CN104539425B - Multi-receiver label decryption method based on multivariable, many security attributes - Google Patents

Multi-receiver label decryption method based on multivariable, many security attributes Download PDF

Info

Publication number
CN104539425B
CN104539425B CN201410821537.4A CN201410821537A CN104539425B CN 104539425 B CN104539425 B CN 104539425B CN 201410821537 A CN201410821537 A CN 201410821537A CN 104539425 B CN104539425 B CN 104539425B
Authority
CN
China
Prior art keywords
mrow
msub
msup
msubsup
close
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410821537.4A
Other languages
Chinese (zh)
Other versions
CN104539425A (en
Inventor
李慧贤
韩冬棋
范天琪
张晓莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongguan Sanhang anxirui Information Technology Co.,Ltd.
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN201410821537.4A priority Critical patent/CN104539425B/en
Publication of CN104539425A publication Critical patent/CN104539425A/en
Application granted granted Critical
Publication of CN104539425B publication Critical patent/CN104539425B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of multi-receiver label decryption method based on multivariable, many security attributes, the technical problem for solving existing multi-receiver label decryption method solution label Migong levelling difference.Technical scheme is the algorithm KeyGen of the key pair comprising generation systematic parameter and each user, signs the close algorithm Designcrypt of close algorithm Signcrypt reconciliation label.Sign in the finite field F that close algorithm feature based is q, system and have N+ τ participants, selection one leader L, leader L calculate interference data from actual label close person, and interference data mix with True Data, allow recipient can not judge the identity of the close person of actual label.The present invention ensure that sender anonymity using threshold technique;The list of identities of recipient is no longer directly given in communication data, it is ensured that recipient's anonymity and in advance judgement property;The information fusion of the close key message of label and authorized receiver will be solved into a parameter list, it is ensured that understand label Migong levelling.

