CN103780386A - Blind signature method based on identity and device thereof - Google Patents
Blind signature method based on identity and device thereof Download PDFInfo
- Publication number
- CN103780386A CN103780386A CN201210407629.9A CN201210407629A CN103780386A CN 103780386 A CN103780386 A CN 103780386A CN 201210407629 A CN201210407629 A CN 201210407629A CN 103780386 A CN103780386 A CN 103780386A
- Authority
- CN
- China
- Prior art keywords
- signer
- calculate
- identity
- signature
- blind
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a blind signature method based on an identity and a device thereof. The method comprises the following steps: (1) a signer chooses a random number r belonging to Zq*, a formula U'=rP is calculated, Zq* represents integers in a range from 1 to (q-1), q is a set large prime number, P is the generator of G1, and p is a set large prime number; (2) a sending user randomly selects a blind factor (alpha, beta) belonging to Zq*, a formula U=U'+(alpha+beta)P is calculated, a= (alpha*beta*H3(U)) H2 (m), b= alpha+beta+H2(m), H2 and H3 are one-way Hash functions, and m is plain text information to be signed; (3) the signer uses a private key dID=sQID of the signer to sign (a, b), a formula V'=a*dID/(r+b) is calculated, H1 is a one-way Hash function, and s is a random number as a main cipher key; (4) a receiving user calculates a formula V=V'/(alpha*beta*H3(U))=H2(m)*dID/(r+b), and the coordinate X of V is the signature of a message m. According to the blind signature method based on an identity of the embodiment of the invention, a blind signature message length is only the X coordinate of an elliptic curve point, and the throughput of system operation is increased.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of blind endorsement method and device based on identity.
Background technology
In traditional common key cryptosystem, the main PKI(Public Key Infrastructure that adopts, PKIX) carry out the correlation of verification public key and user identity, binding between subscriber identity information and PKI is by CA(Certificate Authority, authentication center) provide public key certificate realize, very high computing cost and the storage overhead of certificate management process need of this mode.
Under the public-key cryptosystem based on identity, PKI can be arbitrary string, so can be using the identity information of a certain entity directly as its PKI, thereby the binding issue that has got around PKI and its holder's identity, this can greatly simplify the complex management that in conventional P KI, CA carries out user certificate.The bright spot of the public key encryption system based on identity is exactly the identity information that directly the utilizes user PKI as user.Anyone can directly utilize user's the direct encrypting plaintext of identity information like this, has saved the authenticating step of PKI, has also saved the loaded down with trivial details management of CA to public key certificate.
Blind signature, because have blind this feature of property, can effectively be protected the particular content of signed message, so have a wide range of applications in the field such as ecommerce and electronic voting.Blind signature allows message person first message to be blinded, and relief signer is signed to the message blinding, and stop press owner removes the blind factor to signing messages, obtains the signature of signer about former message.Blind signature is exactly a kind of special digital signature technology that recipient takes in the situation that not allowing signer obtain signed message particular content, and it also must meet two character below except meeting general digital signature condition:
1. the message that signer is signed it is sightless, and signer is not known the particular content of message that he signs.
2. signature information untraceable, after signature information comes forth, signer cannot know that this is his which time signature.
Blind endorsement method based on identity is the important branch of recent domestic cryptology, at present, also there is no the effectively blind endorsement method based on identity in prior art.
Summary of the invention
Embodiments of the invention provide a kind of blind endorsement method and device based on identity, shorten signature information length to realize.
Based on a blind endorsement method for identity, comprise
Signer is selected random number r ∈ Z
q *, calculate U '=rP, described Z
q *represent 1 ~ (q-1) integer in scope, described q is the large prime number of setting, and described P is G
1generator, described G
1f
pon a subgroup that rank are q of elliptic curve E module, described F
pfor the territory from 0 composition of the integer to (p-1), described p is the large prime number of setting, and described q is the prime factor of (p+1);
Send user and select at random blinding factor α, β ∈ Z
q *, calculate U=U '+(alpha+beta) P, a=(α β H
3(U)) H
2(m), b=alpha+beta+H
2(m), described H
2, H
3an One-way Hash function, H
2: { 0,1}
*→ Z
q *, H
3: G
1→ Z
q *, described m will sign close cleartext information, m ∈ Z
q *, described transmission user sends to described signer by message to (a, b);
Described signer is signed to (a, b) to described message with the private key of oneself, calculates V '=ad
iD/ (r+b), and V ' is sent to and receives user, the private key d of described signer
iD=sQ
iD, described Q
iD=H
1(ID), the identification information that described ID is described signer, ID ∈ { 0,1}
*, described H
1an One-way Hash function, described H
1: { 0,1}
*→ G
1, described s is the random number as master key;
Described reception user receives after described V ', calculates V=V '/(α β H
3(U))=H
2(m) d
iD/ (r+b), the abscissa x of described V is the signature of message m.
Based on a blind signature apparatus for identity, comprising:
Message blinds processing module, for select random number r ∈ Z by signer
q *, calculate U '=rP, described Z
q *represent 1 ~ (q-1) integer in scope, described q is the large prime number of setting, and described P is G
1generator, described G
1f
pon a subgroup that rank are q of elliptic curve E module, described F
pfor the territory from 0 composition of the integer to (p-1), described p is the large prime number of setting, and described q is the prime factor of (p+1);
Select at random blinding factor α, β ∈ Z by sending user
q *, calculate U=U '+(alpha+beta) P, a=(α β H
3(U)) H
2(m), b=alpha+beta+H
2(m), described H
2, H
3an One-way Hash function, H
2: { 0,1}* → Z
q *, H
3: G
1→ Z
q *, described m will sign close cleartext information, m ∈ Z
q *, described transmission user sends to described signer by message to (a, b);
Signature processing module, signs to (a, b) to described message for the private key with described signer, calculates V '=ad
iD/ (r+b), and V ' is sent to and receives user, the private key d of described signer
iD=sQ
iD, described Q
iD=H
1(ID), the identification information that described ID is described signer, ID ∈ { 0,1}
*, described H
1an One-way Hash function, described H
1: { 0,1}
*→ G
1, described s is the random number as master key;
Signature calculation module, for calculating V=V '/(α β H by described reception user
3(U))=H
2(m) d
iD/ (r+b), the abscissa x of described V is the signature of message m.
The technical scheme being provided by the embodiment of the invention described above can be found out, the blind signature information length of the blind endorsement method based on identity of the embodiment of the present invention is only the abscissa of elliptic curve point, be shorter than the signature information length of the blind endorsement method of existing elliptic curve, increase the throughput of system operation, be suitable for the communication environment of Bandwidth-Constrained.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The process chart of a kind of blind endorsement method based on identity that Fig. 1 provides for the embodiment of the present invention one;
The detailed process schematic diagram of a kind of blind signature processing that Fig. 2 provides for the embodiment of the present invention one;
The concrete structure figure of a kind of blind signature apparatus based on identity that Fig. 3 provides for the embodiment of the present invention two.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing as an example of several specific embodiments example, and each embodiment does not form the restriction to the embodiment of the present invention.
Embodiment mono-
The handling process of a kind of blind endorsement method based on identity that this embodiment provides as shown in Figure 1, comprises following treatment step:
Step 11, selected G
1, G
2, p, q, obtain G
1generator P, Bilinear Pairing
Selected G
1, G
2be two groups that rank are q, p, q are two large prime numbers (wherein p is at least 512 bits, and q is at least 160 bits), and q is the prime factor of (p+1), and the number of bits of q represents with n.G
1f
pon a subgroup of elliptic curve E module, above-mentioned F
prepresent from the territory of 0 integer to (p-1) composition, above-mentioned elliptic curve E can shape as y
2the form of=f (x), G
2it is territory
on a multiplicative group, wherein
by F
pquadratic extension obtains, and shape is as F
p[x]/f, F
p[x] is F
pon polynomial ring, f is that a secondary can not be changed about multinomial.P is G
1generator, i.e. q*P=O, " O " is infinite point.
g
1× G
1→ G
2be a bilinear map, this Bilinear Pairing
be one from set G
1× G
1to set G
2a mapping, this mapping has following character:
Bilinearity: for any g
1, g
2∈ G
1integer a arbitrarily, b ∈ Z
p *, have
Step 12, selection hash function H
1, H
2and H
3.
