CN102111269B - Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption - Google Patents
Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption Download PDFInfo
- Publication number
- CN102111269B CN102111269B CN200910263694.7A CN200910263694A CN102111269B CN 102111269 B CN102111269 B CN 102111269B CN 200910263694 A CN200910263694 A CN 200910263694A CN 102111269 B CN102111269 B CN 102111269B
- Authority
- CN
- China
- Prior art keywords
- pki
- authorized
- authorized party
- private key
- produce
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses equipment for generating an inextensible unidirectional proxy re-encryption key. The equipment comprises a re-encryption key generating unit and a strengthening unit, wherein the re-encryption key generating unit is used for acquiring a private key pair (a1, a2) of an authoring part and a public key of an authorized part and generating a unidirectional proxy key according to one private key a1 in the private key pair of the authorizing part and the public key of the authorized part; and the strengthening unit is used for selecting an adjusting factor s, acquiring the public key h of the authorizing part, and generating the inextensible unidirectional proxy re-encryption key rka-b by introducing the selected adjusting factor s, the public key h of the authorizing part and the other private key a2 in the private key pair of the authorized part according to the generated unidirectional proxy re-encryption key. In addition, the invention also discloses a method for generating the inextensible unidirectional proxy re-encryption key, and a method and a system for executing inextensible unidirectional proxy re-encryption.
Description
Technical field
The present invention relates to computer communication network security fields, more specifically, relate to a kind of non-extension unidirectional proxy and turn decryption key production method and equipment and a kind of non-extension unidirectional proxy and turn close manner of execution and system.
Background technology
It is a kind of encryption system with specific properties that agency turns close (PRE), and wherein the Alice as authorized party can authorize the authorized square Bob of conduct to be decrypted the ciphertext of Alice.The key request of PRE system is to turn for ciphertext that Bob carries out the participation that close operation does not need Alice.Otherwise, the meaning that PRE system does not just have.
In order to meet this key request, in PRE system, introduce agent, agent is converted to the ciphertext of Alice the ciphertext of the identical message of Bob in the situation that not seeing expressly.It should be noted that in public key encryption arranges, original PRE scheme is: Alice provides private key to agent.But this need to have the unpractiaca reliability that is subject to agent, and the target of PRE system is in the situation that not relying on trusted parties, to guarantee ciphertext to turn close.
PRE can be applicable to a lot of application scenarioss, and for example e-mail forward (list of references [1]), safety send list (list of references [2]), Digital Right Management (DRM) (list of references [3]) and to the access control of encrypt file memory (list of references [4] and [5]).
Agency turns close (PRE) first by propositions (list of references [1]) such as Blaze.PRE, once proposing to be just subject to extensive concern, has proposed again a series of PRE technology recently.In most prior aries, it is a kind of (probability) polynomial time algorithm tuple that unidirectional proxy turns close scheme
element definition is wherein as follows:
the standard key that is bottom cryptographic system produces, algorithms for encryption and decryption.Here ε and
it is the set (may be singleton set) of algorithm.At input security parameter 1
ktime,
output key is to (p
k, s
k).At input pk
aand message
time, for all ε
i∈ ε, output is ciphertext C
a.At input sk
awith ciphertext C
atime, there is output message
's
at input (pk
a, sk
a, pk
b, sk
b) time, turn decryption key and produce algorithm
output
for agency sideturn decryption key rk
a → B.
at input rk
a → Bwith ciphertext C
atime, turn close function
output turns the ciphertext C after close
b.
Yet above-mentioned definition has unnecessarily limited the data flow that turns decryption key, turn decryption key and only can be sent to agent.As a result, if in fact turn decryption key, be sent to a side who is not agent, for example, turn decryption key and be sent to authorized square Bob, follow above-mentioned definition implementation algorithm
prior art dangerous.
First briefly introduce five existing PRE schemes below, to prove above-mentioned viewpoint: be sent to if in fact turn decryption key a side who is not agent, prior art is dangerous.
List of references [1]: in this scheme, authorized party Alice has PKI g
awith private key a, and authorized square Bob has PKI g
bwith privacy key b, wherein g has produced p rank finite cyclic group.In order to authorize Bob, Alice is by rk
a → b=b/amodp sends to agent.
List of references [4] and [5]: in this scheme, especially (the 3.3rd part, ThirdAttempt), authorized party Alice has PKI to scheme 3
and private key (a
1, a
2), authorized square Bob has PKI
and private key (b
1, b
2), wherein Z produces finite cyclic group, and g produces another finite cyclic group.In order to authorize Bob, Alice will
send to agent.
List of references [6]: in this scheme, authorized party Alice has PKI g
awith private key a, authorized square Bob has PKI g
bwith private key b, wherein g produces finite cyclic group.In order to authorize Bob, Alice is by rk
a → b=b/a sends to agent.