Description

Multi-receiver label decryption method based on multivariable, many security attributes
Technical field
It is more particularly to a kind of based on multivariable, many security attributes the present invention relates to a kind of multi-receiver label decryption method Multi-receiver label decryption method.
Background technology
Stopover sites will ensure the encryption technology of message confidentiality and ensure that the signature technology of message integrity is fused to one In individual logic step, while two functions of encryption and signature are realized, than simply first signature is re-encrypted with higher efficiency. With the development of science and technology, attack technology is also constantly upgraded, the attack such as message is subject to distort in the transmission, forged.Protect message Integrality and the demand of confidentiality increasingly strengthen.Label secret skill art is quickly grown after being suggested, and is occurred in that and is adapted to varying environment Stopover sites.Because present a large amount of network english teachings are all simultaneously in face of numerous users, such as pay TV, DVD copyrights connect more The stopover sites of receipts person arise at the historic moment.
" the Efficient and provably secure multi-receiver identity based of document 1 Signcryption, ACISP 2006, Springer-Verlag, LNCS 4058, pp.195-206 " are proposed based on body first The multi-receiver stopover sites of part, realize signature and encryption and are completed simultaneously in a logic step.Authorize and receive in scheme Person verifies the validity of message using the private key of oneself, but the program does not have recipient's identity information, and recipient can not judge certainly Whether oneself is legitimate receiver.
" the Efficient identity-based signcryption scheme for multiple of document 2 receivers.Proc.the Autonomic and Trusted Computing 4th International Conference,13–21.doi:10.1007/978-3-540-73547-2_4 " recipient's identity is added in stopover sites List, but the program is easily by the forgery attack to sender, it is impossible to ensure security.
" the A novel ID-based anonymous signcryption scheme.Proc.the of document 3 Advances in Data and Web Management Joint International Conferences,604– 610.doi:10.1007/978-3-642-00672-2_58. " proposes the anonymous stopover sites of recipient, but the program is present Many potential safety hazards, especially it cannot be guaranteed that the close fairness of the solution label of recipient.The development of quantum techniques in recent years is to tradition Label secret skill art brings huge threat, in order to resist quantum attack, " Quantum Attack-resistant Certificateless Multi-receiver Signcryption Scheme.PLOS ONE.8(6): E49141.2013. anti-quantum calculation technology " is added in stopover sites, but it can not realize the close fairness of solution label.
The content of the invention
In order to overcome the shortcomings of that existing multi-receiver label decryption method solution label Migong levelling is poor, the present invention provides a kind of based on many The multi-receiver label decryption method of variable, many security attributes.Key pair of this method comprising generation systematic parameter and each user Algorithm KeyGen, the close algorithm Signcrypt of label conciliate the close algorithm Designcrypt of label.It is the limited of q to sign close algorithm feature based N+ τ participants, including N number of close person of label and the τ close person (N >=t) of solution label are had in domain F, system, it is close that label are conciliate in the close person's set of label Person's set is not occured simultaneously.This method one leader L of selection from actual label close person, the actual close person of label is with the key of oneself to message Carry out label close.In order to hide the identity of the close person of actual label, leader L can calculate interference data, and these data are that L is not knowing non- Calculate what is obtained in the case of the key of the actual close person of label for each non-actual close person of label.Data and reality is disturbed to sign the true of close person Real data is mixed, and allows recipient can not judge the identity of the close person of actual label.The present invention ensure that hair using threshold technique The person's of sending anonymity;The list of identities of recipient is no longer directly given in communication data, it is ensured that recipient's anonymity and in advance Judgement property;The information fusion of the close key message of label and authorized receiver will be solved into a parameter list, it is ensured that understand label close Fairness.
The technical solution adopted for the present invention to solve the technical problems is:It is a kind of based on multivariable, many security attributes it is many Recipient signs decryption method, is characterized in using following steps:
Step 1: producing user i public key pk by KeyGen algorithmsiWith user i private key ski, wherein i=1 ..., N. System selects a leader L in the colony of the actual close person's composition of t label, is t blocks by whole clear-text message M points.Selection One Com function and five Hash functions, Com:Fn||Fm→Fo, n>M, | | it is cascade symbol, Com functions meet statistics and hidden With bind calculation attribute, o=128 is selected.H0:{0,1}*→{0,1}l, H1:{0,1}*→{0,1,2,3}k, H2:{0,1}l+m→ Zq*, H3:Zq*→Zq*, H4:Zq*→{0,1}n+M/t.Systematic parameter is obtained for params=(H0,H1,H2,H3,H4,q,Com).Letter Several detailed processes is as follows,
The hiding statistical attribute of Com functions represents the output knot that different input parameters is obtained after the calculating of Com functions Fruit is different, and result is for recipient's undistinguishable.The bind calculation attribute of Com functions represents that input data passes through Com functions Calculating is obtained after output result, and sender can not deny the value of input data.
Sender determines the length of the input parameter of Com functions.The length of the input parameter of Com functions is n+m, Com letters Several input parameters includes two parameters, and first parameter is the n-dimensional vector based on finite field F, and second parameter is based on F M dimensional vectors.Definition input parameter is Χ.The security parameter that ω is Com functions is defined, φ=(n+m)+4 of 2 ω+2 is defined.Selection One is collided the Hash functions h avoided5:{0,1}φ→{0,1}ω, it is known that one is collided the function group H avoided6:{0,1}φ→{0, 1,}n+m.Com output includes two parts, is designated as c and d.C and d are sent to recipient by sender.h5It is disclosed Hash letters Number.
A) sender random selection r ∈ { 0,1 }φ, calculate y=h5(r).
B) sender is from H6Hash function groups in select a h6∈H6, meet h6(r)=X.
C) Com is output as c=(h6, y), d=r.
Recipient verifies y=h5And h (r)6(r)=X, due to h6And h5All it is the function that collision is avoided, therefore in the absence of one Meet h6(r ')=X and y=h5The r ' of (r ').Sender can not deny X.
User i selects a transformation equation group Fi, the reversible affine transformation Γ of simultaneous selection twoi∈FnAnd △i∈Fm.It is required that User i selection random vectors si∈Fn, user i private key isMeetAndIn be free of constant term, Specific method is as follows.
EnsureAnd do not include constant term, this algorithm acquiescence in equationMonomial coefficient be 1;
A) vectorial s of the system in user ii=(s1i,s2i,…,sni) in find the component that first is not 0 from right turn left, The subscript value of the component is assigned to variable x.System is that user i randomly chooses a multinomial with n variable and m equation Equation groupEquation group does not have constant term.CalculateNowValue not necessarily For 0, it is necessary to change equation group according to process b)The coefficient of middle equation, untilEach component value be equal to Untill 0.
B) Equation f is selected from equation group successivelyj, j=1 ..., m.SelectionJ-th of component IfValue not be 0, according to below equation to fjMake an amendment, untilValue be 0 untill.In below equationRepresent equation fjIn x-th of monotropic quantifier coefficient, sxIt is si=(s1i,s2i,…,sni) in subscript value be x component:
Value be changed into after 0, select next equation, the coefficient of equation, Zhi Daofang changed using the method for formula (4) All equations of Cheng Zuzhong are all met after requirement, stop aforesaid operations.
As long as si=0 can just meetIt is the non-actual close person's simulated operation of label to facilitate leader L.User i public affairs Key includes two parts, and Part I isWherein.It is the composite symbol of mapping, Part II is zi=Pi (si).User i public key is (Pi,zi)。
