entity identification from said ID authentication request, and calculates said proof identity of entity authentication value based on said proof entity identification, and calculates second validation value based on said authentication value and said random number;
Said checking entity judges whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
The embodiment of the invention also provides a kind of zero Knowledge Authentication system, comprises proof entity and checking entity, wherein:
Said proof entity comprises:
The ID authentication request sending module is used for sending ID authentication request to said checking entity,
Said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key;
The random number acquisition module is used for the random number that the Receipt Validation entity provides;
The first validation value computing module is used for calculating the according to said random number and proof entity public key
One validation value, and said first validation value sent to said checking entity;
Said checking entity comprises:
The ID authentication request receiver module is used to receive the ID authentication request that the proof entity sends;
The first validation value acquisition module is used for to said proof entity a random number being provided, and receives first validation value that said proof entity returns;
The second validation value computing module is used for obtaining the proof entity identification from said ID authentication request, and calculates said proof identity of entity authentication value according to said proof entity identification, and calculates second validation value according to said authentication value and said random number;
The validation value judge module is used to judge whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
The zero Knowledge Authentication scheme that the embodiment of the invention provides has less operand, can save system resource, improves authentication efficient.
Description of drawings
The flow chart of the zero Knowledge Authentication method that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the zero Knowledge Authentication method that Fig. 2 provides for the embodiment of the invention two;
Obtain the flow chart of private key and public-key method in the zero Knowledge Authentication method that Fig. 3 provides for the embodiment of the invention four;
The structural representation of the zero Knowledge Authentication system that Fig. 4 provides for the embodiment of the invention five;
The structural representation of the zero Knowledge Authentication system that Fig. 5 provides for the embodiment of the invention six.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment one
The flow chart of the zero Knowledge Authentication method that Fig. 1 provides for the embodiment of the invention one, this method is for proving that entity is to verifying that entity proves the process of own identity, comprises the steps:
Step 110, checking entity receive the ID authentication request that the proof entity sends, and this ID authentication request comprises the proof entity identification of encrypting with the proof entity private key;
Step 120, checking entity provide a random number to the proof entity, and receive first validation value that the proof entity returns, and first validation value gets for the proof entity calculates with the proof entity public key based on random number;
Step 130, checking entity obtain the proof entity identification from ID authentication request, and calculate proof identity of entity authentication value based on the proof entity identification, and calculate second validation value based on authentication value and random number;
Step 140, checking entity judge whether first validation value equals second validation value, if the authentication of then affirmation proof identity of entity is passed through, if not, the authentication of then affirmation proof identity of entity is not passed through.
The technical scheme of present embodiment has less operand, can save system resource, improves authentication efficient.The employed formula of each step can have various ways, describes in detail through embodiment below.
Embodiment two
The flow chart of the zero Knowledge Authentication method that Fig. 2 provides for the embodiment of the invention two, this method is for proving that entity is to verifying that entity proves the process of own identity, comprises the steps:
Step 210, proof entity adopt proof entity private key S ZTo proof entity identification ID ZHash result H (ID with the proof entity identification Z) encrypt, and encrypted result is carried at sends to the checking entity in the ID authentication request;
Wherein, hash result H (ID Z) adopt preset one-way hash function H (x) to calculate and get, prove entity identification ID ZInput value as preset one-way hash function H (x).Proof entity private key S ZWith proof entity public key P ZBeing that the proof entity is local stores, and can obtain through number of ways, is for example issued by authoritative institution.When certain user conduct proof first entity, can obtain proof entity private key S from authoritative institution ZWith proof entity public key P Z, and be stored in this locality, obtain follow-up when other checking entities carry out authentication, can directly inquiry of this user from this locality.
Step 220, checking entity produce a random number r, calculate random value c and send to the proof entity according to following formula (1), and random number r offers the proof entity through being carried among the random value c:
