CN104639322A - Identity-based encryption method with certificates and attributes - Google Patents
Identity-based encryption method with certificates and attributes Download PDFInfo
- Publication number
- CN104639322A CN104639322A CN201310564404.9A CN201310564404A CN104639322A CN 104639322 A CN104639322 A CN 104639322A CN 201310564404 A CN201310564404 A CN 201310564404A CN 104639322 A CN104639322 A CN 104639322A
- Authority
- CN
- China
- Prior art keywords
- text message
- certificate
- user
- cipher
- recipient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
An embodiment of the invention provides an identity-based encryption method with certificates and attributes. The identity-based encryption method includes enabling a certificate authorization center CA to select elliptical curves and sets of all the attributes, selecting master keys and security parameters and generating and distributing system parameters; enabling users to provide information for the certificate authorization center CA and acquire the certificates, verifying the certificates, generating private keys of the users by the aid of the certificates and the system parameters, and disclosing public keys of the users; allowing senders to use identities and the public keys of receivers, selecting linear key sharing schemes, encrypting messages in plain texts to obtain messages in cipher texts and sending the messages in the cipher texts to the receivers; enabling the receivers to verify whether requirements of access structures in the messages in the cipher texts are met by message receiver attribute sets or not, and decrypting the messages in the cipher texts by the aid of the private keys of the receivers to obtain the messages in the plain texts if the requirements of the access structures in the messages in the cipher texts are met by the message receiver attribute sets. The identity-based encryption method has the advantages that the identity-based encryption schemes are constructed by means of asynchronous bilinear pairing of the elliptical curves, and accordingly problems in the aspect of key recovery can be solved.
Description
Technical field
The present invention relates to electronic information security technical field, particularly relate to a kind of method of the Identity-based encryption containing attribute with certificate.
Background technology
Along with development that is scientific and technological and information, information security obtains extensive concern, and in life, business, play irreplaceable effect in national defence, cryptography is the subject that development is also ripe gradually in order to ensure information security, then informationalized high speed development, had new requirement to cryptography, traditional cryptography can not meet new application demand.Public key cryptography introduced cryptography by Diffie and Hellman in 1976, created rsa cryptosystem system subsequently, Elgamal cryptographic system and elliptic curve cryptosystem.These public-key cryptosystems are applied rapidly, and obtain more deep research.
Shamir proposed Identity Based Cryptography in 1984, namely the key of user is relevant to identity, carry out message encryption and deciphering more easily, do not need the certificate in conventional public-key cryptography, a sender of the message only uses the identity information of recipient just can carry out message encryption.But in Identity Based Cryptography, user key is by private key generator (Private Key Generator, PKG) produce, PKG can use master key to carry out all encrypting messages of decrypted user, and can carry out information signature, thus occurs key escrow.
In order to the key escrow solved in Identity-based cryptography mainly contains following three kinds of methods in prior art: first method is, uses multiple PKG, only reaches the PKG of some, could obtain the private key of user together; Second method uses double-encryption, public encryption system and Identity based encryption system combined; The third method is the Identity based encryption scheme with certificate.
The method shortcoming of the key escrow in above-mentioned solution Identity-based cryptography of the prior art is: certificate can not disclose, and certificate needs to be transmitted by escape way, and scheme realizes complicated, and the fail safe of key escrow is not high.
Summary of the invention
The embodiment provides a kind of method of the Identity-based encryption containing attribute with certificate, thus solve key escrow in Identity-based cryptography, certificate can be announced, not need to be transmitted by escape way.
With a method for the Identity-based encryption containing attribute of certificate, it is characterized in that, described method comprises the steps:
Certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter;
User provides information to described CA, and obtains the certificate that this CA signs and issues described user, and verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient;
Sender uses the identity of recipient and described PKI, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and described cipher-text message is sent to described recipient;
Described recipient receives described cipher-text message, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, uses the private key of described recipient to be decrypted described cipher-text message and obtains described clear-text message.
Described certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates also delivery system parameter and comprises:
Described CA, based on security parameter k, chooses normal elliptic curve in finite field, and produces an asymmetric Bilinear Pairing e:G on it
1× G
2→ G
t, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G
1generator P
1and Q
1, G
2generator P
2and Q
2; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas described master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, master key is α.