Step 2: signing close process using Signcrypt, six steps are divided into.
step1:Calculate the commitment value of the close person of label.
The actual close person i of label selects k parameter tuple (ri,tj,em), wherein i=0,1, j=0,1, m=0,1, each parameter The value of tuple is different from, and meets si=r0 (j)+r1 (j), r0 (j)=t1 (j)+t0 (j),It is as follows.
Each actual close person of label calculates commitment value using k group parameters tuple, and obtaining commitment value using i-th group of parameter tuple isWithComputational methods are as follows:
Sign close person i selections γi={ 0,1 }n, then to message blocks MiCalculated, obtainedFinally sign Close person i will It is sent to L.
step2:Leader L calculates main promise and challenging value.
Leader L receives the commitment value of the close person of other t-1 label.Leader L calculates the commitment value of oneself and basis's Principle is the N-t non-close person's simulation commitment values of label.Leader L calculates main promise after collecting the promise for each signing close user.By In all close same challenging values of users to share of label, so leader L must be directed to each challenging value component, all label are close The commitment value of user relevant position is arranged to together.Likewise, responseIt is also to be organized according to the component of challenging value to one Rise.Φj、ΨjAnd ΛjBe by the jth group commitment value taxonomic revisions of the close users of all label together.I.e. all close users' of label InIt is organized and obtains Φ together1,It is organized and obtains Φ together2, the like, until all close users' of labelIt is organized and obtains Λ togetherk.γ is The message blocks of all close users of labelArrangement result.θi,jIt is the θ for signing close user iiJ-th of component, that is, sign close User i's It is the close user i of labelJ-th of component, that is, sign close user i'sπi,jIt is the π for signing close user ii J-th of component, that is, sign close user i'sWherein j=1 ..., k, i=1 ..., N.
Φj=H01,j||...||θN,j)
Λj=H01,j||...||πN,j)
The main promise of all senders
Leader L uses H1To the promise receivedHash calculating is carried out with γ, challenge vector is obtainedI.e. For the vector in k gts.
Leader L willIt is sent to remaining the t-1 close person of label.
step3:Sign close person and calculate response.
The response for signing close person i is ζi。ζiJth position component ζi,j, 1≤j≤k is according to challenging valueJth position componentCalculate what is obtained.According toValue,Jth position componentFor 0,1 and 2, then sign close user i and need to use the jth group of oneself Parameter member set constructor response componentCalculating process is as follows:
Ifζi,j=(r0 (j),t1 (j),e1 (j))
Ifζi,j=(r1 (j),t1 (j),e1 (j))
Ifζi,j=(r1 (j),t0 (j),e0 (j))
WhenFor 3 when represent to skip calculating group response.Close person i is finally signed ζi=(ζi,1i,2,…,ζi,k) hair Give leader L, herein ζiThere is k component, this is situation when element 3 being not present in challenging value, because working asDuring equal to 3, need Skip this group of response component of calculating.IfIt is middle to there is the component that x value is 3, ζiComponent number then be k-x.In the present invention Middle acquiescence ζiThere is k component.
step4:L calculates main response value and specifies recipient.
Leader L calculates the response of oneself, and collects the response that other t-1 signer is sent.Simulate N-t non-realities Sign the response of close user in border.Leader L calculates main responseIt isJ-th of component, according to j-th of component of challenging valueCalculate what is obtained.
If
If
If
IfCorresponding response is not calculated.
Assuming that there is τ recipient.For recipient i, L random selections Qi∈Fm, 1≤i≤τ, and be calculated as below:
Ri=H3(Si)
Here SiAnd RiIt is to be calculated for each authorized receiver, recipient can only be according to SiAnd RiOneself could be judged Whether it is authorized to.Lead L to arrange the identity information of sender and recipients to together, be designated as U.
step5:The actual close person of label calculates ciphertext and the identity information of recipient.
Actual label close person i, i=1 ..., t, select a secret parameter ui∈Zq*, the secret parameter is used for encrypting message, Only authorized receiver could obtain this secret parameter.The actual close person i of label uses uiMessage is encrypted, ciphering process is as follows:
Wi=H4(ui)⊕(γi||Mi)
In order to reach that only authorized receiver could obtain secret parameter, the actual close person i of label authorizes solution label are close to use by all The information at family and the secret parameter are stashed by following mode.
The actual close person i of label obtains parameter list ηi=(ι1 (i),…,ιτ (i)).It is actual to sign close person i by (Wii) it is sent to neck Lead L.
step6:Leader L arranges the label confidential information of all close users of label and is sent to verifier.
Lead L that together, the close message coalescing of all label being collected into is finally obtained into message ciphertext C.Have:
W=(W1,…,Wt)
R=(R1,…,Rτ)
C=(R, U, η1,…,ηt,W)
Step 3: using the close process of Designcypt algorithm solution label, being divided into two steps.
step1:Verify the legitimacy of recipient.
Recipient V is received after ciphertext C, according to challenging value componentJ=1 ..., k, obtain N group commitment values WithI=1 ..., N.Three classes of calculating process point:
When the jth position component of challenging valueBe worth for 0 when, V can only be from main responseJth position componentIn obtain N groups ginseng Number r0 (i), t1 (i), e1 (i), main responseInclude k component, each componentInclude the response of N number of sender.Recipient V Use i-th group of data r0 (i), t1 (i), e1 (i)Be calculated as below the commitment value for obtaining signing close user iWith
V-arrangement is into the responses of the close users of all label, Ψ 'jIt is basisTo allResult of calculation.Λ′jIt is basis To allResult of calculation.
WhenBe worth for 1 when, V can only be fromIn obtain N group parameters r1 (i), t1 (i), e1 (i).V uses the data for signing close user i r1 (i), t1 (i), e1 (i)Be calculated as below the commitment value for obtaining signing close user iWith
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allResult of calculation.Λ′jIt is basis To allResult of calculation.
WhenBe worth for 2 when, V can only be fromIn obtain N group parameters r1 (i), t0 (i), e0 (i), the close user i of V use label data r1 (i), t0 (i), e0 (i)Be calculated as below the commitment value for obtaining signing close user iWithIt is calculated as follows:
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allResult of calculation.Ψ′jIt is basis To allResult of calculation.
WhenBe worth for 3 when, recipient stop checkingJudge next bitValue, is not 3 until finding a valueWhen Just continue to verifyObtain main promise
V verifies whether oneself is authorized receiver, and following i represents sender, and j represents recipient:
V judges equation Rj=H3(S′j) whether set up.If set up, V is then a member in authorized receiver, and otherwise V is put Abandon solution label close.
step2:Verify the correctness of message and obtain message.
For the actual close person i of label, 1≤i≤t, authorized receiver V passes through equation below:
F (x)=ι1 (i)2 (i)x+…+ιτ (i)xτ-1+xτ
Obtain the close person i of actual label secret parameter f (S 'j)=u 'i, and non authorized recipients are correct due to that can not obtain S′jAnd the secret parameter of decryption can not be obtained.V is by being calculated as below:
(γ′i||M′i)=H4(u′i)⊕Wi
Obtain signing the close cleartext information M ' of close user i labeli, but can't now verify whether message is correct.V is calculatedAnd verifyWhether set up.If set up, V receives the cipher-text message, clear-text message For M=M '1||M′2||…||M′t.Otherwise V refuses the ciphertext.
The beneficial effects of the invention are as follows:The algorithm of key pair of this method comprising generation systematic parameter and each user KeyGen, the close algorithm Signcrypt of label conciliate the close algorithm Designcrypt of label.The finite field F that close algorithm feature based is q is signed, N+ τ participants, including N number of close person of label and the τ close person (N >=t) of solution label are had in system, close person's set is signed and conciliates label Mi Zheji Conjunction is not occured simultaneously.This method one leader L of selection from actual label close person, the actual close person of label is carried out with the key of oneself to message Label are close.In order to hide the identity of the close person of actual label, leader L can calculate interference data, and these data are that L is not knowing non-reality Sign in the case of the key of close person and to calculate what is obtained for each non-actual close person of label.Disturb the true number of data and the actual close person of label According to mixing, allow recipient can not judge the identity of the close person of actual label.The present invention ensure that sender using threshold technique Anonymity;The list of identities of recipient is no longer directly given in communication data, it is ensured that recipient's anonymity and judge in advance Property;The information fusion of the close key message of label and authorized receiver will be solved into a parameter list, it is ensured that understand label Migong and put down Property.
The present invention is elaborated with reference to the accompanying drawings and detailed description.
Brief description of the drawings
Fig. 1 is the flow chart of the invention based on multivariable, the multi-receiver label decryption method of many security attributes.
Fig. 2 is the flow chart of the inventive method embodiment.
Embodiment
Reference picture 1-2.Multi-receiver label decryption method of the invention based on multivariable, many security attributes is comprised the following steps that:
Explanation of nouns:
pki:User i public key, wherein i are positive integer;
ski:User i private key;
l:Positive integer;
F:Rank is 2 finite field;
G:Multiple variant equation P polar form;
Fn:N-dimensional vector space on finite field F;
Fm:M gts on finite field F;
u:A n-dimensional vector on finite field F;
v:A n-dimensional vector on finite field F;
w:A n-dimensional vector on finite field F;
L:The leader selected in the actual close person of label;
V:Recipient;
Params:System public parameter;
*:Represent random length;
ο:Composition operation symbol between mapping;
mod:Modulo operation is accorded with;
||:Linked operation is accorded with;
⊕:Step-by-step xor operation is accorded with, i.e., XOR operation is accorded with;
Zq*:The vector of random length in the finite field that rank is q;
q:Positive integer, the exponent number of finite field is represented in finite field only containing q element;
t:Positive integer, represents the close person's number of actual label;
N:Sign close person's quantity, including the actual close person of label and the actual close persons of label of non-;
τ:Positive integer, represents the number of authorized receiver;
M:Clear-text message;
Mi:I-th of close person of label signs close message blocks;
Com:Promise to undertake function;
ω:The security parameter of Com functions;
φ:The length of Com function input parameters;
X:The input parameter of Com functions;
r:Length is φ binary vector;
y:Length is ω binary vector;
h5:The Hash functions avoided are collided, the string of binary characters that can be φ by length is calculated as two that length is ω and entered Character string processed;
H6:The Hash function groups avoided are collided, the string of binary characters that can be φ by length is calculated as two that length is m+n System character string;
h6:H6In a Hash function.
c:A part for Com functions output, c=(h6,y)。
d:A part for Com functions output, d=r.
r′:Length is φ binary vector
Γi:The F of user i selectionsn→FnOn reversible affine transformation, the structure for hiding centralizing mapping;
i:The F of user i selectionsm→FmOn reversible affine transformation, the structure for hiding centralizing mapping;
The F of user i selectionsn→FmCentralizing mapping;
Pi:A part for user's i public keys.
zi:User i is with the public key of oneself to siResult of calculation, i.e. zi=Pi(si);
H0:The string of binary characters of random length, can be calculated as the binary-coded character that length is l by one-way hash function String;
H1:The string of binary characters of random length, can be calculated as the character string that length is k, character by one-way hash function The element of string is 0,1,2,3;
H2:One-way hash function, can be calculated as q rank Arbitrary Blocklength in Finite Fields by the string of binary characters that length is l+m Hashed value;
H3:One-way hash function, can be calculated as q rank finite fields by the character string of long q ranks Arbitrary Blocklength in Finite Fields and take up an official post The hashed value for length of anticipating;
H4:One-way hash function, can be calculated as length by the character string of q rank Arbitrary Blocklength in Finite Fields | n+M/t | String of binary characters;
si:A part in user's i private keys, a n-dimensional vector based on finite field F;
x:si=(s1i,s2i,…,sni) in from the subscript value of right first component being not zero of turning left;
fj:User i equation groupIn j-th of equation, wherein j be positive integer;
Represent Equation fjIn x-th of monotropic quantifier coefficient;
sx:si=(s1i,s2i,…,sni) in subscript value be x component;
User i'sJ-th of component;
k:Each sign the number of the parameter group of close person, it is necessary to meet
A n-dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
A n-dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
A m dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
A n-dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
A n-dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
A m dimensional vector in i-th group of parameter tuple, the vector is based on finite field F;
γi:Sign the string of binary characters that the length of close user i selections is n;
Using in i-th group of parameterWhen obtained commitment value;
Using in i-th group of parameterWhen obtained commitment value;
Using in i-th group of parameterWhen obtained commitment value;
The actual close person i of label uses parameter γiWith message blocks MiCalculate the binary vector that obtained length is l;
θiIt is the component in every group of promise for sign close user iSet;
It is the component in every group of promise for sign close user iSet;
πiIt is the component in every group of promise for sign close user iSet;
θi,j:It is the θ for signing close user iiJ-th of component, i.e. i's
It is the close user i of labelJ-th of component, i.e. i's
πi,j:It is the π for signing close user iiJ-th of component, i.e. i's
Φi:Use H0To i-th of all close users of labelCarry out Hash and calculate obtained value;
Ψi:Use H0To i-th of all close users of labelCarry out Hash and calculate obtained value;
Λi:Use H0To i-th of all close users of labelCarry out Hash and calculate obtained value;
γ:Use H0To all actual close persons' of labelCarry out Hash and calculate obtained value;
By H0The main commitment value obtained after calculating, is the binary vector that a length is l;
Use H1The challenging value obtained after calculating, is a k dimensional vector, and the vectorial element is 0,1,2,3;
Challenge vectorI-th of element value;
ζi:Sign close user i response;
ζi,j:Sign j component of close user i response;
The set of the jth group response of all close users of label;
Main response, kSet;
Qi:For recipient i on finite field F randomly selected m dimensional vectors;
To QiThe value obtained after encryption;
Si:Use H2Promised to undertake to mainWith parameter QiCalculate obtained value;
Ri:Use H3To SiCalculate obtained value;
U:The set associative of parameter;
ui:The secret parameter of the actual close person i selections of label, is the character string of random length on finite field F;
Wi:The actual close person i of label is to message MiBlocking message after encryption;
W:All WiSet;
f(x):Variable is x polynomial function;
ιj (i):The parameter for the f (x) that the actual close person i of label is calculated, containing authorized receiver's identity information, recipient can be with The secret parameter decrypted with the gain of parameter;
ηi:The actual close person i of label ιj (i)Set;
C:Message ciphertext;
The main commitment value that recipient calculates;
Γ-1:Map Γ inverse operation;
-1:Map △ inverse operation;
Q′j:Verifier coupleThe size obtained after decryption is m vector;
S′j:The value containing recipient information that verifier obtains;
γ′i:Length is n string of binary characters;
Recipient usesWhen obtained commitment value;
Recipient usesWhen obtained commitment value;
Recipient usesWhen obtained commitment value;
Length is l binary vector;
Φ′i:Recipient uses H0To i-th of all close users of labelCarry out Hash and calculate what is obtained Value;
Ψ′i:Recipient uses H0To i-th of all close users of labelCarry out Hash and calculate what is obtained Value;
Λ′i:Recipient uses H0To i-th of all close users of labelCarry out Hash and calculate what is obtained Value;
γ′:Recipient uses H0To all actual close persons' of labelCarry out Hash and calculate obtained value;
u′i:The secret parameter for the close person i of actual label that recipient obtains;