List of references [7]: in this scheme, authorized party Alice has for random group element h
apKI
and private key (a
1, a
2), authorized square Bob has the PKI for another random group element hB
and private key (b
1, b
2).In order to authorize Bob, Alice will be for another random group element h
r's
send to agent.
List of references [8]: in this scheme, authorized party Alice has PKI g
awith private key a, authorized square Bob has PKI g
bwith private key b.In order to authorize Bob, Alice is by rk
a → b=g
b/asend to agent.
According to the concise and to the point description to prior art above, can find out that these schemes are fragile.Yet, it is noted that these prior aries are only only under the following conditions unsafe: (1) turns decryption key and is sent to Bob rather than agent; And (2) Bob and attacker Malice gang up.
List of references [1]: in this scheme, authorized party Alice has PKI g
awith private key a, and authorized square Bob has PKI g
bwith privacy key b, wherein g has produced p rank finite cyclic group.In order to authorize Bob, Alice is by rk
a → b=b/amodp sends to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g
cwith private key c) be easy to according to rk
a → c=(c/b) rk
a → bmodp produces and turns decryption key.
List of references [4] and [5]: in this scheme, especially (the 3.3rd part, ThirdAttempt), authorized party Alice has PKI to scheme 3
and private key (a
1, a
2), authorized square Bob has PKI
and private key (b
1, b
2), wherein Z produces finite cyclic group, and g produces another finite cyclic group.In order to authorize Bob, Alice will
send to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI
and private key (c
1, c
2)) can calculate
List of references [6]: in this scheme, authorized party Alice has PKI g
awith private key a, authorized square Bob has PKI g
bwith private key b, wherein g produces finite cyclic group.In order to authorize Bob, Alice is by rk
a → b=b/a sends to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g
cwith private key c) can be according to rk
a → c=(c/b) rk
a → bproduce and turn decryption key.
List of references [7]: in this scheme, authorized party Alice has for random group element h
apKI
and private key (a
1, a
2), authorized square Bob has the PKI for another random group element hB
and private key (b
1, b
2).In order to authorize Bob, Alice will be for another random group element h
r's
send to agent.
Therefore the attacker Malice, ganging up with Bob (has for another random group element h
cpKI
and private key (c
1, c
2)) can calculate
List of references [8]: in this scheme, authorized party Alice has PKI g
awith private key a, authorized square Bob has PKI g
bwith private key b.In order to authorize Bob, Alice is by rk
a → b=g
b/asend to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g
cwith private key c) can calculate rk
a → c=(rk
a → b)
a/b.
Here reiterate, prior art turns under the original definition of close (PRE) system at selected unidirectional proxy be safe.In original definition, the data flow that turns decryption key is restricted, and turns decryption key and only may be sent to agent.Yet if this restriction does not meet just, as mentioned above, in the situation that restriction is loosened, it is unsafe that prior art is actually.In other words, the unidirectional proxy redefining in the present invention turns in close system, can directly send to authorizedly square in the situation that turning decryption key, and prior art cannot work.
Summary of the invention
In view of the above-mentioned shortcoming of prior art, the present invention proposes a kind of non-extension unidirectional proxy and turn decryption key production method and equipment and a kind of non-extension unidirectional proxy and turn close manner of execution and system.
First, by turning decryption key, can be directly sent to safely authorized square attribute definition be non-ductility.
the definition of non-ductility:the one group of authorized side ganging up cannot authorize deciphering authority to third party.
For example, the decryption key that turns (1) agent is rk
a → b, (2) Bob privacy key be sk
b, (3) Malice privacy key be sk
csituation under, the authorized side who gangs up is difficult to produce rk
a → c.
Below, prove the importance of non-ductility.For example, in list of references [4] and [5], propose to turn decryption key with agency and carry out the access control to encrypt file storage system.Under this scene, the management of the access control server of trusted is not to being stored in the access of the encrypt file in distributed not trusted block storage.User downloads encrypted content from block storage, then communicates the authority that request is decrypted content with access control server.Which (which) user all sides of content select to access content, and suitable authorization privilege is sent to access control server.Be not difficult to expect, PRE system is a solution of this access control system, and wherein access control server is as agent.Equally also be easy to expect, for data, all sides directly send to user by scope of authority, are actually unencumbered.Unquestionable, except above-mentioned scene, obviously, user also may obtain scope of authority, for example, due to agent's carelessness; Again for example, due to all sides' of data carelessness; Or again for example, due to ganging up between all sides of data and user.
Therefore, the object of the invention is to redefine unidirectional proxy, to turn close scheme as follows, makes it to become non-extension unidirectional proxy and turn close scheme.
