CN102111269B - Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption - Google Patents

Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption Download PDF

Info

Publication number
CN102111269B
CN102111269B CN200910263694.7A CN200910263694A CN102111269B CN 102111269 B CN102111269 B CN 102111269B CN 200910263694 A CN200910263694 A CN 200910263694A CN 102111269 B CN102111269 B CN 102111269B
Authority
CN
China
Prior art keywords
pki
authorized
authorized party
private key
produce
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200910263694.7A
Other languages
Chinese (zh)
Other versions
CN102111269A (en
Inventor
曾珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC China Co Ltd
Original Assignee
NEC China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC China Co Ltd filed Critical NEC China Co Ltd
Priority to CN200910263694.7A priority Critical patent/CN102111269B/en
Publication of CN102111269A publication Critical patent/CN102111269A/en
Application granted granted Critical
Publication of CN102111269B publication Critical patent/CN102111269B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses equipment for generating an inextensible unidirectional proxy re-encryption key. The equipment comprises a re-encryption key generating unit and a strengthening unit, wherein the re-encryption key generating unit is used for acquiring a private key pair (a1, a2) of an authoring part and a public key of an authorized part and generating a unidirectional proxy key according to one private key a1 in the private key pair of the authorizing part and the public key of the authorized part; and the strengthening unit is used for selecting an adjusting factor s, acquiring the public key h of the authorizing part, and generating the inextensible unidirectional proxy re-encryption key rka-b by introducing the selected adjusting factor s, the public key h of the authorizing part and the other private key a2 in the private key pair of the authorized part according to the generated unidirectional proxy re-encryption key. In addition, the invention also discloses a method for generating the inextensible unidirectional proxy re-encryption key, and a method and a system for executing inextensible unidirectional proxy re-encryption.

Description

Non-extension unidirectional proxy turns decryption key production method and equipment, non-extension unidirectional proxy turn close manner of execution and system
Technical field
The present invention relates to computer communication network security fields, more specifically, relate to a kind of non-extension unidirectional proxy and turn decryption key production method and equipment and a kind of non-extension unidirectional proxy and turn close manner of execution and system.
Background technology
It is a kind of encryption system with specific properties that agency turns close (PRE), and wherein the Alice as authorized party can authorize the authorized square Bob of conduct to be decrypted the ciphertext of Alice.The key request of PRE system is to turn for ciphertext that Bob carries out the participation that close operation does not need Alice.Otherwise, the meaning that PRE system does not just have.
In order to meet this key request, in PRE system, introduce agent, agent is converted to the ciphertext of Alice the ciphertext of the identical message of Bob in the situation that not seeing expressly.It should be noted that in public key encryption arranges, original PRE scheme is: Alice provides private key to agent.But this need to have the unpractiaca reliability that is subject to agent, and the target of PRE system is in the situation that not relying on trusted parties, to guarantee ciphertext to turn close.
PRE can be applicable to a lot of application scenarioss, and for example e-mail forward (list of references [1]), safety send list (list of references [2]), Digital Right Management (DRM) (list of references [3]) and to the access control of encrypt file memory (list of references [4] and [5]).
Agency turns close (PRE) first by propositions (list of references [1]) such as Blaze.PRE, once proposing to be just subject to extensive concern, has proposed again a series of PRE technology recently.In most prior aries, it is a kind of (probability) polynomial time algorithm tuple that unidirectional proxy turns close scheme
Figure G2009102636947D00011
element definition is wherein as follows:
Figure G2009102636947D00012
the standard key that is bottom cryptographic system produces, algorithms for encryption and decryption.Here ε and
Figure G2009102636947D00013
it is the set (may be singleton set) of algorithm.At input security parameter 1 ktime,
Figure G2009102636947D00021
output key is to (p k, s k).At input pk aand message
Figure G2009102636947D00022
time, for all ε i∈ ε, output is ciphertext C a.At input sk awith ciphertext C atime, there is output message
Figure G2009102636947D00023
's
Figure G2009102636947D00024
Figure G2009102636947D00025
at input (pk a, sk a, pk b, sk b) time, turn decryption key and produce algorithm
Figure G2009102636947D00026
output for agency sideturn decryption key rk a → B.
at input rk a → Bwith ciphertext C atime, turn close function
Figure G2009102636947D00028
output turns the ciphertext C after close b.
Yet above-mentioned definition has unnecessarily limited the data flow that turns decryption key, turn decryption key and only can be sent to agent.As a result, if in fact turn decryption key, be sent to a side who is not agent, for example, turn decryption key and be sent to authorized square Bob, follow above-mentioned definition implementation algorithm
Figure G2009102636947D00029
prior art dangerous.
First briefly introduce five existing PRE schemes below, to prove above-mentioned viewpoint: be sent to if in fact turn decryption key a side who is not agent, prior art is dangerous.
List of references [1]: in this scheme, authorized party Alice has PKI g awith private key a, and authorized square Bob has PKI g bwith privacy key b, wherein g has produced p rank finite cyclic group.In order to authorize Bob, Alice is by rk a → b=b/amodp sends to agent.
List of references [4] and [5]: in this scheme, especially (the 3.3rd part, ThirdAttempt), authorized party Alice has PKI to scheme 3
Figure G2009102636947D000210
and private key (a 1, a 2), authorized square Bob has PKI
Figure G2009102636947D000211
and private key (b 1, b 2), wherein Z produces finite cyclic group, and g produces another finite cyclic group.In order to authorize Bob, Alice will
Figure G2009102636947D000212
send to agent.
List of references [6]: in this scheme, authorized party Alice has PKI g awith private key a, authorized square Bob has PKI g bwith private key b, wherein g produces finite cyclic group.In order to authorize Bob, Alice is by rk a → b=b/a sends to agent.
List of references [7]: in this scheme, authorized party Alice has for random group element h apKI
Figure G2009102636947D000213
and private key (a 1, a 2), authorized square Bob has the PKI for another random group element hB and private key (b 1, b 2).In order to authorize Bob, Alice will be for another random group element h r's
Figure G2009102636947D000215
send to agent.
List of references [8]: in this scheme, authorized party Alice has PKI g awith private key a, authorized square Bob has PKI g bwith private key b.In order to authorize Bob, Alice is by rk a → b=g b/asend to agent.
According to the concise and to the point description to prior art above, can find out that these schemes are fragile.Yet, it is noted that these prior aries are only only under the following conditions unsafe: (1) turns decryption key and is sent to Bob rather than agent; And (2) Bob and attacker Malice gang up.
List of references [1]: in this scheme, authorized party Alice has PKI g awith private key a, and authorized square Bob has PKI g bwith privacy key b, wherein g has produced p rank finite cyclic group.In order to authorize Bob, Alice is by rk a → b=b/amodp sends to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g cwith private key c) be easy to according to rk a → c=(c/b) rk a → bmodp produces and turns decryption key.
List of references [4] and [5]: in this scheme, especially (the 3.3rd part, ThirdAttempt), authorized party Alice has PKI to scheme 3
Figure G2009102636947D00031
and private key (a 1, a 2), authorized square Bob has PKI
Figure G2009102636947D00032
and private key (b 1, b 2), wherein Z produces finite cyclic group, and g produces another finite cyclic group.In order to authorize Bob, Alice will
Figure G2009102636947D00033
send to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI
Figure G2009102636947D00034
and private key (c 1, c 2)) can calculate
Figure G2009102636947D00035
List of references [6]: in this scheme, authorized party Alice has PKI g awith private key a, authorized square Bob has PKI g bwith private key b, wherein g produces finite cyclic group.In order to authorize Bob, Alice is by rk a → b=b/a sends to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g cwith private key c) can be according to rk a → c=(c/b) rk a → bproduce and turn decryption key.
List of references [7]: in this scheme, authorized party Alice has for random group element h apKI
Figure G2009102636947D00036
and private key (a 1, a 2), authorized square Bob has the PKI for another random group element hB and private key (b 1, b 2).In order to authorize Bob, Alice will be for another random group element h r's
Figure G2009102636947D00038
send to agent.
Therefore the attacker Malice, ganging up with Bob (has for another random group element h cpKI
Figure G2009102636947D00039
and private key (c 1, c 2)) can calculate
Figure G2009102636947D000310
List of references [8]: in this scheme, authorized party Alice has PKI g awith private key a, authorized square Bob has PKI g bwith private key b.In order to authorize Bob, Alice is by rk a → b=g b/asend to agent.
Therefore the attacker Malice, ganging up with Bob (has PKI g cwith private key c) can calculate rk a → c=(rk a → b) a/b.
Here reiterate, prior art turns under the original definition of close (PRE) system at selected unidirectional proxy be safe.In original definition, the data flow that turns decryption key is restricted, and turns decryption key and only may be sent to agent.Yet if this restriction does not meet just, as mentioned above, in the situation that restriction is loosened, it is unsafe that prior art is actually.In other words, the unidirectional proxy redefining in the present invention turns in close system, can directly send to authorizedly square in the situation that turning decryption key, and prior art cannot work.
Summary of the invention
In view of the above-mentioned shortcoming of prior art, the present invention proposes a kind of non-extension unidirectional proxy and turn decryption key production method and equipment and a kind of non-extension unidirectional proxy and turn close manner of execution and system.
First, by turning decryption key, can be directly sent to safely authorized square attribute definition be non-ductility.
the definition of non-ductility:the one group of authorized side ganging up cannot authorize deciphering authority to third party.
For example, the decryption key that turns (1) agent is rk a → b, (2) Bob privacy key be sk b, (3) Malice privacy key be sk csituation under, the authorized side who gangs up is difficult to produce rk a → c.
Below, prove the importance of non-ductility.For example, in list of references [4] and [5], propose to turn decryption key with agency and carry out the access control to encrypt file storage system.Under this scene, the management of the access control server of trusted is not to being stored in the access of the encrypt file in distributed not trusted block storage.User downloads encrypted content from block storage, then communicates the authority that request is decrypted content with access control server.Which (which) user all sides of content select to access content, and suitable authorization privilege is sent to access control server.Be not difficult to expect, PRE system is a solution of this access control system, and wherein access control server is as agent.Equally also be easy to expect, for data, all sides directly send to user by scope of authority, are actually unencumbered.Unquestionable, except above-mentioned scene, obviously, user also may obtain scope of authority, for example, due to agent's carelessness; Again for example, due to all sides' of data carelessness; Or again for example, due to ganging up between all sides of data and user.
Therefore, the object of the invention is to redefine unidirectional proxy, to turn close scheme as follows, makes it to become non-extension unidirectional proxy and turn close scheme.
It is a kind of (probability) polynomial time algorithm tuple that unidirectional proxy turns close scheme
Figure G2009102636947D00051
element definition is wherein as follows:
Figure G2009102636947D00052
the standard key that is bottom cryptographic system produces, algorithms for encryption and decryption.Here ε and
Figure G2009102636947D00053
it is the set (may be singleton set) of algorithm.At input security parameter 1 ktime,
Figure G2009102636947D00054
output key is to (pk, sk).At input pk aand message
Figure G2009102636947D00055
time, for all ε i∈ ε, output is ciphertext C a.At input sk awith ciphertext C atime, there is output message
Figure G2009102636947D00056
's
Figure G2009102636947D00057
Figure G2009102636947D00058
at input (pk a, sk a, pk b, sk b) time, turn decryption key and produce algorithm
Figure G2009102636947D00059
output turns decryption key rk a → B.
Figure G2009102636947D000510
at input rk a → Bwith ciphertext C atime, turn close function
Figure G2009102636947D000511
output turns the ciphertext C after close b.
Compare with majority original definition of the prior art, unique difference that the non-extension unidirectional proxy redefining according to the present invention turns close scheme is that the present invention no longer defines and turns decryption key and produce algorithm
Figure G2009102636947D000512
only for agent's output, turn decryption key rk a → B.
Therefore, can expect, can directly will turn decryption key rk a → Bsend to authorized side.The object of the invention is to propose a kind of agency and turn close scheme, this scheme is safe under the definition redefining, and a kind of TSM Security Agent that allows the reception of authorized side to turn decryption key turns close scheme.
According to a first aspect of the invention, propose a kind of non-extension unidirectional proxy and turn decryption key and produce equipment, comprising: turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a 1, a 2) and authorized square PKI
Figure G2009102636947D000513
and according to authorized party's private key pair private key a 1with authorized square PKI
Figure G2009102636947D000514
produce unidirectional proxy key and enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
Figure G2009102636947D000516
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D000517
, according to
Figure G2009102636947D000518
produce, wherein H (*) is safe one-way hash function.
Preferably, authorized party's PKI h is another private key a according to authorized party 3, according to
Figure G2009102636947D000519
produce.
Preferably, authorized party's PKI h is the constrain set according to authorized party and another private key a of authorized party 3, according to
Figure G2009102636947D00062
produce, wherein H (*) is safe one-way hash function.
According to a second aspect of the invention, propose a kind of non-extension unidirectional proxy and turn decryption key production method, comprise the following steps: the private key of the side of obtaining the authorization is to (a 1, a 2) and authorized square PKI
Figure G2009102636947D00063
according to authorized party's private key pair private key a 1with authorized square PKI
Figure G2009102636947D00064
produce unidirectional proxy key
Figure G2009102636947D00065
select to adjust factor s, and the PKI h of the side of obtaining the authorization; According to produced unidirectional proxy, turn decryption key
Figure G2009102636947D00066
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D00067
, according to
Figure G2009102636947D00068
produce, wherein H (*) is safe one-way hash function.
Preferably, authorized party's PKI h is another private key a according to authorized party 3, according to
Figure G2009102636947D00069
produce.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D000610
and another private key a of authorized party 3, according to produce, wherein H (*) is safe one-way hash function.
According to a third aspect of the invention we, propose a kind of non-extension unidirectional proxy and turn close executive system, comprising:
At authorized party place,
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a 1, a 2), authorized party's PKI
Figure G2009102636947D000612
and authorized square PKI and according to authorized party's private key pair private key a 1and authorized square PKI
Figure G2009102636947D000614
produce unidirectional proxy and turn decryption key
Figure G2009102636947D000615
enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b; And
Ciphering unit, for utilizing authorized party's PKI
Figure G2009102636947D000617
to clear-text message, m is encrypted, and is created in authorized party's PKI under the original ciphertext of enhancing; And at agent place,
Turn close unit, for by the PKI authorized party under the conversion of the original ciphertext of enhancing
For at authorized square PKI under conversion after ciphertext.
Preferably, non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure G2009102636947D00072
form produce; PKI authorized party
Figure G2009102636947D00073
under the original ciphertext of enhancing be with
Figure G2009102636947D00074
form produce; At authorized square PKI
Figure G2009102636947D00075
under conversion after ciphertext have
Figure G2009102636947D00076
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party , according to produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure G2009102636947D00079
form produce; PKI authorized party
Figure G2009102636947D000710
under the original ciphertext of enhancing be with
Figure G2009102636947D000711
form produce; And if only if time, at authorized square PKI
Figure G2009102636947D000713
under conversion after ciphertext have form.
Preferably, authorized party's PKI h is another private key a according to authorized party 3, according to produce; Non-extension unidirectional proxy turns decryption key rk a → bbe with form produce; PKI authorized party
Figure G2009102636947D000717
under the original ciphertext of enhancing be with
Figure G2009102636947D000718
form produce; At authorized square PKI under conversion after ciphertext have
Figure G2009102636947D000720
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D000721
and another private key a of authorized party 3, according to
Figure G2009102636947D000722
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure G2009102636947D000723
form produce; PKI authorized party under the original ciphertext of enhancing be with
Figure G2009102636947D000725
form produce; And if only if
Figure G2009102636947D000726
time, at authorized square PKI
Figure G2009102636947D000727
under conversion after ciphertext have
Figure G2009102636947D00081
form.
Preferably, described system can also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), the ciphertext after conversion is decrypted, to recover clear-text message m.
Preferably, described system can also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), according to
Figure G2009102636947D00082
to the ciphertext after conversion be decrypted, to recover clear-text message m.
According to a forth aspect of the invention, propose a kind of non-extension unidirectional proxy and turn close manner of execution, comprise the following steps:
At authorized party place,
The private key of the side of obtaining the authorization is to (a 1, a 2), authorized party's PKI
Figure G2009102636947D00084
and authorized square PKI
Figure G2009102636947D00085
According to authorized party's private key pair private key a 1and authorized square PKI
Figure G2009102636947D00086
produce unidirectional proxy and turn decryption key
Figure G2009102636947D00087
Select to adjust factor s, and the PKI h of the side of obtaining the authorization;
According to produced unidirectional proxy, turn decryption key
Figure G2009102636947D00088
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b; And
Utilize authorized party's PKI
Figure G2009102636947D00089
to clear-text message, m is encrypted, and is created in authorized party's PKI
Figure G2009102636947D000810
under the original ciphertext of enhancing; And at agent place,
By the PKI authorized party under the original ciphertext of enhancing be converted at authorized square PKI under conversion after ciphertext.
Preferably, non-extension unidirectional proxy turns decryption key rk a → bbe with form produce; PKI authorized party
Figure G2009102636947D000814
under the original ciphertext of enhancing be with
Figure G2009102636947D000815
form produce; At authorized square PKI
Figure G2009102636947D00091
under conversion after ciphertext have
Figure G2009102636947D00092
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D00093
, according to
Figure G2009102636947D00094
produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure G2009102636947D00095
form produce; PKI authorized party
Figure G2009102636947D00096
under the original ciphertext of enhancing be with
Figure G2009102636947D00097
form produce; And if only if
Figure G2009102636947D00098
time, at authorized square PKI
Figure G2009102636947D00099
under conversion after ciphertext have
Figure G2009102636947D000910
form.
Preferably, authorized party's PKI h is another private key a according to authorized party 3, according to produce; Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure G2009102636947D000912
form produce; PKI authorized party
Figure G2009102636947D000913
under the original ciphertext of enhancing be with
Figure G2009102636947D000914
form produce; At authorized square PKI
Figure G2009102636947D000915
under conversion after ciphertext have
Figure G2009102636947D000916
form.
Preferably, authorized party's PKI h is the constrain set according to authorized party
Figure G2009102636947D000917
and another private key a of authorized party 3, according to produce, wherein H (*) is safe one-way hash function; Non-extension unidirectional proxy turns decryption key rk a → bbe with form produce; PKI authorized party
Figure G2009102636947D000920
under the original ciphertext of enhancing be with form produce; And if only if
Figure G2009102636947D000922
time, at authorized square PKI under conversion after ciphertext have form.
Preferably, described method can also comprise the following steps:
At place, authorized side,
Utilize authorized square private key to (b 1, b 2), the ciphertext after conversion is decrypted, to recover clear-text message m.
Preferably, described method can also comprise the following steps:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), according to to the ciphertext after conversion be decrypted, to recover clear-text message m.
With the most close prior art, list of references 4 and 5 (scheme 3, the 3.3 parts, Third Attempt) is compared, and beneficial effect of the present invention at least comprises:
Figure G2009102636947D00103
realized new agency and turned close system model, its transfer decryption key can be sent to authorized side and/or agent safely.
Accompanying drawing explanation
By reference to the accompanying drawings, according to the detailed description to non-limiting example of the present invention below, above-mentioned and other object of the present invention, feature and advantage will become clearer, in accompanying drawing:
Fig. 1 shows the schematic block diagram of the unit operating in the Third Attempt of list of references [4] and [5];
Fig. 2 shows the schematic block diagram of the unit operating in the basic scheme of NRE scheme proposed by the invention;
Fig. 3 shows the schematic block diagram of the unit of operation in the alternative 1 of NRE scheme proposed by the invention;
Fig. 4 shows the schematic block diagram of the unit of operation in the alternative 2 of NRE scheme proposed by the invention; And
Fig. 5 shows the schematic block diagram of the unit of operation in the alternative 3 of NRE scheme proposed by the invention.
In accompanying drawing, with identical Reference numeral, represent relevant unit, so that the correlation between them to be shown.Those unit that represent mainly to have reflected invention thought of the present invention with the solid line of overstriking.
Embodiment
Below, the present invention is described with reference to the accompanying drawings.In the following description, some specific embodiments only, for describing object, have any restriction and should not be construed to the present invention, and are example of the present invention.In the time may causing the understanding of the present invention to cause obscuring, will omit conventional structure or structure.
[scene explanation in detail]
Below, be taken as the list of references [4] of close prior art of the present invention and the mode that [5] compare, describe non-extension unidirectional proxy according to the present invention in detail and turn close (NRE) scheme.
Fig. 1 shows the schematic block diagram of the unit operating in the Third Attempt of list of references [4] and [5].With reference to figure 1, the unit of authorized party Alice, agent and authorized square Bob is described below.
ciphering unit 110pKI with authorized party Alice
Figure G2009102636947D00111
, as input, select random number r, and export original ciphertext with clear-text message m
Figure G2009102636947D00112
turn decryption key generation unit 120private key (a with authorized party Alice 1, a 2) and the PKI of authorized square Bob
Figure G2009102636947D00113
as input, and output turns decryption key
Figure G2009102636947D00114
turn close unit 210with original ciphertext with turn decryption key as input, and the ciphertext after output conversion
Figure G2009102636947D00117
decrypting device 310private key (b with the side of being authorized to Bob 1, b 2) and conversion after ciphertext
Figure G2009102636947D00118
as input, and export clear-text message m.
In list of references 4 and 5 (scheme 3, the 3.3 parts, Third Attempt), Alice has PKI
Figure G2009102636947D00119
and private key (a 1, a 2).In order to authorize PKI to be
Figure G2009102636947D001110
bob, turn decryption key generation unit 120 first according to
Figure G2009102636947D001111
calculating turns decryption key.This turns decryption key only can be sent to agent.
For message m, the ciphering unit 110 of Alice is selected random number r, and according to calculate original ciphertext.This original ciphertext will be transmitted to agent.
When Bob asks the original ciphertext of Alice to agent, agent turns close unit 210 with rk a → bwith original ciphertext
Figure G2009102636947D001113
as input, the ciphertext after changing to Bob output
Figure G2009102636947D001114
Ciphertext after receiving conversion
Figure G2009102636947D001115
time, the decrypting device 310 of Bob can be utilized the private key (b of Bob 1, b 2), export clear-text message m.
Next, describe NRE scheme proposed by the invention in detail.
Fig. 2 shows the schematic block diagram of the unit operating in the basic scheme of NRE scheme proposed by the invention.With reference to figure 2, the unit of authorized party Alice, agent and authorized square Bob is described below.
ciphering unit 2110pKI with authorized party Alice
Figure G2009102636947D00121
as input, select random number r with clear-text message m, and output strengthens original ciphertext
turn decryption key generation unit 2120according to operating with the mode that decryption key generation unit 120 is identical that turns shown in Fig. 1, with the private key (a of authorized party Alice 1, a 2) and the PKI of authorized square Bob
Figure G2009102636947D00123
as input, output
Figure G2009102636947D00124
enhancement unit 2130to turn the output of decryption key generation unit 2120
Figure G2009102636947D00125
another PKI h of authorized party Alice is as input, selects randomly to adjust factor s, and exports non-extension and turn decryption key
Figure G2009102636947D00126
turn close unit 2210to strengthen original ciphertext
Figure G2009102636947D00127
with turn decryption key
Figure G2009102636947D00128
as input, the ciphertext after output conversion
Figure G2009102636947D00129
decrypting device 2310according to the identical mode of decrypting device 310 with shown in Fig. 1, operate, with the private key (b of the side of being authorized to Bob 1, b 2) and conversion after ciphertext
Figure G2009102636947D001210
as input, and export clear-text message m.
According to the basic scheme of NRE scheme proposed by the invention, Alice has PKI
Figure G2009102636947D001211
and private key (a 1, a 2).In order to authorize PKI to be
Figure G2009102636947D001212
bob, turn decryption key generation unit 2120 first according to
Figure G2009102636947D001213
calculating turns decryption key.Other operations that turn decryption key generation unit 2120 are identical with the operation of the scheme proposing in list of references [4] and [5].
Yet next, the enhancement unit 2130 of Alice will select to adjust factor s randomly, and with
Figure G2009102636947D001214
as input, calculate non-extension and turn decryption key
Figure G2009102636947D001215
from according to the decryption key that turns of the scheme proposing in list of references [4] and [5], to be merely able to be sent to agent different, this non-extension turns decryption key can be sent to Bob and/or agent.
In order to process non-extension, turn decryption key, for message m, the ciphering unit 2110 of Alice is selected random number, and according to
Figure G2009102636947D001216
calculate and strengthen original ciphertext.This strengthens original ciphertext will be transmitted to agent.
When Bob asks the original ciphertext of enhancing of Alice to agent, agent turns close unit 2210 with rk a → bwith the original ciphertext of enhancing
Figure G2009102636947D00131
as input, the ciphertext after changing to Bob output
Ciphertext after receiving conversion
Figure G2009102636947D00133
time, the decrypting device 2310 of Bob can be utilized the private key (b of Bob 1, b 2), output clear-text message m.
Therefore, owing to turning the generation of decryption key in non-extension
Figure G2009102636947D00134
middle another PKI h that has introduced random adjustment factor s and authorized party, it is also the signature of exchanging integral divisor s that the non-extension of generation turns decryption key simultaneously.The side that the non-extension of success generation turns decryption key also can successfully produce authorized party's signature, and this is proved to be infeasible in the prior art.
In addition, also can in NRE scheme proposed by the invention, introduce some other alternative.
For example, as shown in Figure 3, with the constrain set that represents authorized party
Figure G2009102636947D00135
arbitrary string replace another PKI h (alternative 1) of above-mentioned authorized party.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
ciphering unit 3110according to the identical mode of ciphering unit 2110 with shown in Fig. 2, operate, with the PKI of authorized party Alice
Figure G2009102636947D00136
as input, select random number r with clear-text message m, and output strengthens original ciphertext
Figure G2009102636947D00137
turn decryption key generation unit 3120according to operating with the mode that decryption key generation unit 2120 is identical that turns shown in Fig. 2, with the private key (a of authorized party Alice 1, a 2) and the PKI of authorized square Bob
Figure G2009102636947D00138
as input, output
Figure G2009102636947D00139
enhancement unit 3130to turn the output of decryption key generation unit 3120
Figure G2009102636947D001310
the constrain set of authorized party Alice
Figure G2009102636947D001311
as input, select randomly to adjust factor s, calculate
Figure G2009102636947D001312
and export non-extension and turn decryption key
turn close unit 3210to strengthen original ciphertext
Figure G2009102636947D001314
with turn decryption key
Figure G2009102636947D001315
as input, and if only if
Figure G2009102636947D001316
ciphertext after time output conversion
decrypting device 3310according to the identical mode of decrypting device 2310 with shown in Fig. 2, operate, with the private key (b of the side of being authorized to Bob 1, b 2) and conversion after ciphertext
Figure G2009102636947D00141
as input, and export clear-text message m.
As another example, as shown in Figure 4, with another private key a that represents authorized party 3another PKI h (alternative 2) that replaces above-mentioned authorized party.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
ciphering unit 4110pKI with authorized party Alice private key a 3as input, select random number r with clear-text message m, and the original ciphertext of output strengthening
Figure G2009102636947D00143
turn decryption key generation unit 4120according to operating with the mode that decryption key generation unit 2120 is identical that turns shown in Fig. 2, with the private key (a of authorized party Alice 1, a 2) and the PKI of authorized square Bob
Figure G2009102636947D00144
as input, output
Figure G2009102636947D00145
enhancement unit 4130to turn the output of decryption key generation unit 4120
Figure G2009102636947D00146
the private key a of authorized party Alice 3as input, select randomly to adjust factor s, calculate
Figure G2009102636947D00147
and export non-extension and turn decryption key
Figure G2009102636947D00148
turn close unit 4210to strengthen original ciphertext
Figure G2009102636947D00149
with turn decryption key
Figure G2009102636947D001410
as input, the ciphertext after output conversion
Figure G2009102636947D001411
decrypting device 4310according to the identical mode of decrypting device 2310 with shown in Fig. 2, operate, with the private key (b of the side of being authorized to Bob 1, b 2) and conversion after ciphertext
Figure G2009102636947D001412
as input, and export clear-text message m.
As another example, as shown in Figure 5, can combine above-mentioned alternative 1 and 2 to obtain alternative 3.In this case, the unit of authorized party Alice, agent and authorized square Bob is described below.
ciphering unit 5110according to the identical mode of ciphering unit 4110 with shown in Fig. 4, operate, with the PKI of authorized party Alice
Figure G2009102636947D001413
the private key a of authorized party Alice 3as input, select random number r with clear-text message m, and the original ciphertext of output strengthening
Figure G2009102636947D001414
turn decryption key generation unit 5120according to operating with the mode that decryption key generation unit 4120 is identical that turns shown in Fig. 4, with the private key (a of authorized party Alice 1, a 2) and the PKI of authorized square Bob
Figure G2009102636947D001415
as input, output
Figure G2009102636947D001416
enhancement unit 5130to turn the output of decryption key generation unit 5120
Figure G2009102636947D00151
the constrain set of authorized party Alice
Figure G2009102636947D00152
and the private key a of authorized party Alice 3as input, select randomly to adjust factor s, calculate and export non-extension and turn decryption key
turn close unit 5210to strengthen original ciphertext
Figure G2009102636947D00155
with turn decryption key
Figure G2009102636947D00156
as input, and if only if
Figure G2009102636947D00157
ciphertext after time output conversion
Figure G2009102636947D00158
decrypting device 5310according to the identical mode of decrypting device 4310 with shown in Fig. 4, operate, with the private key (b of the side of being authorized to Bob 1, b 2) and conversion after ciphertext as input, and export clear-text message m.
[principle explanation in detail]
In following detailed principle explanation, use traditional multiplicative group mark, replace conventionally at elliptic curve, arranging the addition mark of middle use.
Suppose G 1=<g 1> and G 2=<g 2> is two finite cyclic groups, has additional group
Figure G2009102636947D001510
make
Figure G2009102636947D001511
wherein p is certain large prime number.Bilinear map the function with following effect:
Figure G2009102636947D001513
bilinear: for all for all
Figure G2009102636947D001515
Figure G2009102636947D001516
Figure G2009102636947D001517
nonsingular:
Figure G2009102636947D001518
make e (h 1, h 2) ≠ I, wherein I is
Figure G2009102636947D001519
identity element; And
Figure G2009102636947D001520
computable: to have the efficient algorithm that calculates e.
Suppose to exist for input security parameter 1 kalgorithm Setup () is set, the above-mentioned setting of output bilinear map.This process is represented as
Figure G2009102636947D001521
note, have following special circumstances:
Figure G2009102636947D00161
and g 1=g 2=g.
Now, describe the principle that relates to NRE scheme proposed by the invention in detail.
[basic scheme]
system initialization:
A) select
System parameters is
Figure G2009102636947D00163
the key of system user produces:
A) select
B) calculate
Figure G2009102636947D00165
The PKI of system user is
Figure G2009102636947D00166
private key is (u 1, u 2).Private key (a of authorized party A described below 1, a 2), the private key (b of authorized square B 1, b 2) be from private key set { (u 1, u 2) in select.
authorized party's encryption:
For plaintext
Figure G2009102636947D00167
pKI is
Figure G2009102636947D00168
private key is (a 1, a 2) authorized party A carry out following operation:
A) select randomly
Figure G2009102636947D00169
B) calculate
Figure G2009102636947D001610
Finally, strengthening original ciphertext is
Figure G2009102636947D001611
non-extension turns decryption key and produces:
In order to authorize PKI to be
Figure G2009102636947D001612
authorized side B can be decrypted the original ciphertext of the enhancing of A, authorized party A carries out following operation:
A) select randomly
Figure G2009102636947D001613
B) calculate
Figure G2009102636947D001614
Finally, non-extension turns decryption key and is
Figure G2009102636947D001615
turning of agent is close:
For strengthening original ciphertext
Figure G2009102636947D00171
turn decryption key with non-extension
Figure G2009102636947D00172
agent is calculated as follows:
Figure G2009102636947D00173
Figure G2009102636947D00175
Finally, the ciphertext after conversion is
Figure G2009102636947D00176
authorized square deciphering:
For the ciphertext after conversion
Figure G2009102636947D00177
authorized square B calculates
Figure G2009102636947D00178
recover m.
[alternative 1]
System parameters h in basic scheme can be replaced by the hash of authorized party's constraint.For example, how authorized party's constraint can should be used non-extension to turn decryption key for describing authorized side and/or agent.
Figure G2009102636947D00179
as a specific example, authorized party can be expressed as " after 1:00PM GMT2009.12.31 this non-extension turn decryption key invalid " by constraint R.When agent sees this when constraint, agent by refusal after the time of appointment in constraint for authorized side carry out authorized party ciphertext turn close operation.
Figure G2009102636947D001710
as another example, R represents PKI, and authorized side must prove that he is for the ownership of particular public key, and agency is just now for it turns close operation.
Figure G2009102636947D001711
as another example, R represents cipher list, only makes when strengthening original ciphertext and indicate identical password, and agency is just now for authorized side turns close operation.
system initialization:
A) select safe one-way hash function:
Figure G2009102636947D001712
System parameters is
Figure G2009102636947D001713
the key of system user produces:
A) select
B) calculate
Figure G2009102636947D00182
The PKI of system user is
Figure G2009102636947D00183
private key is (u 1, u 2).Private key (a of authorized party A described below 1, a 2), the private key (b of authorized square B 1, b 2) be from private key set { (u 1, u 2) in select.
authorized party's encryption:
For plaintext pKI is
Figure G2009102636947D00185
private key is (a 1, a 2) authorized party A carry out following operation:
A) select randomly
Figure G2009102636947D00186
B) calculate
Figure G2009102636947D00187
Finally, strengthening original ciphertext is
Figure G2009102636947D00188
non-extension turns decryption key and produces:
In order to authorize PKI to be
Figure G2009102636947D00189
authorized side B can be decrypted the original ciphertext of the enhancing of A, authorized party A carries out following operation:
A) select randomly
Figure G2009102636947D001810
B) select suitable constrain set
Figure G2009102636947D001811
and calculate
Figure G2009102636947D001812
wherein, " | " represents cascade.
C) calculate
Finally, non-extension turns decryption key and is
Figure G2009102636947D001814
turning of agent is close:
For strengthening original ciphertext
Figure G2009102636947D001815
turn decryption key with non-extension
Figure G2009102636947D001816
agent is calculated as follows:
Figure G2009102636947D00191
Figure G2009102636947D00192
Figure G2009102636947D00193
Finally, the ciphertext after conversion is
Figure G2009102636947D00194
Note, and if only if
Figure G2009102636947D00195
time, when constrain set is not tampered, above-mentioned equation is just set up.
authorized square deciphering:
For the ciphertext after conversion
Figure G2009102636947D00196
authorized square B calculates
Figure G2009102636947D00197
recover m.
[alternative 2]
System parameters h in basic scheme can be replaced by authorized party's additional private key.
Can omit the process of system initialization.
the key of system user produces:
A) select
B) calculate
Figure G2009102636947D00199
The PKI of system user is
Figure G2009102636947D001910
private key is (u 1, u 2, u 3).Private key (a of authorized party A described below 1, a 2, a 3), the private key (b of authorized square B 1, b 2, b 3) be from private key set { (u 1, u 2, u 3) in select.
authorized party's encryption:
For plaintext
Figure G2009102636947D001911
pKI is
Figure G2009102636947D001912
private key is (a 1, a 2, a 3) authorized party A carry out following operation:
A) select randomly
Figure G2009102636947D001913
B) calculate
Figure G2009102636947D00201
Finally, strengthening original ciphertext is
Figure G2009102636947D00202
non-extension turns decryption key and produces:
In order to authorize PKI to be
Figure G2009102636947D00203
authorized side B can be decrypted the original ciphertext of the strengthening of A, authorized party A carries out following operation:
A) select randomly
Figure G2009102636947D00204
B) calculate
Figure G2009102636947D00205
?
Figure G2009102636947D00206
Finally, non-extension turns decryption key and is
Figure G2009102636947D00207
turning of agent is close:
For the original ciphertext of strengthening turn decryption key with non-extension
Figure G2009102636947D00209
agent is calculated as follows:
Figure G2009102636947D002010
Figure G2009102636947D002011
Figure G2009102636947D002012
Finally, the ciphertext after conversion is
authorized square deciphering:
For the ciphertext after conversion
Figure G2009102636947D002014
authorized square B calculates
Figure G2009102636947D002015
recover m.
[alternative 3]
Alternative 3 is combinations of alternative 1 and 2.
system initialization:
A) select safe one-way hash function
Figure G2009102636947D002016
System parameters is
Figure G2009102636947D00211
the key of system user produces:
A) select
Figure G2009102636947D00212
B) calculate
Figure G2009102636947D00213
The PKI of system user is
Figure G2009102636947D00214
private key is (u 1, u 2, u 3).Private key (a of authorized party A described below 1, a 2, a 3), the private key (b of authorized square B 1, b 2, b 3) be from private key set { (u 1, u 2, u 3) in select.
authorized party's encryption:
For plaintext
Figure G2009102636947D00215
pKI is
Figure G2009102636947D00216
private key is (a 1, a 2, a 3) authorized party A carry out following operation:
A) select randomly
Figure G2009102636947D00217
B) calculate
Figure G2009102636947D00218
Finally, strengthening original ciphertext is
Figure G2009102636947D00219
non-extension turns decryption key and produces:
In order to authorize PKI to be
Figure G2009102636947D002110
authorized side B can be decrypted the original ciphertext of the strengthening of A, authorized party A carries out following operation:
A) select randomly
Figure G2009102636947D002111
B) select suitable safety set
Figure G2009102636947D002112
and calculate
Figure G2009102636947D002113
wherein | represent cascade.
C) calculate
Figure G2009102636947D002114
Finally, non-extension turns decryption key and is
Figure G2009102636947D002115
turning of agent is close:
For the original ciphertext of strengthening
Figure G2009102636947D002116
turn decryption key with non-extension agent is calculated as follows:
Figure G2009102636947D00222
Figure G2009102636947D00223
Figure G2009102636947D00224
Finally, the ciphertext after conversion is
Figure G2009102636947D00225
Certainly, described in alternative 1, and if only if
Figure G2009102636947D00226
be constrain set while not being tampered, above-mentioned equation is just set up.
authorized square deciphering:
For the ciphertext after conversion authorized square B calculates
Figure G2009102636947D00228
recover m.
Other settings of the embodiment of the present invention disclosed herein comprise the step of embodiment of the method and the software program of operation that execution is formerly summarized and describe in detail subsequently.More specifically, computer program is following a kind of embodiment: have computer-readable medium, on computer-readable medium, coding has computer program logic, when carrying out on computing equipment, computer program logic provides relevant operation, thereby provides above-mentioned unidirectional proxy to turn close scheme.While carrying out at least one processor at computing system, computer program logic makes the operation (method) described in the processor execution embodiment of the present invention.This set of the present invention is typically provided as and arranges or be coded in such as the software on the computer-readable medium of light medium (such as CD-ROM), floppy disk or hard disk etc., code and/or other data structures or such as other media or the Downloadable software image in application-specific integrated circuit (ASIC) (ASIC) or one or more module, the shared data bank etc. of the firmware on one or more ROM or RAM or PROM chip or microcode.Software or firmware or this configuration can be arranged on computing equipment, so that the technology described in the one or more processors execution embodiment of the present invention in computing equipment.The software process operating in conjunction with the computing equipment such as in one group of data communications equipment or other entities also can provide according to system of the present invention.According to system of the present invention, also can be distributed between all software process that move on a plurality of software process in a plurality of data communications equipment or all software process that move on one group of small, dedicated computer or single computer.
Should be appreciated that, strictly say, embodiments of the invention can be implemented as software program in data communications equipment, software and hardware or independent software and/or independent circuit.
More than describe and only provided the preferred embodiments of the present invention, and be not to limit by any way the present invention.Therefore, scope of the present invention should be encompassed in any modification of carrying out in the present invention spirit and principle, replacement, improvement etc.
list of references list
[1]Matt?Blaze,Gerrit?Bleumer,and?Martin?Strauss.Divertible?protocolsand?atomic?proxy?cryptography.In?EUROCRYPT′98,volume?1403of?LNCS,pages?127-144,1998;
[2]Himanshu?Khurana,Jin?Heo,and?Meenal?Pant.From?proxyencryption?primitives?to?a?deployable?secure-mailing-list?solution.InICICS,pages?260-281,2006;
[3]Gelareh?Taban,Alvaro?A.Cardenas,and?Virgil?D.Gligor.Towards?asecure?and?interoperable?DRM?architecture.In?DRM′06:Proceedings?of?the?ACM?workshop?on?Digital?rights?management,pages?69-78.ACM,2006;
[4]Ateniese?G.,Fu?K.,Green?M.,Hohenberger?Su.:Improved?ProxyRe-Encryption?Schemes?with?Applications?to?Secure?DistributedStorage.ACM?Transactions?on?Information?and?System?Security(TISSEC),vol.9(1):1-30,February?2006;
[5]US?2008/0059787?A1,March?6,2008;
[6]R.Canetti,S.Hohenberger.Chosen-ciphertext?secure?proxyre-encryption.In?ACM?CCS,pages?185-194.ACM,2007;
[7]S.Hohenberger,G.N.Rothblum,A.Shelat,V.Vaikuntanathan.Securely?obfuscating?re-encryption.In?TCC′07,volume?4392?ofLNCS,pages?233-252,2007;
[8]B.Libert,D.Vergnaud.Unidirectional?chosen-ciphertext?secureproxy?re-encryption.In?PKC′08,volume?4939?of?LNCS,pages360-379,2008.

Claims (22)

1. non-extension unidirectional proxy turns a decryption key generation equipment, comprising:
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a 1, a 2) and authorized square PKI
Figure FDA0000415297710000011
and according to authorized party's private key pair private key a 1with authorized square PKI produce unidirectional proxy key
Figure FDA0000415297710000013
and
Enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
Figure FDA0000415297710000014
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b, wherein non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000015
or
Figure FDA0000415297710000016
form produce, R is authorized party's constrain set.
2. equipment according to claim 1, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function.
3. equipment according to claim 1, wherein
Authorized party's PKI h is another private key a according to authorized party 3, according to
Figure FDA0000415297710000017
produce.
4. equipment according to claim 1, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party 3, according to
Figure FDA0000415297710000018
produce, wherein H (*) is safe one-way hash function.
5. non-extension unidirectional proxy turns a decryption key production method, comprises the following steps:
The private key of the side of obtaining the authorization is to (a 1, a 2) and authorized square PKI
Figure FDA0000415297710000019
According to authorized party's private key pair private key a1 and authorized square PKI
Figure FDA00004152977100000110
produce unidirectional proxy key
Figure FDA00004152977100000111
Select to adjust factor s, and the PKI h of the side of obtaining the authorization; And
According to produced unidirectional proxy, turn decryption key
Figure FDA00004152977100000112
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b, wherein non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA00004152977100000113
or
Figure FDA00004152977100000114
form produce, R is authorized party's constrain set.
6. method according to claim 5, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function.
7. method according to claim 5, wherein
Authorized party's PKI h is another private key a according to authorized party 3, according to
Figure FDA0000415297710000021
produce.
8. method according to claim 5, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party 3, according to
Figure FDA0000415297710000022
produce, wherein H (*) is safe one-way hash function.
9. non-extension unidirectional proxy turns a close executive system, comprising:
At authorized party place,
Turn decryption key generation unit, for the private key of the side of obtaining the authorization to (a 1, a 2), authorized party's PKI
Figure FDA0000415297710000023
and authorized square PKI
Figure FDA0000415297710000024
and according to authorized party's private key pair private key a 1and authorized square PKI
Figure FDA0000415297710000025
produce unidirectional proxy and turn decryption key
Figure FDA0000415297710000026
Enhancement unit, for selecting to adjust factor s, the PKI h of the side of obtaining the authorization, and turn decryption key according to produced unidirectional proxy
Figure FDA0000415297710000027
by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b, wherein non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000028
or form produce, R is authorized party's constrain set; And
Ciphering unit, for utilizing authorized party's PKI
Figure FDA00004152977100000210
to clear-text message, m is encrypted, and is created in authorized party's PKI
Figure FDA00004152977100000211
under the original ciphertext of enhancing; And
At agent place,
Turn close unit, for by the PKI authorized party
Figure FDA00004152977100000212
under the original ciphertext of enhancing be converted at authorized square PKI
Figure FDA00004152977100000213
under conversion after ciphertext.
10. system according to claim 9, wherein
Non-extension unidirectional proxy turns decryption key rr a → bbe with
Figure FDA00004152977100000214
form produce;
PKI authorized party
Figure FDA00004152977100000215
under the original ciphertext of enhancing be with
Figure FDA00004152977100000216
form produce;
At authorized square PKI
Figure FDA0000415297710000031
under conversion after ciphertext have
Figure FDA0000415297710000032
form.
11. systems according to claim 9, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function;
Non-extension unidirectional proxy turns decryption key rk a → bbe with form produce;
PKI authorized party
Figure FDA00004152977100000314
under the original ciphertext of enhancing be with
Figure FDA0000415297710000034
form produce;
During and if only if H (R)=h, at authorized square PKI
Figure FDA0000415297710000035
under conversion after ciphertext have
Figure FDA0000415297710000036
form.
12. systems according to claim 9, wherein
Authorized party's PKI h is another private key a according to authorized party 3, according to produce;
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000038
form produce;
PKI authorized party under the original ciphertext of enhancing be with
Figure FDA00004152977100000310
form produce;
At authorized square PKI under conversion after ciphertext have
Figure FDA00004152977100000312
form.
13. systems according to claim 9, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party 3, according to
Figure FDA00004152977100000313
produce, wherein H (*) is safe one-way hash function;
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000041
form produce;
PKI authorized party under the original ciphertext of enhancing be with
Figure FDA0000415297710000043
form produce;
And if only if
Figure FDA0000415297710000044
time, at authorized square PKI
Figure FDA0000415297710000045
under conversion after ciphertext have
Figure FDA0000415297710000046
form.
14. systems according to claim 9, also comprise:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), the ciphertext after conversion is decrypted, to recover clear-text message m.
15. according to the system one of claim 10~13 Suo Shu, also comprises
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), according to
Figure FDA0000415297710000047
to the ciphertext after conversion
Figure FDA0000415297710000048
be decrypted, to recover clear-text message m.
16. 1 kinds of non-extension unidirectional proxies turn close manner of execution, comprise the following steps:
At authorized party place,
The private key of the side of obtaining the authorization is to (a 1, a 2), authorized party's PKI
Figure FDA00004152977100000413
and authorized square PKI
Figure FDA0000415297710000049
According to authorized party's private key pair private key a 1and authorized square PKI produce unidirectional proxy and turn decryption key
Figure FDA00004152977100000411
Select to adjust factor s, and the PKI h of the side of obtaining the authorization;
According to produced unidirectional proxy, turn decryption key by another private key a of the selected adjustment factor of substitution s, authorized party's PKI h and authorized party's private key pair 2, produce non-extension unidirectional proxy and turn decryption key rk a → b, wherein non-extension
Unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000051
or
Figure FDA0000415297710000052
form produce, R is authorized party's constrain set; And
Utilize authorized party's PKI
Figure FDA0000415297710000053
to clear-text message, m is encrypted, and is created in authorized party's PKI under the original ciphertext of enhancing; And
At agent place,
By the PKI authorized party
Figure FDA00004152977100000515
under the original ciphertext of enhancing be converted at authorized square PKI
Figure FDA0000415297710000055
under conversion after ciphertext.
17. methods according to claim 16, wherein
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000056
form produce;
PKI authorized party
Figure FDA00004152977100000516
under the original ciphertext of enhancing be with
Figure FDA0000415297710000057
form produce;
At authorized square PKI
Figure FDA0000415297710000058
under conversion after ciphertext have
Figure FDA0000415297710000059
form.
18. methods according to claim 16, wherein
Authorized party's PKI h is constrain set R according to authorized party, according to h=H (R), produces, and wherein H (*) is safe one-way hash function;
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA00004152977100000510
form produce;
PKI authorized party
Figure FDA00004152977100000517
under the original ciphertext of enhancing be with
Figure FDA00004152977100000511
form produce;
During and if only if H (R)=h, at authorized square PKI
Figure FDA00004152977100000512
shovel) ciphertext after the conversion under has
Figure FDA00004152977100000513
the form of arresting.
19. methods according to claim 16, wherein
Authorized party's PKI h is another private key a according to authorized party 3, according to produce;
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000061
form produce;
PKI authorized party
Figure FDA00004152977100000613
under the original ciphertext of enhancing be with
Figure FDA0000415297710000062
form produce;
At authorized square PKI
Figure FDA00004152977100000614
under conversion after ciphertext have
Figure FDA0000415297710000064
form.
20. methods according to claim 16, wherein
Authorized party's PKI h is another private key a according to authorized party's constrain set R and authorized party 3, according to
Figure FDA0000415297710000065
produce, wherein H (*) is safe one-way hash function;
Non-extension unidirectional proxy turns decryption key rk a → bbe with
Figure FDA0000415297710000066
form produce;
PKI authorized party
Figure FDA00004152977100000615
under the original ciphertext of enhancing be with
Figure FDA0000415297710000067
form produce;
And if only if time, at authorized square PKI
Figure FDA00004152977100000616
under conversion after ciphertext have
Figure FDA00004152977100000610
form.
21. methods according to claim 16, further comprising the steps of:
At place, authorized side,
Utilize authorized square private key to (b 1, b 2), the ciphertext after conversion is decrypted, to recover clear-text message m.
22. according to the method one of claim 17~20 Suo Shu, further comprising the steps of:
At place, authorized side,
Decrypting device, for utilizing authorized square private key to (b 1, b 2), according to
Figure FDA00004152977100000611
to the ciphertext after conversion
Figure FDA00004152977100000612
be decrypted, to recover clear-text message m.
CN200910263694.7A 2009-12-29 2009-12-29 Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption Expired - Fee Related CN102111269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910263694.7A CN102111269B (en) 2009-12-29 2009-12-29 Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910263694.7A CN102111269B (en) 2009-12-29 2009-12-29 Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption

Publications (2)

Publication Number Publication Date
CN102111269A CN102111269A (en) 2011-06-29
CN102111269B true CN102111269B (en) 2014-01-29

Family

ID=44175305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910263694.7A Expired - Fee Related CN102111269B (en) 2009-12-29 2009-12-29 Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption

Country Status (1)

Country Link
CN (1) CN102111269B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2713545B1 (en) 2011-08-12 2017-04-19 Huawei Technologies Co., Ltd. Data sharing system, data distribution system and data protection method
CN103384233B (en) 2012-05-02 2017-06-20 华为技术有限公司 A kind of methods, devices and systems for acting on behalf of conversion

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1380767A (en) * 2001-04-16 2002-11-20 南相浩 Shared key factor structure and shared key calculation
CN101051902A (en) * 2006-06-16 2007-10-10 上海交通大学 Agent signcryption method and system
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1380767A (en) * 2001-04-16 2002-11-20 南相浩 Shared key factor structure and shared key calculation
CN101051902A (en) * 2006-06-16 2007-10-10 上海交通大学 Agent signcryption method and system
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method

Also Published As

Publication number Publication date
CN102111269A (en) 2011-06-29

Similar Documents

Publication Publication Date Title
JP3560439B2 (en) Device for performing encryption key recovery
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
US7574596B2 (en) Cryptographic method and apparatus
CN110113155B (en) High-efficiency certificateless public key encryption method
CN107086911B (en) CCA (clear channel assessment) safe proxy re-encryption method capable of delegating verification
EP4046325B1 (en) Digital signature generation using a cold wallet
US9698984B2 (en) Re-encrypted data verification program, re-encryption apparatus and re-encryption system
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN109274502B (en) Method and device for creating public key encryption and key signature and readable storage medium
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN111277412B (en) Data security sharing system and method based on block chain key distribution
US20050005100A1 (en) Cryptographic method and system
CN110719295B (en) Identity-based food data security-oriented proxy re-encryption method and device
CN110958219A (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
Kumar et al. A survey on current key issues and status in cryptography
JP2024506026A (en) Threshold key exchange
US20050021973A1 (en) Cryptographic method and apparatus
CN102111269B (en) Method and equipment for generating inextensible unidirectional proxy re-encryption key, and method and system for executing inextensible unidirectional proxy re-encryption
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
Hussein Cloud-Based Efficient and Secure Scheme for Medical Images Storage and Sharing using ECC and SHA-3
CN115336224A (en) Adaptive attack-resistant distributed symmetric encryption
CN115879136B (en) Cloud data protection method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140129

Termination date: 20161229