CN105721430A - General surrogate key generation method for identity-based proxy cryptography method - Google Patents

Abstract

Provided is a general surrogate key generation method for an identity-based proxy cryptography method. The general surrogate key generation method can be applied to any known identity-based cryptography method. The general surrogate key generation method directly adopts a certificate of authorization as a surrogate public key. A Hash function is adopted to encrypt middle parameters. Various efficient identity-based proxy cryptography methods which are established by using the method of the invention can be widely applied to electronic commerce, mobile agents, distributed networks, etc., and greatly enhance the running efficiency and safety.

Description

Surrogate production method general in the proxypassword method of identity-based

Technical field

The present invention relates to field of information security technology, particularly relate to surrogate production method general in a kind of proxypassword method of identity-based.

Background technology

No matter being in actual environment or network environment, people it is frequently necessary to some right of oneself is entrusted to reliable agent, allows agent represent and oneself goes to exercise these rights.The manager of a such as company or the leader of a unit go on business, and in order to not affect the normal operation of company or unit, he can entrust his secretary or assistant to represent him during he goes on business and sign on the file that some are important；A such as network selling company again, owing to the user of transaction much causes that master server service quality declines, network delay lengthens, and has had a strong impact on the experience of user.Now company can entrust some secondary service business, allows them replace the right that master server exercises user's checking to alleviate the burden etc. of master server with this.The trust problem that the above is very common in society or in network environment, it is possible to effectively solve by the method for agency.However as the fast development of information technology, information security issue occurs frequently so that the agency of network environment is complicated more than the agency in actual environment far away.

Cryptographic technique, as one of the core technology of information security field, is the most frequently used technology solving network security problem.Therefore, the various Proxy Signature Schemes based on cryptographic technique are by substantial amounts of proposition, for the TSM Security Agent problem solved under network environment.Wherein, the proxypassword scheme of identity-based due to need not traditional PKIX (PKI), the cost of public key management and maintenance can be saved and become the focus of research, be widely used in ecommerce, mobile agent, distributed network environment.But, some shortcomings below the proxypassword scheme ubiquity of the identity-based proposed at present:

1, PKI key structure is acted on behalf of complicated, computationally intensive.It is mostly based in the proxypassword scheme of identity, proxy private key key is made up of following components: primitive operation people is with the private key of the private key of oneself signature+agent operation people on the certificate of authority, and agent operation people is produced to act on behalf of PKI key by this proxy private key key again.It can thus be seen that the PKI key of acting on behalf of produced is made up of the PKI of primitive operation people, the PKI of agent operation people, the certificate of authority and some other auxiliary parameter.Owing to scheme needs use to act on behalf of PKI key in proof procedure, this makes the scheme of last generation require a great deal of time to reconstruct and act on behalf of PKI key, calculates complicated and inefficiency.

2, the producing method of surrogate is single, it does not have versatility.The surrogate (including acting on behalf of PKI key, proxy private key key) of current most identity-based produces to be all based on certain special application background, such as: be suitable for (the allograph key of identity-based) of signature environment, (the acting on behalf of re-encryption key of identity-based) of encryption environment etc. it is suitable for.The more important thing is, these surrogate production methods are only used for this scheme that this author proposes, it is impossible to for the scheme that other authors propose.Owing to needing to re-establish the production method of surrogate every time so that design cost and time overhead are greatly increased.

3, the transmission of surrogate needs hidden passageway, reduces safety.It is mostly based on the parameter that the proxypassword scheme of identity needs the channel transfer of secret to produce in surrogate production process, if without hidden passageway, these parameters will expose, opponent's energy these parameters of easy to do acquisition, once opponent obtains these parameters, they just can carry out attacking, doing various destruction, and this greatly reduces the safety of scheme undoubtedly.

Summary of the invention

The present invention provides surrogate production method general in a kind of proxypassword method of identity-based, direct use authority certificate is as acting on behalf of PKI key, adopt hash function that intermediate parameters is encrypted, use the proxypassword method of the various efficient identity-based of this method foundation, can be widely applied to ecommerce, mobile agent, distributed network etc., be greatly improved their operational efficiency and safety.