Described user provides information to described CA, and obtain the certificate that this CA signs and issues described user, verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient comprises:
Described user has community set S, chooses secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to described CA, described information InfoUser comprises the identity information of user, attribute information S, and described PKI e (P, Q)
t α;
Described CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to described user;
User receives the certificate Cert of described CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After described in described user rs authentication, certificate Cert passes through, calculating private key is (K, L, { K
i}
i ∈ s), wherein K=t α P+ht α sP
0, L=t α sQ, K
i=tsP
i.
Described sender uses the identity of recipient and described PKI, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and send to described recipient to comprise described cipher-text information:
Described sender sends clear-text message m, and according to common parameter, select a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: and 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret.Calculate λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Cipher-text message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q.
Described recipient receives described cipher-text message, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, uses the private key of described recipient to be decrypted described cipher-text message and obtains described clear-text message and comprise:
After described recipient receives described cipher-text message, obtain the access structure (M, ρ) in described cipher-text message; Verify whether the community set S of described recipient meets described access structure (M, ρ), if so, then remember I={i| ρ (i) ∈ S}, calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Otherwise, stop the described cipher-text message of deciphering.
With a device for the Identity-based encryption containing attribute of certificate, it is characterized in that, comprising:
System parameters generation module, for certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter;
User certificate and key production module, information is provided to described CA for user, and obtain the certificate that this CA signs and issues described user, verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient;
Clear-text message encrypting module, uses the identity of recipient and described PKI for sender, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and described cipher-text message is sent to described recipient;
Cipher-text message deciphering module, described cipher-text message is received for described recipient, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, use the private key of described recipient to be decrypted described cipher-text message and obtain described clear-text message.
Described system parameters generation module, specifically for passing through described CA based on security parameter k, choosing normal elliptic curve in finite field, and producing an asymmetric Bilinear Pairing e:G on it
1× G
2→ G
t, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G respectively
1and G
2generator P and Q; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas described master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, master key is α.
User certificate and key production module, specifically for having community set S by described user, choose secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to described CA, described information InfoUser comprises the identity information of user, attribute information S, and described PKI e (P, Q)
t α;
Described CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to described user;
User receives the certificate Cert of described CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After described in described user rs authentication, certificate Cert passes through, calculating private key is (K, L, { K
i}
i ∈ s), wherein
l=t α sQ, K
i=tsP
i.
Described clear-text message encrypting module, sends clear-text message m specifically for described sender, according to common parameter, selects a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret, calculates λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Cipher-text message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q.
Described cipher-text message deciphering module, after receiving described cipher-text message, obtains the access structure (M, ρ) in described cipher-text message specifically for described recipient; Verify whether the community set S of described recipient meets described access structure (M, ρ), if so, then remember I={i| ρ (i) ∈ S}, calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Otherwise, stop the described cipher-text message of deciphering.
The technical scheme provided as can be seen from the embodiment of the invention described above, the embodiment of the present invention is by combining public key cryptography system and Identity-based cryptography, combine their advantage, do not need just described certificate to be announced by escape way transmission, thus solve key escrow in Identity-based cryptography.With the addition of attribute properties, for each described user distributes a community set, the private key of described user is correlated with this community set, described sender uses the access structure in linear secret sharing scheme to encrypt described clear-text message, thus obtain described cipher-text message, when only having the community set of described recipient to meet access structure, just can be decrypted described clear-text message; And employ asymmetrical Bilinear Pairing, need normal elliptic curve, the asymmetric Bilinear Pairing on normal elliptic curve is selected more, and safer.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The flow chart of the method for a kind of Identity-based encryption containing attribute with certificate that Fig. 1 provides for the embodiment of the present invention one;
The schematic diagram of the device of a kind of Identity-based encryption containing attribute with certificate that Fig. 2 provides for the embodiment of the present invention two.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing for two specific embodiments, and each embodiment does not form the restriction to the embodiment of the present invention.
Along with the widespread demand of application, the cryptography based on attribute is introduced into, and based in the cryptography of attribute, the private key of a user and cipher-text message are associated with community set or access strategy.Encryption based on attribute can be divided into the encryption based on attribute of key strategy and the encryption based on attribute of Ciphertext policy by the situation according to association.At key strategy based in the encryption of attribute, the private key of user is associated with an access strategy, and cipher-text message is associated with community set; And at Ciphertext policy based in the encryption of attribute, the private key of user is associated with community set, and cipher-text message is then containing access strategy.
The embodiment of the present invention is by combining public key cryptography system and Identity-based cryptography, combine their advantage, do not need just above-mentioned certificate to be announced by escape way transmission, thus solve key escrow in Identity-based cryptography.
Embodiment one
This embodiment offers a kind of method of the Identity-based encryption containing attribute with certificate, its flow chart as shown in Figure 1, comprises following treatment step:
Step 11: certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter.
Above-mentioned CA, based on security parameter k, chooses the normal elliptic curve in finite field and finite field, on elliptic curve, then choose efficient asymmetric Bilinear Pairing e:G
1× G
2→ G
t, choose the generator in pairing group, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G respectively
1and G
2generator P and Q; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas above-mentioned master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, announcement master key is α, keeps private key; .
Step 12: user provides information to above-mentioned CA, and obtain the certificate that this CA signs and issues above-mentioned user, verify this certificate, and use above-mentioned certificate and said system parameter to generate the private key of above-mentioned user, disclose the PKI of above-mentioned user, above-mentioned user comprises sender and recipient;
Above-mentioned user has community set S, chooses secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to above-mentioned CA, above-mentioned information InfoUser comprises the identity information of user, attribute information S, and above-mentioned PKI e (P, Q)
t α;
Above-mentioned CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to above-mentioned user;
User receives the certificate Cert of above-mentioned CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After the above-mentioned certificate Cert of above-mentioned user rs authentication passes through, calculating the private key that can decipher is (K, L, { K
i}
i ∈ s), wherein K=t α P+ht α sP
0, L=t α sQ, K
i=tsP
i.
Step 13: sender uses the identity of recipient and above-mentioned PKI, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and above-mentioned cipher-text message is sent to above-mentioned recipient;
Above-mentioned sender sends clear-text message m, and according to common parameter, select a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: and 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret.Calculate λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Generating ciphertext message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q, and cipher-text message is sent to recipient user.
Step 14: above-mentioned recipient receives above-mentioned cipher-text message, after verifying the access structure that the community set of above-mentioned message recipient meets in above-mentioned cipher-text message, uses the private key of above-mentioned recipient to be decrypted above-mentioned cipher-text message and obtains above-mentioned clear-text message.
After above-mentioned recipient receives above-mentioned cipher-text message, obtain the access structure (M, ρ) in above-mentioned cipher-text message; Verify whether the community set S of above-mentioned recipient meets above-mentioned access structure (M, ρ), if so, then remembers
calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Obtain expressly by decrypt ciphertext; Otherwise, stop the above-mentioned cipher-text message of deciphering.
CA(Certificate Authority, certificate authority): CA selects security parameter, is user's generation system parameter, generation system private key and PKI, and open system design parameter, keep private key; Receive the information such as the identity of user, the identity of authentication of users, and with private key, the information of user and community set are signed, obtain the certificate of user and send to user.
Above-mentioned sender: the identity and the PKI that use recipient, selects a secret sharing scheme, constructs access strategy, and be encrypted clear-text message, and cipher-text message is sent to recipient by access structure.
Above-mentioned recipient: recipient sends user profile to CA, and obtain the certificate of CA, authentication certificate, in conjunction with the private key of certificates constructing oneself; Receive cipher-text message, obtain clear-text message with the private key deciphering of oneself.
Pairing on elliptic curve plays irreplaceable effect in the cryptography of identity-based and attribute, due to the good nature of pairing, pairing can be used to construct different cryptographic schemes.The present invention uses the asymmetric Bilinear Pairing above elliptic curve to construct Identity based encryption scheme, and adds attribute properties, have employed certificate and solves key escrow.
Those skilled in the art will be understood that, above-mentioned lifted above-mentioned lifted meeting access structure according to the community set of checking recipient and determine whether the technical scheme that the embodiment of the present invention is described better is only to the method that cipher-text message is decrypted, but not to the restriction that the embodiment of the present invention is made.Any method whether be decrypted cipher-text message according to the information and determining of checking recipient, is all included in the scope of the embodiment of the present invention.