c=r·M (1)
Wherein, M is authoritative institution's disclosed elliptic curve function basic point, is all users' given value, prove entity with the checking entity can know as the user in the network.
Step 230, proof entity are according to random value c and proof entity public key P Z, calculate the first validation value d according to following formula (2) ZAnd send to the checking entity:
d Z=c·P Z (2)
Step 240, checking entity calculate proof identity of entity authentication value R according to following formula (3) Z:
R Z=P Z+H(ID Z)·M+(P ZX+H(ID Z)mod?n)·Psa (3)
Wherein, P Z=(P ZX, P ZY), P ZXCan be according to proof entity public key P ZUnique definite, prove entity public key P ZBe that the proof entity is disclosed, can send to the checking entity by the proof entity; Psa is authoritative institution's PKI, can openly give all users by authoritative institution, and each user can be as proof entity and checking entity when proving identity each other; N is for setting natural number, and the user that n is preferably proof entity and checking entity belongs to the user node quantitative value in the network.
Step 250, checking entity calculate the second validation value d according to following formula (4) Y:
d Y=r·R Z (4)
Step 260, checking entity are judged the first validation value d ZWhether equal the second validation value d YIf,, the authentication of then affirmation proof identity of entity is passed through, and if not, the authentication of then affirmation proof identity of entity is not passed through.
Adopt technique scheme effectively to reduce amount of calculation, for example, than existing Shnorr identity verification scheme, the modular arithmetic for once of the scheme of present embodiment has reduced the number of times of modular arithmetic, has reduced the on-line operation amount in the zero Knowledge Authentication process.Can effectively reduce the system-computed expense, improve authentication efficient.Adopt technique scheme, if mutual information is not altered or is lost between proof entity and the checking entity, the first validation value d then ZShould equal the second validation value d Y, at first authentication, and avoid illegal modifications and the information dropout in the proof procedure.
Embodiment three
The zero Knowledge Authentication method that the embodiment of the invention three provides is the basis with embodiment two, on the basis of above-mentioned zero Knowledge Authentication, produces user's shared key.After the checking entity is through the authentication of proof identity of entity, also comprise: the checking entity is according to proof identity of entity authentication value R Z, random value c and checking entity private key S YProduce and share key K, this shared key K is used for mutual data between encrypted authentication entity and the proof entity.
Concrete, the checking entity can be according to proof identity of entity authentication value R Z, random value c and checking entity private key S YProduce shared key K according to following formula (5):
K=H(r·R Z+S Y·c) (5)
In practical application, the method that two users carry out authentication each other is identical, and the conduct checking entity that two users replace carries out authentication each other with the proof entity.When the second user B as proof entity and the first user A during as the checking entity, the first user A obtains the first authentication value R with respect to the second user B AAnd produce the second random value c BOffer the second user B.The first user A verifies the proof identity of entity authentication value R that produces in the second user B identity process ZBe the first authentication value R A, the random value c of generation is the second random value c BSimilarly, when the first user A as proof entity and the second user B during as the checking entity, the second user B obtains the second authentication value R with respect to the first user A BAnd produce the first random value c AOffer the first user A.The second user B verifies the proof identity of entity authentication value R that produces in the first user A identity process ZBe the second authentication value R B, the random value c of generation is the first random value c A
Then after the first user A and the second user B carry out authentication each other, also comprise:
The first user A is according to the first authentication value R A, the first random value c AWith the first private key for user S AProduce and share key K, and the second user B is according to the second authentication value R B, the second random value c BWith the second private key for user S BProduce and share key K, shared key K is used to encrypt mutual data between the first user A and the second user B.
The technical scheme of present embodiment provides a kind of new shared key generation method; Be applicable to any occasion that need encrypt communicating data between the user, the key form relates to: the shared key of communicating by letter between the PKI of authoritative institution, the private key of authoritative institution, user's PKI, user's private key and the user.Each user can produce shared key used when communicating data is encrypted between the user voluntarily, need not unify distribution by authoritative institution, also need not pass through Network Transmission, has reduced in the shared key distribution process by the possibility of leaking and attacking.The generation of sharing key simultaneously depends on one-way hash function, has further improved the fail safe of system, when maximum guarantees key safety, effectively reduces system loading.The selectable mode of one-way hash function is a lot, for example is MD5 (Message Digest Algorithm, Message Digest Algorithm 5) and SHA (Secure Hash Algorithm is called for short SHA).The one-way hash function algorithm is disclosed, but can not reversely obtain initial data, so guaranteed the fail safe of key.