H
1: { 0,1}
*→ G
1, H
1be a unilateral hash function, this function is safe simultaneously, and it is mapped to G 0,1 character string of a random length that represents subscriber identity information
1a point of upper elliptic curve E, and PKI using this as above-mentioned user, G
1be on elliptic curve E set a little.Secure Hash function refers to can not instead release cleartext information by cryptographic Hash expressly.
H
2: { 0,1}
*→ Z
q *, H
2also be an One-way Hash function, it is also safe, and it is mapped to Z 0,1 character string of a random length
q *, Z
q *be a multiplicative group, its element comprises and is more than or equal to 1 and be less than or equal to all integers of q-1, and m will sign close cleartext information, m ∈ Z
q *, x (R) represents the abscissa of the upper point of elliptic curve E R.
H
3: G
1→ Z
q *, H
3also be an One-way Hash function, it is also safe, and it is G
1a point of upper elliptic curve is mapped to Z
q *.
Step 13, PKG(Private Key Generator, private key for user generating center) select a random number as master key s ∈ Z
q *, calculate P
pub=sP, the open system parameters of PKG
preserve master key s.
Specifically, can select F
pon super singular curve, order of a curve #E (F
p)=p+1, chooses p and is the large prime number of 1024: p=0xEB348F4B648412EAB3CE675E03B3AF14D434DFE4C6BC54291DD3 00DBDBA1BFDACB0D7CFEE20185398A64748E3CB8E25EAADF8612D188 1FC808A749E661703A734C22EF62112B3A109A0CB86CEB1A2324B818 37CA56C52EE75EDB37907E73B7FDF52F1BD333B16A0167D8116BD29B 1939E3F3607E4B581BFE3D25969470A88D1B;
Choose q and be the large prime number of 256:
q=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF;
Association's factor:
cof=0xEB348F4C4FB8A23618527A47CC4D8726882FECC2976A2A78DD549C5C0939B77715D9A03FB62A2375AB9D47932124F1469F5D6511D1511DCC61C57B874F8108122E932AE6070A1B484CCFD295F03F5031AB641265B4A7E401C2DA696B8F5772E4;
Elliptic curve E
pupper number is a little called the rank #E (Fp) of elliptic curve E, as the elliptic curve E of crypto-operation comprise 160 of large prime factor q(binary bit or more than), assist factor cof=#E (F
p)/q, the #E in above-mentioned formula represents the rank of elliptic curve E.
Curvilinear equation E:y
2=x
3+ x;
Embed number of times k=2, adopt Tate pairing to carry out computing;
Embed number of times and make q/(p
k-1) minimum positive integer of setting up.Tate pairing computing is from G
1× G
1→ G
2bilinear map.Basic point P is the generator of elliptic curve E.
The basic point P of elliptic curve:
(0x887FE3AB3AA6440B8298D4DDD7BE6DE3739A4F7F1D28D7886FA00BD99585A1DAB2A94896B73D066FCB08B262DF04A7ABA6AF977E4627838F62968A9C23CC6CF6163C9FE926402F8876D249B826497817BB50530CEFF0B92C0A76105A1BAEC1B5F44EFBC9D10CD78AD33354D70BA9D63B51CF17BFE39E95D19C8B5652FBE209BB,
0x76433E8F372C45A378CF9076F3BA681922C3952E21BF659EEBAFEBD7ADAE334CBD7E7A768644BECB725C8D7B7E8B36A382F865F3D82352F4A3E5AE99C837B6FEE64106FD81269C7E551E6AA1EE0ED76EDF31C43A47CB47D7B25742B2B1632A9F7E5635EEBFAF39E9E29D987DB51887C43F9E3E7D46DE6814E6E3AAF1021B87F2)。
H
1: { 0,1}
*→ G
1concrete processing procedure is as follows:
1) given subscriber identity information ID ∈ { 0,1}
*, set i ← 0, " ← " represents the meaning of assignment;
2) set (x, b) ← sha-1 (i||ID), x is the abscissa calculating here, and b is the binary bit of determining ordinate; Sha-1 represents international standard hash algorithm, and the binary bits figure place of establishing its result of calculation is n, and last binary bit is b, before n-1 binary bit be x.