M′i:The Plaintext block that recipient calculates, the Plaintext block is actually signed close person i encryptions.
The present embodiment proposes a close side of multi-receiver label that can be suitably used for low side devices based on multivariable encryption system Method, to tackle privacy and safety problem present in existing multi-receiver stopover sites.The present embodiment meet sender anonymity, Recipient's anonymity, in advance judgement property conciliate label Migong levelling.The technology mainly used have multivariable equation polar form, Zero-knowledge proof, threshold technique.
One recipient receive first determined whether after ciphertext message source it is whether legal and oneself whether be authorize receive Person, only authorized receiver could decrypt message with the private key of oneself.As shown in Fig. 2For verifying the conjunction of informed source Method, R+Q is used to judge whether recipient is legal.ι1,…,ιτOnly it is authorized to recipient and uses the key that can be just decrypted Information, is obtained after key message, recipient could solve the correctness signed close message and verify message by W+ γ.Embody this The main information that ciphertext is included in stopover sites.Once the part error of ciphertext, whole ciphertext is destroyed.
The present embodiment is in order to judge that the legitimacy of informed source employs zero-knowledge proof technology, zero-knowledge proof process bag Include three parts:Promise to undertake, challenge and respond.Zero-knowledge proof technology is related to two sides, sender and recipients.Sender gives first One commitment value of recipient, then recipient give sender one challenging value, sender according to challenging value to recipient send one Individual response, last recipient verifies the relation between this response and commitment value, if there is certain specific relation, that Recipient demonstrates message and comes from sender, otherwise it is assumed that the informed source is unreliable.
Calculating in the present embodiment uses the polar form of multiple variant equation, and the polar form has two-wire Property attribute.Multiple variant equation P:Fn→Fm(wherein m, n are positive integer, FnIt is the n-dimensional vector space on finite field F, FmIt is M gts on finite field F, and have m<N) and shown in its polar form G relation such as formula (1), G bilinearity Shown in attribute such as formula (2), wherein u, v and w are taken from finite field F vector, and their dimension is n, i.e. u, v, w ∈ Fn.G and P output result is the space vector of the m dimensions based on finite field F.
G (u, v)=P (u+v)-P (u)-P (v) (1)
G (u+v, w)=G (u, w)+G (v, w) (2)
The present embodiment includes three algorithms:KeyGen, Signcrypt and Designcrypt.Wherein KeyGen is generation system The algorithm of the key pair of parameter of uniting and each user, Signcrypt is the close algorithm of label, and Designcrypt is the close algorithm of solution label.Should Sign and N+ τ participants are had in the finite field F that close system feature based is q (wherein q=2), system, including the N number of close person of label (label Close person includes t actual individual non-actual close person of label of the close person of label and (N-t)) and the τ close person (N >=t) of solution label, sign close person gather with The close person's set of solution label is not occured simultaneously.Scheme one leader L of selection from reality label close person, reality signs close person with the key pair of oneself It is close that message carries out label.In order to hide the identity of the close person of actual label, L can calculate interference data, and these data are that L is not knowing non- Calculate what is obtained in the case of the key of the actual close person of label for each non-actual close person of label.Data and reality is disturbed to sign the true of close person Real data is mixed, and allows recipient can not judge the identity of the close person of actual label.We are called at the process of L calculating interference data L is the non-actual close person's analogue data of label.Threshold technique is used herein.
There is a vector s ∈ in multiple variant equation P, private key in this example, it is assumed that existing in the public key of user Fn.S is divided into two parts r0∈FnAnd r1∈Fn, i.e.,:S=r0+r1.According to formula (1), there are P (r0+r1)=P (r0)+P(r1)+ G(r0,r1), in order to prevent s from being known by other users, user can not provide r simultaneously0And r1.By r0It is divided into two parts t0∈Fn And t1∈Fn, G (r are had according to the bilinearity attribute of polar form0,r1)=G (t0,r1)+G(t1,r1).Define e1∈FmAnd e0= P(r0)-e1(e0∈Fm), so P (s)=G (t0,r1)+e0+P(r1)+G(t1,r1)+e1.The equation can be seen as two parts G (t0,r1)+e0With P (r1)+G(t1,r1)+e1, it is seen that parameter group is divided into two parts (t0,r1,e0) and (t1,r1,e1), from each portion Complete s can not be all obtained in point.
KeyGen:Produce user i (i=1 ..., N) public key pkiWith private key ski.System is in the t actual close person's group of label Into colony in select a leader L, be t blocks by whole clear-text message M point.Select a Com function and five Hash letters Number:Com:Fn||Fm→Fo(n>M, | | it is cascade symbol, Com functions meet statistics and hidden and bind calculation attribute, the tool of function Body calculating process is shown in algorithm 1, is typically chosen o=128), H0:{0,1}*→{0,1}l, H1:{0,1}*→{0,1,2,3}k, H2: {0,1}l+m→Zq*, H3:Zq*→Zq*, H4:Zq*→{0,1}n+M/t.Systematic parameter is obtained for params=(H0,H1,H2,H3,H4, q,Com)。
The present embodiment is using in multivariate public key cryptography system HFE (Hidden Fields Equations) multivariable Heart mapping structure, its kernel kernal mapping F is Fn→Fm(m<N) the multivariable polynomial group on, shown in its structure such as formula (3).User i Select a transformation equation groupThe reversible affine transformation Γ of simultaneous selection twoi∈FnAnd △i∈Fm.In the scheme of the present embodiment In, it is desirable to user i selection random vectors si∈Fn, user i private key isMeetAndIn be free of Constant term (method for meeting this requirement is shown in algorithm 2).As long as such si=0 can just meetThe leader L is facilitated to be The non-actual close person's simulated operation of label.User i public key includes two parts, and Part I is(its Middle ο is the composite symbol of mapping), Part II is zi=Pi(si).User i public key is (Pi,zi)。
Algorithm 1 (how Com functions, which are realized, is hidden statistics and bind calculation function):
The hiding statistical attribute of Com functions represents the output knot that different input parameters is obtained after the calculating of Com functions Fruit is different, and result is for recipient's undistinguishable.The bind calculation attribute of Com functions represents that input data passes through Com functions Calculating is obtained after output result, and sender can not deny the value of input data.
Sender determines the length of the input parameter of Com functions.In the present embodiment, the length of the input parameter of Com functions For n+m, the input parameter of Com functions includes two parameters, and first parameter is the n-dimensional vector based on finite field F, second ginseng Number is the m dimensional vectors based on F.Definition input parameter is Χ.The security parameter that ω is Com functions is defined, φ=(n of 2 ω+2 are defined +m)+4.The Hash functions h avoided is collided in selection one5:{0,1}φ→{0,1}ω, it is known that one is collided the function group H avoided6: {0,1}φ→{0,1,}n+m.Com output includes two parts, is designated as c and d.C and d are sent to recipient by sender.h5It is public The Hash functions opened.
D) sender random selection r ∈ { 0,1 }φ, calculate y=h5(r).
E) sender is from H6Hash function groups in select a h6∈H6, meet h6(r)=X.
F) Com is output as c=(h6, y), d=r.
Recipient verifies y=h5And h (r)6(r)=X, due to h6And h5All it is the function that collision is avoided, therefore in the absence of one Meet h6(r ')=X and y=h5The r ' of (r ').Sender can not deny X.
Algorithm 2 (ensuresAnd do not include constant term, this algorithm acquiescence in equationMonomial coefficient be 1):
C) vectorial s of the system in user ii=(s1i,s2i,…,sni) turn left searching first from the right side in (i=1 ..., N) The component for 0, variable x is assigned to by the subscript value of the component.System is that user i randomly chooses one with n variable and m The Polynomial equations of equationEquation group does not have constant term.CalculateNote nowValue differ be set to 0, it is necessary to according to process b) change equation groupThe coefficient of middle equation, untilEach component value be equal to 0 untill.