In order to achieve the above object, the present invention provides surrogate production method general in a kind of proxypassword method of identity-based, this general surrogate production method may be used in any one known ID-ased cryptography method, and this general surrogate production method comprises the steps of

Step S101, primitive operation people O set up certificate of authority Warrant, directly using certificate of authority Warrant as acting on behalf of PKI；

Step S102, primitive operation people O utilize the private key d of primitive operation people_oCertificate of authority Warrant is encrypted, it is thus achieved that the first encryption parameter σ₁, by this first encryption parameter σ₁Agent operation people P is issued by overt channel；

If step S103 agent operation people P accepts the trust of primitive operation people O, then utilize the private key d of agent operation people_pTo the first encryption parameter σ₁It is encrypted, it is thus achieved that the second encryption parameter σ₂, by this second encryption parameter σ₂PKG is issued by overt channel；

Step S104, PKG are to the second encryption parameter σ₂It is verified, if by verifying, then utilizes system master key s to produce proxy private key d corresponding to certificate of authority Warrant_W, utilize the private key d of agent operation people_pTo proxy private key d_WIt is encrypted, produces the 3rd encryption parameter σ₃, and by the 3rd encryption parameter σ₃Agent operation people P is issued by overt channel；

Step S105, agent operation people P utilize the private key d of agent operation people_pFrom the 3rd encryption parameter σ₃Middle extraction proxy private key sk_W。

Described certificate of authority Warrant comprises the identity information of primitive operation people O, the identity information of agent operation people P, the content of agent authorization, date range.

The first described encryption parameter σ₁It is by the private key d of primitive operation people_o, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculate and produce, i.e. σ₁=H₁(d_o| | Warrant | | Stamp), wherein, hash function H₁It is that PKG (private key generator, PrivateKeyGenerator) sets up, hash function H₁:{0,1}^*→Z_p ^*；If the private key d of primitive operation people_oComprise more than one parameter, then need all of parameter series connection input hash function H₁In.

The second described encryption parameter σ₂It is through hash function H by certificate of authority Warrant, current timestamp Stamp and secret value R₁Calculate and produce, i.e. σ₂=H₁(R | | Warrant | | Stamp), wherein R=σ₁×d_p；If the private key d of agent operation people_pComprise more than one parameter, then need by all of parameter respectively with the first encryption parameter σ₁It is multiplied, then series connection input hash function H₁In.

Described to the second encryption parameter σ₂It is verified comprising: checking equation t₁=H₁(d_o| | Warrant | | Stamp) and t₃=H₁(t₂| | Warrant | | Stamp) whether set up, wherein, t₂=t₁×d_pIf two equatioies are set up, then by verifying；If the private key d of primitive operation people_oPrivate key d with agent operation people_pIt is made up of multiple parameters, then d_o=d_o1||d_o2| | ..., t₂=t₁×d_p1||t₁×d_p2||……。

The described system master key s that utilizes produces proxy private key d corresponding to certificate of authority Warrant_WComprise: PKG runs IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key d_W, i.e. IDC.Extract (params, s, W) → d_WWherein, IDC.Extract is the private key extraction stage in the ID-ased cryptography method IDC that any one is known, system common parameter params and system master key s is that PKG obtains according to security parameter k operation IDC.Setup, and IDC.Setup is the system initialisation phase in the ID-ased cryptography method IDC that any one is known.

The 3rd described encryption parameter σ₃It is by the private key d of agent operation people_p, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculating after add proxy private key d_WProduce, i.e. σ₃=d_W+H₁(d_p||Warrant||Stamp)×d_p；If proxy private key d_WComprise more than one parameter, then need by all of parameter respectively and H₁(d_p||Warrant||Stamp)×d_pIt is added, then by these addition result together as the 3rd encryption parameter σ₃。

Described proxy private key sk_WIt is by the 3rd encryption parameter σ₃Deduct hash function H₁Private key d to agent operation people_p, certificate of authority Warrant and current timestamp Stamp cryptographic Hash produce, i.e. sk_W=σ₃-H₁(d_p||Warrant||Stamp)×d_p=d_W；If the 3rd encryption parameter σ₃Comprise more than one parameter, then need each parameter is individually subtracted H₁(d_p||Warrant||Stamp)×d_p, all results of subtracting each other obtained are exactly the complete proxy private key sk extracted_W。

The present invention also provides for a kind of proxypassword method of identity-based, comprises the steps of

Step S1, system initialization: PKG sets up hash function H₁, and systematic parameter params and system master key s, PKG public address system parameter params and hash function H is set up according to security parameter k₁, secret preservation system master key s；

