CN102130771A - Method and system for privacy protection and authentication of user multi-selection in electronic transaction - Google Patents

Abstract

The invention discloses a method and a system for privacy protection and authentication of user multi-selection in electronic transaction. The method comprises the following steps of: generating a public parameter of an electronic transaction system according to a safety parameter k of an input system; generating an identifier of a secret key (DID) of a user (U) or a server (S) according to the ID of the identity string information of the U or the S; after carrying out m selections in n options, carrying out encryption and safety protection on the m selections, and generating a cipher text (C) for the m selections; generating the cipher text for n pieces of data and providing the generated data cipher text for the U; and after the U receives the data cipher text transmitted from the S, decrypting the m selection required by the U, and ensuring the completeness of the m selections and the truth of identity by authentication. By the invention, the privacy protection of multi-data selected by the user is realized, the data provided by the server is the data selected by the user, and acknowledgement of the identity information between the selection of the user and the data providing of the server is guaranteed.

Description

The secret protection of user's more options and authentication method and system in the electronic transaction

Technical field

The present invention relates to distributed electronic transaction technology field, relate in particular to secret protection and the authentication method and the system of user's more options in the electronic transaction.

Background technology

Need in the ecommerce to protect privacy of user as much as possible, comprise the privacy of identity and the privacy of data, cryptographic technique then is the important leverage of this demand.Particularly to the privacy of data; as the user to selection of goods, user to the selection of sensitive data, sensitiveness ballot etc.; the selection that must guarantee the user has privacy, as comprises that service side and other users can not guess user's selection, at the privacy of protection customer transaction selection.

At present; in the prior art for for secret protection the mature technique scheme not being arranged as yet in the distributed electronic transaction system; like this, user's privacy can not get guaranteeing that can not guarantee on the other hand to serve correctly to provide user-selected transaction content on the one hand.

Summary of the invention

In view of above-mentioned analysis; the present invention aims to provide secret protection and the authentication method and the system of user's more options in a kind of electronic transaction, in order to solve that privacy of user that prior art exists can not get protecting and whether the side of service can correctly provide the problem of user-selected transaction content.

Purpose of the present invention mainly is achieved through the following technical solutions:

The invention provides the secret protection and the authentication method of user's more options in a kind of electronic trading system, comprising:

Steps A: generate the open parameter of electronic trading system according to the security parameter k of input system, and offer all user or service sides of electronic trading system;

Step B: under the effect of open parameter, produce the secret keys D of user or service side according to the identity string Information ID of user U or the side of service S _ID, and with the secret keys D of user or service side _IDSend corresponding user or service side to;

Step C: for user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generation is to the secret ciphertext C of m selection;

Step D: the side of service S generates ciphertext and the data ciphertext that generates is offered user U n data under the effect of secret ciphertext C;

Step e: after user U receives the data ciphertext that service side S sends, decrypt m the selection that oneself needs, and guarantee the integrality of this m selection and the authenticity of identity by authentication.

Further, described method also comprises:

Step F: when user U thought that service side S provides false data or the side of service S to think that user U does false the selection, request dispute arbitration side T advanced arbitration process.

Further, described steps A specifically comprises:

Steps A 1: under the effect of security parameter k, it is that the q generator is the circled addition group G of P that rank are selected by system ₁, select

On q factorial method group G ₂, select a pair of Linear Mapping e:G simultaneously ₁* G ₁→ G ₂

Steps A 2: select a random number

As master key, and put P _Pub=sP is as its open key;

Steps A 3: define 3 cryptographic hash functions:

H ₁：{0，1} ^*→G ₁，

H ₂：{0，1} ^*×{0，1} ^*×G ₂→G ₁

H ₃: G ₂→ 0,1} ^m, m is the length that service side provides clear data;

The open parameter Params={G of electronic trading system ₁, G ₂, q, e, P, P _Pub, H ₁, H ₂, preserve master key s simultaneously.

Further, described step B specifically comprises:

Step B1: calculate

Be Q _ID∈ G ₁{ 0} belongs to G ₁In nonzero element;

Step B2: calculate D _ID=sQ _ID

Step B3: with secret keys D _IDSend corresponding user or service side to.

Further, described step C specifically comprises:

Step C1: user U makes m and selects c in n option _i, c _i∈ 1 ..., n};

Step C2: picked at random

The expression rank are the group of integers of q, size of this group and G ₁Order of a group is identical;

Step C3: calculate

And Q _IDu=H ₁(ID _u), ID _SThe expression server identity, ID _uThe expression user identity;

Step C4: calculate $U_i=k_i{Q}_{{\mathrm{ID}}_U};$

Step C5: each is selected c _i∈ 1 ..., n},

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},D_{{\mathrm{ID}}_S})}^{k_i};$

Calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i), here || expression string connector.

Calculate $K_i={c_i}^{-1}(X_i+D_{{\mathrm{ID}}_U}),$

Step C6: select to generate ciphertext σ=(U for the m that user U makes oneself _i, K _i) (1≤i≤m) sends to service side S.

Further, described step D specifically comprises:

Step D1: to i=1 ..., m, picked at random

Calculate A _i∈ x _iP;

Step D2: to j=1 ..., n calculates $B_{\mathrm{ij}}=e{(K_i,\mathrm{jP})}^{x_i};$

Step D3: calculate $C_{\mathrm{ij}}=M_j\⊕H_3\left(B_{\mathrm{ij}}\right);$

Step D4: calculate $D_{\mathrm{ij}}=x_i{P}_{\mathrm{pub}}+H_2\left(M_j\right|\left|A_i\right)\·D_{{\mathrm{ID}}_S};$

Step D5: the data C={A after the side of service S will protect _i, C _Ij, D _Ij| 1≤i≤m, 1≤j≤n} sends to user U.

Further, described step e specifically comprises:

Step e 1: to i=1 ..., m,

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},Q_{{\mathrm{ID}}_S})}^{k_i};$

Calculate Y _i=H ₂(ID _U|| ID _S|| W _i);

Calculate B ' _i=e (K _i, A _i);

Step e 2: establish k and be user U makes n candidate at first m select label (1≤k≤n), to j=1 ..., n,

Calculate $B_{\mathrm{ij}}=e{(r_i{Y}_i,A_i)}^{j/c_i}e{(D_{{\mathrm{ID}}_U},A_i)}^{j/c_i},$

To B _Ij(1≤j≤n) and B ' _iCompare, equal as if having, then find out the j when equating, and continue execution in step E3, otherwise execution in step E5;

Step e 3: calculate $M_{c_i}=C_{\mathrm{ij}}\⊕H_3\left(B_{\mathrm{ij}}\right);$

Step e 4: verification msg validity

Middle user U is true, and the data of selecting are designated as

The check equation $e(P,D_i)=e(A_i,P_{\mathrm{pub}})e{(Q_{{\mathrm{ID}}_S},P_{\mathrm{pub}})}^{H_2\left(\right[M_{\mathrm{ci}}\left]\right|\left|A_i\right)},$

If equation is set up, repeating step E1 then, up to i=m, otherwise execution in step E6;

If to establishments such as all i, then receive m selected data

(1≤i≤m);

Step e 5: can not find selected data, the result makes mistakes, or the side's of service identity is wrong, refusal data or application dispute arbitration;

Step e 6: the destroyed or side's of the service identity mistake of data integrity, the result makes mistakes, refusal data or application dispute arbitration.

Further, described step F specifically comprises when user U thinks that service side S provides false data or service side to think that the user side does false the selection:

Step F 1: the r of user U during with more options _i, k _i, U _i(1≤i≤m) and a plurality of selection c _i(1≤i≤m) sends to arbitration side T;

Step F 2: the side of arbitration T calculates

And checking equation

If being false, equation then abandons arbitration, otherwise execution in step F3;

Step F 3: calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i);

Step F 4: checking

If set up the more options σ=(U that then approves U _i, K _i) certain multinomial selection c of U under cover _i(1≤i≤m), user's selection is true;

Step F 5: the data ciphertext A that user U will receive from S _i, C _Ij, D _IjSend to arbitration side T;

Step F 6: the side of arbitration T verifies equation

If set up the then A of accredited services side S _i, otherwise A _iDistorted or untrue;

Step F 7: calculate

The side of arbitration T comparison

Whether are j data of service side, the data that provide if not service side then are inaccurate;

Step F 8: checking etc.

If equation is false, then the data that provide of service side are distorted in transmission course.

The present invention also provides the secret protection and the Verification System of user's more options in a kind of electronic trading system, comprising:

The parameter generation module is used for generating according to the security parameter k of input system the open parameter of electronic trading system, and offers all user or service sides of electronic trading system;

The secret keys generation module is used for producing the secret keys D of user or service side according to the identity string Information ID of user U or the side of service S under the effect of open parameter _ID, and with the secret keys D of user or service side _IDSend corresponding user or service side to;

The user selects and the secret protection module, be used to user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generation is to the secret ciphertext C of m selection;

The service number formulary is used under the effect of secret ciphertext C according to protection module, and n data are generated ciphertext and the data ciphertext that generates is offered user U;

User's more options data decryption and authentication module are used for decrypting m the selection that this user oneself needs after user U receives the data ciphertext that service side S sends, and guarantee the integrality of this m selection and the authenticity of identity by authentication.

Further, described system also comprises:

The dispute arbitration modules is used for when user U thinks that service side S provides false data or the side of service S to think that user U does false the selection, and request dispute arbitration side T advances arbitration process.

Beneficial effect of the present invention is as follows:

The present invention has realized the secret protection of user to the data of a plurality of selections; guarantee that the data that the side of service provides are user-selected data on the one hand; guarantee that simultaneously other data user that the side of service provides can not obtain any useful information; be that the selection between the two of user and service side and the mutual affirmation of the identity information of data between providing are provided on the other hand; i.e. selection to data derives from user U really, and the data that provided derive from service side S really.Simultaneously, forge or distort the behavior of grade for having occurred in the process of exchange, perhaps service side provides the behavior of deceptive information, can be to third party's filing of the award, to prove the illegal behavior of the other side's realization.

Other features and advantages of the present invention will be set forth in the following description, and becoming apparent from specification of part perhaps understood by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.

Description of drawings

Fig. 1 is the schematic flow sheet of the described method of the embodiment of the invention;

Fig. 2 is in the described method of the embodiment of the invention, the idiographic flow schematic diagram of step 101;

Fig. 3 is in the described method of the embodiment of the invention, the idiographic flow schematic diagram of step 102;

Fig. 4 is the structural representation of the described system of the embodiment of the invention.

Embodiment

Specifically describe the preferred embodiments of the present invention below in conjunction with accompanying drawing, wherein, accompanying drawing constitutes the application's part, and is used from explaination principle of the present invention with embodiments of the invention one.For clear and simplification purpose, when it may make theme of the present invention smudgy, with specifying in detail of known function and structure in the omission device described herein.

1 pair of described method of the embodiment of the invention is elaborated at first, in conjunction with the accompanying drawings.

Step 101: generate the open parameter of electronic trading system according to the security parameter k of input system, and offer all user or service sides that relate to the native system method; As shown in Figure 2, this step specifically can comprise:

Step 101-1: under the effect of security parameter k, it is that the q generator is the circled addition group G of P that the parameter generation module is selected rank ₁, select On q factorial method group G ₂, select a pair of Linear Mapping e:G simultaneously ₁* G ₁→ G ₂

Step 101-2: select a random number

As master key, put P _Pub=sP is as its open key;

Step 101-3: define 3 cryptographic hash functions:

H ₁：{0，1} ^*→G ₁，，

H ₂：{0，1} ^*×{0，1} ^*×G ₂→G ₁

H ₃: G ₂→ 0,1} ^m, m is the length that service side provides clear data here;

Step 101-4: the open parameter Params={G of system ₁, G ₂, q, e, P, P _Pub, H ₁, H ₂, preserve master key s simultaneously.

Step 102: behind the identity string Information ID of input user U or the side of service S, under the effect of the open parameter of system, produce the secret keys D of user or service side _ID, and with the secret keys D of user or service side _IDSend corresponding user or service side to by escape way or other secured fashions; As shown in Figure 3, this step specifically can comprise:

Step 102-1: calculate Be Q _ID∈ G ₁{ 0} belongs to G ₁In nonzero element;

Step 102-2: calculate D _ID=sQ _ID, Q here _IDAlso be G ₁Generator, according to the value of master key s, secret keys D _IDAt G ₁Go up evenly and distribute;

Step 102-3: with secret keys D _IDSend user or the service side of respective identity string ID to escape way or other secured fashions;

Here, ID be take from 0,1} ^*On the non-NULL binary string.

Step 103: for user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generate secret ciphertext C to m selection, make service side S under the situation of acquisition C, can not obtain the concrete selection of user U; This step specifically can comprise:

Step 103-1: to each i=1 that makes one's options ..., m,

C makes one's options in n option _i∈ 1 ..., n} selects c for m here _iCan be different, also identical selection can be arranged;

Step 103-2: to i=1 ..., m,

Picked at random

Here The expression rank are the group of integers of q, and the size of this group is identical with the G1 order of a group;

Step 103-3: calculate

And Q _IDu=H ₁(ID _u), ID _SThe expression server identity, ID _uThe expression user identity;

Step 103-4: calculate $U_i=k_i{Q}_{{\mathrm{ID}}_U};$

Step 103-5: each is selected c _i∈ 1 ..., n},

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},D_{{\mathrm{ID}}_S})}^{k_i};$

Calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i), here || expression string connector;

Calculate $K_i={c_i}^{-1}(X_i+D_{{\mathrm{ID}}_U});$

Select to generate ciphertext σ=(U for the m that user U makes oneself _i, K _i) (1≤i≤m) sends to service side S.

User U is to K in the scheme _iMake the signature of a recessiveness, promptly guaranteed K on the one hand _iCan only be produced by user U, in addition, after user U and service side S produce dispute, provide non-selected data as the side of service, user U can be to third party's filing of the award, directly provides or adopts zero knowledge method that the selection c of oneself is provided to the third party _i, random value r _i, k _iWith private key D _ID, prove that the more options of oneself making are c _i(1≤i≤m).

Step 104: the side of service S selects the user under the effect of ciphertext C, and n data are generated ciphertext, offers user U and is decrypted; This step specifically comprises:

Step 104-1: to i=1 ..., m, picked at random

Calculate A _i∈ x _iP;

Step 104-2: to j=1 ..., n calculates $B_{\mathrm{ij}}=e{(K_i,\mathrm{jP})}^{x_i};$

Step 104-3: calculate $C_{\mathrm{ij}}=M_j\⊕H_3\left(B_{\mathrm{ij}}\right);$

Step 104-4: calculate $D_{\mathrm{ij}}=x_i{P}_{\mathrm{pub}}+H_2\left(M_j\right|\left|A_i\right)\·D_{{\mathrm{ID}}_S};$

Step 104-5: the data C={A after the side of service S will protect _i, C _Ij, D _Ij| 1≤i≤m, 1≤j≤n} sends user U.

Step step 105: after user U receives the data ciphertext that S sends, decrypt m the data of wanting of the own selection of doing, and guarantee the integrality of these data and the authenticity of identity by authentication, to embody the fairness of transaction, and for the data that do not elect, user U can not obtain any Useful Information, to guarantee service side S safety of data; This step specifically can comprise:

Step 105-1: to i=1 ..., m,

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},Q_{{\mathrm{ID}}_S})}^{k_i},$

Calculate Y _i=H ₂(ID _U|| ID _S|| W _i),

Calculate B ' _i=e (K _i, A _i).

Step 105-2: establish k and be user U makes n candidate at first m select label (1≤k≤n), to j=1 ..., n,

Calculate $B_{\mathrm{ij}}=e{(r_i{Y}_i,A_i)}^{j/c_i}e{(D_{{\mathrm{ID}}_U},A_i)}^{j/c_i},$

To B _Ij(1≤j≤n) and B ' _iCompare, equal as if having, then find out the j when equating, if find j then to continue execution in step 105-3, otherwise execution in step 105-5;

Step 105-3: calculate $M_{c_i}=C_{\mathrm{ij}}\⊕H_3\left(B_{\mathrm{ij}}\right)$

105-4: verification msg validity

Middle user U is true, and the data of selecting are designated as

The check equation $e(P,D_i)=e(A_i,P_{\mathrm{pub}})e{(Q_{{\mathrm{ID}}_S},P_{\mathrm{pub}})}^{H_2\left(\right[M_{\mathrm{ci}}\left]\right|\left|A_i\right)},$

If equation is set up, repetition 5a then, up to i=m, otherwise execution in step 105-6;

If to establishments such as all i, then receive m selected data

(1≤i≤m);

According to encryption rule, each group

(have only a satisfactory plaintext among 1≤i≤n), all the other n-1 data decryption is an invalid data.

Step 105-5: can not find selected data, the result makes mistakes, or the side's of service identity is wrong, refusal data or application dispute arbitration;

Step 105-6: the destroyed or side's of the service identity mistake of data integrity, the result makes mistakes, refusal data or application dispute arbitration.

Step 106: when the user thinks that service side provides false data or service side to think that the user side does false the selection, arbitration side T proposes request for arbitration to dispute, dispute arbitration side T generates enciphered data and relevant secret parameter, and according to enciphered data and relevant secret parameter that it generated, with the reliability of arbitration proof dispute data; This step specifically can comprise:

Step 106-1: the r of user U during with more options _i, k _i, U _i(1≤i≤m) and a plurality of selection c _i(1≤i≤m) sends to arbitration side T;

Step 106-2:T calculates And checking equation

Then abandon arbitration if equation is false, it is dishonest to think that U generates;

Step 106-3: calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i);

Step 106-4: checking

If set up the more options σ=(U that then approves U _i, K _i) certain multinomial selection c of U under cover _i(1≤i≤m), user's selection is true;

Step 106-5: the data ciphertext Q that user U will receive from S _i, C _Ij, D _IjSend to T;

Step 106-6:T verifies equation If set up the then A of accredited services side S _i, otherwise A _iDistorted or untrue;

Step 106-7: calculate The T comparison

Whether are j data of service side, the data that provide if not service side then are inaccurate;

Step 106-8: checking etc.

If equation is false, then the data that provide of service side are distorted in transmission course.

Next, the described system of the embodiment of the invention is elaborated.

As shown in Figure 4; Fig. 4 is the structural representation of the described system of the embodiment of the invention; specifically can comprise: parameter generation module, secret keys generation module, user's selection and secret protection module, service number formulary are according to protection module, user's more options data decryption and authentication module, dispute arbitration modules; wherein

(1) parameter generation module generates the open parameter of native system according to the security parameter k of input system, and offers all user or service sides that relate to the native system method;

(2) secret keys generation module behind the identity string Information ID of input user U or the side of service S, under the effect of the open parameter of system, produces the secret keys DID of user or service side, and gives relevant user or service side with secret keys by the channel transfer of safety;

(3) user selects and the secret protection module, for user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generate secret ciphertext C, make service side S under the situation that obtains C, can not obtain the concrete selection of user U a plurality of selections;

(4) the service number formulary is according to protection module, and the side of service S selects the user under the effect of ciphertext C, and n data are generated ciphertext, offers user U and is decrypted;

(5) user's more options data decryption and authentication module, after user U receives the data ciphertext that S sends, decrypt m the data of wanting of the own selection of doing, and guarantee the integrality of these data and the authenticity of identity, to embody the fairness of transaction by authentication.And for the data that do not elect, user U can not obtain any Useful Information, to guarantee service side S safety of data;

(6) the dispute arbitration modules is handled the dispute that both parties produced.When the user thought that service side provides false data or service side to think that the user side does false the selection, the dispute arbitration algorithm was according to enciphered data and relevant secret parameter that it generated, with the reliability of arbitration proof dispute data.

Need to prove, more than the specific implementation process of each functional module since in said method existing detailed description the in detail, so locate to repeat no more.

In sum, the embodiment of the invention provides secret protection and the authentication method and the system of user's more options in a kind of electronic transaction, compared with prior art has following advantage and beneficial effect:

At first, the present invention has very high secret protection fail safe and practicality.U sees fail safe from user side, and a plurality of selections that the user did are maintained secrecy to server S or other user, even ISP S does not know that user U is which data of selecting yet; Simultaneously, for server S, he can not know which the selection of user U is.From the side of service S, when he gave user U data encryption, the user can only obtain the data that U selects, and other data user U can not obtain.

Secondly, the user has the ability of once carrying out multinomial selection among the present invention, and these selections can be identical, also can be different, do not have connectivity between a plurality of selections.

The 3rd, among the present invention, user U authenticates selected data integrity, and the one, guarantee the selected data source side of service S really, the 2nd, guarantee that selected data are not distorted.

The 4th, among the present invention, user U or the side of service S can carry out request for arbitration to the dispute arbitration modules, with the authenticity of proof factum.

The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.

Claims (10)

1. the secret protection and the authentication method of user's more options in the electronic trading system is characterized in that, comprising:

Steps A: generate the open parameter of electronic trading system according to the security parameter k of input system, and offer all user or service sides of electronic trading system;

Step B: under the effect of open parameter, produce the secret keys D of user or service side according to the identity string Information ID of user U or the side of service S _ID, and with the secret keys D of user or service side _IDSend corresponding user or service side to;

Step C: for user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generation is to the secret ciphertext C of m selection;

Step D: the side of service S generates ciphertext and the data ciphertext that generates is offered user U n data under the effect of secret ciphertext C;

Step e: after user U receives the data ciphertext that service side S sends, decrypt m the selection that oneself needs, and guarantee the integrality of this m selection and the authenticity of identity by authentication.

2. method according to claim 1 is characterized in that, described method also comprises:

Step F: when user U thought that service side S provides false data or the side of service S to think that user U does false the selection, request dispute arbitration side T advanced arbitration process.

3. method according to claim 1 and 2 is characterized in that, described steps A specifically comprises:

Steps A 1: under the effect of security parameter k, it is that the q generator is the circled addition group G of P that rank are selected by system ₁, select

On q factorial method group G ₂, select a pair of Linear Mapping e:G simultaneously ₁* G ₁→ G ₂

Steps A 2: select a random number

As master key, and put P _Pub=sP is as its open key;

Steps A 3: define 3 cryptographic hash functions:

H ₁：{0，1} ^*→G ₁，

H ₂：{0，1} ^*×{0，1} ^*×G ₂→G ₁

H ₃: G ₂→ 0,1} ^m, m is the length that service side provides clear data;

The open parameter Params={G of electronic trading system ₁, G ₂, q, e, P, P _Pub, H ₁, H ₂, preserve master key s simultaneously.

4. method according to claim 3 is characterized in that, described step B specifically comprises:

Step B1: calculate

Be Q _ID∈ G ₁{ 0} belongs to G ₁In nonzero element;

Step B2: calculate D _ID=sQ _ID

Step B3: with secret keys D _IDSend corresponding user or service side to.

5. method according to claim 4 is characterized in that, described step C specifically comprises:

Step C1: user U makes m and selects c in n option _i, c _i∈ 1 ..., n};

Step C2: picked at random

The expression rank are the group of integers of q, size of this group and G ₁Order of a group is identical;

Step C3: calculate

And Q _IDu=H ₁(ID _u), ID _SThe expression server identity, ID _uThe expression user identity;

Step C4: calculate $U_i=k_i{Q}_{{\mathrm{ID}}_U};$

Step C5: each is selected c _i∈ 1 ..., n},

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},D_{{\mathrm{ID}}_S})}^{k_i};$

Calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i), here || expression string connector.

Calculate $K_i={c_i}^{-1}(X_i+D_{{\mathrm{ID}}_U}),$

Step C6: select to generate ciphertext σ=(U for the m that user U makes oneself _i, K _i) (1≤i≤m) sends to service side S.

6. method according to claim 5 is characterized in that, described step D specifically comprises:

Step D1: to i=1 ..., m, picked at random

Calculate A _i∈ x _iP;

Step D2: to j=1 ..., n calculates $B_{\mathrm{ij}}=e{(K_i,\mathrm{jP})}^{x_i};$

Step D3: calculate $C_{\mathrm{ij}}=M_j\⊕H_3\left(B_{\mathrm{ij}}\right);$

Step D4: calculate $D_{\mathrm{ij}}=x_i{P}_{\mathrm{pub}}+H_2\left(M_j\right|\left|A_i\right)\·D_{{\mathrm{ID}}_S};$

Step D5: the data C={A after the side of service S will protect _i, C _Ij, D _Ij| 1≤i≤m, 1≤j≤n} sends to user U.