D) Equation f is selected from equation group successivelyj(j=1 ..., m).SelectionJ-th of componentIfValue not be 0, according to formula (4) to fjMake an amendment, untilValue be 0 untill.In formula (4)Expression side Journey fjIn x-th of monotropic quantifier coefficient, sxIt is si=(s1i,s2i,…,sni) in (i=1 ..., N) subscript value for x point Amount:
Value be changed into after 0, select next equation, the coefficient of equation, Zhi Daofang changed using the method for formula (4) All equations of Cheng Zuzhong are all met after requirement, stop aforesaid operations.
Signcrypt:Close process is signed, six steps are divided into.
step1:Calculate the commitment value of the close person of label.
The actual close person i of label selects k parameter tuple (ri,tj,em) (wherein i=0,1, j=0,1, m=0,1), Mei Gecan The value of number tuple is different from, and meets si=r0 (j)+r1 (j), r0 (j)=t1 (j)+t0 (j),Wherein j= 1 ..., k, it is as follows.
Each actual close person of label calculates commitment value, the commitment value obtained using i-th group of parameter tuple using k group parameters tuple ForWithTheir computational methods are as follows:
Sign close person i selections γi={ 0,1 }n, then he is to message blocks MiCalculated.HaveFinally sign Close person i will It is sent to L.
step2:L calculates main promise and challenging value.
L receives the commitment value of the close person of other t-1 label.L calculates the commitment value of oneself and basisPrinciple be N- The t non-close person's simulation commitment values of label.L calculates main promise after have collected the promise of each close user of labelBecause all label are close The same challenging value of users to shareSo L must be directed to each challenging value component, by all close user relevant positions of label Commitment value is arranged to together.Likewise, responseIt is also to be organized together according to the component of challenging value.Φj, ΨjWith ΛjBe by the jth group commitment value taxonomic revisions of the close users of all label together.I.e. all close users' of label InIt is organized and obtains Φ together1,It is organized and obtains together To Φ2, the like, until all close users' of labelIt is organized and obtains Λ togetherk.γ is the message of all close users of label BlockArrangement result.θi,jIt is the θ of the close user i of label (including actual and non-actual close person of label)iJ-th of component, Sign close user i'sIt is the close user i of label (including actual and non-actual close person of label)J-th of component, that is, sign Close user i'sπi,jIt is the π of the close user i of label (including actual and non-actual close person of label)iJ-th of component, that is, sign close user I'sWherein j=1 ..., k, i=1 ..., N.
Φj=H01,j||...||θN,j)
Λj=H01,j||...||πN,j)
The main promise of all senders
L uses H1To the promise receivedWithHash calculating is carried out, challenge vector is obtained(i.e.Tieed up for k The vector of vector space).
L willIt is sent to remaining the t-1 close person of label.
step3:Sign close person and calculate response.
The response for signing close person i is ζiοζiJth position component ζi,j(1≤j≤k) is according to challenging valueJth position componentCalculate what is obtained.According toValue,Jth position componentFor 0,1,2 actual close user i of label need to use oneself the J group parameter member set constructor response components ζi,j.Calculating process is as follows:
Ifζi,j=(r0 (j),t1 (j),e1 (j))
Ifζi,j=(r1 (j),t1 (j),e1 (j))
Ifζi,j=(r1 (j),t0 (j),e0 (j))
WhenFor 3 when represent to skip calculating group response.Close person i is finally signed ζi=(ζi,1i,2,…,ζi,k) hair Give L (ζ hereiniThere is k component, this is that situation when element is 3 is not present in challenging value, because working asDuring equal to 3, it is necessary to Skip this group of response component of calculating.IfIt is middle to there is the component that x value is 3, ζiComponent number then be k-x.In the present embodiment Middle acquiescence ζiThere is k component).
step4:L calculates main response value and specifies recipient.
L calculates the response of oneself, and collects the response that other t-1 signer is sent.The non-actual label of simulation N-t The response of close user.L calculates main responseIt isJ-th of component, it is j-th of component according to challenging valueMeter Obtain, wherein (1≤j≤k).
If
If
If
IfCorresponding response is not calculated.
Assuming that there is τ recipient.For recipient i, L random selections Qi∈Fm(1≤i≤τ) is simultaneously calculated as below:
Ri=H3(Si)
Here SiAnd RiIt is to be calculated for each authorized receiver, recipient can only be according to SiAnd RiOneself could be judged Whether it is authorized to.L arranges the identity information of sender and recipients to together, is designated as U.
step5:The actual close person of label calculates ciphertext and the identity information of recipient.
The close person i of reality label (i=1 ..., t) select a secret parameter ui∈Zq*, the secret parameter is used for encrypting message, Only authorized receiver could obtain this secret parameter.The actual close person i of label uses uiMessage is encrypted, ciphering process is as follows:
Wi=H4(ui)⊕(γi||Mi)
In order to reach that only authorized receiver could obtain secret parameter, the actual close person i of label uses all authorized receivers The information at family and the secret parameter are stashed by following mode.
The actual close person i of label obtains parameter listIt is actual to sign close person i by (Wii) it is sent to L.
step6:L arranges the label confidential information of all close person users of label and is sent to verifier.
The close message coalescing of all label being collected into together, is finally obtained message ciphertext C by L.Have:
W=(W1,…,Wt)
R=(R1,…,Rτ)
C=(R, U, η1,…,ηt,W)
Designcrypt:The close process of solution label, is divided into two steps.
step1:Verify the legitimacy of recipient.
Recipient V is received after ciphertext C, according to challenging value componentObtain N group commitment valuesWith(i=1 ..., N).The following three kinds of situations of calculating process point:
When the jth position component of challenging valueBe worth for 0 when, V can only be from main responseJth position componentIn Obtain N group parameters r0 (i), t1 (i), e1 (i)(wherein i=1 ..., N, main responseInclude k component, each componentInclude N The response of individual sender).Recipient V uses i-th group of data r0 (i), t1 (i), e1 (i)(i=1 ..., N) be calculated as below To the commitment value for signing close user iWith
V-arrangement is into the responses of the close users of all label, Ψ 'jIt is basisTo allThe Hash knots of calculating Really, Λ 'jIt is basisTo allThe Hash results of calculating, are shown below.
WhenBe worth for 1 when, V can only be fromIn obtain N group parameters r1 (i), t1 (i), e1 (i)(i=1 ..., N).V is close using signing User i data r1 (i), t1 (i), e1 (i)Be calculated as below the commitment value for obtaining signing close user iWith
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allThe Hash knots that (i=1 ..., N) is calculated Really.Λ′jIt is basisTo allThe Hash results that (i=1 ..., N) is calculated.
WhenBe worth for 2 when, V can only be fromIn obtain N group parameters r1 (i), t0 (i), e0 (i)(wherein i=1 ..., N), V uses the data r for signing close user i1 (i), t0 (i), e0 (i)Be calculated as below the commitment value for obtaining signing close user iWithIt is calculated as follows:
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allThe Hash knots that (i=1 ..., N) is calculated Really.Ψ′jIt is basisTo allThe Hash results of calculating.
WhenBe worth for 3 when, recipient stop checkingJudge next bitValue, until looking for It is not 3 to a valueWhen just continue verifyObtain main promise
V verifies whether oneself is authorized receiver, and following i represents sender, and j represents recipient:
V judges equation Rj=H3(S′j) whether set up.If set up, V is then a member in authorized receiver, and otherwise V is put Abandon solution label close.
step2:Verify the correctness of message and obtain message.
For the actual close person i (1≤i≤t) of label, authorized receiver V passes through equation below:
F (x)=ι1 (i)2 (i)x+…+ιτ (i)xτ-1+xτ
Obtain the close person i of actual label secret parameter f (S 'j)=u 'i, and non authorized recipients are correct due to that can not obtain S′jAnd the secret parameter of decryption can not be obtained.V is by being calculated as below:
(γ′i||M′i)=H4(u′i)⊕Wi
It can obtain signing the close cleartext information M ' of close user i labeli, but can't now verify whether message is correct.V is calculatedAnd verifyWhether set up.If set up, V receives the cipher-text message, Clear-text message is M=M '1||M′2||…||M′t.Otherwise V refuses the ciphertext.