It is a kind of (probability) polynomial time algorithm tuple that unidirectional proxy turns close scheme
element definition is wherein as follows:
the standard key that is bottom cryptographic system produces, algorithms for encryption and decryption.Here ε and
it is the set (may be singleton set) of algorithm.At input security parameter 1
ktime,
output key is to (pk, sk).At input pk
aand message
time, for all ε
i∈ ε, output is ciphertext C
a.At input sk
awith ciphertext C
atime, there is output message
's
at input (pk
a, sk
a, pk
b, sk
b) time, turn decryption key and produce algorithm
output turns decryption key rk
a → B.
at input rk
a → Bwith ciphertext C
atime, turn close function
output turns the ciphertext C after close
b.
Compare with majority original definition of the prior art, unique difference that the non-extension unidirectional proxy redefining according to the present invention turns close scheme is that the present invention no longer defines and turns decryption key and produce algorithm
only for agent's output, turn decryption key rk
a → B.
Therefore, can expect, can directly will turn decryption key rk
a → Bsend to authorized side.The object of the invention is to propose a kind of agency and turn close scheme, this scheme is safe under the definition redefining, and a kind of TSM Security Agent that allows the reception of authorized side to turn decryption key turns close scheme.
According to a first aspect of the invention, propose a kind of non-extension unidirectional proxy and turn decryption key and produce equipment, comprising: turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a
1, a
2) and authorized square PKI
and according to authorized party's private key pair private key a
1with authorized square PKI
produce unidirectional proxy key
and enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b.
Preferably, authorized party's PKI h is the constrain set according to authorized party
, according to
produce, wherein H (*) is safe one-way hash function.
Preferably, authorized party's PKI h is another private key a according to authorized party
3, according to
produce.
Preferably, authorized party's PKI h is the constrain set according to authorized party
and another private key a of authorized party
3, according to
produce, wherein H (*) is safe one-way hash function.
According to a second aspect of the invention, propose a kind of non-extension unidirectional proxy and turn decryption key production method, comprise the following steps: the private key of the side of obtaining the authorization is to (a
1, a
2) and authorized square PKI
according to authorized party's private key pair private key a
1with authorized square PKI
produce unidirectional proxy key
select to adjust factor s, and the PKI h of the side of obtaining the authorization; According to produced unidirectional proxy, turn decryption key
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b.
Preferably, authorized party's PKI h is the constrain set according to authorized party
, according to
produce, wherein H (*) is safe one-way hash function.
Preferably, authorized party's PKI h is another private key a according to authorized party
3, according to
produce.
Preferably, authorized party's PKI h is the constrain set according to authorized party
and another private key a of authorized party
3, according to
produce, wherein H (*) is safe one-way hash function.
According to a third aspect of the invention we, propose a kind of non-extension unidirectional proxy and turn close executive system, comprising:
At authorized party place,
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a
1, a
2), authorized party's PKI
and authorized square PKI
and according to authorized party's private key pair private key a
1and authorized square PKI
produce unidirectional proxy and turn decryption key
enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b; And
Ciphering unit, for utilizing authorized party's PKI
to clear-text message, m is encrypted, and is created in authorized party's PKI
under the original ciphertext of enhancing; And at agent place,
Turn close unit, for by the PKI authorized party
under the conversion of the original ciphertext of enhancing
For at authorized square PKI
under conversion after ciphertext.
Preferably, non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; At authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
, according to
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; And if only if
time, at authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is another private key a according to authorized party
3, according to
produce; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; At authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
and another private key a of authorized party
3, according to
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; And if only if
time, at authorized square PKI
under conversion after ciphertext have
form.
Preferably, described system can also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b
1, b
2), the ciphertext after conversion is decrypted, to recover clear-text message m.
Preferably, described system can also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b
1, b
2), according to
to the ciphertext after conversion
be decrypted, to recover clear-text message m.
According to a forth aspect of the invention, propose a kind of non-extension unidirectional proxy and turn close manner of execution, comprise the following steps:
At authorized party place,
The private key of the side of obtaining the authorization is to (a
1, a
2), authorized party's PKI
and authorized square PKI
According to authorized party's private key pair private key a
1and authorized square PKI
produce unidirectional proxy and turn decryption key
Select to adjust factor s, and the PKI h of the side of obtaining the authorization;
According to produced unidirectional proxy, turn decryption key
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b; And
Utilize authorized party's PKI
to clear-text message, m is encrypted, and is created in authorized party's PKI
under the original ciphertext of enhancing; And at agent place,
By the PKI authorized party
under the original ciphertext of enhancing be converted at authorized square PKI
under conversion after ciphertext.
Preferably, non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; At authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
, according to
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; And if only if
time, at authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is another private key a according to authorized party
3, according to
produce; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; At authorized square PKI
under conversion after ciphertext have
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
and another private key a of authorized party
3, according to
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce; PKI authorized party
under the original ciphertext of enhancing be with
form produce; And if only if
time, at authorized square PKI
under conversion after ciphertext have
form.