3) according to equation y
2=f (x), and x abscissa, calculate two square root y value y
0and y
1, according to 2) in the binary bits value of b, determine G
1on some Q
iD' (x, y
b);
4) calculate Q
iD=cof*Q
iD'.If Q
iD≠ 0, i.e. the output G corresponding with ID
1on some Q
iD, otherwise turn 5).
5) variable i is added to 1 certainly, turn 2).
H
2: can select hash Hash SHA-1 algorithm.
H
3:G
1→Z
q *。If R ∈ is G
1, z ∈ Z
q *, can define H
3: z=H
2(R
x|| R
y), R in above-mentioned formula
xand R
yrepresent respectively abscissa and the ordinate of some R.
Step 14, PKG generate the private key of signer.
Calculate Q
iD=H
1(ID||Time), the identification information of signer is mapped to F
pon super singular curve on point, the cycle that the time factor Time here can upgrade according to private key be set as year, month, week or day, above-mentioned time factor Time is used for setting the private key for user update cycle, if for example time factor is set as " moon ", user must monthly upgrade private key one time.
Compute signature person's private key d
iD=sQ
iD.
Step 15, signer blind the information after treatment processing of signing to sending user.
As shown in Figure 2, blind signature process is to complete alternately between signer and transmission user to the detailed process schematic diagram of above-mentioned blind signature processing, specifically comprises following processing procedure:
Signer is selected random number r ∈ Z
q *, calculate U '=rP;
Send user and select at random blinding factor α, β ∈ Z
q *, calculate
U=U '+(alpha+beta) P, a=(α β H3 (U)) H2 (m), b=alpha+beta+H2 (m), then U is distributed to all users by the mode of broadcast, by (a, b) send to signer, described m will sign close cleartext information, m ∈ Zq
*,
After signer receives that the message having blinded is to (a, b), it is signed with own private key, calculating V '=ad
iD/ (r+b), and V ' is sent to and receives user.
Step 16, reception user go blind and checking processing to the message after signing
Receive user and receive after above-mentioned V ', calculate V=V '/(α β H
3(U))=H
2(m) d
iD/ (r+b), the abscissa x of V is the signature of message m so.
Above-mentioned transmission user, reception user and signer can be verified by checking processing procedure below the accuracy of the transmitting procedure of above-mentioned message m.
Checking processing procedure is as follows:
Calculate h=H
2(m);
Calculate the some V on curve according to abscissa x
1;
Calculate
If g
2=g
1or g
2=g
1 -1, be verified; Otherwise authentication failed.