Claims (1)

1. a kind of multi-receiver label decryption method based on multivariable, many security attributes, it is characterised in that comprise the following steps:
Step 1: producing user i public key pk by KeyGen algorithmsiWith user i private key ski, wherein i=1 ..., N;System A leader L is selected in the colony of the actual close person's composition of t label, is t blocks by whole clear-text message M points;Selection one Com functions and five Hash functions, Com:Fn||Fm→Fo, n>M, | | it is cascade symbol, FnIt is the n-dimensional vector sky on finite field F Between, FmIt is the m gts on finite field F, Com functions meet statistics and hidden and bind calculation attribute, select o=128;H0: {0,1}*→{0,1}l, H1:{0,1}*→{0,1,2,3}k, H2:{0,1}l+m→Zq*, H3:Zq*→Zq*, H4:Zq*→{0,1 }n+M/t, Zq* it is the vector of random length in the finite field that rank is q;Systematic parameter is obtained for params=(H0,H1,H2,H3,H4, q,Com);The detailed process of function is as follows,
The hiding statistical attribute of Com functions represents output result that different input parameter obtains after the calculating of Com functions not Together, and result is for recipient's undistinguishable;The bind calculation attribute of Com functions represents that input data is calculated by Com functions Obtain after output result, sender can not deny the value of input data;
Sender determines the length of the input parameter of Com functions;The length of the input parameter of Com functions is n+m, Com functions Input parameter includes two parameters, and first parameter is the n-dimensional vector based on finite field F, and second parameter is the m dimensions based on F Vector;Definition input parameter is X;The security parameter that ω is Com functions is defined, φ=(n+m)+4 of 2 ω+2 is defined;Selection one Collide the Hash functions h avoided5:{0,1}φ→{0,1}ω, it is known that one is collided the function group H avoided6:{0,1}φ→{0,1, }n+m;Com output includes two parts, is designated as c and d;C and d are sent to recipient by sender;h5It is disclosed Hash functions;
A) sender random selection r ∈ { 0,1 }φ, calculate y=h5(r).
B) sender is from H6Hash function groups in select a h6∈H6, meet h6(r)=X;
C) Com is output as c=(h6, y), d=r;
Recipient verifies y=h5And h (r)6(r)=X, due to h6And h5All it is the function that collision is avoided, therefore in the absence of a satisfaction h6(r ')=X and y=h5The r ' of (r ');Sender can not deny X;
User i selects a transformation equation groupThe reversible affine transformation Γ of simultaneous selection twoi∈FnAnd Δi∈Fm;It is required that user I selection random vectors si∈Fn, user i private key isMeetAndIn be free of constant term, specifically Method is as follows;
EnsureAnd do not include constant term, this algorithm acquiescence in equationMonomial coefficient be 1;
A) vectorial s of the system in user ii=(s1i,s2i,…,sni) in find the component that first is not 0 from right turn left, by this The subscript value of component is assigned to variable x;System is that user i randomly chooses a polynomial equation with n variable and m equation GroupEquation group does not have constant term;CalculateNowValue differ and be set to 0, need To change equation group according to process b)The coefficient of middle equation, untilEach component value be equal to 0 untill;
B) Equation f is selected from equation group successivelyj, j=1 ..., m;SelectionJ-th of componentIf Value not be 0, according to below equation to fjMake an amendment, untilValue be 0 untill;In below equationRepresent Equation fjIn The coefficient of x-th of monotropic quantifier, sxIt is si=(s1i,s2i,…,sni) in subscript value be x component:
Value be changed into after 0, next equation is selected, using formulaChange the coefficient of equation, until equation group In all equations all meet after requirement, stop aforesaid operations;
As long as si=0 can just meetIt is the non-actual close person's simulated operation of label to facilitate leader L;User i public key includes Two parts, Part I isWhereinIt is the composite symbol of mapping, Part II is zi=Pi(si);User i Public key be (Pi,zi);
Step 2: signing close process using Signcrypt, six steps are divided into;
step 1:Calculate the commitment value of the close person of label;
The actual close person i of label selects k parameter tuple (ri,tj,em), wherein i=0,1, j=0,1, m=0,1, each parameter tuple Value be different from, meet si=r0 (j)+r1 (j), r0 (j)=t1 (j)+t0 (j),It is as follows;
<mrow> <mfenced open = "(" close = ")"> <mtable> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> </mfenced> <mfenced open = "(" close = ")"> <mtable> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> </mfenced> <mo>...</mo> <mfenced open = "(" close = ")"> <mtable> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>t</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>k</mi> <mo>)</mo> </mrow> </msup> </mrow> </mtd> </mtr> </mtable> </mfenced> </mrow>
Each actual close person of label calculates commitment value using k group parameters tuple, and obtaining commitment value using i-th group of parameter tuple isWithComputational methods are as follows:
<mrow> <msubsup> <mi>c</mi> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msubsup> <mi>r</mi> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>,</mo> <msub> <mi>G</mi> <mi>i</mi> </msub> <mo>(</mo> <mrow> <msubsup> <mi>t</mi> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>,</mo> <msubsup> <mi>r</mi> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> </mrow> <mo>)</mo> <mo>+</mo> <msubsup> <mi>e</mi> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mi>c</mi> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msubsup> <mi>t</mi> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>,</mo> <msubsup> <mi>e</mi> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mi>c</mi> <mn>2</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msubsup> <mi>t</mi> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>,</mo> <msubsup> <mi>e</mi> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
Sign close person i selections γi={ 0,1 }n, then to message blocks MiCalculated, obtainedFinally sign close person i WillIt is sent to L;
step 2:Leader L calculates main promise and challenging value;
Leader L receives the commitment value of the close person of other t-1 label;Leader L calculates the commitment value of oneself and basisPrinciple For the N-t non-close person's simulation commitment values of label;Leader L calculates main promise after collecting the promise for each signing close userDue to all Sign the same challenging value of close users to shareSo leader L must be directed to each challenging value component, by all close user's phases of label The commitment value of position is answered to arrange to together;Likewise, responseIt is also to be organized together according to the component of challenging value; Φj、ΨjAnd ΛjBe by the jth group commitment value taxonomic revisions of the close users of all label together;I.e. all close users' of labelInIt is organized and obtains together Φ1,It is organized and obtains Φ together2, the like, until all close users' of labelIt is organized and obtains Λ togetherk;γ It is the message blocks of all close users of labelI=1 ..., t arrangement result;θi,jIt is the θ for signing close user iiJ-th of component, i.e., Sign close user i's It is the close user i of labelJ-th of component, that is, sign close user i'sπi,jIt is the close user i of label πiJ-th of component, that is, sign close user i'sWherein j=1 ..., k, i=1 ..., N;
Φj=H01,j||...||θN,j)
Λj=H01,j||...||πN,j)
The main promise of all senders
Leader L uses H1To the promise receivedWithHash calculating is carried out, challenge vector is obtainedI.e.Tieed up for k Vector in vector space;
Leader L willIt is sent to remaining the t-1 close person of label;
step 3:Sign close person and calculate response;
The response for signing close person i isJth position component1≤j≤k is according to challenging valueJth position componentCalculate Obtain;According toValue,Jth position componentFor 0,1 and 2, then sign close user i and need to use the jth group parameter member of oneself Set constructor response componentCalculating process is as follows:
If
If
If
WhenFor 3 when represent to skip calculating group response;Finally sign close person i handlesIt is sent to leader L, hereinThere is k component, this is situation when element 3 being not present in challenging value, because working as, it is necessary to skip calculating during equal to 3 This group of response component;IfIt is middle to there is the component that x value is 3,Component number then be k-x;Give tacit consent in the present inventionThere is k Individual component;
step 4:L calculates main response value and specifies recipient;
Leader L calculates the response of oneself, and collects the response that other t-1 signer is sent;The non-actual label of simulation N-t The response of close user;Leader L calculates main response It isJ-th of component, according to j-th of component of challenging valueCalculate Obtain;
If
If
If
IfCorresponding response is not calculated;
Assuming that there is τ recipient;For recipient i, L random selections Qi∈Fm, 1≤i≤τ, and be calculated as below:
Ri=H3(Si)
Here SiAnd RiIt is to be calculated for each authorized receiver, recipient can only be according to SiAnd RiCould judge oneself whether by Authorize;Lead L to arrange the identity information of sender and recipients to together, be designated as U;
step 5:The actual close person of label calculates ciphertext and the identity information of recipient;
Actual label close person i, i=1 ..., t, select a secret parameter ui∈Zq*, the secret parameter is used for encrypting message, only Authorized receiver could obtain this secret parameter;The actual close person i of label uses uiMessage is encrypted, ciphering process is as follows:
Wi=H4(ui)⊕(γi||Mi)
In order to reach that only authorized receiver could obtain secret parameter, the actual close person i of label authorizes solution to sign close user's by all Information and the secret parameter are stashed by following mode;
<mrow> <mi>f</mi> <mrow> <mo>(</mo> <mi>x</mi> <mo>)</mo> </mrow> <mo>=</mo> <munderover> <mo>&amp;Pi;</mo> <mn>1</mn> <mi>&amp;tau;</mi> </munderover> <mrow> <mo>(</mo> <mi>x</mi> <mo>-</mo> <msub> <mi>S</mi> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mo>+</mo> <msub> <mi>u</mi> <mi>i</mi> </msub> <mi>mod</mi> <mi> </mi> <mi>q</mi> <mo>=</mo> <msup> <msub> <mi>&amp;iota;</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>+</mo> <msup> <msub> <mi>&amp;iota;</mi> <mn>2</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mi>x</mi> <mo>+</mo> <mn>...</mn> <mo>+</mo> <msup> <msub> <mi>&amp;iota;</mi> <mi>&amp;tau;</mi> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <msup> <mi>x</mi> <mrow> <mi>&amp;tau;</mi> <mo>-</mo> <mn>1</mn> </mrow> </msup> <mo>+</mo> <msup> <mi>x</mi> <mi>&amp;tau;</mi> </msup> </mrow>
The actual close person i of label obtains parameter list ηi=(ι1 (i),…,ιτ (i));It is actual to sign close person i by (Wii) it is sent to leader L;
step 6:Leader L arranges the label confidential information of all close users of label and is sent to verifier;
Lead L that together, the close message coalescing of all label being collected into is finally obtained into message ciphertext C;Have:
W=(W1,…,Wt)
R=(R1,…,Rτ)
C=(R, U, η1,…,ηt,W)
Step 3: using the close process of Designcypt algorithm solution label, being divided into two steps;
step 1:Verify the legitimacy of recipient;
Recipient V is received after ciphertext C, according to challenging value componentJ=1 ..., k, obtain N group commitment values With I=1 ..., N;Three classes of calculating process point:
When the jth position component of challenging valueBe worth for 0 when, V can only be from main responseJth position componentIn obtain N group parameters r0 (i), t1 (i), e1 (i), main responseInclude k component, each componentInclude the response of N number of sender;Recipient V is used I-th group of data r0 (i), t1 (i), e1 (i)Be calculated as below the commitment value for obtaining signing close user iWith
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>r</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>-</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msub> <mi>P</mi> <mi>i</mi> </msub> <mo>(</mo> <mrow> <msup> <msub> <mi>r</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> </mrow> <mo>)</mo> <mo>-</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
V-arrangement is into the responses of the close users of all label, Ψ 'jIt is basisTo allResult of calculation;Λ′jIt is basisTo institute HaveResult of calculation;
<mrow> <msubsup> <mi>&amp;Psi;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mi>&amp;Lambda;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
WhenBe worth for 1 when, V can only be fromIn obtain N group parameters r1 (i), t1 (i), e1 (i);V uses the data r for signing close user i1 (i), t1 (i), e1 (i)Be calculated as below the commitment value for obtaining signing close user iWith
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msub> <mi>z</mi> <mi>i</mi> </msub> <mo>-</mo> <msub> <mi>P</mi> <mi>i</mi> </msub> <mo>(</mo> <mrow> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> </mrow> <mo>)</mo> <mo>-</mo> <msub> <mi>G</mi> <mi>i</mi> </msub> <mo>(</mo> <mrow> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> </mrow> <mo>)</mo> <mo>-</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>t</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allResult of calculation;Λ′jIt is basisTo institute HaveResult of calculation;
<mrow> <msubsup> <mi>&amp;Phi;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mi>&amp;Lambda;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>2</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
WhenBe worth for 2 when, V can only be fromIn obtain N group parameters r1 (i), t0 (i), e0 (i), the close user i of V use label data r1 (i), t0 (i), e0 (i)Be calculated as below the commitment value for obtaining signing close user iWithIt is calculated as follows:
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msub> <mi>G</mi> <mi>i</mi> </msub> <mo>(</mo> <mrow> <msup> <msub> <mi>t</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>r</mi> <mn>1</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> </mrow> <mo>)</mo> <mo>+</mo> <msup> <msub> <mi>e</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msubsup> <mo>=</mo> <mi>C</mi> <mi>o</mi> <mi>m</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>t</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>,</mo> <msup> <msub> <mi>e</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </msup> <mo>)</mo> </mrow> </mrow>
V-arrangement is into the responses of the close users of all label, Φ 'jIt is basisTo allResult of calculation;Ψ′jIt is basisTo institute HaveResult of calculation;
<mrow> <msubsup> <mi>&amp;Phi;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>0</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
<mrow> <msubsup> <mi>&amp;Psi;</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msub> <mi>H</mi> <mn>0</mn> </msub> <mrow> <mo>(</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </msubsup> <mo>|</mo> <mo>|</mo> <mo>...</mo> <mo>|</mo> <mo>|</mo> <msubsup> <mover> <mi>c</mi> <mo>&amp;OverBar;</mo> </mover> <mn>1</mn> <mrow> <mo>(</mo> <mi>N</mi> <mo>)</mo> </mrow> </msubsup> <mo>)</mo> </mrow> </mrow>
WhenBe worth for 3 when, recipient stop checkingJudge next bitValue, is not 3 until finding a valueShi Caiji Continuous checkingObtain main promise
V verifies whether oneself is authorized receiver, and following i represents sender, and j represents recipient:
V judges equation Rj=H3(Sj') whether set up;If set up, V is then a member in authorized receiver, and otherwise V abandons solution Label are close;
step 2:Verify the correctness of message and obtain message;
For the actual close person i of label, 1≤i≤t, authorized receiver V passes through equation below:
F (x)=ι1 (i)2 (i)x+…+ιτ (i)xτ-1+xτ
Obtain the close person i of actual label secret parameter f (Sj')=ui', and non authorized recipients are due to that can not obtain correct Sj' and The secret parameter of decryption can not be obtained;V is by being calculated as below:
i′||Mi')=H4(ui′)⊕Wi
Obtain signing the close cleartext information M of close user i labeli', but can't now verify whether message is correct;V is calculatedAnd verifyWhether set up;If set up, V receives the cipher-text message, clear-text message For M=M1′||M2′||…||Mt′;Otherwise V refuses the ciphertext.
CN201410821537.4A 2014-12-25 2014-12-25 Multi-receiver label decryption method based on multivariable, many security attributes Active CN104539425B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410821537.4A CN104539425B (en) 2014-12-25 2014-12-25 Multi-receiver label decryption method based on multivariable, many security attributes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410821537.4A CN104539425B (en) 2014-12-25 2014-12-25 Multi-receiver label decryption method based on multivariable, many security attributes

Publications (2)

Publication Number Publication Date
CN104539425A CN104539425A (en) 2015-04-22
CN104539425B true CN104539425B (en) 2017-11-03

Family

ID=52854896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410821537.4A Active CN104539425B (en) 2014-12-25 2014-12-25 Multi-receiver label decryption method based on multivariable, many security attributes

Country Status (1)

Country Link
CN (1) CN104539425B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027239B (en) * 2016-06-30 2019-03-26 西安电子科技大学 The multi-receiver label decryption method without key escrow based on elliptic curve
CN106936593B (en) * 2017-05-12 2019-12-17 西安电子科技大学 Certificateless multi-receiver signcryption method based on elliptic curve efficient anonymity
CN110648229B (en) * 2019-08-07 2022-05-17 中国科学院信息工程研究所 Semi-public block chain system and transaction method
CN112152813B (en) * 2020-09-11 2022-06-07 中南民族大学 Certificateless content extraction signcryption method supporting privacy protection
CN116561788B (en) * 2023-07-04 2023-09-29 南京大数据集团有限公司 Electronic identity code encryption, decoding and key management system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179374A (en) * 2006-11-09 2008-05-14 日电(中国)有限公司 Communication equipment, communications system and method therefor
CN102710613A (en) * 2012-05-14 2012-10-03 西安电子科技大学 Signcryption method of biological features of a plurality of receivers
CN102811125A (en) * 2012-08-16 2012-12-05 西北工业大学 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2016701A4 (en) * 2006-04-25 2012-04-25 Stephen Laurence Boren Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179374A (en) * 2006-11-09 2008-05-14 日电(中国)有限公司 Communication equipment, communications system and method therefor
CN102710613A (en) * 2012-05-14 2012-10-03 西安电子科技大学 Signcryption method of biological features of a plurality of receivers
CN102811125A (en) * 2012-08-16 2012-12-05 西北工业大学 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
公平的基于身份的多接收者匿名签密涉及与分析;庞辽军等;《软件学报》;20141031;2409-2420 *
改进的多接收者签密方法;李慧贤等;《计算机研究与发展》;20130715;1418-1425 *
新的基于身份的多接收者匿名签密方案;庞辽军等;《计算机学报》;20111130;2104-2113 *

Also Published As

Publication number Publication date
CN104539425A (en) 2015-04-22

Similar Documents

Publication Publication Date Title
Han et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption
CN112019591B (en) Cloud data sharing method based on block chain
Su et al. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things
Liang et al. A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing
CN104539425B (en) Multi-receiver label decryption method based on multivariable, many security attributes
CN110912897B (en) Book resource access control method based on ciphertext attribute authentication and threshold function
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN104753947A (en) Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
CN117201132A (en) Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method
CN105978687B (en) Identity-based anonymous broadcast encryption method under prime order in standard model
Liu et al. Multi-authority ciphertext policy attribute-based encryption scheme on ideal lattices
CN116743358A (en) Repudiation multi-receiver authentication method and system
CN107294972B (en) Identity-based generalized multi-receiver anonymous signcryption method
CN109495478A (en) A kind of distributed security communication means and system based on block chain
CN112819465B (en) Homomorphic encryption method and application system based on Elgamal
Ranjan et al. A cloud based secure voting system using homomorphic encryption for android platform
Cao et al. Authenticating with attributes in online social networks
Backes et al. Fully secure inner-product proxy re-encryption with constant size ciphertext
Wen et al. Private mutual authentications with fuzzy matching
Blazy et al. Identity-based encryption in DDH hard groups
CN116633560B (en) Privacy protection and supervision method for block chain multicast transaction mode
Wang et al. A Quantum Concurrent Signature Scheme Based on the Quantum Finite Automata Signature Scheme
CN110113331B (en) Distributed ciphertext policy attribute-based encryption method for hidden access structure

Legal Events

Date Code Title Description
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190612

Address after: 523808 Zhongsheng silver building, No. three road, Songshan Lake headquarters, Dongguan, Guangdong, 20

Patentee after: Dongguan Sanhang civil Military Integration Innovation Institute

Address before: 710072 No. 127 Youyi West Road, Shaanxi, Xi'an

Patentee before: Northwestern Polytechnical University

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220411

Address after: 523000 room 803, building 1, No. 20, third headquarters Road, Songshanhu Park, Dongguan City, Guangdong Province

Patentee after: Dongguan Sanhang anxirui Information Technology Co.,Ltd.

Address before: 523808 Zhongsheng silver building, No. three road, Songshan Lake headquarters, Dongguan, Guangdong, 20

Patentee before: DONGGUAN SANHANG CIVIL-MILITARY INTEGRATION INNOVATION Research Institute