Step S2, extraction private key: PKG are according to the primitive operation people O identity information ID submitted to_o, the private key d of primitive operation people is produced with system master key s_o, PKI directly adopts the identity information ID of primitive operation people O_o, by hidden passageway by the private key d of primitive operation people_oIt is sent to primitive operation people O, PKG according to the agent operation people P identity information ID submitted to_p, the private key d of agent operation people is produced with system master key s_p, PKI directly adopts the identity information ID of agent operation people_p, by hidden passageway by the private key d of agent operation people_pIt is sent to agent operation people P；

In the proxypassword method of the identity-based described in step S3, utilization, general surrogate production method produces surrogate；

Step S4, generation allograph: agent operation people P uses the surrogate produced in systematic parameter params and step S3 to produce allograph in the message m requiring signature；

Step S5, checking allograph: allograph identifier receives one with after the step S4 allograph produced, use systematic parameter params and certificate of authority Warrant that the allograph received is verified, if the verification passes, then accept this allograph, otherwise refuse.

Described set up systematic parameter params and system master key s according to security parameter k and comprise: input security parameter k, a PKG and run output system common parameter params system master key s after IDC.Setup, i.e. IDC.Setup (1^k) → (params, s), wherein, IDC is the ID-ased cryptography method that any one is known, and IDC.Setup is the system initialisation phase in IDC；

Described use system master key s produces the private key d of primitive operation people_oComprise: the identity information ID that input system common parameter params, system master key s and primitive operation people O submit to_o, PKG exports the private key d of primitive operation people after running IDC.Extract_o, i.e. IDC.Extract (params, s, ID_o)→d_o, wherein, IDC.Extract is the private key extraction stage in IDC；

Described use system master key s produces the private key d of agent operation people_pComprise: the identity information ID that input system common parameter params, system master key s and agent operation people P submit to_p, the private key d of output agent operator after PKG operation IDC.Extract_p, i.e. IDC.Extract (params, s, ID_o)→d_p。

Present invention have the advantage that

1, PKI key simple structure, amount of calculation are acted on behalf of little.In the present invention directly with certificate of authority W as acting on behalf of PKI key, it is not necessary to any extra computation, the complexity eliminated in conventional art sets up process, is greatly saved calculating cost.

2, surrogate producing method has versatility.Surrogate production method in the present invention has versatility, IDC in the present invention does not indicate specifically any, it can be the ID-ased cryptography scheme that any one is known, say, that can the present invention program be applied in any ID-ased cryptography scheme thus obtaining the proxypassword scheme of a kind of high efficiency, identity-based.Such as: if the identity-based signature scheme famous, classical proposed by IDC PatersonandSchuldt are replaced, then after using the present invention, just obtain that one high efficiency, the Proxy Signature Scheme of identity-based.

3, the transmission of surrogate is without hidden passageway, improves convenience and safety that scheme performs.The parameter of transmission is encrypted by the private key using hash function and primitive operation people or agent operation people in the present invention, make surrogate set up the parameter of transmission in process need not maintain secrecy, such as (Warrant, Stamp, σ 1, σ 2, σ 3) all encrypt with corresponding private key, even if so opponent obtains these information and can not obtain secret value.Therefore, user can use the overt channel of usually use to be transmitted, not only convenient but also safety.

Accompanying drawing explanation

Fig. 1 is the flow chart of surrogate production method general in a kind of proxypassword method of identity-based.

Fig. 2 is the flow chart of a kind of proxypassword method of identity-based.

Fig. 3 is the flow chart of one embodiment of the invention.

Detailed description of the invention

Below according to Fig. 1～Fig. 3, illustrate presently preferred embodiments of the present invention.