Prove:
According to the equation y of curve E
2=f (x) known (x, y) and (x ,-y) be all the point on curve, thereby:
V
1=V or V
1=-V, gets V
1=V:
Or get V
1=-V:
Embodiment bis-
This embodiment provides a kind of blind signature apparatus based on identity, and its concrete structure as shown in Figure 3, comprises following module:
Message blinds processing module 31, for select random number r ∈ Z by signer
q *, calculate U '=rP, described Z
q *represent 1~(q-1) integer in scope, described q is the large prime number of setting, and described P is G
1generator, described G1 is a subgroup that rank are q of the elliptic curve E module on Fp, described Fp is the territory from 0 integer to (p-1) composition, described p is the large prime number of setting, and described q is the prime factor of (p+1);
Select at random blinding factor α, β ∈ Z by sending user
q *, calculate U=U '+(alpha+beta) P, a=(α β H3 (U)) H2 (m), b=alpha+beta+H2 (m), described H2, H3 are One-way Hash functions, H2:{0,1}
*→ Z
q *, H3:G
1→ Z
q *, described m will sign close cleartext information, m ∈ Zq
*, described transmission user sends to described signer by message to (a, b);
Concrete, described message blinds processing module 31, also for calculating Q by following processing procedure
iD=H
1(ID) comprising:
Step 1, given subscriber identity information ID ∈ { 0,1}
*, set i ← 0, " ← " represents the meaning of assignment;
Step 2, setting (x, b) ← sha-1 (i||ID), x is the abscissa calculating here, b is the binary bit of determining ordinate; Sha-1 represents international standard hash algorithm, and the binary bits figure place of establishing its result of calculation is n, and last binary bit is b, before n-1 binary bit be x.
Step 3, according to equation y
2=f (x), and x abscissa, calculate two square root y value y
0and y
1, according to 2) in the binary bits value of b, determine G
1on some Q
iD' (x, y
b);
Step 4, calculating Q
iD=cof
*q
iD', if Q
iD≠ 0, i.e. the output G corresponding with ID
1on some Q
iD, otherwise, variable i, from adding 1, is re-executed to above-mentioned steps 2,3,4.
Concrete, described signature processing module 32, also for the time factor Time according to setting to described private key Q
iDupgrade, described time factor Time is year, the moon, week or day.
Concrete, described signature calculation module 33, also for calculating
described
be a bilinear map, be one from set (G
1× G
1) to set G
2a mapping, described G
2for the group that rank are q, described q is the large prime number of setting;
Calculate the some V on curve E according to abscissa x
1;
Calculate
If g
2=g
1or g
2=g
1 -1, be verified; Otherwise authentication failed.
The detailed process and the preceding method embodiment that carry out the blind signature based on identity with the device of the embodiment of the present invention are similar, repeat no more herein.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the equipment in embodiment can be described and be distributed in the equipment of embodiment according to embodiment, also can carry out respective change and be arranged in the one or more equipment that are different from the present embodiment.The module of above-described embodiment can be merged into a module, also can further split into multiple submodules.
In sum, the blind signature information length of the blind endorsement method based on identity of the embodiment of the present invention is only the abscissa of elliptic curve point, be shorter than the signature information length of the blind endorsement method of existing elliptic curve, increased the throughput of system operation, be suitable for the communication environment of Bandwidth-Constrained.
In blind signature-verification process, although need to calculate two step pairing computings, the first step can obtain by precomputation storing queries, thereby proof procedure only need to calculate the pairing computing of a step key, greatly reduce the calculation cost of checking equation, improved the operational efficiency of whole system.
The above; only for preferably embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (8)
1. the blind endorsement method based on identity, is characterized in that, comprises
Signer is selected random number r ∈ Z
q *, calculate U '=rP, described Zq
*represent 1~(q-1) integer in scope, described q is the large prime number of setting, described P is the generator of G1, described G1 is a subgroup that rank are q of the elliptic curve E module on Fp, described Fp is the territory from 0 composition of the integer to (p-1), described p is the large prime number of setting, and described q is the prime factor of (p+1);
Send user and select at random blinding factor α, β ∈ Z
q *, calculate U=U '+(alpha+beta) P, a=(α β H3 (U)) H2 (m), b=alpha+beta+H2 (m), described H2, H3 are One-way Hash functions, H2:{0,1}
*→ Z
q *, H3:G
1→ Z
q *, described m will sign close cleartext information, m ∈ Zq
*, described transmission user sends to described signer by message to (a, b);
Described signer is signed to (a, b) to described message with the private key of oneself, calculates V '=ad
iD/ (r+b), and V ' is sent to and receives user, the private key d of described signer
iD=sQ
iD, described Q
iD=H
1(ID), the identification information that described ID is described signer, ID ∈ { 0,1}
*, described H
1an One-way Hash function, described H
1: { 0,1}
*→ G
1, described s is the random number as master key;
Described reception user receives after described V ', calculates V=V '/(α β H
3(U))=H
2(m) d
iD/ (r+b), the abscissa x of described V is the signature of message m.
2. the blind endorsement method based on identity according to claim 1, is characterized in that,
Described calculating Q
iD=H
1(ID) comprising:
Step 1, given subscriber identity information ID ∈ { 0,1}
*, set i ← 0, " ← " represents the meaning of assignment;
Step 2, setting (x, b) ← sha-1 (i||ID), x is the abscissa calculating here, b is the binary bit of determining ordinate; Sha-1 represents international standard hash algorithm, and the binary bits figure place of establishing its result of calculation is n, and last binary bit is b, before n-1 binary bit be x.
Step 3, according to equation y
2=f (x), and x abscissa, calculate two square root y value y
0and y
1, according to 2) in the binary bits value of b, determine G
1on some Q
iD' (x, y
b);
Step 4, calculating Q
iD=cof
*q
iD', if Q
iD≠ 0, i.e. the output G corresponding with ID
1on some Q
iD, otherwise, variable i, from adding 1, is re-executed to above-mentioned steps 2,3,4.
3. the blind endorsement method based on identity according to claim 1, is characterized in that, described method also comprises:
Described signer according to set time factor Time to described private key Q
iDupgrade, described time factor Time is year, the moon, week or day.
4. according to the blind endorsement method based on identity described in claim 1 or 2 or 3, it is characterized in that, described method also comprises:
Calculate
described
be a bilinear map, be one from set (G
1× G
1) to set G
2a mapping, described G
2it is territory
on a multiplicative group, described P
pub=sP;
Calculate h=H
2(m);
Calculate the some V on curve according to abscissa x
1;
Calculate
If g
2=g
1or g
2=g
1 -1, determine and pass through for the signature verification of described cleartext information m; Otherwise authentication failed.
5. the blind signature apparatus based on identity, is characterized in that, comprising:
Message blinds processing module, for select random number r ∈ Z by signer
q *, calculate U '=rP, described Z
q *represent 1 ~ (q-1) integer in scope, described q is the large prime number of setting, and described P is G
1generator, described G
1f
pon a subgroup that rank are q of elliptic curve E module, described F
pfor the territory from 0 composition of the integer to (p-1), described p is the large prime number of setting, and described q is the prime factor of (p+1);
Select at random blinding factor α, β ∈ Z by sending user
q *, calculate U=U '+(alpha+beta) P, a=(α β H
3(U)) H
2(m), b=alpha+beta+H
2(m), described H
2, H
3an One-way Hash function, H
2: { 0,1}
*→ Z
q *, H
3: G
1→ Z
q *, described m will sign close cleartext information, m ∈ Z
q *, described transmission user sends to described signer by message to (a, b);
Signature processing module, signs to (a, b) to described message for the private key with described signer, calculates V '=ad
iD/ (r+b), and V ' is sent to and receives user, the private key d of described signer
iD=sQ
iD, described Q
iD=H
1(ID), the identification information that described ID is described signer, ID ∈ { 0,1}
*, described H
1an One-way Hash function, described H
1: { 0,1}
*→ G
1, described s is the random number as master key;
Signature calculation module, for calculating V=V '/(α β H by described reception user
3(U))=H
2(m) d
iD/ (r+b), the abscissa x of described V is the signature of message m.
6. the blind signature apparatus based on identity according to claim 5, is characterized in that:
Described message blinds processing module, also for calculating Q by following processing procedure
iD=H
1(ID) comprising:
Step 1, given subscriber identity information ID ∈ { 0,1}
*, set i ← 0, " ← " represents the meaning of assignment;
Step 2, setting (x, b) ← sha-1 (i||ID), x is the abscissa calculating here, b is the binary bit of determining ordinate; Sha-1 represents international standard hash algorithm, and the binary bits figure place of establishing its result of calculation is n, and last binary bit is b, before n-1 binary bit be x.
Step 3, according to equation y
2=f (x), and x abscissa, calculate two square root y value y
0and y
1, according to 2) in the binary bits value of b, determine G
1on some Q
iD' (x, y
b);
Step 4, calculating Q
iD=cof
*q
iD', if Q
iD≠ 0, i.e. the output G corresponding with ID
1on some Q
iD, otherwise, variable i, from adding 1, is re-executed to above-mentioned steps 2,3,4.
7. the blind signature apparatus based on identity according to claim 6, is characterized in that:
Described signature processing module, also for according to set time factor Time to described private key Q
iDupgrade, described time factor Time is year, the moon, week or day.
8. according to the blind signature apparatus based on identity described in claim 5 or 6 or 7, it is characterized in that:
Described signature calculation module, also for calculating
described
be a bilinear map, be one from set (G
1× G
1) to set G
2a mapping, described G
2for the group that rank are q, described q is the large prime number of setting;
Calculate the some V on curve E according to abscissa x
1;
Calculate
If g
2=g
1or g
2=g
1 -1, be verified; Otherwise authentication failed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210407629.9A CN103780386B (en) | 2012-10-23 | 2012-10-23 | Blind signature method based on identity and device thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210407629.9A CN103780386B (en) | 2012-10-23 | 2012-10-23 | Blind signature method based on identity and device thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103780386A true CN103780386A (en) | 2014-05-07 |
CN103780386B CN103780386B (en) | 2017-02-15 |
Family
ID=50572260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210407629.9A Active CN103780386B (en) | 2012-10-23 | 2012-10-23 | Blind signature method based on identity and device thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103780386B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104967513A (en) * | 2015-05-29 | 2015-10-07 | 西北工业大学 | Identity-based multi-recipient ring signcryption method with multiple safety attributes |
CN105681045A (en) * | 2016-01-14 | 2016-06-15 | 北京航空航天大学 | Blind signature method and a blind signature system |
CN106656508A (en) * | 2016-12-27 | 2017-05-10 | 深圳大学 | Identity-based partial blind signature method and apparatus |
CN108847933A (en) * | 2018-06-26 | 2018-11-20 | 西安电子科技大学 | Mark based on SM9 cryptographic algorithm signs and issues method |
CN110537183A (en) * | 2017-04-14 | 2019-12-03 | 国际商业机器公司 | Data markers |
CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
CN111385092A (en) * | 2018-12-28 | 2020-07-07 | 新唐科技股份有限公司 | Cipher device using information blinding and cipher processing method thereof |
CN111740833A (en) * | 2019-04-16 | 2020-10-02 | 北京沃东天骏信息技术有限公司 | Signature method, node, system and storage medium of block chain network |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040128259A1 (en) * | 2002-12-31 | 2004-07-01 | Blakeley Douglas Burnette | Method for ensuring privacy in electronic transactions with session key blocks |
CN101378316A (en) * | 2007-08-29 | 2009-03-04 | 索尼(中国)有限公司 | Proxy blind signing system and method based on identification |
-
2012
- 2012-10-23 CN CN201210407629.9A patent/CN103780386B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040128259A1 (en) * | 2002-12-31 | 2004-07-01 | Blakeley Douglas Burnette | Method for ensuring privacy in electronic transactions with session key blocks |
CN101378316A (en) * | 2007-08-29 | 2009-03-04 | 索尼(中国)有限公司 | Proxy blind signing system and method based on identification |
Non-Patent Citations (3)
Title |
---|
JUNJIE HE等: "A New Identity-based Proxy Blind Signature Scheme", 《IEEE》 * |
李明祥等: "一种高效的基于身份的部分盲签名方案", 《计算机应用研究》 * |
牛志华等: "一种新型的基于身份的高效盲签名", 《上海大学学报》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104967513A (en) * | 2015-05-29 | 2015-10-07 | 西北工业大学 | Identity-based multi-recipient ring signcryption method with multiple safety attributes |
CN104967513B (en) * | 2015-05-29 | 2018-08-07 | 西北工业大学 | The multi-receiver ring label decryption method of identity-based with maltilevel security attribute |
CN105681045B (en) * | 2016-01-14 | 2019-05-17 | 北京航空航天大学 | Proxy Signature method and blind signing system |
CN105681045A (en) * | 2016-01-14 | 2016-06-15 | 北京航空航天大学 | Blind signature method and a blind signature system |
CN106656508B (en) * | 2016-12-27 | 2019-09-06 | 深圳大学 | A kind of Partial Blind Signature method and apparatus of identity-based |
CN106656508A (en) * | 2016-12-27 | 2017-05-10 | 深圳大学 | Identity-based partial blind signature method and apparatus |
CN110537183A (en) * | 2017-04-14 | 2019-12-03 | 国际商业机器公司 | Data markers |
CN110537183B (en) * | 2017-04-14 | 2023-07-07 | 国际商业机器公司 | Data marking method and system |
CN108847933A (en) * | 2018-06-26 | 2018-11-20 | 西安电子科技大学 | Mark based on SM9 cryptographic algorithm signs and issues method |
CN108847933B (en) * | 2018-06-26 | 2020-11-03 | 西安电子科技大学 | SM9 cryptographic algorithm-based identification issuing method |
CN111385092A (en) * | 2018-12-28 | 2020-07-07 | 新唐科技股份有限公司 | Cipher device using information blinding and cipher processing method thereof |
CN111385092B (en) * | 2018-12-28 | 2023-09-19 | 新唐科技股份有限公司 | Cipher device using information blinding and its cipher processing method |
CN111740833B (en) * | 2019-04-16 | 2023-09-05 | 北京沃东天骏信息技术有限公司 | Signature method, node, system and storage medium of blockchain network |
CN111740833A (en) * | 2019-04-16 | 2020-10-02 | 北京沃东天骏信息技术有限公司 | Signature method, node, system and storage medium of block chain network |
CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
CN110896351B (en) * | 2019-11-14 | 2022-07-26 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
Also Published As
Publication number | Publication date |
---|---|
CN103780386B (en) | 2017-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103780385B (en) | Blind signature method based on elliptic curve and device thereof | |
CN103780386A (en) | Blind signature method based on identity and device thereof | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN107707358B (en) | EC-KCDSA digital signature generation method and system | |
CN102387019B (en) | Certificateless partially blind signature method | |
CN104639315B (en) | The method and apparatus of ID-based cryptosystem and fingerprint recognition double authentication | |
CN101931529B (en) | Data encryption method, data decryption method and nodes | |
CN100440776C (en) | Elliptic curve signature and signature verification method and apparatus | |
CN104811302B (en) | Mix based on the elliptic curve without certificate and sign decryption method | |
CN103746811B (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN110601859B (en) | Certificateless public key cryptographic signature method based on 25519 elliptic curve | |
CN104767612A (en) | Signcryption method from certificateless environment to public key infrastructure environment | |
CN101702804A (en) | Two-party key agreement method based on self-certified public key | |
CN110995412B (en) | Certificateless ring signcryption method based on multiplicative group | |
CN101667913A (en) | Authenticated encryption method and encryption system based on symmetric encryption | |
CN104113420A (en) | Identity based aggregate signcryption method | |
CN104767611A (en) | Signcryption method from public key infrastructure environment to certificateless environment | |
CN110784314A (en) | Certificateless encrypted information processing method | |
CN105025474A (en) | Lightweight digital signature method facing wireless sensing network | |
CN104333453A (en) | Partially blind signature method based on identity | |
CN111030821B (en) | Encryption method of alliance chain based on bilinear mapping technology | |
CN106453253B (en) | A kind of hideing for efficient identity-based signs decryption method | |
CN103269272B (en) | A kind of key encapsulation method based on short-lived certificates | |
CN104579661B (en) | The implementation method and device of the Electronic Signature of identity-based |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |