CN104038341A - Identity-based cross-system proxy re-encryption method - Google Patents

Abstract

The invention provides an identity-based cross-system proxy re-encryption method. The identity-based cross-system proxy re-encryption method comprises steps run by a PKG (Private Key Generator), namely 1, inputting a coefficient lambda and outputting system parameters, 2, running a random number generation algorithm, 3, calculating bilinear pairings, and carrying out exponentiation and multiplication, 4, selecting a collision-resistant hash function and outputting a public key, 5, running the collision-resistant hash function, and 6, performing addition, calculating a reciprocal and an exponent, and outputting a private key, steps run by an authorizing party, namely 7, running the collision-resistant hash function, 8, running the random number generation algorithm and carrying out multiplication and exponentiation operations, and outputting a ciphertext, 9, selecting a blinding factor k, 10, running the collision-resistant hash function, and 11, running the random number generation algorithm and carrying out multiplication and exponentiation operations, and outputting a conversion private key, a step run by a proxy party, namely 12, calculating bilinear pairings and carrying out division, and outputting a re-encryption ciphertext, and steps run by an authorized party, namely 13, running the collision-resistant hash function, 14, calculating bilinear pairings, and carrying out addition, continuous multiplication and division, and outputting k, and 15, calculating bilinear pairings and carrying out multiplication, and outputting a plaintext.

Description

A kind of cross-system based on identity is acted on behalf of re-encryption method

(1) technical field:

The present invention relates to a kind of cross-system based on identity and act on behalf of re-encryption method, can realize agency's conversion of ciphertext under different encryption systems, belong to field of cryptography in information security.

(2) technical background:

Along with the raising of communications security, multiple cryptographic system is suggested in order to data are encrypted to transmission, has guaranteed the communication personal secrets between user, and the public key encryption system based on identity is exactly be widely used a kind of.Whether the key adopting according to communicating pair is identical, and the system of data encryption is divided into two kinds: single key encryption system and public key encryption system; Public key encryption is to encrypt relative a kind of encryption system with single key, and both all emphasize that cryptographic algorithm can disclose, and decruption key must hold in close confidence, once Key Exposure, the data of whole encryption are just dangerous.Both differences are, the encryption key that single key is encrypted is identical with decruption key, and the encryption key of public key encryption is different from decruption key.In public key encryption system, PKI is in order to encrypt the information that will encrypt (we are referred to as expressly here), and private key is used for the information (we are referred to as ciphertext) after encrypting to encrypt here.

Encryption method based on identity---Identity-Based Encryption (IBE) starts to be proposed by Shamir most, belongs to public key encryption system.Participant is generally Encrypt and Decrypt side and private key generating center.In IBE system, the identity ID of the side of deciphering is as the PKI of encrypting, and this identity ID can be ID card No., email address or the telephone number etc. of deciphering side.Encrypt root and according to PKI, plaintext is encrypted, private key generating center---Private Key Generator (PKG) is responsible for, according to the identity of user in system, user is provided to private key, only has the identity of deciphering side consistent with PKI, can decipher.The advantage of this encryption method is, has removed PKIX---Public Key Infrastructure (PKI) provides the link of certificate of certification to user, alleviated the expense of system, has more Practical significance.

On the cryptographic algorithm basis of this efficient quick of IBE, derived again many multi-functional encryption methods based on identity, wherein just comprised the broadcast encryption method based on identity---Identity-Based Broadcast Encryption (IBBE).IBBE encryption method is mainly used in solving encrypting user and many decrypted users is carried out the application demand of broadcast enciphering simultaneously, the set that the identity that the PKI that encrypting user is used when encrypting is all decrypted users forms, only the user in this identity set just can be successfully to decrypt ciphertext.For example; a kind of like this application scenarios of our references: the doctor in charge A of certain hospital wants, with the n position doctor of other various big hospitals, the medical record information of analyzing certain patient is discussed jointly; owing to considering the sensitiveness of patient information and for the consideration of protection patient privacy, doctor A encrypted medical record information before sending case history.If adopt IBE encryption method herein, first A need to encrypt medical record information respectively according to n doctor's identity, generates n part ciphertext; If adopt IBBE encryption method, the identity set that A only must form according to n doctor's identity is encrypted once medical record information, generates a ciphertext, and the doctor in identity set can be to decrypt ciphertext; The method has been saved time and the energy of encrypting user greatly, has reduced the expense of ciphertext storage, and method is more efficient.

In addition, we consider another kind of application scenarios: mailbox user Alice has an envelope privacy enhanced mail to want to share with another user Bob, but this mail is to using the identity of Alice as PKI, encrypts under IBE encryption system, Bob cannot not complete deciphering while not knowing the private key of Alice.And Alice does not want to reveal under the prerequisite of own private key, traditional way is: Alice is used the private key of oneself to be decrypted mail, and the identity that re-uses Bob is encrypted again to the plaintext after deciphering.Send ciphertext to Bob; Bob is used the private key of oneself to the decrypt ciphertext of receiving, thereby has completed sharing of Mail Contents.Above-mentioned undoubtedly way is numerous and diverse and consuming time, thereby derives a kind of being called: " acting on behalf of re-encryption "---the solution of Proxy re-encryption (PRE).The concept of acting on behalf of re-encryption is to be proposed in the European cryptography annual meeting of 1998 by Blaze, Bleumer and tri-scientists of Strauss the earliest, in PRE scheme, communication participant is respectively private key generating center---PKG, decrypt authorized side (Delegator), act on behalf of re-encryption side (Proxy) and authorized just (Delegatee).Under above-mentioned application scenarios, if adopt the re-encryption method of acting on behalf of, Alice only needs to calculate a generation transition key---Re-encryption Key (RK) according to the identity of own private key and Bob as Delegator, and ciphertext and transition key are sent to simultaneously and act on behalf of re-encryption side; Act on behalf of the ciphertext that the private key that uses transition key, the ciphertext re-encryption that under the prerequisite of not knowing clear content and Alice private key information completely, the private key that only has Alice can be deciphered to obtain Bob in re-encryption side can be deciphered.Like this, Bob only need download the ciphertext after re-encryption from acting on behalf of re-encryption side, uses oneself private key to complete the deciphering of ciphertext.Act on behalf of in the process of re-encryption method operation, saved Delegator and original ciphertext has first been deciphered to the step of encrypting again, saved the spending of user and system; In addition, act on behalf of re-encryption side and in re-encryption link, can not know any information about plaintext and private key for user, data all exist with ciphertext form in the process of whole extraneous storage, have ensured the data security under complicated distributed network environment.

According to the difference of acting on behalf of the encryption direction of re-encryption, act on behalf of re-encryption and can be divided into and unidirectional act on behalf of re-encryption and two-way act on behalf of re-encryption; Unidirectional act on behalf of re-encryption and can realize the ciphertext that the ciphertext of the public key encryption of Delegator is converted to the public key encryption of authorized square Delegatee, oppositely cannot; Two-way act on behalf of re-encryption and can realize reverse ciphertext conversion simultaneously.

Along with acting on behalf of the proposition of re-encryption method, increasing encryption method combines from the thought of acting on behalf of re-encryption the re-encryption scheme of acting on behalf of having formed under different encryption systems.Consider the existing re-encryption scheme of acting on behalf of at present, the encryption system before and after ciphertext conversion is all identical; That is to say, be still the ciphertext under IBE encryption system if use the ciphertext that IBE encryption system is encrypted through acting on behalf of re-encryption afterwards, and this has limited to user's the scope of application under some application scenarios.With the user profile under cloud environment, encrypt and be stored as example, such user is under the hypodynamic restriction of own stored energy, selection upload the data to cloud server, for the fail safe of protected data and the object of saving storage overhead, the user who holds distributed storage data is organized with IBE encryption system, and each data is held user and has been distributed unique public affairs, private key pair by PKG; In data, hold before user upload the data to cloud server, the PKI being first assigned to according to oneself is encrypted data, is resent to high in the clouds storage.Data after encryption only have this user oneself to decipher, and have avoided data to suffer the danger that malicious server is divulged a secret.

Yet, when data are held user and want to carry out data sharing with a plurality of users, if adopt the existing re-encryption method of acting on behalf of, there are 2 restrictions: first authorized user need to have legal identity equally among this IBE encryption system; Secondly authorized user need to send to agent according to each authorized user's identity T.G Grammar key.When authorized side is in situation about organizing with other encryption systems, existingly act on behalf of re-encryption and just cannot successfully carry out.Therefore, we invented that a kind of scope of application is wider, more comprehensive " acting on behalf of re-encryption across the encryption system " method of function---can easily realize and act on behalf of ciphertext conversion from IBE encryption system to IBBE encryption system.IBE encryption system and IBBE encryption system are independent of one another existence in the methods of the invention, have respectively the system parameters of oneself, and agent has served as bridge beam action in transfer process, and IBE system and IBBE interconnection are got up.By transition key, convert the ciphertext after public key encryption in IBE system in the IBBE system ciphertext after public key encryption, realized user's cross-system deciphering.

Because IBE encryption system is different with the PKI that IBBE encryption system not only used, and in IBE encryption system ciphertext according to an identity ciphering, IBBE is that the identity set forming according to a plurality of identity is encrypted, ciphertext version after both encryptions must have very large difference, how successfully realizing ciphertext conversion, is the problem that our invention mainly solves.Based on existing a kind of efficient succinct IBBE encipherment scheme, we have constructed a kind of brand-new IBE encryption system.First, we make authorized party origination message be used to the PKI of oneself, and the IBE encryption system of designing according to us is encrypted, and only has authorized party's oneself private key successfully to decipher.Subsequently, random number is selected by authorized party side, blinds the private key of oneself, and the identity set by this random number according to authorized user utilizes the system parameters in IBBE system to encrypt.Meet the user of identity in authorized user's set and can successfully decipher and obtain this random value, finally recover cleartext information.In addition, the present invention is the unidirectional re-encryption method of acting on behalf of, and authorized party and agent cannot conspire to reach the object of the authorized square ciphertext of deciphering, thereby has farthest protected licensee's data security.

(3) summary of the invention:

1, object: a kind of cross-system based on identity is acted on behalf of re-encryption method

The object of the invention is to propose a kind of cross-system based on identity and act on behalf of re-encryption method, it is that a kind of identity base under different encryption systems is acted on behalf of re-encryption method, the method combines existing identity base encryption technology and acts on behalf of the advantage of Re-encryption Technology, can easily realize from authorized party to authorized square ciphertext conversion, the malice of simultaneously protecting cleartext information can not acted on behalf of re-encryption side in whole re-encryption process is revealed; Simultaneously we have redesigned novel identity base according to existing identity base broadcast enciphering (IBBE) scheme and have encrypted (IBE) system, when having retained the characteristics such as existing IBBE encryption system deciphering speed is fast, ciphertext is short, make to the ciphertext of IBBE system, to be converted into possibility across IBE.

2, technical scheme:

The present invention includes five entities: 1) private key generating center (Private Key Generator, PKG): there is identifying user identity, calculate the mechanism of generation, dispatch user private key functionality; 2) decrypt authorized side (Delegator): have encryption, T.G Grammar cipher key function individual or social framework; 3) act on behalf of re-encryption side (Proxy): have according to individual or the social framework of re-encrypted private key Re-encryption Key (RK) conversion ciphertext; 4) the authorized side of deciphering (Delegatee): have decipher function individual or social framework; 5) file management side (File Manager): the social framework with storage data function.

First, we define user's identity---ID, and the identity of representative of consumer in system is expressed as a string character string arbitrarily.Secondly, we define user identity set---S in IBBE system, represent broadcast enciphering towards user identity set, the element in set is the identity of user in IBBE system.Owing to having used the mathematical knowledge of bilinear map and this two aspect of anti-collision hash function in the designed algorithm of the present invention.Special at this definition and characteristic to bilinear map and anti-collision hash function make explanations.

2.1 bilinearitys pair

We define a kind of Function Mapping e (. .), by group in element map to group in go, that is:

Bilinearity has satisfied characteristic:

1. bilinear characteristics: for there is e (g ^a, h ^b)=e (g, h) ^abset up;

2. non-degeneracy: in group, at least there is an element g, make the e (g, g) after calculating be certain generator of group;

3. computability: have effective algorithm, make all can effectively calculate the value of e (u, v);

Wherein, Z _prepresent to gather 0,1,2 ..., p-1}.

2.2 anti-collision hash functions

The hash function using in the present invention possesses two fundamental characteristics: one-way and anti-collision; One-way refers to and can only derive output from the input of hash function, and can not calculate from the output of hash function input; Anti-collision refers to and can not find two different hash function inputs to make coming to the same thing after its Hash.Hash algorithm input in the present invention is user's identity ID, with arbitrary string form, represents; Be output as and be mapped to territory Z _pin element.

2.3 scheme contents

The present invention is that a kind of cross-system based on identity is acted on behalf of re-encryption method, the method by initialization module, data encryption module, private key generation module, transition key generation module, act on behalf of re-encryption module and deciphering module, totally 15 steps of six modules realize its function, the system architecture diagram of acting on behalf of re-encryption method that the present invention is designed as shown in Figure 1, existing in conjunction with Fig. 1, the function introduction of the method for the invention and each module is as follows.

A kind of cross-system based on identity of the present invention is acted on behalf of re-encryption method, and its practice is as follows:

Module one: initialization module

PKG gathers authorized user in system safety parameter lambda, IBBE system the number of users upper limit (m-1) that can comprise as inputting in this module, exports master key MSK _iBE, MSK _iBBE, and PKI PK _iBE, PK _iBBE.PKI can disclose, and master key must hold in close confidence by PKG, can not reveal.The realization of this functions of modules is specifically divided into following four steps:

Step 1:PKG is input system security parameter λ first, and then executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:

Next PKG moves Generating Random Number, selects at random certain generator g in group, an element h in group, and an element α in territory is as Stochastic;

A bilinearity of step 3:PKG operation, to computing, twice exponentiation computing and (m-1) inferior multiplying, obtains an element e (g, h) in group, and (m+1) individual element in group

Step 4: last, PKG selects a kind of anti-collision hash function H (), and this function meets all characteristics of anti-collision hash function, input can be character string arbitrarily, is output as and is mapped to territory in a certain element.Above-mentioned four parameters that step obtains of process:

${\mathrm{PK}}_{\mathrm{IBBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},...,h^{{\mathrm{\α}}^m},H(\·))$

Can external disclosure as the PKI of IBBE encryption system; The PKI of IBE encryption system is different from above-mentioned PKI, for:

${\mathrm{PK}}_{\mathrm{IBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},h^{{\mathrm{\α}}^2},H(\·))$

IBE is identical with the master key of IBBE encryption system, for:

MSK _IBE＝MSK _IBBE＝(g,α)

By PKG keeping;

Wherein, at " the algorithm g (1 described in step 1 ^λ) ", its operation method is as follows: private key generating center (PKG) input system security parameter λ, according to the size of λ, system is selected corresponding elliptic curve: Y ²=X ³+ aX+b (a and b are coefficients), then by the point on elliptic curve form two prime number p rank group select a kind of Function Mapping e, by group in element map to group in go; Security parameter numerical value is larger, and the point on selected elliptic curve is also more, and group is also larger.

Wherein, at " Generating Random Number " described in step 2, its way is as follows: according to selected elliptic curve: Y in step 1 ²=X ³+ aX+b, selects a value x of independent variable X at random ₁, calculate the value y of corresponding dependent variable Y ₁; If point (x ₁, y ₁) at us, want, in the group of mapping, successfully to have generated random element.If point (x ₁, y ₁) not in group, continue to select the value of X, until find the point appearing in group.In addition territory, represent to gather 1,2 ..., p-1}, selects territory at random the random number generation function of middle element can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.The Generating Random Number of hereinafter mentioning moves all as stated above.

Wherein, in " operation bilinearity to computing " described in step 3, its way is as follows: independent variable be input as group in element g, h, be output as group in element: e (g, h).

Wherein, at " the anti-collision hash function H () " described in step 4, equally can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.

Module two: private key generation module

This module is respectively the user assignment private key in IBE system and IBBE system by PKG, and module is inputted identity ID and the master key MSK of a certain user in system _iBEor MSK _iBBE, generate corresponding private key SK _iBEor SK _iBBE, and the private key of output is sent to each system user keeping.This functions of modules be embodied as following two steps:

Step 5:PKG moves anti-collision hash function H (), calculates

$H\left({\mathrm{ID}}_{\mathrm{IBE}}\right),H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)\∈Z_p^{*};$

ID in formula _iBErepresent the identity of user in IBE encryption system, ID _iBBErepresent the identity of user in IBBE encryption system, all use a string string representation arbitrarily;

Step 6:PKG moves an add operation, once asks computing reciprocal and asks exponent arithmetic, according to formula below, calculates the private key for user in IBE encryption system:

${\mathrm{SK}}_{\mathrm{IBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}}$

And, user's private key in IBBE encryption system:

${\mathrm{SK}}_{\mathrm{IBBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)}};$

Module three: data encryption module

Authorized party in IBE encryption system (Delegator) in this module by PKI PK _iBEwith the identity ID of oneself _iBEand message M to be encrypted is as input, exports the ciphertext CT after encrypting _iBE, and encrypt data is uploaded to the outsourcing storage of file management side.The realization of this functions of modules divides following two steps:

Step 7: authorized party is that Delegator moves anti-collision hash function H (), calculates $H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)\∈Z_p^{*};$

Step 8: authorized party is Delegator operation Generating Random Number, selects at random territory in an element s as index, according to formula below, move twice multiplication and three exponentiation computings, obtain:

C ₀＝M·e(g，h) ^s， $C_1=h^{\mathrm{\αs}}{h}^{H\left(\mathrm{ID}\right)s}=h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))}$

Last ciphertext is output as: CT _iBE=(C ₀, C ₁), this ciphertext is the identity ID according to Delegator _iBEencrypt, therefore only have the private key SK of Delegator oneself _iBEcan decipher;

Module four: transition key generation module

The private key SK obtaining from PKG of the authorized party in IBE encryption system (Delegator) basis oneself in this module _iBE, authorized user's (Delegatee) identity S set and the PKI PK of IBBE encryption system in IBBE encryption system _iBBE, calculate T.G Grammar key---RK _{iBE → IBBE}, and the transition key of generation is sent to while acting on behalf of re-encryption side in order to re-encryption and used.The realization of this functions of modules is specifically divided into following three steps:

Step 9: authorized party is that first Delegator moves Generating Random Number, selects at random certain element in group as blinding factor;

Step 10: for each identity in authorized user (Delegatee) identity S set, Delegator moves n anti-collision hash function H (), obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

The identity quantity in the set of n representative of consumer wherein;

Step 11: authorized party is Delegator operation Generating Random Number, selects at random territory in an element v as index; Move according to the following formula multinomial time exponentiation computing and multiplying, obtain:

C ₀′＝k·e(g，h) ^v， ${C_1}^{\′}=h^{v(\mathrm{\α}+H\left({\mathrm{ID}}_{1\mathrm{IBBE}}\right))(\mathrm{\α}+H\left({\mathrm{ID}}_{2\mathrm{IBBE}}\right))\·\·\·(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{nIBBE}}\right))}$

We are expressed as the result obtaining:

R＝(C ₀',C ₁')

Through final step multiplying SK _iBEk, authorizes and has conveniently generated transition key:

RK _IBE→IBBE＝(SK _IBE·k,R)

Wherein, the use that authorized user's (Delegatee) identity S set is defaulted as in all set is known per family.

Module five: act on behalf of re-encryption module

Act on behalf of re-encryption side (Proxy) after obtaining the transition key of Delegator generation, from file management side, download the enciphered data CT that authorized party uploads _iBE, and according to transition key RK _{iBE → IBBE}ciphertext CT with needs conversion _iBE, the ciphertext after calculating side must change, the function of this module is calculated and is realized by a following step:

Step 12:Proxy move according to the following formula bilinearity to a division arithmetic, obtain:

$\begin{array}{c}{D}_0=\frac{C_0}{e({\mathrm{SK}}_{\mathrm{IBE}}\·k,C_1)}=\frac{{\mathrm{Me}(g,h)}^s}{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}},h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})}\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\end{array}$

Through the ciphertext of acting on behalf of after re-encryption, be:

CT _IBE→IBBE＝(D ₀,C ₁,R)；

Module six: deciphering module

We suppose that the identity of a certain authorized side (Delegatee) in authorized user's identity S set is ID _iIBBE, the private key in corresponding IBBE encryption system is SK _iIBBE.Delegatee receives the private key that PKG generates and downloads acquisition re-encryption ciphertext CT from acting on behalf of re-encryption side (Proxy) _{iBE → IBBE}afterwards, according to the private key information SK of oneself _iBBEwith authorized user's identity S set, can decipher and obtain blinding factor k, through a step simple calculations, just can obtain clear-text message M, the function of this module realizes and is specifically divided into following 3 steps:

Step 13: authorized side be Delegatee first for each identity in authorized user's identity S set, operation once anti-collision hash function H () obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

Identity quantity in n representative of consumer set in formula;

Step 14: authorized side be Delegatee move according to the following formula twice bilinearity to computing and multinomial sub-addition, connect multiplication and obtain:

$\begin{array}{c}{A=(e(g^{-\mathrm{\αv}},h^{\frac{1}{\mathrm{\α}}(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))})\·e({\mathrm{SK}}_{\mathrm{iIBBE}},{C_1}^{\′}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ {(e(g,h)}^{-v(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))}\\ \·{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{iIBBE}}\right)}},g^{\frac{1}{v(\underset{j=1}{\overset{n}{\mathrm{\Π}}}\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ ={e(g,h)}^v\end{array}$

Carry out again a division arithmetic and can obtain blinding factor k:

$k=\frac{{C_0}^{\′}}{A}A=\frac{{\mathrm{ke}(g,h)}^v}{e{(g,h)}^v};$

Step 15: last, authorized side be Delegatee according to the following formula through bilinearity to and multiplying, obtain last clear-text message M:

$\begin{array}{c}M=D_0\·e(k,C_1)\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\·e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))})\end{array}.$

3, advantage and effect:

The invention provides a kind of cross-system based on identity and act on behalf of re-encryption method, can be used for authorized party's ciphertext conversion under different encryption systems from authorized side, its advantage and effect are:

1) the inventive method, first on existing identity base broadcast enciphering (IBBE) scheme basis, has been constructed a kind of identity base and has been encrypted (IBE) scheme, and this scheme has advantages of that key is little, ciphertext is short.

2) the inventive method has been introduced and has been acted on behalf of re-encryption side, convert the ciphertext of the public key encryption with authorized party to ciphertext with authorized square public key encryption, the ciphertext that the private key that makes re-encryption can only convert by the ciphertext that authorized party's private key is deciphered before authorized side to also can be deciphered, make sharing of enciphered message both save the step that loaded down with trivial details deciphering is encrypted again, ensured the fail safe of sharing information simultaneously.

3) the inventive method is from advantage and the innovative point of the re-encryption method of acting on behalf of maximum in the past: the method connects the user under different encryption systems by acting on behalf of the thought of re-encryption, realizes like a cork sharing of enciphered message; The existing re-encryption method of acting on behalf of is only applicable to authorized party and the authorized side situation under identical encryption system, and this has limited user's the scope of application greatly.The inventive method is encrypted and identity base broadcast encryption method in conjunction with the identity base extensively coming into operation now, makes the shared possibility that becomes of encrypt file of cross-system by agent's participation.

4) authorized party in the inventive method only needed according to the private key of oneself and the user identity S set under IBBE encryption system before proxy-encrypted, according to the public key information of IBBE system, got final product T.G Grammar key; First blind authorized party's oneself private key, then use IBBE system encryption to blinding information, thereby guaranteed to only have the user of identity in S can decrypt the information of blinding, recover final plaintext.

5) in the inventive method act on behalf of the ciphertext of re-encryption side under obtaining IBE system and transition key after ciphertext is carried out in the process of re-encryption, can not know relevant private key for user and any information expressly, the method particularly suitable is in acting on behalf of the incomplete believable applied environment in re-encryption side.

(4) accompanying drawing explanation:

Fig. 1 is the system architecture diagram of the method for the invention.

Fig. 2 is the FB(flow block) of the method for the invention.

(5) embodiment

The present invention is that a kind of cross-system based on identity is acted on behalf of re-encryption method, see shown in Fig. 1,2, the method by initialization module, private key generation module, data encryption module, transition key generation module, act on behalf of re-encryption module and these six modules of deciphering module realize.The whole system flow of acting on behalf of the operation of re-encryption method is shown in Fig. 2, in conjunction with FB(flow block), the specific implementation step of the method is described below:

Module one: initialization module

The realization of this functions of modules is specifically divided into four steps:

Step 1:PKG is input system security parameter λ first, executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:

Next PKG moves Generating Random Number, selects at random certain generator g in group, an element h in group, and an element α in territory is as Stochastic.

A bilinearity of step 3:PKG operation, to computing, twice exponentiation computing and (m-1) inferior multiplying, obtains an element e (g, h) in group, and (m+1) individual element in group

Step 4: last, PKG selects a kind of anti-collision hash function H (), and this function meets all characteristics of anti-collision hash function, and input can be the character string of random length, is output as and is mapped to territory in a certain element.

Above-mentioned four parameters that step obtains of process:

${\mathrm{PK}}_{\mathrm{IBBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},...,h^{{\mathrm{\α}}^m},H(\·))$

Can external disclosure as the PKI of IBBE encryption system; The PKI of IBE encryption system is different from above-mentioned PKI, for:

${\mathrm{PK}}_{\mathrm{IBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},h^{{\mathrm{\α}}^2},H(\·))$

IBE is identical with the master key of IBBE encryption system, for:

MSK _IBE＝MSK _IBBE＝(g,α)

By PKG keeping.

Wherein, at " the algorithm g (1 described in step 1 ^λ) ", its operation method is as follows: private key generating center (PKG) input system security parameter λ, according to the size of λ, system is selected corresponding elliptic curve: Y ²=X ³+ aX+b (a and b are coefficients), then by the point on elliptic curve form two prime number p rank group select a kind of Function Mapping e, by group in element map to group in go; Security parameter numerical value is larger, and the point on selected elliptic curve is also more, and group is also larger.

Wherein, " Generating Random Number " described in step 2, its way is as follows: according to selected elliptic curve: Y in step 1 ²=X ³+ aX+b, selects a value x of independent variable X at random ₁, calculate the value y of corresponding dependent variable Y ₁; If point (x ₁, y ₁) at us, want, in the group of mapping, successfully to have generated random element.If point (x ₁, y ₁) not in group, continue to select the value of X, until find the point appearing in group.In addition territory, represent to gather 1,2 ..., p-1}, selects territory at random the random number generation function of middle element can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.The Generating Random Number of hereinafter mentioning moves all as stated above.

Wherein, " operation bilinearity to computing " described in step 3, its way is as follows: independent variable be input as group in element g, h, be output as group in element: e (g, h).

Wherein, the anti-collision hash function H () described in step 4 equally can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.

Module two: private key generation module

This functions of modules be embodied as two steps:

Step 5:PKG moves anti-collision hash function H (), calculates:

$H\left({\mathrm{ID}}_{\mathrm{IBE}}\right),H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)\∈Z_p^{*};$

ID in formula _iBErepresent the identity of user in IBE encryption system, ID _iBBErepresent the identity of user in IBBE encryption system, all use a string string representation arbitrarily.

Step 6:PKG moves an add operation, once asks computing reciprocal and asks exponent arithmetic, according to formula below, calculates the private key for user in IBE encryption system:

${\mathrm{SK}}_{\mathrm{IBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}}$

And, user's private key in IBBE encryption system:

${\mathrm{SK}}_{\mathrm{IBBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)}}$

Module three: data encryption module

The realization of this functions of modules divides three steps:

Step 7:Delegator moves anti-collision hash function H (), calculates

Step 8:Delegator moves Generating Random Number, selects at random territory in an element s as index, according to formula below, move twice multiplication and three exponentiation computings, obtain:

$C_0=M\·e{(g,h)}^s,C_1=h^{\mathrm{\αs}}{h}^{H\left(\mathrm{ID}\right)s}=h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))}$

Last ciphertext is output as: CT _iBE=(C ₀, C ₁), this ciphertext is the identity ID according to Delegator _iBEencrypt, therefore only have the private key SK of Delegator oneself _iBEcan decipher.

Module four: transition key generation module

The realization of this functions of modules is specifically divided into three steps:

First step 9:Delegator moves Generating Random Number, selects at random certain element in group as blinding factor.

Step 10: for each identity in authorized user (Delegatee) identity S set, Delegator moves n anti-collision hash function H (), obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

The identity quantity in the set of n representative of consumer wherein.

Step 11:Delegator moves Generating Random Number, selects at random territory in an element v as index; Move according to the following formula multinomial time exponentiation computing and multiplying, obtain:

C ₀′＝k·e(g，h) ^v， ${C_1}^{\′}=h^{v(\mathrm{\α}+H\left({\mathrm{ID}}_{1\mathrm{IBBE}}\right))(\mathrm{\α}+H\left({\mathrm{ID}}_{2\mathrm{IBBE}}\right))\·\·\·(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{nIBBE}}\right))}$

We are expressed as the result obtaining:

R＝(C ₀',C ₁')

Through final step multiplying SK _iBEk, authorizes and has conveniently generated transition key:

RK _IBE→IBBE＝(SK _IBE·k,R)

Wherein, the use that authorized user's (Delegatee) identity S set is defaulted as in all set is known per family.

Module five: act on behalf of re-encryption module

The function of this module is calculated and is realized by a step:

Step 12:Proxy move according to the following formula bilinearity to a division arithmetic, obtain:

$\begin{array}{c}{D}_0=\frac{C_0}{e({\mathrm{SK}}_{\mathrm{IBE}}\·k,C_1)}=\frac{{\mathrm{Me}(g,h)}^s}{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}},h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})}\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\end{array}$

Through the ciphertext of acting on behalf of after re-encryption, be:

CT _IBE→IBBE＝(D ₀,C ₁,R)

Module six: deciphering module

The function of this module realizes and is specifically divided into 3 steps:

Step 13:Delegatee is first for each identity in authorized user's identity S set, and operation once anti-collision hash function H () obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

Identity quantity in n representative of consumer set in formula.

Step 14:Delegatee moves according to the following formula twice bilinearity computing and multinomial sub-addition, company's multiplication is obtained:

$\begin{array}{c}{A=(e(g^{-\mathrm{\αv}},h^{\frac{1}{\mathrm{\α}}(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))})\·e({\mathrm{SK}}_{\mathrm{iIBBE}},{C_1}^{\′}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ ={(e(g,h)}^{-v(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))}\\ \·{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{iIBBE}}\right)}},g^{\frac{1}{v(\underset{j=1}{\overset{n}{\mathrm{\Π}}}\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ ={e(g,h)}^v\end{array}$

Carry out again a division arithmetic and can obtain blinding factor k:

$k=\frac{{C_0}^{\′}}{A}A=\frac{{\mathrm{ke}(g,h)}^v}{e{(g,h)}^v}$

Step 15: last, Delegatee according to the following formula through bilinearity to and multiplying, obtain last clear-text message M:

$\begin{array}{c}M=D_0\·e(k,C_1)\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\·e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))})\end{array}.$

Claims (5)

1. the cross-system based on identity is acted on behalf of a re-encryption method, it is characterized in that: its practice is as follows:

Module one: initialization module

Private key generating center is that PKG is that in IBBE system, authorized user gathers the number of users upper limit m-1 that can comprise as input using system safety parameter lambda, broadcast encryption method based on identity in this module, exports master key MSK _iBE, MSK _iBBE, and PKI PK _iBE, PK _iBBE; PKI can be open, and master key must hold in close confidence by PKG, can not reveal; The realization of this functions of modules is specifically divided into following four steps:

Step 1:PKG is input system security parameter λ first, and then executing arithmetic g (1 ^λ), export two groups that exponent number is prime number p with a bilinear map computing

Step 2:

Next PKG moves Generating Random Number, selects at random certain generator g in group, an element h in group, and an element α in territory is as Stochastic;

A bilinearity of step 3:PKG operation, to computing, twice exponentiation computing and (m-1) inferior multiplying, obtains an element e (g, h) in group, and (m+1) individual element in group

Step 4: last, PKG selects a kind of anti-collision hash function H (), and this function meets all characteristics of anti-collision hash function, is input as character string arbitrarily, is output as and is mapped to territory in a certain element;

Above-mentioned four parameters that step obtains of process:

${\mathrm{PK}}_{\mathrm{IBBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},...,h^{{\mathrm{\α}}^m},H(\·))$

PKI energy external disclosure as IBBE encryption system; The PKI of IBE encryption system is different from above-mentioned PKI, for:

${\mathrm{PK}}_{\mathrm{IBE}}=(g^{\mathrm{\α}},e(g,h),h,h^{\mathrm{\α}},h^{{\mathrm{\α}}^2},H(\·))$

IBE is identical with the master key of IBBE encryption system, for:

MSK _IBE＝MSK _IBBE＝(g,α)

By PKG keeping;

Module two: private key generation module

This module is respectively the user assignment private key in IBE system and IBBE system by PKG, and module is inputted identity ID and the master key MSK of a certain user in system _iBEor MSK _iBBE, generate corresponding private key SK _iBEor SK _iBBE, and the private key of output is sent to each system user keeping; This functions of modules be embodied as following two steps:

Step 5:PKG moves anti-collision hash function H (), calculates

$H\left({\mathrm{ID}}_{\mathrm{IBE}}\right),H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)\∈Z_p^{*}$

ID in formula _iBErepresent the identity of user in IBE encryption system, ID _iBBErepresent the identity of user in IBBE encryption system, all use a string string representation arbitrarily;

Step 6:PKG moves an add operation, once asks computing reciprocal and asks exponent arithmetic, according to formula below, calculates the private key for user in IBE encryption system:

${\mathrm{SK}}_{\mathrm{IBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}}$

And, user's private key in IBBE encryption system:

${\mathrm{SK}}_{\mathrm{IBBE}}=g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBBE}}\right)}}$

Module three: data encryption module

Authorized party Delegator in IBE encryption system in this module by PKI PK _iBEwith the identity ID of oneself _iBEand message M to be encrypted is as input, exports the ciphertext CT after encrypting _iBE, and encrypt data is uploaded to the outsourcing storage of file management side; The realization of this functions of modules divides following two steps:

Step 7: authorized party is that Delegator moves anti-collision hash function H (), calculates

Step 8: authorized party is Delegator operation Generating Random Number, selects at random territory in an element s as index, according to formula below, move twice multiplication and three exponentiation computings, obtain:

C ₀＝M·e(g，h) ^s， $C_1=h^{\mathrm{\αs}}{h}^{H\left(\mathrm{ID}\right)s}=h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))}$

Last ciphertext is output as: CT _iBE=(C ₀, C ₁), this ciphertext is the identity ID according to Delegator _iBEencrypting, is the private key SK of Delegator oneself therefore only have authorized party _iBEcan decipher;

Module four: transition key generation module

Authorized party in IBE encryption system is the private key SK obtaining from PKG of Delegator basis oneself in this module _iBE, authorized user is the identity S set of Delegatee and the PKI PK of IBBE encryption system in IBBE encryption system _iBBE, calculate T.G Grammar key---RK _{iBE → IBBE}, and the transition key of generation is sent to while acting on behalf of re-encryption side in order to re-encryption and used; The realization of this functions of modules is specifically divided into following three steps:

Step 9: authorized party is that first Delegator moves Generating Random Number, selects at random certain element in group as blinding factor;

Step 10: be each identity in Delegatee identity S set for authorized side, authorized party is Delegator operation n anti-collision hash function H (), obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

The identity quantity in the set of n representative of consumer wherein;

Step 11: authorized party is Delegator operation Generating Random Number, selects at random territory in an element v as index; Move according to the following formula multinomial time exponentiation computing and multiplying, obtain:

C ₀′＝k·e(g，h) ^v， ${C_1}^{\′}=h^{v(\mathrm{\α}+H\left({\mathrm{ID}}_{1\mathrm{IBBE}}\right))(\mathrm{\α}+H\left({\mathrm{ID}}_{2\mathrm{IBBE}}\right))\·\·\·(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{nIBBE}}\right))}$ We are expressed as the result obtaining:

R＝(C ₀',C ₁')

Through final step multiplying SK _iBEk, authorized party is that Delegator has just generated transition key:

RK _IBE→IBBE＝(SK _IBE·k,R)

Wherein, authorized side is that the use that the identity S set of Delegatee is defaulted as in all set is known per family;

Module five: act on behalf of re-encryption module

Act on behalf of re-encryption side and be Proxy after obtaining the transition key that Delegator generates, the enciphered data CT uploading from file management side download authorized party _iBE, and according to transition key RK _{iBE → IBBE}ciphertext CT with needs conversion _iBE, the ciphertext after calculating side must change, the function of this module is calculated and is realized by a following step:

Step 12: act on behalf of re-encryption side and be Proxy move according to the following formula bilinearity to a division arithmetic, obtain: $\begin{array}{c}{D}_0=\frac{C_0}{e({\mathrm{SK}}_{\mathrm{IBE}}\·k,C_1)}=\frac{{\mathrm{Me}(g,h)}^s}{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)}},h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right)})}\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\end{array}$

Through the ciphertext of acting on behalf of after re-encryption, be:

CT _IBE→IBBE＝(D ₀,C ₁,R)；

Module six: deciphering module

We suppose that a certain authorized side is that the identity of Delegatee in all authorized sides' identity S set is ID _iIBBE, the private key in corresponding IBBE encryption system is SK _iIBBE; Authorized side is that Delegatee receives the private key that PKG generates and is that Proxy downloads acquisition re-encryption ciphertext CT from acting on behalf of re-encryption side _{iBE → IBBE}afterwards, according to the private key information SK of oneself _iBBEwith all authorized sides' identity S set, can decipher and obtain blinding factor k, through a step simple calculations, just can obtain clear-text message M, the function of this module realizes and is specifically divided into following 3 steps:

Step 13: authorized side be Delegatee first for each identity in authorized user's identity S set, operation once anti-collision hash function H () obtains:

H(ID _1IBBE),H(ID _2IBBE)…H(ID _nIBBE)

Identity quantity in n representative of consumer set in formula;

Step 14: authorized side be Delegatee move according to the following formula twice bilinearity to computing and multinomial sub-addition, connect multiplication and obtain:

$\begin{array}{c}{A=(e(g^{-\mathrm{\αv}},h^{\frac{1}{\mathrm{\α}}(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))})\·e({\mathrm{SK}}_{\mathrm{iIBBE}},{C_1}^{\′}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ {(e(g,h)}^{-v(\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))-\underset{j=1,j\≠i}{\overset{n}{\mathrm{\Π}}}\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right))}\\ \·{e(g^{\frac{1}{\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{iIBBE}}\right)}},g^{\frac{1}{v(\underset{j=1}{\overset{n}{\mathrm{\Π}}}\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}))}^{\frac{1}{{\mathrm{\Π}}_{j=1,j\≠i}^{n}H\left({\mathrm{ID}}_{\mathrm{jIBBE}}\right)}}\\ ={e(g,h)}^v\end{array}$

Carry out again a division arithmetic and can obtain blinding factor k:

$k=\frac{{C_0}^{\′}}{A}A=\frac{{\mathrm{ke}(g,h)}^v}{e{(g,h)}^v};$

Step 15: last, authorized side be Delegatee according to the following formula through bilinearity to and multiplying, obtain last clear-text message M:

$\begin{array}{c}M=D_0\·e(k,C_1)\\ =\frac{M}{e(k,h^{s(\mathrm{\α}+H({\mathrm{ID}}_{\mathrm{IBE}})})}\·e(k,h^{s(\mathrm{\α}+H\left({\mathrm{ID}}_{\mathrm{IBE}}\right))})\end{array}.$

2. a kind of cross-system based on identity according to claim 1 is acted on behalf of re-encryption method, it is characterized in that: at " the algorithm g (1 described in step 1 ^λ) ", its operation method is as follows: private key generating center is PKG input system security parameter λ, and according to the size of λ, system is selected corresponding elliptic curve: Y ²=X ³+ aX+b, a and b are coefficients, then the point on elliptic curve, consist of the group on two prime number p rank select a kind of Function Mapping e, by group in element map to group in go; Security parameter numerical value is larger, and the point on selected elliptic curve is also more, and group is also larger.

3. a kind of cross-system based on identity according to claim 1 is acted on behalf of re-encryption method, it is characterized in that: at " Generating Random Number " described in step 2, its way is as follows: according to selected elliptic curve: Y in step 1 ²=X ³| aX|b, selects a value x of independent variable X at random ₁, calculate the value y of corresponding dependent variable Y ₁; If point (x ₁, y ₁) at us, want, in the group of mapping, successfully to have generated random element; If point (x ₁, y ₁) not in group, continue to select the value of X, until find the point appearing in group; In addition territory, represent to gather 1,2 ..., p-1}, selects territory at random the random number generation function of middle element can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.

4. a kind of cross-system based on identity according to claim 1 is acted on behalf of re-encryption method, it is characterized in that: in " operation bilinearity to computing " described in step 3, its way is as follows: independent variable be input as group in element g, h, be output as group in element: e (g, h).

5. a kind of cross-system based on identity according to claim 1 is acted on behalf of re-encryption method, it is characterized in that: at " the anti-collision hash function H () " described in step 4, equally can Using Call Library Function operation from Pairing-Based Cryptosystems function bag.