Embodiment two
This embodiment offers a kind of device of the Identity-based encryption containing attribute with certificate, its specific implementation structure as shown in Figure 2, specifically can comprise following module:
System parameters generation module 20, for certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter;
User certificate and key production module 30, information is provided to above-mentioned CA for user, and obtain the certificate that this CA signs and issues above-mentioned user, verify this certificate, and use above-mentioned certificate and said system parameter to generate the private key of above-mentioned user, disclose the PKI of above-mentioned user, above-mentioned user comprises sender and recipient;
Clear-text message encrypting module 40, uses the identity of recipient and above-mentioned PKI for sender, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and above-mentioned cipher-text message is sent to above-mentioned recipient;
Cipher-text message deciphering module 50, above-mentioned cipher-text message is received for above-mentioned recipient, after verifying the access structure that the community set of above-mentioned message recipient meets in above-mentioned cipher-text message, use the private key of above-mentioned recipient to be decrypted above-mentioned cipher-text message and obtain above-mentioned clear-text message.
Further, said system parameter generation module 20, specifically for passing through above-mentioned CA based on security parameter k, choosing normal elliptic curve in finite field, and producing an asymmetric Bilinear Pairing e:G on it
1× G
2→ G
t, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G respectively
1and G
2generator P and Q; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas above-mentioned master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, master key is α.
Further, above-mentioned user certificate and key production module 30, specifically for having community set S by above-mentioned user, choose secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to above-mentioned CA, above-mentioned information InfoUser comprises the identity information of user, attribute information S, and above-mentioned PKI e (P, Q)
t α;
Above-mentioned CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to above-mentioned user;
User receives the certificate Cert of above-mentioned CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After the above-mentioned certificate Cert of above-mentioned user rs authentication passes through, calculating private key is (K, L, { K
i}
i ∈ s), wherein K=t α P+ht α sP
0, L=t α sQ, K
i=tsP
i.
Further, above-mentioned clear-text message encrypting module 40, sends clear-text message m, according to common parameter specifically for above-mentioned sender, select a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret.Calculate λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Cipher-text message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q.
Further, above-mentioned cipher-text message deciphering module 50, after receiving above-mentioned cipher-text message, obtains the access structure (M, ρ) in above-mentioned cipher-text message specifically for above-mentioned recipient; Verify whether the community set S of above-mentioned recipient meets above-mentioned access structure (M, ρ), if so, then remember I={i| ρ (i) ∈ S}, calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Otherwise, stop the above-mentioned cipher-text message of deciphering.
Carry out the detailed process of Identity-based encryption with the device of the embodiment of the present invention and preceding method embodiment similar, repeat no more herein.
In sum, the embodiment of the present invention is by combining public key cryptography system and Identity-based cryptography, provide a kind of method of the Identity-based encryption containing attribute with certificate, by using the asymmetric Bilinear Pairing above elliptic curve to construct Identity based encryption scheme, solve the problem of key escrow.Because the asymmetric Bilinear Pairing on normal elliptic curve is selected more, therefore, the solution of the present invention is safer; The embodiment of the present invention, also in conjunction with the advantage of public key cryptography system and Identity-based cryptography, is used certificate, solves key escrow in Identity-based cryptography, certificate can be announced, do not need to be transmitted by escape way, and scheme realizes simple.
The embodiment of the present invention with the addition of attribute properties to user, for each user distributes a community set, the private key of user is correlated with community set, during sender's encrypting messages, the access control in linear secret sharing scheme is used to encrypt clear-text message, when only having the community set of recipient to meet access control, just can decipher, more ensure that the fail safe of trustship.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Apparatus and system embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1., with a method for the Identity-based encryption containing attribute of certificate, it is characterized in that, described method comprises the steps:
Certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter;
User provides information to described CA, and obtains the certificate that this CA signs and issues described user, and verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient;
Sender uses the identity of recipient and described PKI, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and described cipher-text message is sent to described recipient;
Described recipient receives described cipher-text message, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, uses the private key of described recipient to be decrypted described cipher-text message and obtains described clear-text message.
2. the method for the Identity-based encryption containing attribute with certificate according to claim 1, it is characterized in that, described certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates also delivery system parameter and comprises:
Described CA, based on security parameter k, chooses normal elliptic curve in finite field, and produces an asymmetric Bilinear Pairing e:G on it
1× G
2→ G
t, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G
1generator P
1and Q
1, G
2generator P
2and Q
2; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas described master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, master key is α.