The first user A is according to the first authentication value R A, the first random value c AWith the first private key for user S AProduce and share key K, and the second user B is according to the second authentication value R B, the second random value c BWith the second private key for user S BMode that produce to share key K specifically can for:
The first user A is according to the first authentication value R A, the first random value c AWith the first private key for user S AProduce shared key K according to following formula (6):
K=H(r A·R A+S A·c A) (6)
The second user B is according to the second authentication value R B, the second random value c BWith the second private key for user S BProduce shared key K according to following formula (7):
K=H(r B·R B+S B·c B) (7)
Two shared key K that the user produced are identical, can be used to encrypt data mutual between two users.
Embodiment of the invention technical scheme can be applied in the network, and this network comprises a plurality of user terminals.Authoritative institution is similar to the mechanism of certificate Distribution Center, and authoritative institution can be the special server that is provided with, and is responsible for legal user terminal is produced PKI, private key.The typical application scene of the embodiment of the invention for example is a mobile communications network, when needs carry out encryption communication, can adopt the technical scheme of the embodiment of the invention, and for example, the base station in the mobile communications network can be used as authoritative institution.Other all relate to KDC scene all be suitable for the technical scheme of the embodiment of the invention.
Embodiment four
Obtain the flow chart of private key and public-key method in the zero Knowledge Authentication method that Fig. 3 provides for the embodiment of the invention four; Present embodiment is the basis with the previous embodiment; Specifically provide a kind of user to obtain the mode of self private key and PKI;, before checking entity proof identity, also comprise the steps: at the proof entity
Step 310, proof entity are with self proof entity identification ID ZAs the input of preset one-way hash function H (x) to calculate hash result H (ID Z), and with hash result H (ID Z) send to authoritative institution.
Wherein, prove entity identification ID ZDistribute to the unique identification of proof entity for authoritative institution.In this step 310, prove that entity can also further produce a random number, with proof entity identification ID ZTogether calculate hash result H (ID as the input of preset one-way hash function H (x) Z), with further raising fail safe.
Step 320, authoritative institution are according to hash result H (ID Z) generation proof entity public key P ZWith PKI evidence W Z, and send to the proof entity;
In this step, authoritative institution can calculate according to following formula (8) and obtain proof entity public key P Z:
M=P Z+H(ID Z)·M+(P ZX+H(ID Z)mod?n)·Psa (8)
P wherein ZXCan pass through P Z=(P AX, P ZY) unique definite.
In this step, authoritative institution is specially the (ID according to hash result H Z) produce PKI evidence W according to following formula (9) Z:
W Z=k+Ssa·(P ZX+H(ID Z)mod?n) (9)
Wherein, k ∈ [2, n-2]; Ssa is authoritative institution's private key.
Step 330, proof entity are according to proof entity public key P ZWith PKI evidence W ZProduce proof entity private key S Z
In this step, prove that entity can be according to proof entity public key P ZWith PKI evidence W ZProduce proof entity private key S according to following formula (10) Z:
[0085]?S Z=W Z+H(ID Z)mod?n (10)
[0086]In the step 320 of present embodiment, receive hash result H (ID in authoritative institution Z) afterwards, authoritative institution can also be further according to proof entity identification ID ZThe proof entity is carried out authentication.Concrete identification authentication mode can will prove the proof entity identification ID of entity for authoritative institution ZThe unique identification of just authoritative institution being distributed to each user carries out Hash operation; The hash function that is adopted is a pre-stored in the authoritative institution, then hash result is mated in this locality, has promptly passed through authentication if can match consistent result.
The proof entity of present embodiment technical scheme can be all users; This scheme has further solved the insecurity of key distribution; Produce self used private key voluntarily by the user, need not authoritative institution issue, avoided issuing the leakage possibility in the private key process.And the generation of private key depends on an one-way hash function difficult problem, improved the difficulty that key cracks, and helps guaranteeing fail safe.When the user need carry out key updating, be renewable oneself PKI and private key as long as produce a random number again and repeat above-mentioned steps.
In the present embodiment; The basic point M of the employed elliptic curve of authoritative institution and the PKI Psa of authoritative institution are disclosed; In step 330, prove that entity can be the proof entity public key P of its generation according to elliptic curve basic point M and the PKI Psa of authoritative institution checking authoritative institution at first Z
Embodiment five
The structural representation of the zero Knowledge Authentication system that Fig. 4 provides for the embodiment of the invention five; Comprise proof entity 410 and checking entity 420 in this system; Proof entity 410 can be the user in the network with checking entity 420, and each user verifies entity 420 and proof entity 410 each other when carrying out authentication.
This proof entity 410 comprises: ID authentication request sending module 411, random number acquisition module 412 and the first validation value computing module 413.Wherein, ID authentication request sending module 411 is used for sending ID authentication request to checking entity 420, and this ID authentication request comprises the proof entity identification of encrypting with the proof entity private key; Random number acquisition module 412 is used for the random number that Receipt Validation entity 420 provides; The first validation value computing module 413 is used for calculating first validation value according to random number and proof entity public key, and first validation value is sent to checking entity 420.
This checking entity 420 comprises: ID authentication request receiver module 421, the first validation value acquisition module 422, the second validation value computing module 423 and validation value judge module 424.Wherein, ID authentication request receiver module 421 is used to receive the ID authentication request that proof entity 410 sends; The first validation value acquisition module 422 is used for to proof entity 410 random number being provided, and receives first validation value that proof entity 410 returns; The second validation value computing module 423 is used for obtaining the proof entity identification from ID authentication request, and calculates the authentication value that proves entity 410 according to the proof entity identification, and calculates second validation value according to authentication value and random number; Validation value judge module 424 is used to judge whether first validation value equals second validation value, if confirm that then the authentication of proof entity 410 is passed through.
Adopt technique scheme, amount of calculation that can be less realizes zero Knowledge Authentication between the user, has improved authentication efficient.
Embodiment six
The structural representation of the zero Knowledge Authentication system that Fig. 5 provides for the embodiment of the invention six, in the present embodiment, this checking entity 420 can further include: share key production module 425.Share key production module 425 and be used for producing shared key according to authentication value, random value and the checking entity private key of proof entity 410, shared key is used for mutual data between encrypted authentication entity 420 and the proof entity 410.
Adopt technique scheme, obtain and prove the shared key between the entity with can be used as the checking entity per family, and the shared key that two users are calculated separately is identical, can be used for the encryption and decryption of interaction data.The technical scheme of present embodiment has realized that the user produces shared key voluntarily, need not authoritative institution distribution or through Network Transmission, the fail safe that therefore can improve key.
On the basis of present embodiment, prove that entity 410 can also comprise: sign reporting module 414, PKI receiver module 415 and private key generation module 416.Wherein, sign reporting module 414 is used for the proof entity identification of self is sent to authoritative institution 430, wherein, proves that entity identification is the unique identification that authoritative institution 430 distributes to proof entity 410; PKI receiver module 415 is used to receive proof entity public key and the PKI evidence that authoritative institution 430 returns; Private key generation module 416 is used for producing the proof entity private key according to proof entity public key and PKI evidence; Also comprise authoritative institution 430 in this system, be used for producing proof entity public key and PKI evidence, and send to proof entity 410 according to the proof entity identification that proof entity 410 reports.
Present embodiment produces user's PKI by authoritative institution, and produces oneself private key voluntarily by the user, need not authoritative institution's distribution or through Network Transmission, so the fail safe that can improve key.
The embodiment of the invention provided, and zero Knowledge Authentication system can carry out the zero Knowledge Authentication method that the embodiment of the invention provides, and possesses corresponding functional modules.This technical scheme has less operand, can save system resource, improves authentication efficient; The generation of key depends on an one-way hash function difficult problem, the fail safe that therefore can improve key; Private key for user and shared key produce by the user voluntarily, need not authoritative institution distribution or through Network Transmission, the fail safe that therefore can improve key.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (11)

1. one kind zero Knowledge Authentication method is characterized in that, comprising:
The checking entity receives the ID authentication request that the proof entity sends, and said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key at least;
Said checking entity provides a random number to said proof entity, and receives first validation value that said proof entity returns, and said first validation value is that calculating gets said proof entity with the proof entity public key according to said random number;
Said checking entity obtains the proof entity identification from said ID authentication request, and calculates said proof identity of entity authentication value based on said proof entity identification, and calculates second validation value based on said authentication value and said random number;
Said checking entity judges whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
2. method according to claim 1 is characterized in that:
Said ID authentication request is that said proof entity adopts proof entity private key S ZTo proof entity identification ID ZHash result H (ID with the proof entity identification Z) encrypt and get, wherein, said hash result H (ID Z) adopt preset one-way hash function H (x) to calculate and get;
Said checking entity provides a random number specifically to comprise to said proof entity: said checking entity produces a random number r, calculates random value c and sends to said proof entity according to following formula:
c=r·M
Wherein, M is authoritative institution's disclosed elliptic curve function basic point;
Said checking entity receives the first validation value d that said proof entity returns ZBe specially according to following formula and calculate and get:
d Z=c·P Z
Wherein, P ZBe said proof entity public key;
Said checking entity calculates proof identity of entity authentication value R according to following formula Z:
R Z=P Z+H(ID Z)·M+(P ZX+H(ID Z)mod?n)·Psa
Wherein, P Z=(P ZX, P ZY), P ZXAccording to proof entity public key P ZConfirm; Psa is authoritative institution's PKI; N is the setting natural number,
Said checking entity calculates the second validation value d according to following formula Y:
d Y=r·R Z
3. method according to claim 2 is characterized in that: n is that said proof entity belongs to the user node quantitative value in the network with the checking entity.
4. according to claim 2 or 3 described methods, it is characterized in that, after said checking entity confirms that the authentication of said proof identity of entity is passed through, also comprise:
Said checking entity is according to said proof identity of entity authentication value R Z, random value c and checking entity private key S YProduce and share key K, said shared key K is used to encrypt mutual data between said checking entity and the proof entity.
5. method according to claim 4 is characterized in that, said checking entity is according to said proof identity of entity authentication value R Z, random value c and checking entity private key S YProducing shared key K comprises:
Said checking entity is according to proof identity of entity authentication value R Z, random value c and checking entity private key S YProduce shared key K according to following formula:
K=H(r·R Z+S Y·c)。
6. according to claim 2 or 3 described methods, it is characterized in that, before checking entity proof identity, also comprise at said proof entity:
Said proof entity is with the proof entity identification ID of self ZAs the input of said preset one-way hash function H (x) to calculate hash result H (ID Z), and with said hash result H (ID Z) send to authoritative institution, wherein, said proof entity identification ID ZDistribute to the unique identification of said proof entity for authoritative institution;
Said authoritative institution is according to said hash result H (ID Z) generation proof entity public key P ZWith PKI evidence W Z, and send to said proof entity;
Said proof entity is according to said proof entity public key P ZWith PKI evidence W ZProduce proof entity private key S Z
7. method according to claim 6 is characterized in that:
Said authoritative institution is according to said hash result H (ID Z) obtain proof entity public key P according to following formula calculating Z:
M=P Z+H(ID Z)·M+(P ZX+H(ID Z)mod?n)·Psa
Wherein, P ZXAccording to P Z=(P AX, P ZY) confirm;
Said authoritative institution is according to said hash result H (ID Z) produce PKI evidence W according to following formula Z:
W Z=k+Ssa·(P ZX+H(ID Z)mod?n)
Wherein, k ∈ [2, n-2]; Ssa is authoritative institution's private key,
Said proof entity is according to said proof entity public key P ZWith PKI evidence W ZProduce proof entity private key S according to following formula Z:
S Z=W Z+H(ID Z)mod?n。
8. method according to claim 6 is characterized in that, receives said hash result H (ID in said authoritative institution Z) afterwards, also comprise:
Said authoritative institution is according to proof entity identification ID ZSaid proof entity is carried out authentication.
9. one kind zero Knowledge Authentication system comprises proof entity and checking entity, it is characterized in that:
Said proof entity comprises:
The ID authentication request sending module is used for sending ID authentication request to said checking entity, and said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key;
The random number acquisition module is used for the random number that the Receipt Validation entity provides;
The first validation value computing module is used for calculating first validation value according to said random number and proof entity public key, and said first validation value is sent to said checking entity;
Said checking entity comprises:
The ID authentication request receiver module is used to receive the ID authentication request that the proof entity sends;
The first validation value acquisition module is used for to said proof entity a random number being provided, and receives first validation value that said proof entity returns;
The second validation value computing module is used for obtaining the proof entity identification from said ID authentication request,
And calculate said proof identity of entity authentication value, and calculate second validation value based on said authentication value and said random number based on said proof entity identification;
The validation value judge module is used to judge whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
10. system according to claim 9 is characterized in that, said checking entity also comprises:
Share key production module; Be used for producing shared key according to said proof identity of entity authentication value, random value and checking entity private key; Said shared key is used to encrypt mutual data between said checking entity and the proof entity, and wherein, said random value c is according to random number r; Calculate and get according to formula c=rM, M is authoritative institution's disclosed elliptic curve function basic point.
11., it is characterized in that according to claim 9 or 10 described systems:
Said proof entity also comprises:
The sign reporting module is used for the proof entity identification of self is sent to authoritative institution, and wherein, said proof entity identification is the unique identification that authoritative institution distributes to said proof entity;
The PKI receiver module is used to receive proof entity public key and the PKI evidence that said authoritative institution returns;
The private key generation module is used for producing the proof entity private key according to said proof entity public key and PKI evidence;
Said system also comprises authoritative institution, is used for producing proof entity public key and PKI evidence according to the said proof entity identification that said proof entity reports, and sends to said proof entity.
CN201010508071A 2010-10-09 2010-10-09 Zero-knowledge identity authentication method and system Active CN101969377B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010508071A CN101969377B (en) 2010-10-09 2010-10-09 Zero-knowledge identity authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010508071A CN101969377B (en) 2010-10-09 2010-10-09 Zero-knowledge identity authentication method and system

Publications (2)

Publication Number Publication Date
CN101969377A CN101969377A (en) 2011-02-09
CN101969377B true CN101969377B (en) 2012-09-05

Family

ID=43548483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010508071A Active CN101969377B (en) 2010-10-09 2010-10-09 Zero-knowledge identity authentication method and system

Country Status (1)

Country Link
CN (1) CN101969377B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
CN103138923B (en) * 2011-11-24 2016-06-22 中国移动通信集团公司 A kind of internodal authentication, Apparatus and system
CN105024823B (en) * 2015-07-27 2018-03-23 中国船舶重工集团公司第七0九研究所 User identity method for secret protection and system based on zero-knowledge proof
CN106789069B (en) * 2016-12-20 2019-12-13 中国电子科技集团公司第三十研究所 zero-knowledge identity authentication method
CN106888097B (en) * 2017-03-30 2020-08-11 北卡科技有限公司 Identity authentication method based on zero-knowledge proof in HCE mode
CN107508686B (en) * 2017-10-18 2020-07-03 克洛斯比尔有限公司 Identity authentication method and system, computing device and storage medium
CN108769061B (en) * 2018-06-25 2021-04-06 北京奇虎科技有限公司 Login method, login verification method, corresponding devices and electronic equipment
CN109361669B (en) * 2018-10-19 2022-03-18 深圳数粉科技有限公司 Identity authentication method, device and equipment of communication equipment
CN110996301B (en) * 2019-11-28 2022-12-16 江苏大学 Human-vehicle interaction system design and implementation method based on zero-knowledge identity authentication
CN111212427A (en) * 2020-01-14 2020-05-29 陈良准 Application APP account login management system based on mobile terminal
CN111431723A (en) * 2020-03-26 2020-07-17 沈阳理工大学 Zero-knowledge-proof-based authentication strategy for industrial environment mobile charging equipment
CN111800386A (en) * 2020-06-08 2020-10-20 熊涛 Intelligent household terminal user communication safety authentication system
CN112723072A (en) * 2020-12-28 2021-04-30 上海贝思特电气有限公司 Elevator control method and device, electronic equipment and storage medium
CN117034232A (en) * 2023-10-08 2023-11-10 上海特高信息技术有限公司 User identity security inspection method and device based on zero knowledge proof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801702A (en) * 2004-12-30 2006-07-12 同济大学 Distributed network interactive identity authentication method based on zero-knowledge
CN101291228A (en) * 2008-06-18 2008-10-22 华为技术有限公司 Generating, authenticating method for super code, system and device thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7245718B2 (en) * 2003-08-26 2007-07-17 Mitsubishi Electric Research Laboratories, Inc. Low bandwidth zero knowledge authentication protocol and device
JP4885853B2 (en) * 2004-06-25 2012-02-29 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Renewable and private biometrics

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801702A (en) * 2004-12-30 2006-07-12 同济大学 Distributed network interactive identity authentication method based on zero-knowledge
CN101291228A (en) * 2008-06-18 2008-10-22 华为技术有限公司 Generating, authenticating method for super code, system and device thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JP特开2005-73274A 2005.03.17

Also Published As

Publication number Publication date
CN101969377A (en) 2011-02-09

Similar Documents

Publication Publication Date Title
CN101969377B (en) Zero-knowledge identity authentication method and system
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
CN112491846B (en) Cross-chain block chain communication method and device
CN107171794B (en) A kind of electronic document signature method based on block chain and intelligent contract
He et al. An efficient and provably‐secure certificateless signature scheme without bilinear pairings
Park et al. BPPS: Blockchain-enabled privacy-preserving scheme for demand-response management in smart grid environments
CN107483191B (en) SM2 algorithm key segmentation signature system and method
CN112152778B (en) Node management method and device and electronic equipment
CN111949602A (en) Outsourcing data safety migration method and system supporting integrity verification
CN112839041B (en) Block chain-based power grid identity authentication method, device, medium and equipment
CN110944301A (en) Intelligent cell equipment monitoring system based on block chain and key management method
CN111815321A (en) Transaction proposal processing method, device, system, storage medium and electronic device
WO2023115850A1 (en) Consortium blockchain consensus identity authentication method
CN115270145A (en) User electricity stealing behavior detection method and system based on alliance chain and federal learning
CN105187218A (en) Digital record signature method for multicore infrastructure and verification method
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
Li et al. Smart contract-based cross-domain authentication and key agreement system for heterogeneous wireless networks
CN114691669A (en) Electronic certificate storage method and device, electronic equipment and storage medium
Su et al. Distributed attribute-based signature with attribute dynamic update for smart grid
CN113328854B (en) Service processing method and system based on block chain
CN111177265A (en) Block chain domain division method
CN110910110A (en) Data processing method and device and computer storage medium
US11943210B2 (en) System and method for distributed, keyless electronic transactions with authentication
Lu et al. Transactive energy system deployment over insecure communication links
CN113591103A (en) Identity authentication method and system between intelligent terminals of power internet of things

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right

Effective date of registration: 20220831

Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041

Patentee after: Chengdu Huawei Technologies Co.,Ltd.

Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China

Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

TR01 Transfer of patent right