CN102546173B - Digital signature system and signature method based on certificate - Google Patents
Digital signature system and signature method based on certificate Download PDFInfo
- Publication number
- CN102546173B CN102546173B CN201110426475.3A CN201110426475A CN102546173B CN 102546173 B CN102546173 B CN 102546173B CN 201110426475 A CN201110426475 A CN 201110426475A CN 102546173 B CN102546173 B CN 102546173B
- Authority
- CN
- China
- Prior art keywords
- certificate
- user
- signature
- module
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a digital signature system based on a certificate, which comprises a system parameter setting module, a user secret key generation module, a user certificate authentication module, a signature module and a checking module. The system parameter setting module generates system main secret key and system public parameter which is transmitted to other modules. The user secret key generation module generates public key and private key pairs of all users. The user certificate authentication module conducts signature on identification and public key of a user, generates the certificate of the user and transmits the certificate to the signature module. The signature module conducts signature on information and transmits the information to the checking module. The checking module checks effectiveness of the signature generated by the signature module. The system has small calculation cost and communication cost on the premise that safety is ensured, improves system operation efficiency, and is capable of reducing calculation cost and communication cost based on a digital signature method of the certificate, and improves operation efficiency of the digital signature method based on the certificate. The digital signature method based on the certificate is further disclosed.
Description
Technical field
The present invention relates to the digital signature technology of network security, refer to especially a kind of digital signature system based on certificate and digital signature method safely and efficiently.
Background technology
Along with the develop rapidly of computer network and the communication technology, the mankind progressively march toward informationized society, and digitlization, networking will become the basic platform that global IT application is new.In social informatization process, the development of the Internet is very easy to people's study, work and life, and computer application has been penetrated into the every field of the societies such as politics, economy, military affairs, science and culture and family life.Unconsciously, information becomes most important a kind of resource and wealth, but because the processes such as the transmission of information, storage, processing are carried out often on open communication network, so information is easily subject to the threat of the various attack means such as eavesdropping, intercepting, amendment, forgery, playback.
Digital signature is as ensureing one of means of the network information security, can effectively solve in network information transfer and forge, deny, pretend to be and distort problem, it is one of core technology realizing electronic safety transaction, there is important effect at aspects such as the fail safe, authenticity and the non repudiations that ensure to conclude the business, because of but one of information security core technology all has important using value in fields such as encryption key distribution, e-bank, electronics security, e-commerce and e-governments.
Traditional digital signature system is based on PKIX, what adopt is the authentication mode of certificate, the certificate of issuing by authenticating authority mechanism (CA) is realized the binding of client public key and identity information, thereby ensures the authentic and valid of client public key.Certificate management comprises the cancelling of certificate, stores, renewal etc., needs very large amount of calculation and storage capacity, particularly certificate revocation problem.In addition, traditional PKI technology also exists third party to inquire problem.So-called third party's inquiry, refers to that third party is before certain user's of use PKI, and the certificate status that need to inquire to CA this user, with the true and validity of verification public key.This method expends the plenty of time, space and calculating, is once becoming the obstacle of common key cryptosystem development.
In order to simplify the problems such as the administration overhead of digital certificate, first Shamir in 1984 have proposed the concept of the cryptographic system based on identity.Based on the cryptographic system of identity, do not need to preserve each user's public key certificate, also store all users' PKI without the need for a public file, each user's PKI is directly to be generated by his identity, user's identity can be his name, telephone number, ID card No., mailing address or E-mail address etc., and user's private key is to produce by trusted party (PKG) is unified.Although the cryptographic system based on identity has overcome the certificate management problem existing in conventional public-key cryptographic system, but owing to still needing a trusted party to produce and issue user's private key, thereby exist intrinsic key escrow, it is the private key that trusted party is known any user, thereby can eavesdrop any user's communication, and then can decipher any user's ciphertext or forge any user's signature.
In order to overcome the key escrow in the cryptographic system based on identity, Gentry has proposed the public-key cryptosystem (CBC:Certificate-based Cryptography) of the system of a new public key cryptography-based on certificate in European cryptography meeting in 2003, this system is by the advantages of traditional public-key cryptosystem and the cryptographic system based on identity, eliminate the certification authentication process of high cost, and do not had the hidden danger of key escrow.Certificate in public-key cryptosystem based on certificate has the repertoire of certificate in conventional public-key cryptographic system, and in deciphering and signature process as the part of private key, thereby encrypt and signature-verification process in do not exist the third party of certificate status inquired.And in the public-key cryptosystem based on certificate, the transmission of certificate does not need by safe lane, does not have the problem of key distribution.Although the research of the digital signature scheme based on certificate makes progress to some extent, more or less there are some problem and shortage at the aspect such as security intensity, operational efficiency in the current digital signature method based on certificate.
Based on above analysis, the inventor carries out Improvement for the existing digital signature method based on certificate, and this case produces thus.
Summary of the invention
Object of the present invention, be to provide a kind of digital signature system and endorsement method based on certificate, it does not use traditional bilinearity to mapping in signature process and proof procedure, under the prerequisite that ensures fail safe, has less calculation cost and communication cost, has improved the operational efficiency of system.
Another object of the present invention, is to provide a kind of digital signature system and endorsement method based on certificate, and it can reduce calculation cost and the communication cost of the digital signature method based on certificate, improves the operation efficiency of the digital signature method based on certificate.
In order to reach above-mentioned purpose, solution of the present invention is:
Based on a digital signature system for certificate, comprise system parameter setting module, user key generation module, user certificate authentication module, signature blocks and authentication module;
System parameter setting module, for generation system master key and the open parameter of system, and system master key is sent to user certificate authentication module, open system parameter is sent to user key generation module, user certificate authentication module, signature blocks and authentication module;
User key generation module, for generating each user's PKI and private key pair, and sends to user certificate authentication module and authentication module by user's PKI, and user's private key is sent to signature blocks;
User certificate authentication module, the open parameter of the system master key sending by system parameter setting module and system, identity and PKI to user are signed, and produce user's certificate, and user's certificate is sent to signature blocks;
Signature blocks, the user certificate that the private key for user sending by user key generation module and user certificate authentication module are issued, signs to message, and the signature of generation is sent to authentication module;
Authentication module, the client public key that the open parameter of the system sending by system parameter setting module and user key generation module send, the validity of the signature that signature blocks is produced is verified.
Based on a digital signature method for certificate, comprise the following steps:
A: the master key msk of the open parameter p arams of initialization system and system;
B: the PKI PK that generates user according to the open parameter p arams of described system
iDwith private key usk
iD;
C: according to the open parameter p arams of described system, user's identity ID, system master key msk and user's PKI PK
iDproduce user's certificate Cert
iD;
D: according to user's private key usk
iDcertificate Cert with user
iDmessage m is signed and obtained σ;
E: according to the open parameter p arams of described system and user's PKI PK
iDthe validity of the signature sigma to message m is verified.
Above-mentioned steps A specifically comprises:
A1: choose two large prime number p and q and meet q|p-1;
A2: choose at random
a generator g, choose a crash-resistant hash hash function H;
A3: choose at random x
computing system Your Majesty key y=g
xmodp;
The open parameter p arams of system is < p, q, and g, y, H >, system master key msk is x.
In above-mentioned steps A2, selected hash hash function H selects hash function MD-5, SHA-1, SHA-2 or SHA-3.
Above-mentioned steps B specifically comprises:
B1: choose at random x
iD as user's private key usk
iD;
B2: calculate
as user's PKI.
Above-mentioned steps C specifically comprises:
C1: choose at random s
calculate W=g
smodp;
C2: calculate R=s+xH (ID, PK
iD, W) and modq, obtain user's certificate Cert
iD=< W, R >.
Above-mentioned steps D specifically comprises:
D1: choose at random r
calculate U=g
rmodp;
D2: calculate h
1=H (m, PK
iD, U, W) and h
2=H (m, ID, PK
iD, U, W);
D3: calculate z=R+x
iDh
1+ rh
2modq, obtaining signature corresponding to message m is σ=< U, W, z >.
Above-mentioned steps E specifically comprises:
E1: calculate h
0=H (ID, PK
iD, W), h
1=H (m, PK
iD, U, W) and h
2=H (m, ID, PK
iD, U, W);
E2: checking equation
whether set up, if equation is set up, accept signature, otherwise, refusal signature.
Adopt after such scheme, the present invention, in the situation that ensureing signature safety, has reduced calculation cost and the communication cost of signature scheme, has improved the treatment effeciency of signature server, having saved the calculation resources of signature server, is a kind of new digital signature method safely and efficiently.
Brief description of the drawings
Fig. 1 is the digital signature system schematic diagram that the present invention is based on certificate;
Fig. 2 is the flow chart that the present invention is based on the digital signature method of certificate;
Fig. 3 is that the present invention is applied to the schematic diagram based on component property remote proving system.
Embodiment
Below with reference to accompanying drawing, technical scheme of the present invention is elaborated.
As shown in Figure 1, comprise system parameter setting modules A, user key generation module B, user certificate authentication module C, signature blocks D and authentication module E according to the digital signature system that the present invention is based on certificate.
Wherein, system parameter setting modules A is for generation system master key msk and the open parameter p arams of system, and system master key msk is sent to user certificate authentication module C, open system parameter p arams is sent to respectively to user key generation module B, user certificate authentication module C, signature blocks D and authentication module E.
User key generation module B is for generating each user's PKI PK
iDwith private key usk
iD, and by user's PKI PK
iDsend to user certificate authentication module C and authentication module E, by user's private key usk
iDsend to signature blocks D.
The system master key msk that user certificate authentication module C sends by system parameter setting modules A and system open parameter p arams, the identity ID to validated user and PKI PK
iDsign, produce user's certificate Cert
iD, and by user's certificate Cert
iDsend to signature blocks.
The private key for user usk that signature blocks D sends by user key generation module B
iDthe user certificate Cert issuing with user certificate authentication module C
iD, message m is signed, and the signature sigma of generation is sent to authentication module E.
The client public key PK that the open parameter p arams of system that authentication module E sends by system parameter setting modules A and user key generation module B send
iD, the validity of the signature sigma that signature blocks D is produced is verified.
Flow chart below in conjunction with digital signature method is specifically described the operation of the modules in this digital signature system.
As shown in Figure 2, this system parameter setting modules A is carried out following steps:
A1: choose two large prime number p and q and meet q|p-1, wherein p is the integer of 1024, and q is the integer of 160;
A2: choose at random
a generator g, choose SHA-1 as crash-resistant hash function H ();
A3: choose at random x
computing system Your Majesty key y=g
xmodp.
Comprehensive above-mentioned information, the open parameter p arams of system parameter setting modules A retrieval system is < p, q, g, y, H >, system master key msk is x.
This user key generation module B carries out following steps:
B1: choose at random xID
as user's private key usk
iD;
B2: calculate
as user's PKI.
This user certificate authentication module C carries out following steps:
C1: choose at random s
calculate W=g
smodp;
C2: calculate R=s+xH (ID, PK
iD, W) and modq, obtain user's certificate Cert
iD=< W, R >.
This signature blocks D carries out following steps:
D1: choose at random r
calculate U=g
rmodp;
D2: calculate h
1=H (m, PK
iD, U, W) and h
2=H (m, ID, PK
iD, U, W);
D3: calculate z=R+x
iDh
1+ rh
2modq, obtaining signature corresponding to message m is σ=< U, W, z >.
This authentication module E carries out following steps:
E1: calculate h
0=H (ID, PK
iD, W), h
1=H (m, PK
iD, U, W), h
2=H (m, ID, PK
iD, U, W);
E2: checking equation
whether set up, if equation is set up, accept signature, otherwise, refusal signature.
To the situation being applied in the remote proving system based on component property trusted terminal according to the digital signature system based on certificate of the present invention as above be described below.
To prove one of valuable feature function that the credible remote proving as target of computing platform is credible calculating, be subjected to the extensive concern of domestic and international scientific research institution.Along with the development of remote proving, there is the remote proving scheme (component property-based attestation is called for short CPBA) based on component property.
In the remote proving based on component property (CPBA) method, issuing, cancel and verifying of component property certificate all used traditional PKI method to realize.Therefore, the efficiency that component property proves is lower, and when particularly the attribute of large quantity assembly proof, calculating and communication cost are larger, are not particularly suitables.According to the digital signature method based on certificate efficiently of the present invention, not only can and cancel for the certificate issued of credible platform (TPM) new method is provided, and to can be used for credible calculating platform proof of identification method be the structure of privacy CA (Pricacy-CA), thereby can form more practical remote certification method.
As shown in Figure 3, the improved remote proving system based on component property comprises assembly production firm, user platform, ISP, these 4 roles of certificate issuance authoritative institution.Except assembly production firm, the remote proving process that other 3 participation of roles component propertys prove.We represent each participant in system with following symbol:
CA: certificate issuance authoritative institution (Certificate Authority), the algorithm in main execution graph 1 system parameter setting modules A and user certificate authentication module C, be responsible for system parameters generation and issue, cancel component property certificate;
USER: user platform, comprise main frame (HOST) and credible platform module (TPM) two parts, the algorithm in main execution graph 1 user key generation module B and signature blocks D, belongs to the certifier in identification protocol;
SP: ISP (Service Provider), the algorithm in main execution graph 1 authentication module E, proposes attribute demand of proof, and Verification Components attribute proves.
The remote proving scheme (CPBA) based on component property of credible calculating platform is that attribute authority (aa) mechanism is the Attribute certificate that various types of components is issued, Attribute certificate and the common issue of soft and hardware binding, platform certifier proves that to ISP its current operation configuration status meets certain security attribute according to the component property certificate of configuration and the integrity measurement of TPM.The improved remote proving scheme based on component property does not need third party to inquire, has improved the efficiency of the remote proving system based on component property.Architecture by Fig. 3 can find out, improved CPBA proves to be made up of following steps:
Initialization (Setup): by the algorithm in certificate issuance authoritative institution (CA) execution graph 1 system parameter setting modules A, the open parameter p arams of generation system master key msk and system, and open system parameter p arams is sent to respectively to USER and SP;
Registration (Register): by the algorithm in user platform (USER) execution graph 1 user key generation module B, generate the PKI PK of user platform
iDwith private key usk
iD, and by PK
iDsend to CA and SP with platform component property, then CA carries out the algorithm in user certificate authentication module C, for user platform component property is issued certificate Cert
iD;
Prove (Attest): user platform (comprising HOST and TPM) is according to ISP's (SP) proof request, and the algorithm in execution graph 1 signature blocks D, with the private key usk of oneself
iDwith certificate Cert
iDcomputing platform component property signature sigma, then sends signature sigma to SP and carries out remote proving;
Checking (Verify): by the algorithm in ISP (SP) execution graph 1 authentication module E, with the open parameter p arams of system and user platform PKI PK
iDplatform assembly attribute signature sigma is verified.
The improved remote proving system based on component property trusted terminal has been introduced the digital signature scheme based on certificate, has eliminated third party's inquiry of certificate, has reduced calculation cost and the communication cost of system, has improved the efficiency of remote proving system.
Concerning those skilled in the art, can associate easily other advantage and distortion according to above implementation type.Therefore, the present invention is not limited to above-mentioned specific embodiment, and it carries out detailed, exemplary explanation as just example to a kind of form of the present invention.Not deviating from the scope of aim of the present invention, those of ordinary skill in the art can according to above-mentioned specific embodiment by various be equal to that technical scheme that replacement obtains all should be included in the scope of claim of the present invention and the scope that is equal within.
Claims (5)
1. the digital signature method based on certificate, is characterized in that comprising the following steps:
A: the master key msk of the open parameter p arams of initialization system and system;
B: the PKI PK that generates user according to the open parameter p arams of described system
iDwith private key usk
iD;
C: according to the open parameter p arams of described system, user's identity ID, system master key msk and user's PKI PK
iDproduce user's certificate Cert
iD;
D: according to user's private key usk
iDcertificate Cert with user
iDmessage m is signed and obtained σ;
E: according to the open parameter p arams of described system and user's PKI PK
iDthe validity of the signature sigma to message m is verified;
Described steps A specifically comprises:
A1: choose two large prime number p and q and meet q|p-1, wherein p is the integer of 1024, and q is the integer of 160;
A2: choose at random
a generator g, choose a crash-resistant hash hash function H;
A3: choose at random
computing system Your Majesty key y=g
xmodp;
The open parameter p arams of system is <p, q, and g, y, H>, system master key msk is x;
Described step B specifically comprises:
B1: choose at random
as user's private key usk
iD;
B2: calculate
as user's PKI.
2. the digital signature method based on certificate as claimed in claim 1, is characterized in that, in described steps A 2, selected hash hash function H selects hash function MD-5, SHA-1, SHA-2 or SHA-3.
3. the digital signature method based on certificate as claimed in claim 1, is characterized in that described step C specifically comprises:
C1: choose at random
calculate W=g
smodp;
C2: calculate R=s+xH (ID, PK
iD, W) and modq, obtain user's certificate Cert
iD=<W, R>.
4. the digital signature method based on certificate as claimed in claim 3, is characterized in that described step D specifically comprises:
D1: choose at random
calculate U=g
rmodp;
D2: calculate h
1=H (m, PK
iD, U, W) and h
2=H (m, ID, PK
iD, U, W);
D3: calculate z=R+x
iDh
1+ rh
2modq, obtaining signature corresponding to message m is σ=<U, W, z>.
5. the digital signature method based on certificate as claimed in claim 4, is characterized in that described step e specifically comprises:
E1: calculate h
0=H (ID, PK
iD, W), h
1=H (m, PK
iD, U, W) and h
2=H (m, ID, PK
iD, U, W);
E2: checking equation
whether set up, if equation is set up, accept signature, otherwise, refusal signature.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110426475.3A CN102546173B (en) | 2011-12-19 | 2011-12-19 | Digital signature system and signature method based on certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110426475.3A CN102546173B (en) | 2011-12-19 | 2011-12-19 | Digital signature system and signature method based on certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102546173A CN102546173A (en) | 2012-07-04 |
CN102546173B true CN102546173B (en) | 2014-09-10 |
Family
ID=46352190
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110426475.3A Expired - Fee Related CN102546173B (en) | 2011-12-19 | 2011-12-19 | Digital signature system and signature method based on certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102546173B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209743A (en) * | 2015-05-06 | 2016-12-07 | 广州星海智慧家庭系统集成有限公司 | A kind of digital home integrated system authentication method of identity-based signature |
CN104868993A (en) * | 2015-05-15 | 2015-08-26 | 河海大学 | Two-side authentication key negotiation method and system based on certificate |
CN105281910A (en) * | 2015-06-26 | 2016-01-27 | 浙江巨联科技股份有限公司 | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method |
CN105376064B (en) * | 2015-11-23 | 2018-08-28 | 河海大学 | A kind of anonymity message authentication system and its message signing method |
CN107979459A (en) * | 2016-10-24 | 2018-05-01 | 福建凯特信息安全技术有限公司 | A kind of digital signature applications method based on electronics license |
CN110768799B (en) * | 2019-12-30 | 2020-04-14 | 中国银联股份有限公司 | Digital signature method, device, equipment, medium and system |
CN112073173A (en) * | 2020-09-07 | 2020-12-11 | 中国人民解放军战略支援部队信息工程大学 | Illegal signer determination system facing block chain PKI |
CN114598455A (en) * | 2020-12-04 | 2022-06-07 | 华为技术有限公司 | Method, device, terminal entity and system for signing and issuing digital certificate |
CN113541972B (en) * | 2021-09-17 | 2021-12-17 | 杭州天谷信息科技有限公司 | Digital certificate generation method and electronic signature method |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101697513A (en) * | 2009-10-26 | 2010-04-21 | 深圳华为通信技术有限公司 | Digital signature method, device and system as well as digital signature verification method |
CN101873307A (en) * | 2010-03-19 | 2010-10-27 | 上海交通大学 | Digital signature method, device and system based on identity forward secrecy |
CN102420691B (en) * | 2011-12-16 | 2014-04-16 | 河海大学 | Certificate-based forward security signature method and system thereof |
-
2011
- 2011-12-19 CN CN201110426475.3A patent/CN102546173B/en not_active Expired - Fee Related
Non-Patent Citations (2)
Title |
---|
Improvement of Threshold Signature Scheme Using Self-Certified Public Key;Jiguo Li 等;《Innovative Computing, Information and Control, 2006》;20060901;第480-483页 * |
Jiguo Li 等.Improvement of Threshold Signature Scheme Using Self-Certified Public Key.《Innovative Computing, Information and Control, 2006》.2006,第480-483页. |
Also Published As
Publication number | Publication date |
---|---|
CN102546173A (en) | 2012-07-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102546173B (en) | Digital signature system and signature method based on certificate | |
CN101674304B (en) | Network identity authentication system and method | |
CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
CN103248488B (en) | Identity-based key generation method and identity-based authentication method | |
CN106341232B (en) | A kind of anonymous entity discrimination method based on password | |
EP2302834A2 (en) | System and method for providing credentials | |
Toorani et al. | LPKI-a lightweight public key infrastructure for the mobile environments | |
CN103297241B (en) | Close building method is signed in a kind of One-off public key anonymity | |
Yuen et al. | How to construct identity-based signatures without the key escrow problem | |
CN102594558A (en) | Anonymous digital certificate system and verification method of trustable computing environment | |
CN108881279B (en) | Mobile health medical sensor data privacy protection method | |
JP2002534701A (en) | Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys | |
KR20030008182A (en) | Method of id-based blind signature by using bilinear parings | |
CN109600228A (en) | The signature method and sealing system of anti-quantum calculation based on public keys pond | |
KR20030062401A (en) | Apparatus and method for generating and verifying id-based blind signature by using bilinear parings | |
Kwon | Privacy preservation with X. 509 standard certificates | |
CN109617700A (en) | Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method | |
CN114866255B (en) | Multi-factor authentication method for multi-IDP aggregation with user as center | |
Cho et al. | Big data cloud deduplication based on verifiable hash convergent group signcryption | |
Chen et al. | Strongly secure certificateless key-insulated signature secure in the standard model | |
Cheng et al. | Cryptanalysis and improvement of a certificateless partially blind signature | |
Tian et al. | Cryptanalysis and improvement of a certificateless multi-proxy signature scheme | |
Shao et al. | Certificate‐based verifiably encrypted RSA signatures | |
Hassouna et al. | A New Level 3 Trust Hierarchal Certificateless Public Key Cryptography Scheme in the Random Oracle Model. | |
CN114301612A (en) | Information processing method, communication apparatus, and encryption apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140910 Termination date: 20181219 |