3. the method for the Identity-based encryption containing attribute with certificate according to claim 1, it is characterized in that, described user provides information to described CA, and obtain the certificate that this CA signs and issues described user, verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient comprises:
Described user has community set S, chooses secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to described CA, described information InfoUser comprises the identity information of user, community set S, and described PKI e (P, Q)
t α;
Described CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to described user;
User receives the certificate Cert of described CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After described in described user rs authentication, certificate Cert passes through, calculating private key is (K, L, { K
i}
i ∈ s), wherein
l=t α sQ, K
i=tsP
i.
4. the method for the Identity-based encryption containing attribute with certificate according to claim 1, it is characterized in that, described sender uses the identity of recipient and described PKI, select linear Authentication theory scheme, use access structure to be encrypted clear-text message and obtain cipher-text message, and send to described recipient to comprise described cipher-text information:
Described sender sends clear-text message m, and according to common parameter, select a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: and 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret, calculates λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Cipher-text message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q.
5. the method for the Identity-based encryption containing attribute with certificate according to claim 1, it is characterized in that, described recipient receives described cipher-text message, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, use the private key of described recipient to be decrypted described cipher-text message and obtain described clear-text message and comprise:
After described recipient receives described cipher-text message, obtain the access structure (M, ρ) in described cipher-text message; Verify whether the community set S of described recipient meets described access structure (M, ρ), if so, then remember I={i| ρ (i) ∈ S}, calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Otherwise, stop the described cipher-text message of deciphering.
6., with a device for the Identity-based encryption containing attribute of certificate, it is characterized in that, comprising:
System parameters generation module, for certificate authorization center CA by choosing the set of elliptic curve and all properties, and chooses master key and security parameter, generates and delivery system parameter;
User certificate and key production module, information is provided to described CA for user, and obtain the certificate that this CA signs and issues described user, verify this certificate, and use described certificate and described system parameters to generate the private key of described user, disclose the PKI of described user, described user comprises sender and recipient;
Clear-text message encrypting module, uses the identity of recipient and described PKI for sender, select linear Authentication theory scheme, uses access structure to be encrypted clear-text message and obtains cipher-text message, and described cipher-text message is sent to described recipient;
Cipher-text message deciphering module, described cipher-text message is received for described recipient, after verifying the access structure that the community set of described message recipient meets in described cipher-text message, use the private key of described recipient to be decrypted described cipher-text message and obtain described clear-text message.
7. the device of the Identity-based encryption containing attribute with certificate according to claim 6, is characterized in that,
Described system parameters generation module, specifically for passing through described CA based on security parameter k, choosing normal elliptic curve in finite field, and producing an asymmetric Bilinear Pairing e:G on it
1× G
2→ G
t, wherein G
1and G
2for the module on the prime number p rank on elliptic curve, G
tfor the p rank multiplicative group in finite field;
Get G
1generator P
1and Q
1, G
2generator P
2and Q
2; Note U is the set of all properties;
Get a non-zero entry α ∈ Z at random
pas described master key, wherein Z
p=0,1 ..., p-1}, and using α Q as open parameter, random selecting G
1in some P
0, P
1..., P
| U|, wherein | U| is the number of all properties set;
Choose safe hash function H:{0,1}
*→ Z
p;
System common parameter is params=(e, G
1, G
2, G
t, P, Q, α Q, P
0, P
1..., P
| U|), message space is G
t, master key is α.
8. the device of the Identity-based encryption containing attribute with certificate according to claim 6, is characterized in that,
Described user certificate and key production module, specifically for having community set S by described user, choose secret parameter t ∈ Z
p, calculate e (tP, α Q)=e (P, Q)
t α, by e (P, Q)
t αas the PKI of correspondence, and relevant information InfoUser is sent to described CA, described information InfoUser comprises the identity information of user, attribute information S, and described PKI e (P, Q)
t α;
Described CA verifies the information of this user, random selecting s ∈ Z
p, and calculate certificate Cert=(the α P+h α sP of this user
0, sQ, α sQ, { sP
i}
i ∈ s), wherein h=H (InfoUser, time, α Q), time is the time period, and certificate Cert is passed to described user;
User receives the certificate Cert of described CA, and verifies this certificate Cert, namely verifies e (α P+h α sP
0, Q) and e (P, α Q) e (hP
0, α sQ) whether equal, e (sP
i, Q) whether with e (P
i, sQ) and equal;
After described in described user rs authentication, certificate Cert passes through, calculating private key is (K, L, { K
i}
i ∈ s), wherein
, L=t α sQ, K
i=tsP
i.
9. the device of the Identity-based encryption containing attribute with certificate according to claim 6, is characterized in that,
Described clear-text message encrypting module, sends clear-text message m specifically for described sender, according to common parameter, selects a linear secret sharing scheme, its access structure is (M, ρ), and wherein M is a 1 × n matrix, ρ: 1 ..., l} → U is a mapping;
Random selecting vector
wherein r is secret, calculates λ
i=vM
i, wherein represent the inner product of vector, M
ifor the i-th row vector of matrix M;
Random selecting parameter r
1..., r
l∈ Z
p;
Cipher-text message CT is (C, C', { C
i, D
i}
i=1 ..., l), wherein C=me (P, Q)
t α r, C'=rQ, C
i=λ
ip
0-r
ip
ρ (i), D
i=r
iα Q.
10. the device of the Identity-based encryption containing attribute with certificate according to claim 6, is characterized in that,
Described cipher-text message deciphering module, after receiving described cipher-text message, obtains the access structure (M, ρ) in described cipher-text message specifically for described recipient; Verify whether the community set S of described recipient meets described access structure (M, ρ), if so, then remember I={i| ρ (i) ∈ S}, calculating parameter { w
i}
i ∈ Imeet ∑
i ∈ Iw
iλ
i=r, calculates clear-text message
Otherwise, stop the described cipher-text message of deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310564404.9A CN104639322B (en) | 2013-11-13 | 2013-11-13 | The method of the Identity-based encryption containing attribute with certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310564404.9A CN104639322B (en) | 2013-11-13 | 2013-11-13 | The method of the Identity-based encryption containing attribute with certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104639322A true CN104639322A (en) | 2015-05-20 |
CN104639322B CN104639322B (en) | 2018-08-24 |
Family
ID=53217680
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310564404.9A Active CN104639322B (en) | 2013-11-13 | 2013-11-13 | The method of the Identity-based encryption containing attribute with certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104639322B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105207781A (en) * | 2015-09-11 | 2015-12-30 | 哈尔滨工业大学(威海) | Novel-system wireless sensor network encryption algorithm |
CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
CN109478214A (en) * | 2016-07-14 | 2019-03-15 | 华为技术有限公司 | Device and method for certificate registration |
CN110401667A (en) * | 2019-07-31 | 2019-11-01 | 杭州项帮科技有限公司 | A kind of encryption attribute method of the fraction key mechanism based on the mapping of entry type |
CN110557368A (en) * | 2019-07-22 | 2019-12-10 | 南京财经大学 | Attribute-based information flow control method and system |
CN112398646A (en) * | 2020-11-02 | 2021-02-23 | 北京邮电大学 | Identity-based encryption method and system with short public parameters on ideal lattice |
CN114726544A (en) * | 2022-04-18 | 2022-07-08 | 北京数字认证股份有限公司 | Method and system for acquiring digital certificate |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420691A (en) * | 2011-12-16 | 2012-04-18 | 河海大学 | Certificate-based forward security signature method and system thereof |
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
US20120314854A1 (en) * | 2011-06-10 | 2012-12-13 | Zeutro, Llc | System, Apparatus and Method for Decentralizing Attribute-Based Encryption Information |
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN103152322A (en) * | 2013-01-28 | 2013-06-12 | 中兴通讯股份有限公司 | Method of data encryption protection and system thereof |
CN103269272A (en) * | 2013-05-22 | 2013-08-28 | 河海大学 | Secret key encapsulation method based on short-period certificate |
-
2013
- 2013-11-13 CN CN201310564404.9A patent/CN104639322B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
US20120314854A1 (en) * | 2011-06-10 | 2012-12-13 | Zeutro, Llc | System, Apparatus and Method for Decentralizing Attribute-Based Encryption Information |
CN102420691A (en) * | 2011-12-16 | 2012-04-18 | 河海大学 | Certificate-based forward security signature method and system thereof |
CN103152322A (en) * | 2013-01-28 | 2013-06-12 | 中兴通讯股份有限公司 | Method of data encryption protection and system thereof |
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN103269272A (en) * | 2013-05-22 | 2013-08-28 | 河海大学 | Secret key encapsulation method based on short-period certificate |
Non-Patent Citations (3)
Title |
---|
王鹏翩 等: "《一种支持完全细粒度属性撤销的CP-ABE方案》", 《软件学报》 * |
罗颂 等: "《新型自适应安全的密钥策略ABE方案》", 《通信学报》 * |
苏金树 等: "《属性基加密机制》", 《软件学报》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105207781A (en) * | 2015-09-11 | 2015-12-30 | 哈尔滨工业大学(威海) | Novel-system wireless sensor network encryption algorithm |
CN105207781B (en) * | 2015-09-11 | 2020-05-19 | 哈尔滨工业大学(威海) | Wireless sensor network encryption method |
CN105743646B (en) * | 2016-02-03 | 2019-05-10 | 四川长虹电器股份有限公司 | A kind of Identity based encryption method and system |
CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
CN109478214A (en) * | 2016-07-14 | 2019-03-15 | 华为技术有限公司 | Device and method for certificate registration |
US10880100B2 (en) | 2016-07-14 | 2020-12-29 | Huawei Technologies Co., Ltd. | Apparatus and method for certificate enrollment |
CN110557368A (en) * | 2019-07-22 | 2019-12-10 | 南京财经大学 | Attribute-based information flow control method and system |
CN110557368B (en) * | 2019-07-22 | 2021-09-21 | 南京财经大学 | Attribute-based information flow control method and system |
CN110401667A (en) * | 2019-07-31 | 2019-11-01 | 杭州项帮科技有限公司 | A kind of encryption attribute method of the fraction key mechanism based on the mapping of entry type |
CN110401667B (en) * | 2019-07-31 | 2021-08-06 | 杭州项帮科技有限公司 | Attribute encryption method of multi-item mapping-based distributed key mechanism |
CN112398646A (en) * | 2020-11-02 | 2021-02-23 | 北京邮电大学 | Identity-based encryption method and system with short public parameters on ideal lattice |
CN112398646B (en) * | 2020-11-02 | 2021-10-15 | 北京邮电大学 | Identity-based encryption method and system with short public parameters on ideal lattice |
CN114726544A (en) * | 2022-04-18 | 2022-07-08 | 北京数字认证股份有限公司 | Method and system for acquiring digital certificate |
CN114726544B (en) * | 2022-04-18 | 2024-02-09 | 北京数字认证股份有限公司 | Method and system for acquiring digital certificate |
Also Published As
Publication number | Publication date |
---|---|
CN104639322B (en) | 2018-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Huang et al. | Certificateless signature revisited | |
CN108989053B (en) | Method for realizing certificateless public key cryptosystem based on elliptic curve | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN103905189B (en) | Without certificate and without pairing identity-based agent signcryption method and system | |
CN102811125B (en) | Certificateless multi-receiver signcryption method with multivariate-based cryptosystem | |
CN104639322A (en) | Identity-based encryption method with certificates and attributes | |
CN104393996B (en) | A kind of label decryption method and system based on no certificate | |
CN1937496A (en) | Extensible false name certificate system and method | |
CN104168114A (en) | Distributed type (k, n) threshold certificate-based encrypting method and system | |
CN105376213A (en) | Identity-based broadcast encryption scheme | |
CN110830236A (en) | Identity-based encryption method based on global hash | |
CN104767612A (en) | Signcryption method from certificateless environment to public key infrastructure environment | |
CN101471776A (en) | Method for preventing PKG forgery signature based on user identification | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN106936584B (en) | Method for constructing certificateless public key cryptosystem | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
Ren et al. | Provably secure aggregate signcryption scheme | |
CN107682158B (en) | Trusteeship authentication encryption method | |
CN111030821A (en) | Alliance chain encryption method based on bilinear mapping technology | |
CN104579661B (en) | The implementation method and device of the Electronic Signature of identity-based | |
CN103873248B (en) | Encryption method and device with certificate based on identity | |
CN104639319A (en) | Identity-based proxy re-encryption method and system | |
Nayak | A secure ID-based signcryption scheme based on elliptic curve cryptography | |
Elkamchouchi et al. | An efficient proxy signcryption scheme based on the discrete logarithm problem | |
Bao et al. | Identity-based threshold proxy signature scheme with known signers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |