CN104539423A - Achievement method of certificate-less public key cryptosystem without bilinear pairing operation - Google Patents

Achievement method of certificate-less public key cryptosystem without bilinear pairing operation Download PDF

Info

Publication number
CN104539423A
CN104539423A CN201410772127.5A CN201410772127A CN104539423A CN 104539423 A CN104539423 A CN 104539423A CN 201410772127 A CN201410772127 A CN 201410772127A CN 104539423 A CN104539423 A CN 104539423A
Authority
CN
China
Prior art keywords
user
key
public key
pki
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410772127.5A
Other languages
Chinese (zh)
Other versions
CN104539423B (en
Inventor
熊荣华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baiwang Xin'an Technology Co. Ltd.
Original Assignee
熊荣华
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 熊荣华 filed Critical 熊荣华
Priority to CN201410772127.5A priority Critical patent/CN104539423B/en
Publication of CN104539423A publication Critical patent/CN104539423A/en
Application granted granted Critical
Publication of CN104539423B publication Critical patent/CN104539423B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention provides an achievement method of a certificate-less public key cryptosystem without bilinear pairing operation and belongs to the field of information safety. The achievement method is used for solving the problems of generation of a secret key of a user, usage and authentication of a public key of the user. According to the achievement method, firstly, a user sets a secret value and calculates a temporary public key, then a secret key generating center generates the other part of the secret key for the user and enables the two parts to be bound, and finally the user synthesizes a his/her actual public and secret key pair. The defect that public key replacement and signature counterfeit possibly exist in a common certificate-less cryptosystem is overcome, the user has complete control right on the secret key, the secret key can be revoked and re-generated, and the signature of the user has non-repudiation. The achievement method adopts a public key cryptographic algorithm of a standard elliptic curve, does not adopt the bilinear pairing operation, is few in occupied resources and high in safety and can operate without the secret key generating center when being applied to signature, authentication and secret key negotiation. By means of the achievement method, identity authentication, communication security and non-repudiation application demands of large-scale systems and low-power-consumption devices can be met.

Description

A kind of implementation method without CertPubKey cryptographic system without Bilinear map computing
Technical field
The invention belongs to information security field, particularly a kind ofly do not use the implementation method without CertPubKey key cryptosystem of Bilinear map computing based on elliptic curve.
Background technology
Public-key cryptosystem needs to solve the problems such as cryptographic algorithm, secret generating and encryption key distribution, it is crucial that will solve the authentication question to client public key.According to the difference of authentication public key method, common public-key cryptosystem has following three kinds:
Public-key cryptosystem based on certificate: PKI (Public Key Infrastructure);
Public-key cryptosystem based on mark: IBC (Identity Based Cryptograph);
Without CertPubKey cryptographic system: CLPKC (Certificateless Public key Cryptography).
PKI is a kind of PKIX, it adopts certificate authority (Certification Authority, CA) issue the form of certificate to set up contacting between user identity and its PKI had, the digital signature of CA can ensure the authenticity of client public key.But the management process of certificate needs a lot of computing costs and storage overhead.In order to exempt the management to user certificate, within 1984, Shamir proposes a kind of public key cryptography (IBC) system of identity-based, in this system, the PKI of user is made up of the Bit String relevant to user identity, uniquely determined by user ID, private key is then generated by trust authoritative institution.This system eliminates the dependence to user certificate, simplifies the management process of key, but also there are 3 weakness: 1) private key for user must be generated by trust authoritative institution, and there is key escrow, user's signature does not have uniqueness and non-repudiation; 2) user key cannot be cancelled; 3) use during elliptic curve structure identity based cryptography and must use Bilinear Pairing computing, calculation of complex, inefficiency.2003, the people such as Al-Riyami proposed, without CertPubKey cryptographic system (CLPKC), to become the study hotspot of field of cryptography first.Certificateless cryptosystem, between PKI public-key cryptosystem and the public-key cryptosystem of identity-based, has the advantage of the two concurrently.In this system, the key of user is independently generated by trusted party and user oneself, and user has complete control to private key; Client public key calculates by user ID and User Part PKI, does not need the certificate that uses public-key; So both decrease the certificate management problem in conventional P KI, turn eliminate the key escrow in identity-based cryptosystems, improve the operational efficiency of system, decrease the complexity of system.In the certificateless cryptosystem or other improvement version of Al-Riyami proposition, encryption key distribution is generally through three steps: be first trusted party initialization, system parameters is set, next is trusted party is user's generating portion private key, is finally added actual private key and the actual public key of secret value synthesis user by user.Therefore user key is independently generated by trusted party and user oneself, and private key for user maintains complete secrecy to external world, eliminates key escrow.Propose so far from this system imagination, Chinese scholars has proposed tens of kinds without CertPubKey cryptography scheme, but two parts key that system generates and user generates all separately uses by most of scheme, or used after two part synthesis by user, thus make them easily suffer PKI substitution attack and forgery attack, there is safety defect, cause segmentation scheme to be broken.On the other hand, certificateless cryptosystem is based upon common discrete logarithm and calculates on a difficult problem (DLP) and an Elliptic Curve Discrete Logarithm calculating difficult problem (ECDLP), most of implementation all employ Bilinear map computing, operation efficiency is lower, reduces the application advantage of certificateless cryptosystem.Some implementation method comparison are special, are only only suitable for a kind of crypto-operation, and what have can only be used for signature, and what have can only be used for encryption, can not be formed general complete without CertPubKey cryptosystem.Therefore, found that a kind of to realize without the method without CertPubKey cryptographic system of Bilinear map computing be primary motivitation of the present invention.
Summary of the invention
The present invention combines PKI public-key cryptosystem, the public-key cryptosystem of identity-based and the advantage of certificateless cryptosystem, disclose a kind of newly based on elliptic curve, do not use two-wire to the concrete methods of realizing without CertPubKey cryptographic system of computing.The present invention adopts new encryption key distribution mode, effectively manages user key.The present invention does not need to carry out complicated certificate management, and do not use Bilinear map computing, user key can be cancelled.On this basis without CertPubKey cryptographic system newly, id-based signatures (Identity Based Signature can be constructed, IBS) scheme, certification (the Identity BasedIdentificaton of identity-based, IBI) key agreement (the Identity Based Authentication Key Exchange of agreement and identity-based, IBAKE) agreement, and for common digital signature, public key encryption, cipher key change and sign close etc., completely compatible with existing elliptic curve cryptography, there is operation efficiency high, take resource few, the clear superiority of high safety, be suitable for the ultra-large system application with mass users.
Of the present inventionly to be made up of believable key generation centre (Key Generation Center, be called for short KGC) and user subject without CertPubKey cryptographic system.It is different without certificate system prototype version that key distribution scheme and Al-Riyami propose, user's secret value be arranged on KGC for before user's generating portion private key, instead of after KGC is user's generating portion private key, and, when KGC is user's generating portion private key, in the mode of signature, user ID and User Part PKI are bound together, public key replacement attack, personation identity attack and forgery attack can be eliminated.Further, two parts key that system generates and user generates is synthesized a double secret key and uses by the present invention, does not need to use Bilinear map computing, can use the existing standard public-key cryptographic keys algorithm based on elliptic curve during crypto-operation.
Implementation method without CertPubKey cryptographic system of the present invention is based upon on conventional elliptic curve, and main contents comprise system foundation, user key generation, user key use and cryptographic algorithm application etc.
1. system is set up
System of the present invention is set up and is completed according to the following steps.
If E:y 2=x 3+ ax+b is finite field F qon elliptic curve, n is prime number, and m>=1 is positive integer, and G is a n rank basic point on E, h 0(), h 1() ..., h m() is one group of { HASH function of 0,1}* → [1, n 1].
KGC Stochastic choice m secret value as main system private key, computing system Your Majesty key: P 1=s 1g ..., P m=s mg.The secret s of KGC 1..., s m, open system parameters
2. user key generates
User key of the present invention is generated and is completed by following steps.
(1) the user subject Stochastic choice secret value of ID is designated calculate X=xG.Send (ID, X) to KGC.
(2) KGC is after receiving (ID, X), the legitimacy of inspection user ID and identity.Stochastic choice calculate: P=X+yG, e i=h i(ID||P), i=0,1 ..., m, if e 0=0 or e 1..., e mbe 0 entirely, then reselect y.Finally generate User Part private key z=e 0y+e 1s 1+ ... + e ms m(mod n), P to user, and publishes as the part PKI of user by loopback (P, z).For ensureing system safety, KGC should ensure to select different y and different P for different users.
(note: symbol || represent the serial connection of data, lower same.)
(3), after user receives (P, z), e is calculated i=h i(ID||P), d=e 0x+z (mod n), Q=dG, and verify Q=e 0p+e 1p 1+ ... + e mp mwhether set up.If set up, then arrange the private key that d is user, P is the part PKI of user, and Q is the actual public key of user.
Note r=x+y, private key for user of the present invention can be expressed as d=e 0r+e 1s 1+ ... + e ms m(mod n), described User Part PKI can be expressed as P=rG, and described user's actual public key can be expressed as Q=e 0p+e 1p 1+ ... + e mp m, and meet Q=dG.
3. user key uses
(1) private key for user uses
User of the present invention is when using private key, identical with public key algorithm on common elliptic curve, private key d directly can be used to carry out crypto-operation, and separately need not use secret value x and part private key z.
(2) client public key uses
PKI relying party (i.e. public user) of the present invention calculates e by user ID ID and User Part PKI P i=h i(ID||P), re-use the actual public key that system PKI calculates user, computing formula is as follows:
Q=e 0P+e 1P 1+…+e mP m
Because user's secret value x of the present invention is that user independently generates, the actual private key d of user is unknowable to other people, even if be also like this to KGC, therefore user has complete control to private key.
The present invention also comprises a kind of special circumstances, if in above-mentioned generative process, make x be 0, then the actual private key of user is d=z.In this case, the mode of KGC needs safety is by z loopback user, and user does not have complete control to private key.
4. cryptographic algorithm application
Adopt the user key without the generation of CertPubKey cryptographic system implementation method of the present invention to (Q, d) be in fact exactly public private key pair on conventional elliptic curve, so be applicable to the standard public key algorithm on all about elliptic curve, as ECDSA signature algorithm, Schnorr signature algorithm, country SM2 Standard signatures algorithm, public key encryption algorithm and cipher key agreement algorithm etc., when using these public key algorithms, do not need to use Bilinear map computing.
If user signing, Authentication and Key Agreement time, the part of the part PKI of oneself as signature result, certification authority and key agreement data submitted to, recipient then directly can calculate the actual public key of user and not rely on the support of key generation centre.Therefore, except public key encryption, all can be exchanged into id-based signatures (IBS), the certification (IBI) of identity-based and the key agreement (IBAKE) of identity-based based on the signature without CertPubKey cryptographic system of the present invention, Authentication and Key Agreement.
Be described for signature algorithm below:
If signer is user A, it is designated ID a, part PKI is P a, use private key d athe Standard signatures of message M is designated as then be exactly the identification signature of this user to message M.
Other users receive the mark ID of this user a, after message M and signature sigma, first according to user ID a, User Part PKI P awith system PKI { P icalculate the actual public key Q of this user a, then use PKI Q aby the signature of Standard signatures proof of algorithm to M this proof procedure, completely by verifier's complete independently, does not need third party to assist, and is therefore equal to a kind of signature algorithm based on mark.
Public key encryption algorithm and cipher key agreement algorithm can with similar method process.
5. fail safe
Fail safe without CertPubKey cryptographic system implementation method of the present invention is based on following two hypothesis:
A) KGC is believable (being similar to the CA of PKI system).
B) it is computationally infeasible for separating dispersed accumulation (ECDLP) on elliptic curve.
(1) system key fail safe
First, according to ECDLP hypothesis, assailant can not from system PKI P iobtain system private key s i.
Resistance against colluders: namely resist the attack that all users conspire to system key.
Assuming that assailant obtains the part PKI of a group of user ID, private key and correspondence:
ID i,d i,PP i,i=1,2,...,tt<<n
Wherein, d i=e i, 0r i+ e i, 1s 1+ ... + e i, ms m(mod n), e i, j=h j(ID i|| PP i), PP i=r ig, ites is desirable to therefrom to obtain system private key s 1..., s m.
In this group formula, s 1..., s m, r 1..., r tunknown to assailant, according to user key create-rule, r istochastic generation and different.By the system of linear equations of t equations simultaneousness composition containing t+m unknown:
{e i,0r i+e i,1s 1+…+e i,ms m=d i(mod n)|i=1,2,...,t}
This solution of equations space is at least m dimension, due to m>=1, is truly separated s 1..., s mprobability be 1/n m, also more difficult than solving ECDLP.Therefore, organize user key derivation system private key s from arbitrarily more 1..., s mbe that calculating is upper infeasible, this illustrates that system key of the present invention can resist collusion attack.
(2) user key fail safe
What User Part PKI of the present invention and private key for user formed can be mapped to described system private key to (P, d) signs to user ID Schnorr.Document proves, under random oracle model, Schnorr signature algorithm is safe.In fact, also do not find the effective attack method to Schnorr signature algorithm at present, existing attack method is all equal to substantially separates dispersed accumulation on elliptic curve.Therefore user key generating algorithm of the present invention is safe, and what described User Part PKI and private key formed can not forge (P, d).
(3) algorithm security
Signature algorithm without CertPubKey cryptographic system implementation method employing standard of the present invention, cryptographic algorithm, identity authentication protocol and key agreement protocol, their fail safe gains public acceptance.
(4) property demonstrate,proved certainly of client public key
Of the present invention without in CertPubKey cryptographic system implementation method, when the system of use PKI calculates the actual public key Q of user from user ID ID and part PKI P, be actually a checking to system private key signature (P, d).If checking is correct, namely Q calculates correct, then Q must be actual public key corresponding to user ID.If for a certain reason (as assailant has forged a User Part PKI) make Q mistake in computation, then use the sign test done of Q or public key encryption all can not obtain expected result subsequently, reason is that assailant pseudo-can not produce the private key corresponding with Q.This illustrates that user key of the present invention has a kind of Self-certified, when the system of use PKI calculates the actual public key Q of user from user ID ID and part PKI P, automatic hidden contains the certification to client public key, and the user being only designated ID just has the private key corresponding with P and Q.
(5) there is not trustship in user key
Of the present invention without in CertPubKey cryptographic system implementation method, the private key of user is also unknown to KGC, therefore there is not the trustship problem of user key.Reason is that user key is generated jointly by user and KGC, private key for user d=e 0x+z (mod n), wherein x is unknown to KGC, e 0, z, Q and X are known to KGC, and Q=dG=e 0xG+zG=e 0x+zG, if KGC can know the private key d of user, then KGC is by calculating draw xG = e 0 - 1 ( d - z ) G = e 0 - 1 ( Q - zG ) = X , Thus release KGC can separate this ECDLP difficult problem of X=xG, with fail safe hypothesis test.
6. high efficiency
Implementation method without CertPubKey cryptographic system of the present invention, do not use Bilinear map computing, do not use digital certificate, computational efficiency is high, takies resource few, and whole efficiency reaches a new height.
According to measuring and calculating, on the basis that cryptosecurity intensity is suitable, if adopt the Bilinear map computing on super unusual elliptic curve to realize CLPKC, the computing time that a Bilinear map computing expends be the 10-20 of a multi point arithmetic doubly, even if through the Bilinear map computing that optimizes on up-to-date BN curve, the computing time that a Bilinear map computing expends be the 8-10 of a multi point arithmetic doubly.Of the present invention without CertPubKey cryptographic system, do not use complicated Bilinear map computing, only need a small amount of multi point arithmetic and point add operation, calculate the actual private key of user and be reduced to 1/10 many times some amounts of calculation, the computing such as signature/sign test, encrypt/decrypt also adopts the cryptographic algorithm of standard, and amount of calculation reaches minimum.Therefore, of the present invention is high efficiency without CertPubKey cryptographic system.
Of the present invention without in CertPubKey cryptographic system implementation method, KGC needs saved system private key and system parameters.Often generate a user key, system only needs to preserve the mark of user and part PKI and random number y.The storage overhead of KGC is quite little as can be seen here, therefore invents the described system application being suitable for extensive mass users without CertPubKey cryptographic system.
Of the present invention without in CertPubKey cryptographic system implementation method, user only needs saved system parameter, private key for user, client public key and part PKI, and storage overhead is very little, saves storage resources and the network bandwidth.User side encryption device only needs to support common elliptic curve cryptography, can use existing chip.
Implementation method without CertPubKey cryptographic system of the present invention, be applicable to the ellipse curve signature algorithm (as ECDSA, SM2, Schnorr scheduling algorithm) of standard, there is the advantage that signature form is simple, signed data is short, add user ID and the part PKI of signer, a digital signature only takies the memory space being equivalent to 2 elliptic curve points.Such as, as finite field F qwhen being 256bit with the scale of n, if user ID length is no more than 32 bytes, then signature is no more than 128 bytes with the total length of user ID and User Part PKI.Therefore, the transmission and the checking that are conducive to signature without certificate signature that adopt the present invention to generate.
Accompanying drawing explanation
Fig. 1 is secret generating flow process of the present invention.
For signature, Fig. 2 illustrates that key of the present invention uses flow process.
Embodiment
Implementation method without CertPubKey cryptographic system of the present invention, based on conventional elliptic curve, does not use Bilinear map computing, and two parts synthesis that user key is independently generated by KGC and user self, building-up process is completed by KGC.The specific embodiment of the present invention and simplification thereof and distortion are described below in detail.Should be understood that following embodiment is for illustration of the present invention instead of limits the scope of the invention.
Embodiment one
Stage one: system is set up
System is set up and is completed by KGC.
KGC selects finite field F qon safety elliptic curve E: y 2=x 3+ ax+b, get a n rank point G on E as basic point, wherein n is prime number.Choose positive integer m>=1 again, and one group of { 0,1} *the HASH function h of → [1, n-1] 0(), h 1() ..., h m().General selection F qfor prime field, and the bit number of q and n is more than 192, such as, can select the elliptic curve parameter that national SM2 standard specifies.In SM2 standard, the bit number of q and n is all 256.
KGC Stochastic choice m secret value as main system private key, computing system Your Majesty key: P 1=s 1g ..., P m=s mg.The secret s of KGC 1..., s m, open system parameters
Stage two: user key generates
User key generates and is jointly completed by KGC and user.
(1) the user subject Stochastic choice secret value of ID is designated calculate X=xG, send (ID, X) to KGC.
(2) KGC is after receiving (ID, X), the legitimacy of inspection user ID and identity, for user generates another part private key z.KGC Stochastic choice calculate: P=X+yG, e i=h i(ID||P), i=0,1 ..., m, z=e 0y+e 1s 1+ ... + e ms m(mod n).If e 0=0 or e 1..., e mbe 0 entirely, then regenerate y.P to user, and publishes as the part PKI of user by last KGC loopback (P, z).
For ensureing system safety, KGC ensures to select different y and different P for different users by the mode that Database Lists is inquired about.
(3), after user receives (P, z), e is calculated i=h i(ID||P), i=0,1 ..., m, d=e 0x+z (mod n), Q=dG, and verify Q=e 0p+e 1p 1+ ... + e mp mwhether set up.If set up, then arranging d is private key for user, and P is User Part PKI, and Q is user's actual public key.
Stage three: user key uses
(1) private key for user uses
User is when using private key, identical with common public key algorithm, can directly use private key d to carry out crypto-operation.
(2) client public key uses
Client public key relying party (i.e. public user) calculates e by user ID ID and User Part PKI P i=h i(ID||P), then by system PKI { P icalculate the actual public key Q=e of user 0p+e 1p 1ten ... + e mp m.
In the present embodiment, the actual public key calculating user needs to carry out m+1 multi point arithmetic and m point add operation.Store m system Your Majesty key and need m × O (G) byte space, wherein O (G) represents the byte number of basic point G.At m=1 in particular cases, the formula calculating user's actual public key becomes Q=e 0p+e 1p 1, according to documents and materials display, there is a kind of fast algorithm, make such amount of calculation only be equivalent to the amount of calculation of 1.17 many times points, storing 1 system Your Majesty key needs O (G) byte space.Such as, when the bit number of q and n is all 256, storing 1 system Your Majesty key only needs 64 byte spaces.
Embodiment two
Choose elliptic curve as embodiment one.Getting m > 1, h () is { 0 a, 1} *→ [1,2 m-1] HASH function, the open parameter of system is at user key generation phase, the definition of x and y, as embodiment one, makes e=h (ID||P), e is pressed binary expansion, be designated as e=(e 1, e 2..., e m) 2, wherein e i∈ 0,1}, i=1 ..., m.The private key for user finally generated is d=x+y+e 1s 1+ ... + e ms m(mod n), the part PKI of user is P=xG+yG, and the actual public key of user is Q=P+e 1p 1+ ... + e mp m.
Work as e iwhen=0, i-th of calculating in the formula of Q will not occur, therefore calculating user's actual public key on average only needs to carry out m/2 point add operation.As m < log 2n, time (), the time that the time calculating Q cost spends than 1 multi point arithmetic wants much less, therefore adopts and can obtain higher efficiency in this way.For ensureing safety, General Requirements m >=128 in practical application.Such as when the bit number of n is 256, once many times of points calculate average needs 255 double point processings and 128 point add operations.Get m=128, the present embodiment calculates the actual public key of user on average needs 64 point add operations, is 1/6 of one many times some amounts of calculation, and stores 128 system Your Majesty keys and only need 8K byte space.The amount of calculation of the present embodiment calculating user actual public key is 1/ (6m) of embodiment one.
Embodiment three
Choose elliptic curve as embodiment one.Get l, N is positive integer, m≤2 n, h () is { 0 a, 1} *→ [1,2 lN-1] HASH function, the open parameter of system is at user key generation phase, the definition of x and y, as embodiment one, makes e=h (ID||P), and launched by binary bits by e, every N continuous bit forms a word, forms l word altogether, is denoted as e=(w 1, w 2..., w l) n, then make e i=w i(mod m)+1, then e i∈ [1, m], i=1 ..., l.The private key for user finally generated is d=x+y+s e1+ ... + s el(mod n), the part PKI of user is P=xG+yG, and the PKI of user's reality is Q=P+P e1+ ... + P el.
In the present embodiment, calculate user's actual public key only to need to carry out l point add operation.For ensureing safety, require number of combinations such as when the bit number of n is 256, get N=8, l=32, m=128 can meet the demands.In this case, lN=256, calculating the actual public key of user only needs 32 point add operations, than fast 12 times of calculating one many times points, and stores 128 system Your Majesty keys and only needs 8K byte space, therefore obtain the efficiency higher than embodiment two.
Embodiment four
Choose elliptic curve as embodiment one.Getting N is positive integer, meets mN≤log 2n (), h () is { 0 a, 1} *→ [1,2 mN-1] HASH function, the open parameter of system is at user key generation phase, the definition of x and y, as embodiment one, makes e=h (ID||P), and launched by binary bits by e, every N continuous bit forms a word, forms m word altogether, is denoted as e=(e 1, e 2..., e m) n.The private key for user finally generated is d=x+y+e 1s 1+ ... + e ms m(mod n), the part PKI of user is P=xG+yG, and the actual public key of user is Q=P+e 1p 1+ ... + e mp m.
In the present embodiment, although calculating user actual public key needs to carry out m multi point arithmetic, e ibe smaller integer, computational efficiency is higher.Such as when the bit number of n is 256, get N=128, m=2, in this case, calculate the actual public key many times points fast 1/4 more common than calculating one of user, and store 2 system Your Majesty keys and only need 128 byte spaces.The present embodiment all takes advantage in computational efficiency and memory space, reaches relative equilibrium over time and space, is a preferred embodiment of the present invention.
Above-described embodiment, only for illustration of connotation of the present invention and technical conceive, uses so that of the present invention and implements, and can not limit the scope of the invention with this.All equivalent transformations of carrying out according to Spirit Essence of the present invention and modification, all should be encompassed within protection scope of the present invention.

Claims (5)

1. the implementation method without CertPubKey cryptographic system without Bilinear map computing, it is characterized in that: described implementation method comprise system set up, user key generate and user key use method, for construct based on conventional elliptic curve, do not use Bilinear map computing without CertPubKey cryptographic system.
2. system method for building up according to claim 1, is characterized in that: described method hypothesis E:y 2=x 3+ ax+b is finite field F qon elliptic curve, n is prime number, and m>=1 is positive integer, and G is a n rank basic point on E, h 0(), h 1() ..., h m() is one group of { 0,1} *the HASH function of → [0, n-1], KGC Stochastic choice m secret value s 1..., s mas main system private key, computing system Your Majesty key, P 1=s 1g ..., P m=s mthe secret s of G, KGC 1..., s m, open system parameters
3. user key generation method according to claim 1, is characterized in that: said method comprising the steps of:
Step one: the user subject Stochastic choice secret value being designated ID calculate X=xG, send (ID, X) to KGC;
Step 2: KGC after receiving (ID, X), inspection user mark and the legitimacy of identity, Stochastic choice calculate P=X+yG, e i=h i(ID ‖ P), i=1 ..., m (note: symbol ‖ represents the serial connection of data, lower same), generates the part private key z=e of user 0y+e 1s 1+ ... + e ms m(mod n), if e 0=0 or e 1..., e mbe 0 entirely, then regenerate y, P to user, and publishes as the part PKI of user by last loopback (P, z);
Step 3: after user receives (P, z), calculates e i=h i(ID ‖ P), i=0,1 ..., m, d=e 0x+z (mod n), Q=dG, and verify Q=e 0p+e 1p 1+ ... + e mp mwhether set up, if set up, then arrange the private key that d is user, P is the part PKI of user, and Q is the actual public key of user.
4. user key using method according to claim 1, it is characterized in that: the described user key without the generation of CertPubKey cryptographic system is suitable for the standard public key algorithm on various conventional elliptic curve, be designated the user subject of ID when using private key, private key d can be directly used to carry out crypto-operation, and not separated use secret value x and part private key z, the public (i.e. other users) can calculate e by user ID ID and User Part PKI P i=h i(ID ‖ P), then press formula Q=e 0p+e 1p 1+ ... + e mp mcalculate the actual public key of user, then use actual public key Q to carry out the crypto-operation of being correlated with.
5. user key generation method according to claim 1, is characterized in that: described method comprises following simplification and distortion:
(1) getting m > 1, h () is { 0 a, 1} *→ [1,2 m-1] HASH function, the definition of x and y, as front, calculates e=h (ID ‖ P), is launched by e, be designated as e=(e by binary bits 1, e 2..., e m) 2, wherein e i∈ 0,1}, i=1 ..., m, then calculate z=y+e 1s 1+ ... + e ms m(mod n), the actual private key arranging user is d=x+z (mod n), and the part PKI of user is P=xG+yG, and the actual public key of user is Q=P+e 1p 1+ ... + e mp m;
(2) get l, N is positive integer, m≤2 n, h () is { 0 a, 1} *→ [1,2 lN-1] HASH function, the definition of x and y, as front, calculates e=h (ID ‖ P), and launched by binary bits by e, every N continuous bit forms a word, forms l word altogether, is denoted as e=(w 1, w 2..., w l) n, then make e i=(w imod m)+1, then e i∈ [1, m], i=1 ..., l, then calculate z=y+s e1+ ... + s el(mod n), the actual private key arranging user is d=x+z (mod n), and the part PKI of user is P=xG+yG, and the actual public key of user is Q=P+P e1+ ... + P el;
(3) getting N is positive integer, meets mN≤log 2n (), h () is { 0 a, 1} *→ [1,2 mN-1] HASH function, the definition of x and y, as front, makes e=h (ID ‖ P), and launched by binary bits by e, every N continuous bit forms a word, forms m word altogether, is denoted as e=(e 1, e 2..., e m) n, then calculate z=y+e 1s 1+ ... + e ms m(mod n), the actual private key arranging user is d=x+z (mod n), and the part PKI of user is P=xG+yG, and the actual public key of user is Q=P+e 1p 1+ ... + e mp m.
CN201410772127.5A 2014-12-16 2014-12-16 A kind of implementation method without CertPubKey cipher system of no Bilinear map computing Active CN104539423B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410772127.5A CN104539423B (en) 2014-12-16 2014-12-16 A kind of implementation method without CertPubKey cipher system of no Bilinear map computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410772127.5A CN104539423B (en) 2014-12-16 2014-12-16 A kind of implementation method without CertPubKey cipher system of no Bilinear map computing

Publications (2)

Publication Number Publication Date
CN104539423A true CN104539423A (en) 2015-04-22
CN104539423B CN104539423B (en) 2018-01-05

Family

ID=52854894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410772127.5A Active CN104539423B (en) 2014-12-16 2014-12-16 A kind of implementation method without CertPubKey cipher system of no Bilinear map computing

Country Status (1)

Country Link
CN (1) CN104539423B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities
CN106789046A (en) * 2017-02-24 2017-05-31 江苏信源久安信息科技有限公司 A kind of implementation method of self-generating key pair
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN107659411A (en) * 2017-10-11 2018-02-02 深圳大学 Encrypt the method and system of the traceable user's signature of currency conditional
CN108268779A (en) * 2016-12-30 2018-07-10 航天信息股份有限公司 A kind of processing method and system for being used to carry out invoice short ciphertext signature
CN108289026A (en) * 2017-12-22 2018-07-17 北京邮电大学 Identity identifying method and relevant device in a kind of satellite network
CN108900311A (en) * 2018-08-15 2018-11-27 江苏恒宝智能系统技术有限公司 A kind of no certificate bluetooth key endorsement method and system
CN108989053A (en) * 2018-08-29 2018-12-11 武汉珈港科技有限公司 It is a kind of based on elliptic curve without CertPubKey cipher system implementation method
CN109257181A (en) * 2018-10-17 2019-01-22 西安邮电大学 Without the blind label decryption method of elliptic curve under certificate environment
CN109274506A (en) * 2018-11-23 2019-01-25 浙江工商大学 It is a kind of based on the close SM2 of state without certificate signature method
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN110224832A (en) * 2019-05-20 2019-09-10 陕西师范大学 The certificateless digital signature method of Designated-Verifier
CN110266478A (en) * 2019-05-31 2019-09-20 联想(北京)有限公司 A kind of information processing method, electronic equipment
CN110287725A (en) * 2019-06-04 2019-09-27 大唐微电子技术有限公司 A kind of equipment and its authority control method, computer readable storage medium
CN110445602A (en) * 2019-05-31 2019-11-12 联想(北京)有限公司 Key generation method and electronic equipment
CN110830236A (en) * 2019-11-14 2020-02-21 湖南盾神科技有限公司 Identity-based encryption method based on global hash
CN110995443A (en) * 2019-12-02 2020-04-10 联想(北京)有限公司 Data processing method and device
CN112560075A (en) * 2021-02-22 2021-03-26 西南石油大学 Lightweight searchable encryption method and device based on elliptic curve

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret
CN101702807A (en) * 2009-11-16 2010-05-05 东南大学 Wireless security access authentication method
CN101969446A (en) * 2010-11-02 2011-02-09 北京交通大学 Mobile commerce identity authentication method
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret
CN101702807A (en) * 2009-11-16 2010-05-05 东南大学 Wireless security access authentication method
CN101969446A (en) * 2010-11-02 2011-02-09 北京交通大学 Mobile commerce identity authentication method
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王电钢等: "不含双线性对的无证书签密方案安全性分析与改进", 《计算机科学》 *

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities
CN105187205B (en) * 2015-08-05 2018-05-15 北京航空航天大学 The authentication key agreement method and negotiating system based on level identity base without certificate
CN108268779A (en) * 2016-12-30 2018-07-10 航天信息股份有限公司 A kind of processing method and system for being used to carry out invoice short ciphertext signature
CN106789046A (en) * 2017-02-24 2017-05-31 江苏信源久安信息科技有限公司 A kind of implementation method of self-generating key pair
CN107248909A (en) * 2017-03-16 2017-10-13 北京百旺信安科技有限公司 It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN107248909B (en) * 2017-03-16 2020-07-03 北京百旺信安科技有限公司 Certificateless secure signature method based on SM2 algorithm
CN107659411A (en) * 2017-10-11 2018-02-02 深圳大学 Encrypt the method and system of the traceable user's signature of currency conditional
CN107659411B (en) * 2017-10-11 2020-09-15 深圳大学 Method and system for tracking user signature by condition in encrypted currency
CN108289026A (en) * 2017-12-22 2018-07-17 北京邮电大学 Identity identifying method and relevant device in a kind of satellite network
CN108289026B (en) * 2017-12-22 2020-07-31 北京邮电大学 Identity authentication method in satellite network and related equipment
CN108900311A (en) * 2018-08-15 2018-11-27 江苏恒宝智能系统技术有限公司 A kind of no certificate bluetooth key endorsement method and system
CN108900311B (en) * 2018-08-15 2021-04-27 江苏恒宝智能系统技术有限公司 Certificateless Bluetooth key signature method and system
CN108989053A (en) * 2018-08-29 2018-12-11 武汉珈港科技有限公司 It is a kind of based on elliptic curve without CertPubKey cipher system implementation method
CN108989053B (en) * 2018-08-29 2021-05-14 武汉珈港科技有限公司 Method for realizing certificateless public key cryptosystem based on elliptic curve
CN109257181A (en) * 2018-10-17 2019-01-22 西安邮电大学 Without the blind label decryption method of elliptic curve under certificate environment
CN109274506A (en) * 2018-11-23 2019-01-25 浙江工商大学 It is a kind of based on the close SM2 of state without certificate signature method
CN109274506B (en) * 2018-11-23 2021-04-02 浙江工商大学 Certificateless signature method based on SM2 secret
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN110224832A (en) * 2019-05-20 2019-09-10 陕西师范大学 The certificateless digital signature method of Designated-Verifier
CN110266478B (en) * 2019-05-31 2021-05-18 联想(北京)有限公司 Information processing method and electronic equipment
CN110445602A (en) * 2019-05-31 2019-11-12 联想(北京)有限公司 Key generation method and electronic equipment
CN110266478A (en) * 2019-05-31 2019-09-20 联想(北京)有限公司 A kind of information processing method, electronic equipment
CN110445602B (en) * 2019-05-31 2021-09-14 联想(北京)有限公司 Key generation method and electronic equipment
CN110287725A (en) * 2019-06-04 2019-09-27 大唐微电子技术有限公司 A kind of equipment and its authority control method, computer readable storage medium
CN110287725B (en) * 2019-06-04 2021-05-14 大唐微电子技术有限公司 Equipment, authority control method thereof and computer readable storage medium
CN110830236B (en) * 2019-11-14 2020-08-04 湖南盾神科技有限公司 Identity-based encryption method based on global hash
CN110830236A (en) * 2019-11-14 2020-02-21 湖南盾神科技有限公司 Identity-based encryption method based on global hash
CN110995443A (en) * 2019-12-02 2020-04-10 联想(北京)有限公司 Data processing method and device
CN112560075B (en) * 2021-02-22 2021-05-25 西南石油大学 Lightweight searchable encryption method and device based on elliptic curve
CN112560075A (en) * 2021-02-22 2021-03-26 西南石油大学 Lightweight searchable encryption method and device based on elliptic curve

Also Published As

Publication number Publication date
CN104539423B (en) 2018-01-05

Similar Documents

Publication Publication Date Title
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
JP2004208262A (en) Apparatus and method of ring signature based on id employing bilinear pairing
EP2302834B1 (en) System and method for providing credentials
US9705683B2 (en) Verifiable implicit certificates
KR20030062401A (en) Apparatus and method for generating and verifying id-based blind signature by using bilinear parings
US20060215837A1 (en) Method and apparatus for generating an identifier-based public/private key pair
CN105024994A (en) Secure certificateless hybrid signcryption method without pairing
CN108809658B (en) SM 2-based identity base digital signature method and system
CN104811302B (en) Mix based on the elliptic curve without certificate and sign decryption method
CN104821880A (en) Certificate-free generalized proxy signcryption method
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN105450396A (en) Certificate-free combined secret key generation and application method
CN106453253B (en) A kind of hideing for efficient identity-based signs decryption method
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
GB2421408A (en) Generating an Identifier-Based Public / Private Key Pair from a Multi-Component Signature
WO2020103631A1 (en) Hidden-identity-based signcryption method employing asymmetric bilinear pairing
CN102970144A (en) Identity-based authentication method
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
CN110784314A (en) Certificateless encrypted information processing method
CN108880796A (en) It is a kind of for server efficiently based on the outsourcing decryption method of encryption attribute algorithm
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN104579661B (en) The implementation method and device of the Electronic Signature of identity-based
Nayak A secure ID-based signcryption scheme based on elliptic curve cryptography

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Xiong Ronghua

Inventor after: Xiong Ronghua other inventor request not to publish the name

Inventor before: Xiong Ronghua

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20170802

Address after: 100094, Beijing, Haidian District on the 3rd Street, No. 9, block C, C905, 8

Applicant after: Beijing Baiwang Xin'an Technology Co. Ltd.

Applicant after: Xiong Ronghua

Address before: 100094, No. 702, building 6, north 8, North Temple, Haidian District, Beijing

Applicant before: Xiong Ronghua

GR01 Patent grant
GR01 Patent grant