Preferably, described method can also comprise the following steps:
At place, authorized side,
Utilize authorized square private key to (b
1, b
2), the ciphertext after conversion is decrypted, to recover clear-text message m.
Preferably, described method can also comprise the following steps:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b
1, b
2), according to
to the ciphertext after conversion
be decrypted, to recover clear-text message m.
With the most close prior art, list of references 4 and 5 (scheme 3, the 3.3 parts, Third Attempt) is compared, and beneficial effect of the present invention at least comprises:
Accompanying drawing explanation
By reference to the accompanying drawings, according to the detailed description to non-limiting example of the present invention below, above-mentioned and other object of the present invention, feature and advantage will become clearer, in accompanying drawing:
Fig. 1 shows the schematic block diagram of the unit operating in the Third Attempt of list of references [4] and [5];
Fig. 2 shows the schematic block diagram of the unit operating in the basic scheme of NRE scheme proposed by the invention;
Fig. 3 shows the schematic block diagram of the unit of operation in the alternative 1 of NRE scheme proposed by the invention;
Fig. 4 shows the schematic block diagram of the unit of operation in the alternative 2 of NRE scheme proposed by the invention; And
Fig. 5 shows the schematic block diagram of the unit of operation in the alternative 3 of NRE scheme proposed by the invention.
In accompanying drawing, with identical Reference numeral, represent relevant unit, so that the correlation between them to be shown.Those unit that represent mainly to have reflected invention thought of the present invention with the solid line of overstriking.
Embodiment
Below, the present invention is described with reference to the accompanying drawings.In the following description, some specific embodiments only, for describing object, have any restriction and should not be construed to the present invention, and are example of the present invention.In the time may causing the understanding of the present invention to cause obscuring, will omit conventional structure or structure.
[scene explanation in detail]
Below, be taken as the list of references [4] of close prior art of the present invention and the mode that [5] compare, describe non-extension unidirectional proxy according to the present invention in detail and turn close (NRE) scheme.
Fig. 1 shows the schematic block diagram of the unit operating in the Third Attempt of list of references [4] and [5].With reference to figure 1, the unit of authorized party Alice, agent and authorized square Bob is described below.
◆
ciphering unit 110pKI with authorized party Alice
, as input, select random number r, and export original ciphertext with clear-text message m
◆
turn decryption key generation unit 120private key (a with authorized party Alice
1, a
2) and the PKI of authorized square Bob
as input, and output turns decryption key
◆
turn close unit 210with original ciphertext
with turn decryption key
as input, and the ciphertext after output conversion
◆
decrypting device 310private key (b with the side of being authorized to Bob
1, b
2) and conversion after ciphertext
as input, and export clear-text message m.
In list of references 4 and 5 (scheme 3, the 3.3 parts, Third Attempt), Alice has PKI
and private key (a
1, a
2).In order to authorize PKI to be
bob, turn decryption key generation unit 120 first according to
calculating turns decryption key.This turns decryption key only can be sent to agent.
For message m, the ciphering unit 110 of Alice is selected random number r, and according to
calculate original ciphertext.This original ciphertext will be transmitted to agent.
When Bob asks the original ciphertext of Alice to agent, agent turns close unit 210 with rk
a → bwith original ciphertext
as input, the ciphertext after changing to Bob output
Ciphertext after receiving conversion
time, the decrypting device 310 of Bob can be utilized the private key (b of Bob
1, b
2), export clear-text message m.
Next, describe NRE scheme proposed by the invention in detail.
Fig. 2 shows the schematic block diagram of the unit operating in the basic scheme of NRE scheme proposed by the invention.With reference to figure 2, the unit of authorized party Alice, agent and authorized square Bob is described below.
◆
ciphering unit 2110pKI with authorized party Alice
as input, select random number r with clear-text message m, and output strengthens original ciphertext
◆
turn decryption key generation unit 2120according to operating with the mode that decryption key generation unit 120 is identical that turns shown in Fig. 1, with the private key (a of authorized party Alice
1, a
2) and the PKI of authorized square Bob
as input, output
◆
enhancement unit 2130to turn the output of decryption key generation unit 2120
another PKI h of authorized party Alice is as input, selects randomly to adjust factor s, and exports non-extension and turn decryption key
◆
turn close unit 2210to strengthen original ciphertext
with turn decryption key
as input, the ciphertext after output conversion
◆
decrypting device 2310according to the identical mode of decrypting device 310 with shown in Fig. 1, operate, with the private key (b of the side of being authorized to Bob
1, b
2) and conversion after ciphertext
as input, and export clear-text message m.
