CN102739401B - Private key safety management method based on identity public key cryptography system - Google Patents

Private key safety management method based on identity public key cryptography system Download PDF

Info

Publication number
CN102739401B
CN102739401B CN201210183853.4A CN201210183853A CN102739401B CN 102739401 B CN102739401 B CN 102739401B CN 201210183853 A CN201210183853 A CN 201210183853A CN 102739401 B CN102739401 B CN 102739401B
Authority
CN
China
Prior art keywords
private key
user
client
trusted party
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210183853.4A
Other languages
Chinese (zh)
Other versions
CN102739401A (en
Inventor
侍伟敏
王赛
陆梦
赵一恒
王威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201210183853.4A priority Critical patent/CN102739401B/en
Publication of CN102739401A publication Critical patent/CN102739401A/en
Application granted granted Critical
Publication of CN102739401B publication Critical patent/CN102739401B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a private key safety management method based on an identity public key cryptography system. The private key safety management method comprises the steps of: system parameter establishment; private key generation algorithm; private key recovery algorithm; signature algorithm; and authentication algorithm. Through the combination of password blinding and private key slicing, in the process of distribution, storage, backup and recovery, the private key is sliced, and part of the private key is subjected to password blinding in the backup process, even in the use process, the authentic private key of a user is not needed to be calculated, and the private key is used in a slicing manner, so that the safety of the private key is ensured. Compared with the prior art, the private key is subjected to password blinding only in the backup process, the safety of the private key can be ensured without any safety measure in the distribution, storage and use processes, on one hand, the escrow problem of the private key is solved, on the other hand, the backup and the recovery of the private key can be realized easily, and for users, the private key safety management method is convenient in use and low in cost.

Description

A kind of private key safety management method of identity-based public-key cryptosystem
Technical field
The present invention relates to a kind of method for managing security of private key for user, be specially a kind of private key safety management method of identity-based public-key cryptosystem.The security service such as solid identification, non-repudiation (resisting denying) that the present invention can be in the applied environments such as ecommerce, Internet of Things, cloud computing provides reliable and the private key safety management method of practicality.
Background technology
For solving the safety problem under informationization, networked environment, countries in the world, through years of researches, have begun to take shape the solution of complete set, i.e. Public Key Infrastructure (Public KeyInfrastructure, PKI).PKI is the security system set up based on public-key cryptography theory and technology, is to provide the security infrastructure with universality of information security services.This system by the interface of standard for network application provides the security service such as non-repudiation (resisting denying) of the confidentiality of solid identification, data, the integrality of data and transaction, because of but the key technology of information security.
Along with the public infrastructure based on Open Network develops rapidly, application is more and more extensive, also more and more general to the demand of authentication, but in actual applications, PKI highlights a lot of problem day by day.On the one hand, all need the legitimacy first verifying public key certificate before using any PKI, thus add the amount of calculation of user; On the other hand, CA needs to manage a large amount of certificate, comprises issuing, store and cancelling of certificate, requires higher to the calculating of application system and storage overhead.
For solving PKI Problems existing in actual applications, propose the concept of Identity-based encryption (IBE, Identity-based Encryption) scheme first at cryptography authority Shamir in 1984.In this system, and the identity information of user (as ID card No., telephone number, addresses of items of mail etc.) directly as the PKI of user, without the need to being bound by digital certificate, comparing with traditional public-key cryptosystem PKI, simplifying certificate management, reduce overhead.In addition, the key cryptosystem of identity-based is generally be based upon on elliptic curve theoretical foundation, the feature such as have that key length is little, the fast and fail safe of enciphering rate is stronger.Therefore, for upper layer application environment provides safer, more efficient security platform.
At present following two kinds of methods and their respective pluses and minuses are mainly adopted to the management of private key:
1. the private key management method of customer-centric
In the private key management method of customer-centric, private key is produced safely by user oneself and keeping.Current user adopts intelligent eKey to carry out safety management to private key usually, because it not only has memory function, but also has computing function, and namely private key produces in intelligent eKey inside and be kept at the privately owned district of eKey, never goes out eKey.
The advantage of this method is: private key is be responsible for by user oneself completely, solves private key escrow problem; Private key is all complete in the privately owned district of intelligent eKey in generation and use procedure, and its fail safe is high; Because private key produces at user side, do not need Private key distribution, decrease extra burden.Shortcoming is: private key only has a privately owned district preserving eKey, is difficult to the backup and the recovery that realize private key for user.
2. the private key management method centered by trusted third party
In private key management method centered by trusted third party, private key is normally produced by trusted third party, then sends to user safely by trusted third party, and user is stored securely in this locality again.Meanwhile, trusted third party needs the private key of carrying out safety backup user, to facilitate the recovery of private key for user.
The advantage of this method is: because trusted third party's backup has the private key of user, be easy to the recovery realizing private key for user.But shortcoming is: there is private key escrow problem, namely trusted third party controls the private key of all users, once be attacked by malicious person, the private key of all users will be leaked, and its fail safe is low; In Private key distribution process, need extra escape way to transmit private key, add the expense of system.
Therefore, want the absolute safety ensureing private key in existing private key management method, be just difficult to the backup and the recovery that realize private key; In addition, want the backup and the recovery that realize private key, just there is certain risk in the fail safe of its private key, i.e. private key escrow problem.In addition, the distribution of private key, storage, backup, the process such as recovery and use also need hardware device or other safe practice to ensure.Therefore, proposing a kind of private key management method is safely and effectively the basis realizing various application platform safety.
Summary of the invention
The object of the present invention is to provide a kind of private key safety management method of identity-based public-key cryptosystem.The method is used both to solve the trustship problem of private key, be easy to again the backup and the recovery that realize private key, and private key only adopts password to blind in backup procedure, and in distribution, the fail safe storing and just can ensure without the need to increasing any safety measure in the process such as use key private, concerning easy to use user, cost is low.
The present invention adopts following technological means to realize:
A private key safety management method for identity-based public-key cryptosystem, comprises trusted party, client, signer and verifier; Wherein first signer inputs password by client; Client generating portion private key, then blind with password, the part private key blinded is sent to trusted party, application private key; Trusted party generating portion private key, and back up two parts private key information, private key application is successfully returned to client; Signer preserves the part private key of client generation by client.If signer private key is lost, need to recover to trusted party application private key, namely input password by client; Trusted party returns the part private key that client blinds; The part private key password blinded goes blind by client; Signer preserves the part private key of client generation by client; Secondly, the part private key that signer produces by client to information signature, and sends message to trusted party, applies for part private key; The part private key that trusted party produces with trusted party is to information signature, and the part signature produced by trusted party returns to signer; Signer will be controlled oneself and to be merged information signature information signature and trusted party, obtain the final signature of message, and information signature is sent to verifier; Verifier is verified information signature by the public key information of signer.Comprise: system parameters establishment step; Private key produces algorithm steps; Private key recovery algorithms step; Signature algorithm step; Verification algorithm step; Wherein,
System parameters establishment step produces the master key of system by trusted party and system common parameter information is set up, and wherein master key is maintained secrecy and common parameter is open;
Private key produces algorithm steps and comprises:
1.2.1 client generating portion private key;
1.2.2 the part private key of client generation is blinded with user password, and the part private key sending to trusted party application to be issued by trusted party;
1.2.3 trusted party generating portion private key, and the part private key that this part private key blinds with client is backuped to trusted party together;
1.2.4 user preserves the part private key produced by client;
Private key recovery algorithms step comprises:
1.3.1 client is to trusted party application private key recovery request;
1.3.2 the part private key blinded by client of backup is sent to client by trusted party;
1.3.2 client removes the blind part private key recovering client and produce by password, then verifies the correctness of its part private key with the public key information of user; If be proved to be successful, user preserves the part private key produced by client; Otherwise private key for user recovers unsuccessfully;
Signature algorithm step comprises:
1.4.1 the signer part private key produced by client is signed to message;
1.4.2 message is sent to trusted party by signer, and application part signature;
1.4.3 the trusted party part private key issued by trusted party is signed to message, and sends to signer;
1.4.4 signer checking trusted party produces the correctness of signature;
If be 1.4.5 proved to be successful, the information signature that the information signature produce signer and trusted party produce also closes, and is the final signature of message; Otherwise, sign unsuccessfully;
The step of described verification algorithm comprises, and the public key information of verifier's signer verifies that it is signed.
Aforesaid system parameters establishment step, wherein;
2.1 produce two groups that Prime Orders is q: (G 1,+), (G 2), and hyperbola maps e:G 1× G 1→ G 2;
2.2 produce master key s at random 0∈ Z q *, calculate corresponding PKI P 0=s 0p, wherein P is G 1generator and P ∈ G 1;
2.3H 1: { 0,1} *→ G 1, two secure hash function;
2.4 secret s 0, open { G 1, G 2, e, P, H 1, H 2, P 0;
Aforesaid private key produces algorithm steps, wherein:
Described client generating portion private key:
3.1 produce t ∈ Z at random q *, calculating section private key D user=tQ, wherein Q=H 1(ID);
3.2 using user password as random seed, produces random number r ∈ Z q *, the part private key that client produces is blinded i.e. D user'=rD user=rtQ;
3.3 calculate T=tP;
3.4 by { ID, D user', T} sends to trusted party;
Described trusted party needs:
3.5 calculating section private key and D tA=s 0q, wherein Q=H 1(ID);
3.6 by ID, D user', T, D tAbe saved in this locality;
Final identity information is that the user of ID is by D userpreserve.
Aforesaid private key recovery algorithms step, wherein:
Identity information is that the user of ID is recovered to trusted party application private key by client:
4.1 trusted parties are by { D user', T} sends to user;
4.2 clients, using user password as random seed, produce random number r ∈ Z q *, calculate D user=r -1d user'=tQ, then verify e (D user, P) whether=e (Q, T) set up, if be proved to be successful, identity information is that the user of ID is by D userpreserve; Otherwise private key recovers unsuccessfully.
Aforesaid signature algorithm step, wherein:
If message is M ∈ { 0,1} *, to be the signature process of the signer of ID be identity information:
5.1 signer generating portion signature V 1=H 2(M) D user;
5.2 signers send { ID, H 2(M) } to trusted party;
5.3 trusted party certifying signature person identity legal after, generating portion signature V 2=H 2(M) D tA, and send to signer;
5.4 signer checkings whether set up, if be proved to be successful, then continue; Otherwise stop;
It is V=V that 5.5 signers calculate final signature 1+ V 2=H 2(M) D tA+ H 2(M) D user=H 2(M) D.
Aforesaid verification algorithm step, wherein:
Verifier needs after receiving message M and signature V,
Public key information { ID, the T} of 6.1 acquisition signers;
6.2 calculate Q=H 1, and check following equalities whether to set up (ID): e ( P , V ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M ) ; Proof procedure is as follows:
e ( P , V ) = e ( P , H 2 ( M ) ( s 0 + t ) Q ) = e ( P , s 0 Q ) H 2 ( M ) e ( P , tQ ) H 2 ( M ) = e ( s 0 P , Q ) H 2 ( M ) e ( tP , Q ) H 2 ( M ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M )
The present invention combines with private key burst by adopting password to blind, make in distribution, storage, backup and recovery process, private key to be fragmented and backup procedure part private key is blinded by password, even if in use (as signature), the real private key calculating user is not needed yet, but burst uses (the part private key as available two bursts is signed, and recombinant is finally signed), thus ensure that the safety of private key.
Compare with the private key management method based on conventional public-key key cryptosystem PKI, advantage of the present invention is mainly reflected in the following aspects:
1, Private key distribution process does not need extra escape way transmission.Because client sends to the private key information of trusted party to be the part private key blinded, can transmit on overt channel.
2, both solve the trustship problem of private key for user, be easy to again the backup and the recovery that realize private key.By password, the part private key that client produces is blinded, the private key for user that trusted party is backed up is that burst is preserved, because trusted party cannot obtain the password information of user, therefore can not obtain the real private key of user, solve private key escrow problem; Due to trusted party preservation is the burst private key that part private key is blinded by password, is not the real private key of user, because a little backup procedure does not need to adopt extra safety measure to protect; The password produced by client of backup only need be blinded part private key and directly return to client by recovery process, and client is gone blind again with password, can realize private key and recover.
3, the private key information of user side stores without any need for safe practice support, alleviates the cost that user uses private key.Only the part private key information produced by client for what preserve user side, instead of the real private key of user, even if the private key information of user side is lost, malicious person can not obtain the final private key of user.Therefore, the storage of private key is without the need to such as the hardware device such as encrypted card, eKey or the method such as cryptographic algorithm, password are protected.
4, the fail safe of private key use procedure is high.User is burst use and is physically be separated in the process using private key, instead of is merged into final private key use.
Accompanying drawing explanation
Fig. 1 is the overall framework flow chart that system of the present invention realizes;
Fig. 2 is system parameters process of establishing schematic diagram in the present invention;
Fig. 3 is that in the present invention, private key produces client executing process schematic in algorithm;
Fig. 4 is that in the present invention, private key produces trusted party implementation schematic diagram in algorithm;
Fig. 5 is client executing process schematic in private key recovery algorithms in the present invention;
Fig. 6 is trusted party implementation schematic diagram in private key recovery algorithms in the present invention;
Fig. 7 is signer implementation schematic diagram in signature algorithm in the present invention;
Fig. 8 is trusted party implementation schematic diagram in signature algorithm in the present invention;
Fig. 9 is verification algorithm implementation schematic diagram in the present invention.
Embodiment
Refer to shown in Fig. 1, the overall system block flow diagram of the private key safety management method of identity-based public-key cryptosystem.
Whole block flow diagram comprises trusted party, client, signer and verifier.Wherein first signer inputs password by client; Client generating portion private key, then blind with password, the part private key blinded is sent to trusted party, application private key; Trusted party generating portion private key, and back up two parts private key information, private key application is successfully returned to client; Signer preserves the part private key of client generation by client.If signer private key is lost, need to recover to trusted party application private key, namely input password by client; Trusted party returns the part private key that client blinds; The part private key password blinded goes blind by client; Signer preserves the part private key of client generation by client; Secondly, the part private key that signer produces by client to information signature, and sends message to trusted party, applies for part private key; The part private key that trusted party produces with trusted party is to information signature, and the part signature produced by trusted party returns to signer; Signer will be controlled oneself and to be merged information signature information signature and trusted party, obtain the final signature of message, and information signature is sent to verifier; Verifier is verified information signature by the public key information of signer.Its implementation forms primarily of five algorithms, namely
A private key safety management method for identity-based public-key cryptosystem, comprises trusted party, client, signer and verifier.Wherein first signer inputs password by client; Client generating portion private key, then blind with password, the part private key blinded is sent to trusted party, application private key; Trusted party generating portion private key, and back up two parts private key information, private key application is successfully returned to client; Signer preserves the part private key of client generation by client.If signer private key is lost, need to recover to trusted party application private key, namely input password by client; Trusted party returns the part private key that client blinds; The part private key password blinded goes blind by client; Signer preserves the part private key of client generation by client; Secondly, the part private key that signer produces by client to information signature, and sends message to trusted party, applies for part private key; The part private key that trusted party produces with trusted party is to information signature, and the part signature produced by trusted party returns to signer; Signer will be controlled oneself and to be merged information signature information signature and trusted party, obtain the final signature of message, and information signature is sent to verifier; Verifier is verified information signature by the public key information of signer.It is characterized in that comprising: system parameters establishment step; Private key produces algorithm steps; Private key recovery algorithms step; Signature algorithm step; Verification algorithm step; Wherein,
Described system parameters establishment step produces the master key of system by trusted party and system common parameter information is set up, and wherein master key is maintained secrecy and common parameter is open;
Described private key produces algorithm steps and comprises:
1.2.1 client generating portion private key;
1.2.2 the part private key of client generation is blinded with user password, and the part private key sending to trusted party application to be issued by trusted party;
1.2.3 trusted party generating portion private key, and the part private key that this part private key blinds with client is backuped to trusted party together;
1.2.4 user preserves the part private key produced by client;
Described private key recovery algorithms step comprises:
1.3.1 client is to trusted party application private key recovery request;
1.3.2 the part private key blinded by client of backup is sent to client by trusted party;
1.3.2 client removes the blind part private key recovering client and produce by password, then verifies the correctness of its part private key with the public key information of user; If be proved to be successful, user preserves the part private key produced by client; Otherwise private key for user recovers unsuccessfully.
Described signature algorithm step comprises:
1.4.1 the signer part private key produced by client is signed to message;
1.4.2 message is sent to trusted party by signer, and application part signature;
1.4.3 the trusted party part private key issued by trusted party is signed to message, and sends to signer;
1.4.4 signer checking trusted party produces the correctness of signature;
If be 1.4.5 proved to be successful, the information signature that the information signature produce signer and trusted party produce also closes, and is the final signature of message; Otherwise, sign unsuccessfully;
Described verification algorithm, the public key information of verifier's signer verifies that it is signed.
1. system parameters is set up
Refer to and Figure 2 shows that system parameters sets up schematic diagram:
1) security parameter k is inputted;
2) produce two groups and hyperbola mapping, namely produce two groups that Prime Orders is q: (G 1,+), (G 2), and hyperbola maps e:G 1× G 1→ G 2;
3) produce system master key and public ginseng information, namely produce master key s at random 0∈ Z q *, calculate corresponding PKI P 0=s 0p, wherein P is G 1generator and P ∈ G 1, and select two secure hash function H 1: { 0,1} *→ G 1, H 2 : { 0,1 } * → Z q * ;
4) master key s is preserved 0;
5) public ginseng information { G is disclosed 1, G 2, e, P, H 1, H 2, P 0;
2. private key produces algorithm
Refer to shown in Fig. 3, for private key in the present invention produces client executing process schematic in algorithm; The user being ID for identity information applies for private key, and client needs to do following work:
1) generating portion private key, namely produces t ∈ Z at random q *, calculating section private key D user=tQ, wherein Q=H 1(ID);
2) input user password as random seed, produce random number r ∈ Z q *;
3) by random number, D is blinded to the part private key that client produces user'=rD user=rtQ;
4) user's public affairs ginseng T=tP is calculated;
5) by the part private key that blinds and relevant information { ID, D user', T} sends to trusted party, application private key;
6) user preserves the part private key D that client produces user;
Refer to shown in Fig. 4, for private key in the present invention produces trusted party implementation schematic diagram in algorithm;
1) client private key application information { ID, D is received user', T};
2) generating portion private key and D tA=s 0q user, wherein Q=H 1(ID);
3) the part private key that the part private key produced by trusted party and client blind and relevant information are saved in trusted party i.e. { ID, D user', T, D tA;
3. private key recovery algorithms
Referring to shown in Fig. 5, is client executing process schematic in private key recovery algorithms in the present invention; Identity information is that the user of ID is recovered to trusted party application private key by client, and client needs to do following work,
Send private key recovery request { ID};
1) the part private key that blinds of client and user's public affairs ginseng { D is received user', T};
2) input user password as random seed, produce random number r ∈ Z q *;
3) part private key client blinded goes blind, obtains the part private key that client produces, namely
D User=r -1D User′=tQ;
4) correctness of checking client generating portion private key, namely verifies e (D user, P) whether=e (Q, T) set up;
5) if be proved to be successful, user preserves the part private key D that client produces user;
6) if authentication failed, terminate.
Referring to shown in Fig. 6, is trusted party implementation schematic diagram in private key recovery algorithms in the present invention; Trusted party needs to do following work,
1) receive client private key and recover application { ID};
2) the part private key that blinds of client and user's public affairs ginseng { D is sent user', T} is to client;
4. signature algorithm
Referring to shown in Fig. 7, is signer implementation schematic diagram in signature algorithm in the present invention; If message is M ∈ { 0,1} *, identity information is that the signature process of the signer of ID is as follows:
1) sign to message with the part private key that client produces, generating portion is signed
V 1=H 2(M)D user
2) by message { ID, H 2(M) } trusted party is sent to, application part signature;
3) the part signature V of trusted party to message is received 2;
4) verify the correctness of trusted party generating portion signature, namely verify whether set up;
5) if be proved to be successful, the part signature that the part signature produced by signer and trusted party produce merges, and obtains the final signature V=V of signer to message M 1+ V 2=H 2(M) D tA+ H 2(M) D user=H 2(M) D;
6) if authentication failed, terminate.
Referring to shown in Fig. 8, is trusted party implementation schematic diagram in signature algorithm in the present invention; Trusted party needs to do following work:
1) signature request { ID, the H of signer is received 2(M) };
2) with being that the part private key that signer is issued is signed to message by trusted party, part signature V is obtained 2=H 2(M) D tA;
3) transmitting portion signature V 2to signer.
5. verification algorithm
Referring to shown in Fig. 9, is verification algorithm implementation schematic diagram in the present invention; Verifier need do following work after receiving message M and signature V:
1) public key information { ID, the T} of signer is obtained;
2) signature of signer is verified, namely calculate Q=H 1, and check following equalities whether to set up (ID): e ( P , V ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M ) . Proof procedure is as follows:
e ( P , V ) = e ( P , H 2 ( M ) ( s 0 + t ) Q ) = e ( P , s 0 Q ) H 2 ( M ) e ( P , tQ ) H 2 ( M ) = e ( s 0 P , Q ) H 2 ( M ) e ( tP , Q ) H 2 ( M ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M )
Last it is noted that above embodiment only in order to illustrate the present invention and and unrestricted technical scheme described in the invention; Therefore, although this specification with reference to each above-mentioned embodiment to present invention has been detailed description, those of ordinary skill in the art should be appreciated that and still can modify to the present invention or equivalent to replace; And all do not depart from technical scheme and the improvement thereof of the spirit and scope of invention, it all should be encompassed in the middle of right of the present invention.