7. method according to claim 6 is characterized in that, described step e specifically comprises:

Step e 1: to i=1 ..., m,

Calculate $W_i=e{(D_{{\mathrm{ID}}_U},Q_{{\mathrm{ID}}_S})}^{k_i};$

Calculate Y _i=H ₂(ID _U|| ID _S|| W _i);

Calculate B ' _i=e (K _i, A _i);

Step e 2: establish k and be user U makes n candidate at first m select label (1≤k≤n), to j=1 ..., n,

Calculate $B_{\mathrm{ij}}=e{(r_i{Y}_i,A_i)}^{j/c_i}e{(D_{{\mathrm{ID}}_U},A_i)}^{j/c_i},$

To B _Ij(1≤j≤n) and B ' _iCompare, equal as if having, then find out the j when equating, and continue execution in step E3, otherwise execution in step E5;

Step e 3: calculate $M_{c_i}=C_{\mathrm{ij}}\⊕H_3\left(B_{\mathrm{ij}}\right);$

Step e 4: verification msg validity

Middle user U is true, and the data of selecting are designated as

The check equation $e(P,D_i)=e(A_i,P_{\mathrm{pub}})e{(Q_{{\mathrm{ID}}_S},P_{\mathrm{pub}})}^{H_2\left(\right[M_{\mathrm{ci}}\left]\right|\left|A_i\right)},$

If equation is set up, repeating step E1 then, up to i=m, otherwise execution in step E6;

If to establishments such as all i, then receive m selected data

(1≤i≤m);

Step e 5: can not find selected data, the result makes mistakes, or the side's of service identity is wrong, refusal data or application dispute arbitration;

Step e 6: the destroyed or side's of the service identity mistake of data integrity, the result makes mistakes, refusal data or application dispute arbitration.

8. method according to claim 7 is characterized in that, described step F specifically comprises when user U thinks that service side S provides false data or service side to think that the user side does false the selection:

Step F 1: the r of user U during with more options _i, k _i, U _i(1≤i≤m) and a plurality of selection c _i(1≤i≤m) sends to arbitration side T;

Step F 2: the side of arbitration T calculates

And checking equation

If being false, equation then abandons arbitration, otherwise execution in step F3;

Step F 3: calculate X _i=r _iH ₁(ID _U|| ID _S|| W _i);

Step F 4: checking If set up the more options σ=(U that then approves U _i, K _i) certain multinomial selection c of U under cover _i(1≤i≤m), user's selection is true;

Step F 5: the data ciphertext A that user U will receive from S _i, C _Ij, D _IjSend to arbitration side T;

Step F 6: the side of arbitration T verifies equation

If set up the then A of accredited services side S _i, otherwise A _iDistorted or untrue;

Step F 7: calculate

The side of arbitration T comparison

Whether are j data of service side, the data that provide if not service side then are inaccurate;

Step F 8: checking etc.

If equation is false, then the data that provide of service side are distorted in transmission course.

9. the secret protection and the Verification System of user's more options in the electronic trading system is characterized in that, comprising:

The parameter generation module is used for generating according to the security parameter k of input system the open parameter of electronic trading system, and offers all user or service sides of electronic trading system;

The secret keys generation module is used for producing the secret keys D of user or service side according to the identity string Information ID of user U or the side of service S under the effect of open parameter _ID, and with the secret keys D of user or service side _IDSend corresponding user or service side to;

The user selects and the secret protection module, be used to user U in n option altogether, carry out m select after, this m selection encrypted and safeguard protection, generation is to the secret ciphertext C of m selection;

The service number formulary is used under the effect of secret ciphertext C according to protection module, and n data are generated ciphertext and the data ciphertext that generates is offered user U;

User's more options data decryption and authentication module are used for decrypting m the selection that this user oneself needs after user U receives the data ciphertext that service side S sends, and guarantee the integrality of this m selection and the authenticity of identity by authentication.

10. system according to claim 9 is characterized in that, described system also comprises:

The dispute arbitration modules is used for when user U thinks that service side S provides false data or the side of service S to think that user U does false the selection, and request dispute arbitration side T advances arbitration process.

Images