As shown in Figure 1, the present invention provides surrogate production method general in a kind of proxypassword method of identity-based, this general surrogate production method may be used in any one known ID-ased cryptography method, and this general surrogate production method comprises the steps of

Step S101, primitive operation people O set up certificate of authority Warrant, directly using certificate of authority Warrant as acting on behalf of PKI；

Wherein, certificate of authority Warrant comprises the identity information of primitive operation people O, the identity information of agent operation people P, the content of agent authorization, date range etc.；

Step S102, primitive operation people O utilize the private key d of primitive operation people_oCertificate of authority Warrant is encrypted, it is thus achieved that the first encryption parameter σ₁, by this first encryption parameter σ₁Agent operation people P is issued by overt channel；

The first described encryption parameter σ₁It is by the private key d of primitive operation people_o, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculate and produce, i.e. σ₁=H₁(d_o| | Warrant | | Stamp), wherein, hash function H₁It is that PKG (private key generator, PrivateKeyGenerator) sets up, hash function H₁:{0,1}^*→Z_p ^*；

If the private key d of primitive operation people_oComprise more than one parameter, then need all of parameter series connection input hash function H₁In, for instance: the private key d of primitive operation people_oIt is made up of two parameters, d_o=(d_o1,d_o2), then input hash function H after the series connection of the two parameter₁, i.e. H₁(d_o1||d_o2| | Warrant | | Stamp), more than two is by that analogy；

If step S103 agent operation people P accepts the trust of primitive operation people O, then utilize the private key d of agent operation people_pTo the first encryption parameter σ₁It is encrypted, it is thus achieved that the second encryption parameter σ₂, by this second encryption parameter σ₂PKG is issued by overt channel；

The second described encryption parameter σ₂It is through hash function H by certificate of authority Warrant, current timestamp Stamp and secret value R₁Calculate and produce, i.e. σ₂=H₁(R | | Warrant | | Stamp), wherein R=σ₁×d_p；

If the private key d of agent operation people_pComprise more than one parameter, then need by all of parameter respectively with the first encryption parameter σ₁It is multiplied, then series connection input hash function H₁In, for instance: the private key d of agent operation people_pD is formed by two parameters_p=(d_p1,d_p2), then each component is calculated R respectively₁=σ₁×d_p1And R₂=σ₁×d_p2And input H after all parameters of gained are connected₁, i.e. H₁(R₁||R₂| | Warrant | | Stamp), more than two is by that analogy；

Step S104, PKG are to the second encryption parameter σ₂It is verified, if by verifying, then utilizes system master key s to produce proxy private key d corresponding to certificate of authority Warrant_W, utilize the private key d of agent operation people_pTo proxy private key d_WIt is encrypted, produces the 3rd encryption parameter σ₃, and by the 3rd encryption parameter σ₃Agent operation people P is issued by overt channel；

Described to the second encryption parameter σ₂It is verified comprising: checking equation t₁=H₁(d_o| | Warrant | | Stamp) and t₃=H₁(t₂| | Warrant | | Stamp) whether set up, wherein, t₂=t₁×d_pIf two equatioies are set up, then by verifying；

If the private key d of primitive operation people_oPrivate key d with agent operation people_pIt is made up of multiple parameters, then d_o=d_o1||d_o2| | ..., t₂=t₁×d_p1||t₁×d_p2| | ...；

The described system master key s that utilizes produces proxy private key d corresponding to certificate of authority Warrant_WComprise: PKG runs IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key d_W, i.e. IDC.Extract (params, s, W) → d_WWherein, IDC.Extract is the private key extraction stage in the ID-ased cryptography method IDC that any one is known, system common parameter params and system master key s is that PKG obtains according to security parameter k operation IDC.Setup, and IDC.Setup is the system initialisation phase in the ID-ased cryptography method IDC that any one is known；

The 3rd described encryption parameter σ₃It is by the private key d of agent operation people_p, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculating after add proxy private key d_WProduce, i.e. σ₃=d_W+H₁(d_p||Warrant||Stamp)×d_p；

If proxy private key d_WComprise more than one parameter, then need by all of parameter respectively and H₁(d_p||Warrant||Stamp)×d_pIt is added, then by these addition result together as the 3rd encryption parameter σ₃, for instance: proxy private key d_WD is formed by two parameters_w=(d_w1,d_w2), then each component is calculated σ respectively_3,1=d_w1+H₁(d_p1||d_p2||Warrant||Stamp)×d_p1And σ_3,2=d_w2+H₁(d_p1||d_p2||Warrant||Stamp)×d_p2, and by (σ_3,1,σ_3,2) together as the 3rd encryption parameter σ₃, more than two is by that analogy；

Step S105, agent operation people P utilize the private key d of agent operation people_pFrom the 3rd encryption parameter σ₃Middle extraction proxy private key sk_W；

Described proxy private key sk_WIt is by the 3rd encryption parameter σ₃Deduct hash function H₁Private key d to agent operation people_p, certificate of authority Warrant and current timestamp Stamp cryptographic Hash produce, i.e. sk_W=σ₃-H₁(d_p||Warrant||Stamp)×d_p=d_W；

If the 3rd encryption parameter σ₃Comprise more than one parameter, then need each parameter is individually subtracted H₁(d_p||Warrant||Stamp)×d_p, all results of subtracting each other obtained are exactly the complete proxy private key sk extracted_W, for instance: the 3rd encryption parameter σ₃σ is formed by two parameters₃=(σ_3,1,σ_3,2), then each component is calculated sk respectively_W1=σ_3,1-H₁(d_p1||d_p2||Warrant||Stamp)×d_p1=d_w1And sk_W2=σ_3,2-H₁(d_p1||d_p2||Warrant||Stamp)×d_p2=d_w2, then agent operation people is by sk_W=(sk_W1,sk_W2) as proxy private key sk_W, more than two is by that analogy.

Thus agent operation people P obtains agency's private/PKI (sk_W, W), agent operation people P can act on behalf of public and private key with this and carry out follow-up operation, such as encryption, signature etc., depending on the concrete Password Operations adopted.

Surrogate production method general in the proxypassword method of identity-based provided by the invention may be used in the ID-ased cryptography method that any one is known, thus ID-ased cryptography method being become a kind of proxypassword method of concrete identity-based, such as primitive operation people becomes original signer, agent operation people becomes proxy signer, so reform into the allograph method of identity-based, if becoming original encryption people and proxy-encrypted people, so reform into the proxy-encrypted method of identity-based, by that analogy.

As in figure 2 it is shown, the present invention also provides for a kind of proxypassword method of identity-based, comprise the steps of

Step S1, system initialization IDPC.Setup:PKG set up hash function H₁, and systematic parameter params and system master key s, PKG public address system parameter params and hash function H is set up according to security parameter k₁, secret preservation system master key s；

Described set up systematic parameter params and system master key s according to security parameter k and comprise: input security parameter k, a PKG and run output system common parameter params system master key s after IDC.Setup, i.e. IDC.Setup (1^k) → (params, s), wherein, IDC is the ID-ased cryptography method that any one is known, and IDC.Setup is the system initialisation phase in IDC；

Step S2, extraction private key IDPC.Extract:PKG are according to the primitive operation people O identity information ID submitted to_o, the private key d of primitive operation people is produced with system master key s_o, PKI directly adopts the identity information ID of primitive operation people O_o, by hidden passageway by the private key d of primitive operation people_oIt is sent to primitive operation people O, PKG according to the agent operation people P identity information ID submitted to_p, the private key d of agent operation people is produced with system master key s_p, PKI directly adopts the identity information ID of agent operation people_p, by hidden passageway by the private key d of agent operation people_pIt is sent to agent operation people P；

Described use system master key s produces the private key d of primitive operation people_oComprise: the identity information ID that input system common parameter params, system master key s and primitive operation people O submit to_o, PKG exports the private key d of primitive operation people after running IDC.Extract_o, i.e. IDC.Extract (params, s, ID_o)→d_o, wherein, IDC.Extract is the private key extraction stage in IDC；

Described use system master key s produces the private key d of agent operation people_pComprise: the identity information ID that input system common parameter params, system master key s and agent operation people P submit to_p, the private key d of output agent operator after PKG operation IDC.Extract_p, i.e. IDC.Extract (params, s, ID_o)→d_p；

Step S3, generation surrogate IDPC.Delegation: utilize surrogate production method general in the proxypassword method of above-mentioned a kind of identity-based to produce surrogate；

Step S4, the surrogate producing to produce in allograph IDPC.Signature: agent operation people P use systematic parameter params and step S3 produce allograph in the message m requiring signature.

Step S5, checking allograph IDPC.Verification: allograph identifier receives one with after the step S4 allograph produced, use systematic parameter params and certificate of authority Warrant that the allograph received is verified, if the verification passes, so accept this allograph, otherwise refuse.

As it is shown on figure 3, applied to by surrogate production method general in the proxypassword method of identity-based provided by the invention in the classical id-based signatures method of PatersonandSchuldt, provide a specific embodiment of the present invention.