Claims (6)

1. a private key safety management method for identity-based public-key cryptosystem, comprises trusted party, client, signer and verifier; Wherein user by client to the request of trusted party application private key, the request of trusted party customer in response end; Signer passes through the private key of application to information signature, also needs to the signature of trusted party acquisition to message simultaneously, then signs final for the synthesis of two parts signature group; Verifier is verified information signature by the public key information of signer; It is characterized in that comprising: system parameters establishment step; Private key produces algorithm steps; Private key recovery algorithms step; Signature algorithm step; Verification algorithm step; Wherein,
Described system parameters establishment step produces the master key of system by trusted party and system common parameter information is set up, and wherein master key is maintained secrecy and common parameter is open;
Described private key produces algorithm steps and comprises:
1.2.1 client generating portion private key;
1.2.2 the part private key of client generation is blinded with user password, and the part private key sending to trusted party application to be issued by trusted party;
1.2.3 trusted party generating portion private key, and the part private key that this part private key blinds with client is backuped to trusted party together;
1.2.4 user preserves the part private key produced by client;
Described private key recovery algorithms step comprises:
1.3.1 client is to trusted party application private key recovery request;
1.3.2 the part private key blinded by client of backup is sent to client by trusted party;
1.3.2 client removes the blind part private key recovering client and produce by password, then verifies the correctness of its part private key with the public key information of user; If be proved to be successful, user preserves the part private key produced by client; Otherwise private key for user recovers unsuccessfully;
Described signature algorithm step comprises:
1.4.1 the signer part private key produced by client is signed to message;
1.4.2 message is sent to trusted party by signer, and application part signature;
1.4.3 the trusted party part private key issued by trusted party is signed to message, and sends to signer;
1.4.4 signer checking trusted party produces the correctness of signature;
If be 1.4.5 proved to be successful, the information signature that the information signature produce signer and trusted party produce also closes, and is the final signature of message; Otherwise, sign unsuccessfully;
The step of described verification algorithm comprises, and the public key information of verifier's signer verifies that it is signed.
2. the private key safety management method of identity-based public-key cryptosystem according to claim 1, is characterized in that: described system parameters establishment step, wherein;
2.1 produce two groups that Prime Orders is q: (G 1,+), (G 2), and hyperbola maps e:G 1× G 1→ G 2;
2.2 produce master key s at random 0∈ Z q *, calculate corresponding PKI P 0=s 0p, wherein P is G 1generator and P ∈ G 1;
2.3H 1: { 0,1} *→ G 1, two secure hash function;
2.4 secret s 0, open { G 1, G 2, e, P, H 1, H 2, P 0.
3. the private key safety management method of identity-based public-key cryptosystem according to claim 2, is characterized in that: described private key produces algorithm steps, wherein:
Described client generating portion private key:
3.1 produce t ∈ Z at random q *, calculating section private key D user=tQ, wherein Q=H 1(ID);
3.2 using user password as random seed, produces random number r ∈ Z q *, the part private key that client produces is blinded i.e. D user'=rD user=rtQ;
3.3 calculate T=tP;
3.4 by { ID, D user', T} sends to trusted party;
Described trusted party needs:
3.5 calculating section private key and D tA=s 0q, wherein Q=H 1(ID);
3.6 by ID, D user', T, D tAbe saved in this locality;
Final identity information is that the user of ID is by D userpreserve.
4. the private key safety management method of identity-based public-key cryptosystem according to claim 3, is characterized in that: described private key recovery algorithms step, wherein:
Identity information is that the user of ID is recovered to trusted party application private key by client:
4.1 trusted parties are by { D user', T} sends to user;
4.2 clients, using user password as random seed, produce random number r ∈ Z q *, calculate D user=r -1d user'=tQ, then verify e (D user, P) whether=e (Q, T) set up, if be proved to be successful, identity information is that the user of ID is by D userpreserve; Otherwise private key recovers unsuccessfully.
5. the private key safety management method of identity-based public-key cryptosystem according to claim 3, is characterized in that: described signature algorithm step, wherein:
If message is M ∈ { 0,1} *, to be the signature process of the signer of ID be identity information:
5.1 signer generating portion signature V 1=H 2(M) D user;
5.2 signers send { ID, H 2(M) } to trusted party;
5.3 trusted party certifying signature person identity legal after, generating portion signature V 2=H 2(M) D tA, and send to signer;
5.4 signer checkings whether set up, if be proved to be successful, then continue; Otherwise stop;
It is V=V that 5.5 signers calculate final signature 1+ V 2=H 2(M) D tA+ H 2(M) D user=H 2(M) D.
6. the private key safety management method of identity-based public-key cryptosystem according to claim 3, is characterized in that: described verification algorithm step, wherein:
Verifier needs after receiving message M and signature V,
Public key information { ID, the T} of 6.1 acquisition signers;
6.2 calculate Q=H 1, and check following equalities whether to set up (ID): e ( P , V ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M ) ; Proof procedure is as follows:
e ( P , V ) = e ( P , H 2 ( M ) ( s 0 + t ) Q ) = e ( P , s 0 Q ) H 2 ( M ) e ( P , tQ ) H 2 ( M ) = e ( s 0 P , Q ) H 2 ( M ) e ( tP , Q ) H 2 ( M ) = e ( P 0 , Q ) H 2 ( M ) e ( T , Q ) H 2 ( M ) .
CN201210183853.4A 2012-06-05 2012-06-05 Private key safety management method based on identity public key cryptography system Expired - Fee Related CN102739401B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210183853.4A CN102739401B (en) 2012-06-05 2012-06-05 Private key safety management method based on identity public key cryptography system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210183853.4A CN102739401B (en) 2012-06-05 2012-06-05 Private key safety management method based on identity public key cryptography system

Publications (2)

Publication Number Publication Date
CN102739401A CN102739401A (en) 2012-10-17
CN102739401B true CN102739401B (en) 2015-03-25

Family

ID=46994245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210183853.4A Expired - Fee Related CN102739401B (en) 2012-06-05 2012-06-05 Private key safety management method based on identity public key cryptography system

Country Status (1)

Country Link
CN (1) CN102739401B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281188B (en) * 2013-05-23 2016-09-14 天地融科技股份有限公司 A kind of back up the method and system of private key in electronic signature token
CN103269271B (en) * 2013-05-23 2016-12-07 天地融科技股份有限公司 A kind of back up the method and system of private key in electronic signature token
CN103248491B (en) * 2013-05-23 2016-04-13 天地融科技股份有限公司 A kind of backup method of electronic signature token private key and system
CN104660400A (en) * 2013-11-25 2015-05-27 上海复旦微电子集团股份有限公司 RSA modular exponentiation calculation method and device
CN108737085A (en) * 2017-04-25 2018-11-02 杭州弗兰科信息安全科技有限公司 A kind of encryption data shared system that key can cancel immediately
CN107294707B (en) * 2017-06-22 2020-08-28 四川思安特科技有限公司 Mobile phone shield signature key protection method
CN107370599B (en) * 2017-08-07 2020-07-10 收付宝科技有限公司 Management method, device and system for remotely destroying private key
CN107395368B (en) * 2017-08-18 2020-09-11 北京无字天书科技有限公司 Digital signature method, decapsulation method and decryption method in media-free environment
CN108270572B (en) * 2017-12-22 2020-12-11 中国电子科技集团公司第三十研究所 Key exchange protocol based on position and password
JP2020028128A (en) * 2018-08-14 2020-02-20 株式会社bitFlyer Blockchain Device, method, and program for verifying electronic signature
CN109728913B (en) * 2018-12-24 2021-12-14 华为技术有限公司 Equipment validity verification method, related equipment and system
CN110929290B (en) * 2019-12-04 2022-03-18 南京如般量子科技有限公司 Private key threshold backup, loss reporting and recovery system and method based on alliance chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method
CN1980123A (en) * 2005-11-30 2007-06-13 中国科学院研究生院 Realizing method for PKI system based on IBE and key management apparatus
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
CN102420691A (en) * 2011-12-16 2012-04-18 河海大学 Certificate-based forward security signature method and system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1655498A (en) * 2004-02-10 2005-08-17 管海明 Multi-center identity-based key management method
CN1980123A (en) * 2005-11-30 2007-06-13 中国科学院研究生院 Realizing method for PKI system based on IBE and key management apparatus
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
CN102420691A (en) * 2011-12-16 2012-04-18 河海大学 Certificate-based forward security signature method and system thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LeeB私钥分发协议的改进方案;侍伟敏;《北京工业大学学报》;20100331;第36卷(第3期);全文 *
基于AIC的IBE私钥分发协议;侍伟敏;《北京邮电大学学报》;20080831;第31卷(第4期);全文 *

Also Published As

Publication number Publication date
CN102739401A (en) 2012-10-17

Similar Documents

Publication Publication Date Title
CN102739401B (en) Private key safety management method based on identity public key cryptography system
US10530585B2 (en) Digital signing by utilizing multiple distinct signing keys, distributed between two parties
CN110011802B (en) Efficient method and system for cooperatively generating digital signature by two parties of SM9
CN107947913B (en) Anonymous authentication method and system based on identity
CN104639315B (en) The method and apparatus of ID-based cryptosystem and fingerprint recognition double authentication
CN104821880B (en) One kind is without certificate broad sense agent signcryption method
US9705683B2 (en) Verifiable implicit certificates
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN108989054B (en) Cipher system and digital signature method
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN110365469B (en) Data integrity verification method in cloud storage supporting data privacy protection
CN108881279B (en) Mobile health medical sensor data privacy protection method
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN104980437B (en) A kind of authorization third party's data integrity method of proof of identity-based
JP6043804B2 (en) Combined digital certificate
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
CN103414559A (en) Identity authentication method based on IBE-like system in cloud computing environment
CN106549963A (en) Safe storage system based on HDFS
CN102970144A (en) Identity-based authentication method
CN104767611A (en) Signcryption method from public key infrastructure environment to certificateless environment
CN106936584A (en) A kind of building method without CertPubKey cryptographic system
CN111654366A (en) Secure bidirectional heterogeneous strong-designation verifier signature method between PKI and IBC
US20150006900A1 (en) Signature protocol

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150325

Termination date: 20170605