According to the basic scheme of NRE scheme proposed by the invention, Alice has PKI
and private key (a
1, a
2).In order to authorize PKI to be
bob, turn decryption key generation unit 2120 first according to
calculating turns decryption key.Other operations that turn decryption key generation unit 2120 are identical with the operation of the scheme proposing in list of references [4] and [5].
Yet next, the enhancement unit 2130 of Alice will select to adjust factor s randomly, and with
as input, calculate non-extension and turn decryption key
from according to the decryption key that turns of the scheme proposing in list of references [4] and [5], to be merely able to be sent to agent different, this non-extension turns decryption key can be sent to Bob and/or agent.
In order to process non-extension, turn decryption key, for message m, the ciphering unit 2110 of Alice is selected random number, and according to
calculate and strengthen original ciphertext.This strengthens original ciphertext will be transmitted to agent.
When Bob asks the original ciphertext of enhancing of Alice to agent, agent turns close unit 2210 with rk
a → bwith the original ciphertext of enhancing
as input, the ciphertext after changing to Bob output
Ciphertext after receiving conversion
time, the decrypting device 2310 of Bob can be utilized the private key (b of Bob
1, b
2), output clear-text message m.
Therefore, owing to turning the generation of decryption key in non-extension
middle another PKI h that has introduced random adjustment factor s and authorized party, it is also the signature of exchanging integral divisor s that the non-extension of generation turns decryption key simultaneously.The side that the non-extension of success generation turns decryption key also can successfully produce authorized party's signature, and this is proved to be infeasible in the prior art.
In addition, also can in NRE scheme proposed by the invention, introduce some other alternative.
For example, as shown in Figure 3, with the constrain set that represents authorized party
arbitrary string replace another PKI h (alternative 1) of above-mentioned authorized party.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
◆
ciphering unit 3110according to the identical mode of ciphering unit 2110 with shown in Fig. 2, operate, with the PKI of authorized party Alice
as input, select random number r with clear-text message m, and output strengthens original ciphertext
◆
turn decryption key generation unit 3120according to operating with the mode that decryption key generation unit 2120 is identical that turns shown in Fig. 2, with the private key (a of authorized party Alice
1, a
2) and the PKI of authorized square Bob
as input, output
◆
enhancement unit 3130to turn the output of decryption key generation unit 3120
the constrain set of authorized party Alice
as input, select randomly to adjust factor s, calculate
and export non-extension and turn decryption key
◆
turn close unit 3210to strengthen original ciphertext
with turn decryption key
as input, and if only if
ciphertext after time output conversion
◆
decrypting device 3310according to the identical mode of decrypting device 2310 with shown in Fig. 2, operate, with the private key (b of the side of being authorized to Bob
1, b
2) and conversion after ciphertext
as input, and export clear-text message m.
As another example, as shown in Figure 4, with another private key a that represents authorized party
3another PKI h (alternative 2) that replaces above-mentioned authorized party.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
◆
ciphering unit 4110pKI with authorized party Alice
private key a
3as input, select random number r with clear-text message m, and the original ciphertext of output strengthening
◆
turn decryption key generation unit 4120according to operating with the mode that decryption key generation unit 2120 is identical that turns shown in Fig. 2, with the private key (a of authorized party Alice
1, a
2) and the PKI of authorized square Bob
as input, output
◆
enhancement unit 4130to turn the output of decryption key generation unit 4120
the private key a of authorized party Alice
3as input, select randomly to adjust factor s, calculate
and export non-extension and turn decryption key
◆
turn close unit 4210to strengthen original ciphertext
with turn decryption key
as input, the ciphertext after output conversion
◆
decrypting device 4310according to the identical mode of decrypting device 2310 with shown in Fig. 2, operate, with the private key (b of the side of being authorized to Bob
1, b
2) and conversion after ciphertext
as input, and export clear-text message m.
As another example, as shown in Figure 5, can combine above-mentioned alternative 1 and 2 to obtain alternative 3.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
◆
ciphering unit 5110according to the identical mode of ciphering unit 4110 with shown in Fig. 4, operate, with the PKI of authorized party Alice
the private key a of authorized party Alice
3as input, select random number r with clear-text message m, and the original ciphertext of output strengthening
◆
turn decryption key generation unit 5120according to operating with the mode that decryption key generation unit 4120 is identical that turns shown in Fig. 4, with the private key (a of authorized party Alice
1, a
2) and the PKI of authorized square Bob
as input, output
◆
enhancement unit 5130to turn the output of decryption key generation unit 5120
the constrain set of authorized party Alice
and the private key a of authorized party Alice
3as input, select randomly to adjust factor s, calculate
and export non-extension and turn decryption key
◆
turn close unit 5210to strengthen original ciphertext
with turn decryption key
as input, and if only if
ciphertext after time output conversion
◆
decrypting device 5310according to the identical mode of decrypting device 4310 with shown in Fig. 4, operate, with the private key (b of the side of being authorized to Bob
1, b
2) and conversion after ciphertext
as input, and export clear-text message m.
[principle explanation in detail]
In following detailed principle explanation, use traditional multiplicative group mark, replace conventionally at elliptic curve, arranging the addition mark of middle use.
Suppose G
1=<g
1> and G
2=<g
2> is two finite cyclic groups, has additional group
make
wherein p is certain large prime number.Bilinear map
the function with following effect:
Suppose to exist for input security parameter 1
kalgorithm Setup () is set, the above-mentioned setting of output bilinear map.This process is represented as
note, have following special circumstances:
and g
1=g
2=g.
Now, describe the principle that relates to NRE scheme proposed by the invention in detail.
[basic scheme]
system initialization:
A) select
the key of system user produces:
A) select
The PKI of system user is
private key is (u
1, u
2).Private key (a of authorized party A described below
1, a
2), the private key (b of authorized square B
1, b
2) be from private key set { (u
1, u
2) in select.
authorized party's encryption:
non-extension turns decryption key and produces:
In order to authorize PKI to be
authorized side B can be decrypted the original ciphertext of the enhancing of A, authorized party A carries out following operation:
turning of agent is close:
For strengthening original ciphertext
turn decryption key with non-extension
agent is calculated as follows:
authorized square deciphering:
[alternative 1]
System parameters h in basic scheme can be replaced by the hash of authorized party's constraint.For example, how authorized party's constraint can should be used non-extension to turn decryption key for describing authorized side and/or agent.
as a specific example, authorized party can be expressed as " after 1:00PM GMT2009.12.31 this non-extension turn decryption key invalid " by constraint R.When agent sees this when constraint, agent by refusal after the time of appointment in constraint for authorized side carry out authorized party ciphertext turn close operation.
as another example, R represents PKI, and authorized side must prove that he is for the ownership of particular public key, and agency is just now for it turns close operation.
as another example, R represents cipher list, only makes when strengthening original ciphertext and indicate identical password, and agency is just now for authorized side turns close operation.
system initialization:
the key of system user produces:
A) select
The PKI of system user is
private key is (u
1, u
2).Private key (a of authorized party A described below
1, a
2), the private key (b of authorized square B
1, b
2) be from private key set { (u
1, u
2) in select.
authorized party's encryption:
non-extension turns decryption key and produces:
In order to authorize PKI to be
authorized side B can be decrypted the original ciphertext of the enhancing of A, authorized party A carries out following operation:
C) calculate
turning of agent is close:
For strengthening original ciphertext
turn decryption key with non-extension
agent is calculated as follows:
Note, and if only if
time, when constrain set is not tampered, above-mentioned equation is just set up.
authorized square deciphering:
[alternative 2]
System parameters h in basic scheme can be replaced by authorized party's additional private key.
Can omit the process of system initialization.
the key of system user produces:
A) select
The PKI of system user is
private key is (u
1, u
2, u
3).Private key (a of authorized party A described below
1, a
2, a
3), the private key (b of authorized square B
1, b
2, b
3) be from private key set { (u
1, u
2, u
3) in select.
authorized party's encryption:
For plaintext
pKI is
private key is (a
1, a
2, a
3) authorized party A carry out following operation:
non-extension turns decryption key and produces:
In order to authorize PKI to be
authorized side B can be decrypted the original ciphertext of the strengthening of A, authorized party A carries out following operation:
turning of agent is close:
For the original ciphertext of strengthening
turn decryption key with non-extension
agent is calculated as follows:
Finally, the ciphertext after conversion is
authorized square deciphering:
[alternative 3]
Alternative 3 is combinations of alternative 1 and 2.
system initialization:
the key of system user produces:
The PKI of system user is
private key is (u
1, u
2, u
3).Private key (a of authorized party A described below
1, a
2, a
3), the private key (b of authorized square B
1, b
2, b
3) be from private key set { (u
1, u
2, u
3) in select.
authorized party's encryption:
For plaintext
pKI is
private key is (a
1, a
2, a
3) authorized party A carry out following operation:
non-extension turns decryption key and produces:
In order to authorize PKI to be
authorized side B can be decrypted the original ciphertext of the strengthening of A, authorized party A carries out following operation:
turning of agent is close:
For the original ciphertext of strengthening
turn decryption key with non-extension
agent is calculated as follows:
Certainly, described in alternative 1, and if only if
be constrain set while not being tampered, above-mentioned equation is just set up.
authorized square deciphering:
Other settings of the embodiment of the present invention disclosed herein comprise the step of embodiment of the method and the software program of operation that execution is formerly summarized and describe in detail subsequently.More specifically, computer program is following a kind of embodiment: have computer-readable medium, on computer-readable medium, coding has computer program logic, when carrying out on computing equipment, computer program logic provides relevant operation, thereby provides above-mentioned unidirectional proxy to turn close scheme.While carrying out at least one processor at computing system, computer program logic makes the operation (method) described in the processor execution embodiment of the present invention.This set of the present invention is typically provided as and arranges or be coded in such as the software on the computer-readable medium of light medium (such as CD-ROM), floppy disk or hard disk etc., code and/or other data structures or such as other media or the Downloadable software image in application-specific integrated circuit (ASIC) (ASIC) or one or more module, the shared data bank etc. of the firmware on one or more ROM or RAM or PROM chip or microcode.Software or firmware or this configuration can be arranged on computing equipment, so that the technology described in the one or more processors execution embodiment of the present invention in computing equipment.The software process operating in conjunction with the computing equipment such as in one group of data communications equipment or other entities also can provide according to system of the present invention.According to system of the present invention, also can be distributed between all software process that move on a plurality of software process in a plurality of data communications equipment or all software process that move on one group of small, dedicated computer or single computer.
Should be appreciated that, strictly say, embodiments of the invention can be implemented as software program in data communications equipment, software and hardware or independent software and/or independent circuit.
More than describe and only provided the preferred embodiments of the present invention, and be not to limit by any way the present invention.Therefore, scope of the present invention should be encompassed in any modification of carrying out in the present invention spirit and principle, replacement, improvement etc.
list of references list
[1]Matt?Blaze,Gerrit?Bleumer,and?Martin?Strauss.Divertible?protocolsand?atomic?proxy?cryptography.In?EUROCRYPT′98,volume?1403of?LNCS,pages?127-144,1998;
[2]Himanshu?Khurana,Jin?Heo,and?Meenal?Pant.From?proxyencryption?primitives?to?a?deployable?secure-mailing-list?solution.InICICS,pages?260-281,2006;
[3]Gelareh?Taban,Alvaro?A.Cardenas,and?Virgil?D.Gligor.Towards?asecure?and?interoperable?DRM?architecture.In?DRM′06:Proceedings?of?the?ACM?workshop?on?Digital?rights?management,pages?69-78.ACM,2006;
[4]Ateniese?G.,Fu?K.,Green?M.,Hohenberger?Su.:Improved?ProxyRe-Encryption?Schemes?with?Applications?to?Secure?DistributedStorage.ACM?Transactions?on?Information?and?System?Security(TISSEC),vol.9(1):1-30,February?2006;
[5]US?2008/0059787?A1,March?6,2008;
[6]R.Canetti,S.Hohenberger.Chosen-ciphertext?secure?proxyre-encryption.In?ACM?CCS,pages?185-194.ACM,2007;
[7]S.Hohenberger,G.N.Rothblum,A.Shelat,V.Vaikuntanathan.Securely?obfuscating?re-encryption.In?TCC′07,volume?4392?ofLNCS,pages?233-252,2007;
[8]B.Libert,D.Vergnaud.Unidirectional?chosen-ciphertext?secureproxy?re-encryption.In?PKC′08,volume?4939?of?LNCS,pages360-379,2008.
Claims (22)
1. non-extension unidirectional proxy turns a decryption key generation equipment, comprising:
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a
1, a
2) and authorized square PKI
and according to authorized party's private key pair private key a
1with authorized square PKI
produce unidirectional proxy key
and
Enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b, wherein non-extension unidirectional proxy turns decryption key rk
a → bbe with
or
form produce, R is authorized party's constrain set.
2. equipment according to claim 1, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function.
5. non-extension unidirectional proxy turns a decryption key production method, comprises the following steps:
The private key of the side of obtaining the authorization is to (a
1, a
2) and authorized square PKI
According to authorized party's private key pair private key a1 and authorized square PKI
produce unidirectional proxy key
Select to adjust factor s, and the PKI h of the side of obtaining the authorization; And
According to produced unidirectional proxy, turn decryption key
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b, wherein non-extension unidirectional proxy turns decryption key rk
a → bbe with
or
form produce, R is authorized party's constrain set.
6. method according to claim 5, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function.
9. non-extension unidirectional proxy turns a close executive system, comprising:
At authorized party place,
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a
1, a
2), authorized party's PKI
and authorized square PKI
and according to authorized party's private key pair private key a
1and authorized square PKI
produce unidirectional proxy and turn decryption key
Enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b, wherein non-extension unidirectional proxy turns decryption key rk
a → bbe with
or
form produce, R is authorized party's constrain set; And
Ciphering unit, for utilizing authorized party's PKI
to clear-text message, m is encrypted, and is created in authorized party's PKI
under the original ciphertext of enhancing; And
At agent place,
11. systems according to claim 9, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function;
Non-extension unidirectional proxy turns decryption key rk
a → bbe with
form produce;
12. systems according to claim 9, wherein
Authorized party's PKI h is another private key a according to authorized party
3, according to
produce;
13. systems according to claim 9, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party
3, according to
produce, wherein H (*) is safe one-way hash function;
14. systems according to claim 9, also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b
1, b
2), the ciphertext after conversion is decrypted, to recover clear-text message m.
16. 1 kinds of non-extension unidirectional proxies turn close manner of execution, comprise the following steps:
At authorized party place,
The private key of the side of obtaining the authorization is to (a
1, a
2), authorized party's PKI
and authorized square PKI
According to authorized party's private key pair private key a
1and authorized square PKI
produce unidirectional proxy and turn decryption key
Select to adjust factor s, and the PKI h of the side of obtaining the authorization;
According to produced unidirectional proxy, turn decryption key
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair
2, produce non-extension unidirectional proxy and turn decryption key rk
a → b, wherein non-extension
Unidirectional proxy turns decryption key rk
a → bbe with
or
form produce, R is authorized party's constrain set; And
Utilize authorized party's PKI
to clear-text message, m is encrypted, and is created in authorized party's PKI
under the original ciphertext of enhancing; And
At agent place,
18. methods according to claim 16, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function;
19. methods according to claim 16, wherein
Authorized party's PKI h is another private key a according to authorized party
3, according to
produce;
20. methods according to claim 16, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party
3, according to
produce, wherein H (*) is safe one-way hash function;
21. methods according to claim 16, further comprising the steps of:
At place, authorized side,
Utilize authorized square private key to (b
1, b
2), the ciphertext after conversion is decrypted, to recover clear-text message m.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910263694.7A CN102111269B (en) | 2009-12-29 | 2009-12-29 | Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910263694.7A CN102111269B (en) | 2009-12-29 | 2009-12-29 | Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102111269A CN102111269A (en) | 2011-06-29 |
CN102111269B true CN102111269B (en) | 2014-01-29 |
Family
ID=44175305
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910263694.7A Expired - Fee Related CN102111269B (en) | 2009-12-29 | 2009-12-29 | Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102111269B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2713545B1 (en) | 2011-08-12 | 2017-04-19 | Huawei Technologies Co., Ltd. | Data sharing system, data distribution system and data protection method |
CN103384233B (en) | 2012-05-02 | 2017-06-20 | 华为技术有限公司 | A kind of methods, devices and systems for acting on behalf of conversion |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1380767A (en) * | 2001-04-16 | 2002-11-20 | 南相浩 | Shared key factor structure and shared key calculation |
CN101051902A (en) * | 2006-06-16 | 2007-10-10 | 上海交通大学 | Agent signcryption method and system |
CN101420300A (en) * | 2008-05-28 | 2009-04-29 | 北京易恒信认证科技有限公司 | Double factor combined public key generating and authenticating method |
-
2009
- 2009-12-29 CN CN200910263694.7A patent/CN102111269B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1380767A (en) * | 2001-04-16 | 2002-11-20 | 南相浩 | Shared key factor structure and shared key calculation |
CN101051902A (en) * | 2006-06-16 | 2007-10-10 | 上海交通大学 | Agent signcryption method and system |
CN101420300A (en) * | 2008-05-28 | 2009-04-29 | 北京易恒信认证科技有限公司 | Double factor combined public key generating and authenticating method |
Also Published As
Publication number | Publication date |
---|---|
CN102111269A (en) | 2011-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP3560439B2 (en) | Device for performing encryption key recovery | |
US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
US7574596B2 (en) | Cryptographic method and apparatus | |
CN110113155B (en) | High-efficiency certificateless public key encryption method | |
CN107086911B (en) | CCA (clear channel assessment) safe proxy re-encryption method capable of delegating verification | |
EP4046325B1 (en) | Digital signature generation using a cold wallet | |
US9698984B2 (en) | Re-encrypted data verification program, re-encryption apparatus and re-encryption system | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN109274502B (en) | Method and device for creating public key encryption and key signature and readable storage medium | |
CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
CN111277412B (en) | Data security sharing system and method based on block chain key distribution | |
US20050005100A1 (en) | Cryptographic method and system | |
CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
CN110958219A (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
Kumar et al. | A survey on current key issues and status in cryptography | |
JP2024506026A (en) | Threshold key exchange | |
US20050021973A1 (en) | Cryptographic method and apparatus | |
CN102111269B (en) | Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption | |
CN114362912A (en) | Identification password generation method based on distributed key center, electronic device and medium | |
Hussein | Cloud-Based Efficient and Secure Scheme for Medical Images Storage and Sharing using ECC and SHA-3 | |
CN115336224A (en) | Adaptive attack-resistant distributed symmetric encryption | |
CN115879136B (en) | Cloud data protection method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140129 Termination date: 20161229 |