It is embodied as step as follows:

The Setup stage of step 1, system initialization IDPC.Setup:PKG operation PatersonandSchuldt obtains relevant parameter, namely discloses systematic parameter params={G₁,G₂,e,q,g,g₁,g₂,u₀,m₀,U,M,H₁, wherein G₁And G₂Addition cyclic group and multiplication loop group, the e:G of to be rank respectively be q₁×G₁→G₂Being a Bilinear map, g is G₁One generate unit, g₁=g^s, s is one and belongs to Z_p ^*Random number, (g₂u₀,m₀) be three and belong to G₁Random number, U=(u_i) be a length it is n_IDVector (1≤i≤n_ID), M=(m_i) be a length it is n_mVector (1≤j≤n_m), n_IDIt is the length of an identity information, n_mIt is the length of a signature information, u_iAnd m_iRandomly from G₁In choose, H₁:{0,1}^*→Z_p ^*Being a hash function, PKG secret preserves system master key s；

Step 2, private key extraction stage IDPC.Extract:PKG run the Extract stage of PatersonandSchuldt, the identity information ID namely submitted to for primitive operation people or agent operation people_oOr ID_p, what PKG was random chooses two number r_o,r_p∈Z_p ^*, then calculate the private key of each of which: the private key of primitive operation peopleThe private key of agent operation peopleWherein I_oIt is meet ID_oThe set of all i of [i]=1, and ID_o[i] represents primitive operation people's identity Information ID_oI-th bit be 1, I_pIt is meet ID_pThe set of all i of [i]=1, and ID_p[i] represents agent operation people's identity Information ID_pI-th bit be 1；

Step 3, surrogate produce stage IDPC.Delegation, specifically comprise the steps of

Step 3.1, primitive operation people set up a certificate of authority W and (comprise ID_o、ID_p, the content of agent authorization, date range etc.), calculate current system time T；

Step 3.2, calculatingAnd by (W, T, σ₁) issue agent operation people by overt channel；

Step 3.3, agent operation people receive (W, T, σ₁) after, if accepting this time to entrust, then carrying out step 3.4, if not accepting this time to entrust, then exiting；

Step 3.4, agent operation people are with the private key of oneselfCalculate WithThen σ is calculated₂=H₁(R₁||R₁| | W | | T) and by (W, T, σ₂) issue PKG by overt channel；

Step 3.5, PKG receive (W, T, σ₂) after, first verify that and whether meet following two equation t₁=And t₃=H₁(t₂| | W | | T), wherein If the two equation is set up, then carry out step 3.6, if the two equation is false, then exit；

What step 3.6, PKG were random chooses r_w∈Z_p ^*And calculateThen calculate ${\mathrm{\σ}}_{3,1}=g_2^s{\left(u_0{\Π}_{i\∈I_w}{u}_i\right)}^{r_w}+H_1\left(g_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_p}\right|\left|g^{r_p}\right|\left|W\right|\left|T\right)\×g_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_p},{\mathrm{\σ}}_{3,2}=$ $g^{r_w}+H_1\left(g_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_p}\right|\left|g^{r_p}\right|\left|W\right|\left|T\right)\×g^{r_p},$ Wherein I_wIt is the set of all i meeting W [i]=1, and W [i] represents that the i-th bit of certificate of authority W is 1, PKG by (σ_3,1,σ_3,2) issue agent operation people by overt channel；

Step 3.7, agent operation people receive (σ_3,1,σ_3,2) after, with existing W and T and the private key d of oneself_pCalculate ${\mathrm{sk}}_{W1}={\mathrm{\σ}}_{3,1}-H_1\left(g_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_{\mathrm{\ρ}}}\right|\left|g^{r_p}\right|\left|W\right|\left|T\right)\×g_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_p}=d_{w1},{\mathrm{sk}}_{W2}$ $={\mathrm{\σ}}_{3,2}-H_1\left(s_2^s{\left(u_0{\Π}_{i\∈I_p}{u}_i\right)}^{r_p}\right|\left|g^{r_p}\right|\left|W\right|\left|S\right)\×g^{r_p}=d_{w2}.$ Thus agent operation people obtains proxy private key keyAgent operation people can carry out signature operation as follows with this proxy private key key；

Step 4, allograph stage IDPC.Signature: run the Signature stage of PatersonandSchuldt, namely when a user submits to a message m to require allograph, what agent operation people was random chooses r_m∈Z_p ^*, then with the proxy private key key of oneself ${\mathrm{sk}}_W=({\mathrm{sk}}_{W1},{\mathrm{sk}}_{W2})=$ $(g_2^s{\left(u_0{\Π}_{i\∈I_w}{u}_i\right)}^{r_w},g^{r_w})$ Calculating allograph is as follows $\mathrm{\σ}=({\mathrm{skw}}_1{\left(m_0{\Π}_{j\∈I_m}{m}_j\right)}^{r_m},g^{r_w},g^{r_m})=$ $(g_2^s{\left(u_0{\Π}_{i\∈I_w}{u}_i\right)}^{r_w}{\left(m_0{\Π}_{j\∈I_m}{m}_j\right)}^{r_m},g^{r_w},g^{r_m}),$ Wherein I_mIt is the set of all j meeting m [j]=1, and the jth position that m [j] represents signature information m is 1；

Step 5, allograph Qualify Phase IDPC.Verification: run the Verification stage of PatersonandSchuldt, i.e. a given allograph And systematic parameter params, identifier verifies whether following equation is set up If this equation is set up, identifier accepts this signature, it is believed that this allograph is effective, and it is invalid otherwise to judge, refuses this signature.

The direct use authority certificate of the present invention is as acting on behalf of PKI key, adopt hash function that intermediate parameters is encrypted, use the proxypassword method of the various efficient identity-based of this method foundation, allograph (re-encryption, ring signatures etc.) method such as identity-based, can be widely applied to ecommerce, mobile agent, distributed network etc., be greatly improved their operational efficiency and safety.

Although present disclosure has been made to be discussed in detail already by above preferred embodiment, but it should be appreciated that the description above is not considered as limitation of the present invention.After those skilled in the art have read foregoing, multiple amendment and replacement for the present invention all will be apparent from.Therefore, protection scope of the present invention should be limited to the appended claims.

Claims (10)

1. surrogate production method general in the proxypassword method of an identity-based, it is characterized in that, this general surrogate production method may be used in any one known ID-ased cryptography method, and this general surrogate production method comprises the steps of

Step S101, primitive operation people O set up certificate of authority Warrant, directly using certificate of authority Warrant as acting on behalf of PKI；

Step S102, primitive operation people O utilize the private key d of primitive operation people_oCertificate of authority Warrant is encrypted, it is thus achieved that the first encryption parameter σ₁, by this first encryption parameter σ₁Agent operation people P is issued by overt channel；

If step S103 agent operation people P accepts the trust of primitive operation people O, then utilize the private key d of agent operation people_pTo the first encryption parameter σ₁It is encrypted, it is thus achieved that the second encryption parameter σ₂, by this second encryption parameter σ₂PKG is issued by overt channel；

Step S104, PKG are to the second encryption parameter σ₂It is verified, if by verifying, then utilizes system master key s to produce proxy private key d corresponding to certificate of authority Warrant_W, utilize the private key d of agent operation people_pTo proxy private key d_WIt is encrypted, produces the 3rd encryption parameter σ₃, and by the 3rd encryption parameter σ₃Agent operation people P is issued by overt channel；

Step S105, agent operation people P utilize the private key d of agent operation people_pFrom the 3rd encryption parameter σ₃Middle extraction proxy private key sk_W。

2. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterized in that, described certificate of authority Warrant comprises the identity information of primitive operation people O, the identity information of agent operation people P, the content of agent authorization, date range.

3. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that the first described encryption parameter σ₁It is by the private key d of primitive operation people_o, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculate and produce, i.e. σ₁=H₁(d_o| | Warrant | | Stamp), wherein, hash function H₁It is that PKG (private key generator, PrivateKeyGenerator) sets up, hash function H₁:{0,1}^*→Z_p ^*；If the private key d of primitive operation people_oComprise more than one parameter, then need all of parameter series connection input hash function H₁In.

4. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that the second described encryption parameter σ₂It is through hash function H by certificate of authority Warrant, current timestamp Stamp and secret value R₁Calculate and produce, i.e. σ₂=H₁(R | | Warrant | | Stamp), wherein R=σ₁×d_p；If the private key d of agent operation people_pComprise more than one parameter, then need by all of parameter respectively with the first encryption parameter σ₁It is multiplied, then series connection input hash function H₁In.

5. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that described to the second encryption parameter σ₂It is verified comprising: checking equation t₁=H₁(d_o| | Warrant | | Stamp) and t₃=H₁(t₂| | Warrant | | Stamp) whether set up, wherein, t₂=t₁×d_pIf two equatioies are set up, then by verifying；If the private key d of primitive operation people_oPrivate key d with agent operation people_pIt is made up of multiple parameters, then d_o=d_o1||d_o2| | ..., t₂=t₁×d_p1||t₁×d_p2||……。

6. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that the described system master key s that utilizes produces proxy private key d corresponding to certificate of authority Warrant_WComprise: PKG runs IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key d_W, i.e. IDC.Extract (params, s, W) → d_WWherein, IDC.Extract is the private key extraction stage in the ID-ased cryptography method IDC that any one is known, system common parameter params and system master key s is that PKG obtains according to security parameter k operation IDC.Setup, and IDC.Setup is the system initialisation phase in the ID-ased cryptography method IDC that any one is known.

7. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that the 3rd described encryption parameter σ₃It is by the private key d of agent operation people_p, certificate of authority Warrant and current timestamp Stamp is through hash function H₁Calculating after add proxy private key d_WProduce, i.e. σ₃=d_W+H₁(d_p||Warrant||Stamp)×d_p；If proxy private key d_WComprise more than one parameter, then need by all of parameter respectively and H₁(d_p||Warrant||Stamp)×d_pIt is added, then by these addition result together as the 3rd encryption parameter σ₃。

8. surrogate production method general in the proxypassword method of identity-based as claimed in claim 1, it is characterised in that described proxy private key sk_WIt is by the 3rd encryption parameter σ₃Deduct hash function H₁Private key d to agent operation people_p, certificate of authority Warrant and current timestamp Stamp cryptographic Hash produce, i.e. sk_W=σ₃-H₁(d_p||Warrant||Stamp)×d_p=d_W；If the 3rd encryption parameter σ₃Comprise more than one parameter, then need each parameter is individually subtracted H₁(d_p||Warrant||Stamp)×d_p, all results of subtracting each other obtained are exactly the complete proxy private key sk extracted_W。

9. the proxypassword method of an identity-based, it is characterised in that comprise the steps of

Step S1, system initialization: PKG sets up hash function H₁, and systematic parameter params and system master key s, PKG public address system parameter params and hash function H is set up according to security parameter k₁, secret preservation system master key s；

Step S2, extraction private key: PKG are according to the primitive operation people O identity information ID submitted to_o, the private key d of primitive operation people is produced with system master key s_o, PKI directly adopts the identity information ID of primitive operation people O_o, by hidden passageway by the private key d of primitive operation people_oIt is sent to primitive operation people O, PKG according to the agent operation people P identity information ID submitted to_p, the private key d of agent operation people is produced with system master key s_p, PKI directly adopts the identity information ID of agent operation people_p, by hidden passageway by the private key d of agent operation people_pIt is sent to agent operation people P；

Step S3, general surrogate production method in the proxypassword method of identity-based any one of in claim 1-8 is utilized to produce surrogate；

Step S4, generation allograph: agent operation people P uses the surrogate produced in systematic parameter params and step S3 to produce allograph in the message m requiring signature；

Step S5, checking allograph: allograph identifier receives one with after the step S4 allograph produced, use systematic parameter params and certificate of authority Warrant that the allograph received is verified, if by verifying, then accepting this allograph, otherwise refusing.

10. the proxypassword method of identity-based as claimed in claim 9, it is characterised in that

Described set up systematic parameter params and system master key s according to security parameter k and comprise: input security parameter k, a PKG and run output system common parameter params system master key s after IDC.Setup, i.e. IDC.Setup (1^k) → (params, s), wherein, IDC is the ID-ased cryptography method that any one is known, and IDC.Setup is the system initialisation phase in IDC；

Described use system master key s produces the private key d of primitive operation people_oComprise: the identity information ID that input system common parameter params, system master key s and primitive operation people O submit to_o, PKG exports the private key d of primitive operation people after running IDC.Extract_o, i.e. IDC.Extract (params, s, ID_o)→d_o, wherein, IDC.Extract is the private key extraction stage in IDC；

Described use system master key s produces the private key d of agent operation people_pComprise: the identity information ID that input system common parameter params, system master key s and agent operation people P submit to_p, the private key d of output agent operator after PKG operation IDC.Extract_p, i.e. IDC.Extract (params, s, ID_o)→d_p。