CN105721430B - General surrogate production method in the proxypassword method of identity-based - Google Patents

General surrogate production method in the proxypassword method of identity-based Download PDF

Info

Publication number
CN105721430B
CN105721430B CN201610028750.9A CN201610028750A CN105721430B CN 105721430 B CN105721430 B CN 105721430B CN 201610028750 A CN201610028750 A CN 201610028750A CN 105721430 B CN105721430 B CN 105721430B
Authority
CN
China
Prior art keywords
private key
operation people
parameter
warrant
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610028750.9A
Other languages
Chinese (zh)
Other versions
CN105721430A (en
Inventor
胡小明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Polytechnic University
Original Assignee
Shanghai Polytechnic University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Polytechnic University filed Critical Shanghai Polytechnic University
Priority to CN201610028750.9A priority Critical patent/CN105721430B/en
Publication of CN105721430A publication Critical patent/CN105721430A/en
Application granted granted Critical
Publication of CN105721430B publication Critical patent/CN105721430B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

General surrogate production method in a kind of proxypassword method of identity-based, it may be used in any one known ID-ased cryptography method, the general surrogate production method directly uses the certificate of authority as acting on behalf of public key key, intermediate parameters are encrypted using hash function, use the proxypassword method for the various efficient identity-baseds that this method is established, it can be widely applied to e-commerce, mobile agent, distributed network etc., be greatly improved their operational efficiency and safety.

Description

General surrogate production method in the proxypassword method of identity-based
Technical field
The present invention relates to general in field of information security technology more particularly to a kind of proxypassword method of identity-based Surrogate production method.
Background technique
Either in actual environment or network environment, people are frequently necessary to entrust to the certain rights of oneself reliably Agent allows agent to represent and oneself goes to exercise these rights.For example the manager of company or the leader of a unit go out Difference, in order to not influence company perhaps unit normal operation he his secretary or assistant can be entrusted to go on business at him during Him is represented to sign on some important files;A for another example online sale company, since the user of transaction much causes to lead The decline of server service quality, network delay lengthen, and have seriously affected the experience of user.Company can entrust some second levels at this time Service provider, the burden etc. for allowing them that the right of primary server enforcement user's checking is replaced to alleviate primary server with this.The above Very common commission problem in society or in network environment can use the method effective solution of agency.However as The fast development of information technology, information security issue frequently occur, so that the agency of network environment is much than in actual environment Agency want complicated more.
Core technology one of of the cryptographic technique as information security field is the most frequently used skill to solve network security problem Art.Therefore, various largely to be proposed based on the Proxy Signature Scheme of cryptographic technique, for solving the peace under network environment Full Proxy problem.Wherein, the proxypassword scheme of identity-based is not due to needing traditional Public Key Infrastructure (PKI), can save It saves the cost of public key management and maintenance and has become a hot topic of research, be widely used in e-commerce, mobile agent, distribution In network environment.However, the generally existing some disadvantages below of the proxypassword scheme of the identity-based proposed at present:
1, it is complicated, computationally intensive to act on behalf of public key key construction.It is mostly based in the proxypassword scheme of identity, proxy private key Key is made of following components: signature+agent operation people private of the primitive operation people with the private key of oneself on the certificate of authority Key, agent operation people act on behalf of public key key by the generation of this proxy private key key again.It can thus be seen that generate act on behalf of public key key by The public key of primitive operation people, the public key of agent operation people, the certificate of authority and some other auxiliary parameter composition.Since scheme exists It is needed in verification process using public key key is acted on behalf of, this makes the scheme finally generated require a great deal of time to reconstruct agency Public key key calculates complicated and inefficiency.
2, the producing method of surrogate is single, without versatility.Surrogate (including generation of current most identity-based Reason public key key, proxy private key key) generate be all based on certain special application background, such as: be suitble to signature environment (be based on body The allograph key of part), it is suitble to (the proxy re-encryption key of identity-based) etc. of encryption environment.Importantly, these generations Reason key production method is only used for this scheme of this author proposition, it is impossible to be used in the scheme that other authors propose.Due to every The secondary production method for requiring to re-establish surrogate, so that design cost and time overhead greatly increase.
3, the transmitting of surrogate needs hidden passageway, reduces safety.It is mostly based on the proxypassword scheme of identity The parameter for needing secret channel transfer to generate during surrogate generates, if not having to hidden passageway, these parameters will Exposure, opponent can easy these parameters of acquisition, once opponent obtains these parameters, they just can be carried out attack, do Various destructions, this undoubtedly greatly reduces the safety of scheme.
Summary of the invention
The present invention provides surrogate production method general in a kind of proxypassword method of identity-based, and direct use is awarded Warrant book encrypts intermediate parameters using hash function as public key key is acted on behalf of, and is established using this method various efficient Identity-based proxypassword method, can be widely applied to e-commerce, mobile agent, distributed network etc., can mention significantly Height their operational efficiency and safety.
In order to achieve the above object, the present invention provides surrogate general in a kind of proxypassword method of identity-based and produces Generation method, the general surrogate production method may be used in any one known ID-ased cryptography method, this is logical Surrogate production method comprises the steps of:
Step S101, primitive operation people O establishes certificate of authority Warrant, directly using certificate of authority Warrant as agency Public key;
Step S102, primitive operation people O utilizes the private key d of primitive operation peopleoCertificate of authority Warrant is encrypted, Obtain the first encryption parameter σ1, by first encryption parameter σ1Agent operation people P is issued by overt channel;
If step S103, agent operation people P receives the commission of primitive operation people O, the private key of agent operation people is utilized dpTo the first encryption parameter σ1It is encrypted, obtains the second encryption parameter σ2, by second encryption parameter σ2It is sent out by overt channel To PKG;
Step S104, PKG is to the second encryption parameter σ2It is verified, if produced by verifying using system master key s The corresponding proxy private key d of life certificate of authority WarrantW, utilize the private key d of agent operation peoplepTo proxy private key dWIt is encrypted, Generate third encryption parameter σ3, and by third encryption parameter σ3Agent operation people P is issued by overt channel;
Step S105, agent operation people P utilizes the private key d of agent operation peoplepFrom third encryption parameter σ3Middle extraction agency is private Key skW
The certificate of authority Warrant include the identity information of primitive operation people O, agent operation people P identity information, The content of agent authorization, date range.
The first encryption parameter σ1It is the private key d by primitive operation peopleo, certificate of authority Warrant and current time It stabs Stamp and passes through hash function H1It calculates and generates, i.e. σ1=H1(do| | Warrant | | Stamp), wherein hash function H1It is PKG (private key generator, Private Key Generator) is established, hash function H1:{0,1}*→Zp *;If primitive operation people Private key doComprising more than one parameter, then need all parameter series connection input hash function H1In.
The second encryption parameter σ2It is to be passed through by certificate of authority Warrant, current timestamp Stamp and secret value R Cross hash function H1It calculates and generates, i.e. σ2=H1(R | | Warrant | | Stamp), wherein R=σ1×dp;If agent operation people's Private key dpComprising more than one parameter, then need by all parameters respectively with the first encryption parameter σ1It is multiplied, then connects defeated Enter hash function H1In.
It is described to the second encryption parameter σ2Carrying out verifying includes: verifying equation t1=H1(do||Warrant||Stamp) And t3=H1(t2| | Warrant | | Stamp) it is whether true, wherein t2=t1×dpIf two equatioies are set up, by testing Card;If the private key d of primitive operation peopleoWith the private key d of agent operation peoplepIt is made of multiple parameters, then do=do1||do2| | ..., t2=t1×dp1||t1×dp2||……。
The utilization system master key s generates the corresponding proxy private key d of certificate of authority WarrantWInclude: PKG operation IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key dW, i.e. IDC.Extract (params, s, W) → dW, wherein IDC.Extract is the close of any one known identity-based Private key extraction stage in code method IDC, system common parameter params and system master key s are that PKG is transported according to security parameter k Row IDC.Setup is obtained, and IDC.Setup is that the system in any one known ID-ased cryptography method IDC is initial The change stage.
The third encryption parameter σ3It is the private key d by agent operation peoplep, certificate of authority Warrant and current time It stabs Stamp and passes through hash function H1Calculating after add proxy private key dWIt generates, i.e. σ3=dW+H1(dp||Warrant|| Stamp)×dp;If proxy private key dWComprising more than one parameter, then need all parameters respectively and H1(dp|| Warrant||Stamp)×dpIt is added, then by these addition results together as third encryption parameter σ3
The proxy private key skWIt is by third encryption parameter σ3Subtract hash function H1To the private key d of agent operation peoplep、 The cryptographic Hash of certificate of authority Warrant and current timestamp Stamp generate, i.e. skW3-H1(dp||Warrant|| Stamp)×dp=dW;If third encryption parameter σ3Comprising more than one parameter, then need that H is individually subtracted to each parameter1 (dp||Warrant||Stamp)×dp, obtained all results of subtracting each other are exactly the complete proxy private key sk extractedW
The present invention also provides a kind of proxypassword methods of identity-based comprising the steps of:
Step S1, system initialization: PKG establishes hash function H1, and system parameter params is established according to security parameter k With system master key s, PKG public address system parameter params and hash function H1, secret preservation system master key s;
Step S2, private key: the identity information ID that PKG is submitted according to primitive operation people O is extractedo, generated with system master key s The private key d of primitive operation peopleo, public key directlys adopt the identity information ID of primitive operation people Oo, by hidden passageway by primitive operation The private key d of peopleoIt is sent to the identity information ID that primitive operation people O, PKG are submitted according to agent operation people Pp, with system master key s Generate the private key d of agent operation peoplep, public key directlys adopt the identity information ID of agent operation peoplep, will be acted on behalf of by hidden passageway The private key d of operatorpIt is sent to agent operation people P;
Step S3, generation is generated using surrogate production method general in the proxypassword method of the identity-based Manage key;
Step S4, generate allograph: agent operation people P uses the agency generated in system parameter params and step S3 Key generates allograph in the message m for requiring signature;
Step S5, it verifies allograph: after allograph identifier receives an allograph with step S4 generation, making The allograph received is verified with system parameter params and certificate of authority Warrant, if the verification passes, then connecing By this allograph, otherwise refuse.
It is described system parameter params to be established according to security parameter k and system master key s includes: one safety ginseng of input Number k, PKG run output system common parameter params system master key s, i.e. IDC.Setup (1 after IDC.Setupk)→ (params, s), wherein IDC is any one known ID-ased cryptography method, and IDC.Setup is the system in IDC Initial phase;
The private key d that primitive operation people is generated with system master key soInclude: input system common parameter params, The identity information ID that system master key s and primitive operation people O is submittedo, PKG run IDC.Extract after export primitive operation people Private key do, i.e. IDC.Extract (params, s, IDo)→do, wherein IDC.Extract is that the private key in IDC extracts rank Section;
The private key d that agent operation people is generated with system master key spInclude: input system common parameter params, The identity information ID that system master key s and agent operation people P is submittedp, PKG run IDC.Extract after output agent operator Private key dp, i.e. IDC.Extract (params, s, IDo)→dp
The present invention has the advantage that
1, it is small that public key key simple structure, calculation amount are acted on behalf of.Directly use certificate of authority W as acting on behalf of public key key in the present invention, Without any extra computation, the complicated establishment process in conventional art is eliminated, calculating is greatly saved and spends.
2, surrogate producing method has versatility.Surrogate production method in the present invention has versatility, the present invention In IDC do not indicate specifically any, it can be any one known ID-ased cryptography scheme, that is to say, that The present invention program can be applied in any ID-ased cryptography scheme to obtain it is a kind of it is efficient, based on body The proxypassword scheme of part.Such as: if by IDC Paterson and Schuldt propose it is famous, classical based on The signature scheme of identity is replaced, then with efficient, identity-based a allograph has just been obtained after the present invention Scheme.
3, the transmitting of surrogate is not necessarily to hidden passageway, improves the convenience and safety of scheme execution.Make in the present invention The parameter of transmitting is encrypted with the private key of hash function and primitive operation people or agent operation people, so that surrogate was established The parameter transmitted in journey does not need to maintain secrecy, for example (Warrant, Stamp, σ 1, σ 2, σ 3) is all added with corresponding private key It is close, even if so opponent has obtained these information and can not obtain secret value.Therefore, the disclosure used usually can be used in user Channel is transmitted, and is not only facilitated but also safe.
Detailed description of the invention
Fig. 1 is the flow chart of surrogate production method general in a kind of proxypassword method of identity-based.
Fig. 2 is the flow chart of a kind of proxypassword method of identity-based.
Fig. 3 is the flow chart of one embodiment of the invention.
Specific embodiment
Below according to FIG. 1 to FIG. 3, presently preferred embodiments of the present invention is illustrated.
As shown in Figure 1, the present invention provides surrogate production method general in a kind of proxypassword method of identity-based, The general surrogate production method may be used in any one known ID-ased cryptography method, the general agency Key production method comprises the steps of:
Step S101, primitive operation people O establishes certificate of authority Warrant, directly using certificate of authority Warrant as agency Public key;
Wherein, certificate of authority Warrant include the identity information of primitive operation people O, agent operation people P identity information, Content, date range of agent authorization etc.;
Step S102, primitive operation people O utilizes the private key d of primitive operation peopleoCertificate of authority Warrant is encrypted, Obtain the first encryption parameter σ1, by first encryption parameter σ1Agent operation people P is issued by overt channel;
The first encryption parameter σ1It is the private key d by primitive operation peopleo, certificate of authority Warrant and current time It stabs Stamp and passes through hash function H1It calculates and generates, i.e. σ1=H1(do| | Warrant | | Stamp), wherein hash function H1It is PKG (private key generator, Private Key Generator) is established, hash function H1:{0,1}*→Zp *
If the private key d of primitive operation peopleoComprising more than one parameter, then need to breathe out all parameter series connection inputs Uncommon function H1In, such as: the private key d of primitive operation peopleoIt is made of two parameters, do=(do1,do2), then the two parameter strings Hash function H is inputted after connection1, i.e. H1(do1||do2| | Warrant | | Stamp), more than two and so on;
If step S103, agent operation people P receives the commission of primitive operation people O, the private key of agent operation people is utilized dpTo the first encryption parameter σ1It is encrypted, obtains the second encryption parameter σ2, by second encryption parameter σ2It is sent out by overt channel To PKG;
The second encryption parameter σ2It is to be passed through by certificate of authority Warrant, current timestamp Stamp and secret value R Cross hash function H1It calculates and generates, i.e. σ2=H1(R | | Warrant | | Stamp), wherein R=σ1×dp
If the private key d of agent operation peoplepComprising more than one parameter, then need all parameters respectively with first Encryption parameter σ1It is multiplied, then series connection input hash function H1In, such as: the private key d of agent operation peoplepIt is made of two parameters dp=(dp1,dp2), then calculating separately R to each component11×dp1And R21×dp2And by resulting all parameter strings H is inputted after connection1, i.e. H1(R1||R2| | Warrant | | Stamp), more than two and so on;
Step S104, PKG is to the second encryption parameter σ2It is verified, if produced by verifying using system master key s The corresponding proxy private key d of life certificate of authority WarrantW, utilize the private key d of agent operation peoplepTo proxy private key dWIt is encrypted, Generate third encryption parameter σ3, and by third encryption parameter σ3Agent operation people P is issued by overt channel;
It is described to the second encryption parameter σ2Carrying out verifying includes: verifying equation t1=H1(do||Warrant||Stamp) And t3=H1(t2| | Warrant | | Stamp) it is whether true, wherein t2=t1×dpIf two equatioies are set up, by testing Card;
If the private key d of primitive operation peopleoWith the private key d of agent operation peoplepIt is made of multiple parameters, then do=do1|| do2| | ..., t2=t1×dp1||t1×dp2||……;
The utilization system master key s generates the corresponding proxy private key d of certificate of authority WarrantWInclude: PKG operation IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key dW, i.e. IDC.Extract (params, s, W) → dW, wherein IDC.Extract is the close of any one known identity-based Private key extraction stage in code method IDC, system common parameter params and system master key s are that PKG is transported according to security parameter k Row IDC.Setup is obtained, and IDC.Setup is that the system in any one known ID-ased cryptography method IDC is initial The change stage;
The third encryption parameter σ3It is the private key d by agent operation peoplep, certificate of authority Warrant and current time It stabs Stamp and passes through hash function H1Calculating after add proxy private key dWIt generates, i.e. σ3=dW+H1(dp||Warrant|| Stamp)×dp
If proxy private key dWComprising more than one parameter, then need all parameters respectively and H1(dp|| Warrant||Stamp)×dpIt is added, then by these addition results together as third encryption parameter σ3, such as: proxy private key dWD is formed by two parametersw=(dw1,dw2), then calculating separately σ to each component3,1=dw1+H1(dp1||dp2||Warrant ||Stamp)×dp1And σ3,2=dw2+H1(dp1||dp2||Warrant||Stamp)×dp2, and by (σ3,13,2) together as Three encryption parameter σ3, more than two and so on;
Step S105, agent operation people P utilizes the private key d of agent operation peoplepFrom third encryption parameter σ3Middle extraction agency is private Key skW
The proxy private key skWIt is by third encryption parameter σ3Subtract hash function H1To the private key d of agent operation peoplep、 The cryptographic Hash of certificate of authority Warrant and current timestamp Stamp generate, i.e. skW3-H1(dp||Warrant|| Stamp)×dp=dW
If third encryption parameter σ3Comprising more than one parameter, then need that H is individually subtracted to each parameter1(dp|| Warrant||Stamp)×dp, obtained all results of subtracting each other are exactly the complete proxy private key sk extractedW, such as: third encryption Parameter σ3σ is formed by two parameters3=(σ3,13,2), then calculating separately sk to each componentW13,1-H1(dp1||dp2|| Warrant||Stamp)×dp1=dw1And skW23,2-H1(dp1||dp2||Warrant||Stamp)×dp2=dw2, then generation Operator is managed by skW=(skW1,skW2) it is used as proxy private key skW, more than two and so on.
Thus agent operation people P obtains agency's private/public key (skW, W), agent operation people P can act on behalf of public and private key with this Subsequent operation, such as encryption, signature etc. are carried out, depending on the Password Operations specifically used.
General surrogate production method may be used on arbitrarily in the proxypassword method of identity-based provided by the invention In ID-ased cryptography method known to a kind of, so that ID-ased cryptography method is become a kind of specific identity-based Proxypassword method, for example primitive operation people becomes original signer, agent operation people becomes proxy signer, then just becoming Identity-based is reformed into if becoming original encryption people and proxy-encrypted people at the allograph method of identity-based Proxy-encrypted method, and so on.
As shown in Fig. 2, the present invention also provides a kind of proxypassword methods of identity-based comprising the steps of:
Step S1, system initialization IDPC.Setup:PKG establishes hash function H1, and system is established according to security parameter k Parameter params and system master key s, PKG public address system parameter params and hash function H1, secret preservation system master key s;
It is described system parameter params to be established according to security parameter k and system master key s includes: one safety ginseng of input Number k, PKG run output system common parameter params system master key s, i.e. IDC.Setup (1 after IDC.Setupk)→ (params, s), wherein IDC is any one known ID-ased cryptography method, and IDC.Setup is the system in IDC Initial phase;
Step S2, the identity information ID that private key IDPC.Extract:PKG is submitted according to primitive operation people O is extractedo, with system The master key s that unites generates the private key d of primitive operation peopleo, public key directlys adopt the identity information ID of primitive operation people Oo, pass through secret Channel is by the private key d of primitive operation peopleoIt is sent to the identity information ID that primitive operation people O, PKG are submitted according to agent operation people Pp, The private key d of agent operation people is generated with system master key sp, public key directlys adopt the identity information ID of agent operation peoplep, by secret Secret letter road is by the private key d of agent operation peoplepIt is sent to agent operation people P;
The private key d that primitive operation people is generated with system master key soInclude: input system common parameter params, The identity information ID that system master key s and primitive operation people O is submittedo, PKG run IDC.Extract after export primitive operation people Private key do, i.e. IDC.Extract (params, s, IDo)→do, wherein IDC.Extract is that the private key in IDC extracts rank Section;
The private key d that agent operation people is generated with system master key spInclude: input system common parameter params, The identity information ID that system master key s and agent operation people P is submittedp, PKG run IDC.Extract after output agent operator Private key dp, i.e. IDC.Extract (params, s, IDo)→dp
Step S3, it generates surrogate IDPC.Delegation: utilizing a kind of proxypassword method of above-mentioned identity-based In general surrogate production method generate surrogate;
Step S4, it generates allograph IDPC.Signature: agent operation people P and uses system parameter params and step The surrogate generated in S3 generates allograph in the message m for requiring signature.
Step S5, verify allograph IDPC.Verification: allograph identifier receives one and is produced with step S4 After raw allograph, the allograph received is verified using system parameter params and certificate of authority Warrant, such as Fruit is verified, then receiving this allograph, otherwise refuses.
As shown in figure 3, by surrogate production method general in the proxypassword method of identity-based provided by the invention It applies in the classical id-based signatures method of Paterson and Schuldt, it is specific real to provide of the invention one Apply example.
Specific implementation step is as follows:
The Setup stage that step 1, system initialization IDPC.Setup:PKG run Paterson and Schuldt obtains Relevant parameter discloses system parameter params={ G1,G2,e,q,g,g1,g2,u0,m0,U,M,H1, wherein G1And G2It is respectively The addition cyclic group and multiplicative cyclic group that one rank is q, e:G1×G1→G2It is a Bilinear map, g is G1One generation Member, g1=gs, s is one and belongs to Zp *Random number, (g2u0,m0) be three and belong to G1Random number, U=(ui) it is a length For nIDVector (1≤i≤nID), M=(mi) be a length be nmVector (1≤j≤nm), nIDIt is an identity information Length, nmIt is the length of a signature information, uiAnd miRandomly from G1Middle selection, H1:{0,1}*→Zp *It is a hash function, PKG secret saves system master key s;
The Extract rank of step 2, private key extraction stage IDPC.Extract:PKG operation Paterson and Schuldt Section, i.e., the identity information ID submitted for primitive operation people or agent operation peopleoOr IDp, PKG random two number r of selectiono,rp ∈Zp *, then calculate their own private key: the private key of primitive operation peopleAgent operation The private key of peopleWherein IoIt is to meet IDoThe set of all i of [i]=1, and IDo[i] table Show primitive operation person part Information IDoI-th bit be 1, IpIt is to meet IDpThe set of all i of [i]=1, and IDp[i] is indicated Agent operation person part Information IDpI-th bit be 1;
Step 3, surrogate generate stage IDPC.Delegation, comprising the following steps:
Step 3.1, primitive operation people establish a certificate of authority W (comprising IDo、IDp, the content of agent authorization, date model Enclose), calculate current system time T;
Step 3.2 calculatesAnd by (W, T, σ1) sent out by overt channel Give agent operation people;
Step 3.3, agent operation people receive (W, T, σ1) after, if receiving this time to entrust, step 3.4 is carried out, if Do not receive this time to entrust, then exits;
Step 3.4, agent operation people oneself private keyIt calculates WithThen σ is calculated2=H1(R1||R1| | W | | T) and by (W, T, σ2) pass through open letter Issue PKG in road;
Step 3.5, PKG receive (W, T, σ2) after, first verify that whether meet following two equation t1=And t3=H1(t2| | W | | T), wherein If the two equatioies are set up, step 3.6 is carried out, if the two equatioies are invalid, is exited;
Step 3.6, PKG random selection rw∈Zp *And it calculates and then calculates Wherein IwIt is to meet the set of all i of W [i]=1, and W [i] The i-th bit for indicating certificate of authority W is 1, PKG by (σ3,13,2) agent operation people issued by overt channel;
Step 3.7, agent operation people receive (σ3,13,2) after, with the existing W and T and private key d of oneselfpIt calculates Thus agent operation people obtain proxy private key key agent operation people can with this proxy private key key as follows into Row signature operation;
Step 4, allograph stage IDPC.Signature: the Signature of operation Paterson and Schuldt Stage, i.e., when a user submits a message m to require allograph, the random selection r of agent operation peoplem∈Zp *, then With the proxy private key key of oneself It is as follows to calculate allograph Wherein ImIt is to meet the set of all j of m [j]=1, and m [j] indicates that the jth position of signature information m is 1;
Step 5, allograph Qualify Phase IDPC.Verification: operation Paterson and Schuldt's The Verification stage gives an allograph And system parameter params, whether identifier verifies following equation true If this equation is set up, identifier receives this signature, it is believed that this A allograph is that effectively, it is invalid otherwise to determine, refuses this signature.
The present invention directly uses the certificate of authority as public key key is acted on behalf of, and is encrypted using hash function to intermediate parameters, Using this method establish various efficient identity-baseds proxypassword method, as identity-based allograph (re-encryption, Ring signatures etc.) method, it can be widely applied to e-commerce, mobile agent, distributed network etc., be greatly improved their operation Efficiency and safety.
It is discussed in detail although the contents of the present invention have passed through above preferred embodiment, but it should be appreciated that above-mentioned Description is not considered as limitation of the present invention.After those skilled in the art have read above content, for of the invention A variety of modifications and substitutions all will be apparent.Therefore, protection scope of the present invention should be limited to the appended claims.

Claims (10)

1. general surrogate production method in a kind of proxypassword method of identity-based, which is characterized in that the general generation Reason key production method may be used in any one known ID-ased cryptography method, the general surrogate production method It comprises the steps of:
Step S101, primitive operation people O establishes certificate of authority Warrant, directly public using certificate of authority Warrant as agency Key;
Step S102, primitive operation people O utilizes the private key d of primitive operation peopleoCertificate of authority Warrant is encrypted, obtains the One encryption parameter σ1, by first encryption parameter σ1Agent operation people P is issued by overt channel;
If step S103, agent operation people P receives the commission of primitive operation people O, the private key d of agent operation people is utilizedpTo One encryption parameter σ1It is encrypted, obtains the second encryption parameter σ2, by second encryption parameter σ2PKG is issued by overt channel;
Step S104, PKG is to the second encryption parameter σ2It is verified, if awarded by verifying using system master key s generation The corresponding proxy private key d of warrant book WarrantW, utilize the private key d of agent operation peoplepTo proxy private key dWIt is encrypted, is generated Third encryption parameter σ3, and by third encryption parameter σ3Agent operation people P is issued by overt channel;
Step S105, agent operation people P utilizes the private key d of agent operation peoplepFrom third encryption parameter σ3It is private that middle extraction obtains agency Key skW
2. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the certificate of authority Warrant includes the identity information of primitive operation people O, the identity information of agent operation people P, agency The content of authorization, date range.
3. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the first encryption parameter σ1It is the private key d by primitive operation peopleo, certificate of authority Warrant and current timestamp Stamp passes through hash function H1It calculates and generates, i.e. σ1=H1(do| | Warrant | | Stamp), wherein hash function H1It is PKG (private key generator, PrivateKey Generator) is established, hash function H1:{0,1}*→Zp *;If primitive operation people Private key doComprising more than one parameter, then need all parameter series connection input hash function H1In.
4. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the second encryption parameter σ2It is by certificate of authority Warrant, current timestamp Stamp and secret value R by Hash Function H1It calculates and generates, i.e. σ2=H1(R | | Warrant | | Stamp), wherein R=σ1×dp;If the private key d of agent operation peoplep Comprising more than one parameter, then need by all parameters respectively with the first encryption parameter σ1It is multiplied, then series connection input is breathed out Uncommon function H1In.
5. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In described to the second encryption parameter σ2Carrying out verifying includes: verifying equation t1=H1(do| | Warrant | | Stamp) and t3= H1(t2| | Warrant | | Stamp) it is whether true, wherein t2=t1×dpIf two equatioies are set up, pass through verifying;If The private key d of primitive operation peopleoWith the private key d of agent operation peoplepIt is made of multiple parameters, then do=do1||do2| | ..., t2= t1×dp1||t1×dp2||……。
6. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the utilization system master key s generates the corresponding proxy private key d of certificate of authority WarrantWInclude: PKG operation IDC.Extract, input system common parameter params, system master key s and certificate of authority Warrant, output agent private key dW, i.e. IDC.Extract (params, s, W) → dW, wherein IDC.Extract is the close of any one known identity-based Private key extraction stage in code method IDC, system common parameter params and system master key s are that PKG is transported according to security parameter k Row IDC.Setup is obtained, and IDC.Setup is that the system in any one known ID-ased cryptography method IDC is initial The change stage.
7. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the third encryption parameter σ3It is the private key d by agent operation peoplep, certificate of authority Warrant and current timestamp Stamp passes through hash function H1Calculating after add proxy private key dWIt generates, i.e. σ3=dW+H1(dp||Warrant||Stamp) ×dp;If proxy private key dWComprising more than one parameter, then need all parameters respectively and H1(dp||Warrant|| Stamp)×dpIt is added, then by these addition results together as third encryption parameter σ3
8. general surrogate production method, feature exist in the proxypassword method of identity-based as described in claim 1 In the proxy private key sk that the extraction obtainsWIt is by third encryption parameter σ3Subtract hash function H1Private to agent operation people Key dp, certificate of authority Warrant and current timestamp Stamp cryptographic Hash generate, i.e. skW3-H1(dp||Warrant|| Stamp)×dp=dW;If third encryption parameter σ3Comprising more than one parameter, then need that H is individually subtracted to each parameter1 (dp||Warrant||Stamp)×dp, obtained all results of subtracting each other are exactly to extract obtained complete proxy private key skW
9. a kind of proxypassword method of identity-based, which is characterized in that comprise the steps of:
Step S1, system initialization: PKG establishes hash function H1, and system parameter params is established according to security parameter k and is Unite master key s, PKG public address system parameter params and hash function H1, secret preservation system master key s;
Step S2, private key: the identity information ID that PKG is submitted according to primitive operation people O is extractedo, generated with system master key s original The private key d of operatoro, public key directlys adopt the identity information ID of primitive operation people Oo, by hidden passageway by primitive operation people's Private key doIt is sent to the identity information ID that primitive operation people O, PKG are submitted according to agent operation people Pp, generated with system master key s The private key d of agent operation peoplep, public key directlys adopt the identity information ID of agent operation peoplep, by hidden passageway by agent operation The private key d of peoplepIt is sent to agent operation people P;
Step S3, generation general in the proxypassword method using identity-based any one of in such as claim 1-8 Key production method is managed to generate surrogate;
Step S4, generate allograph: agent operation people P is existed using the surrogate generated in system parameter params and step S3 It is required that generating allograph in the message m of signature;
Step S5, it verifies allograph: after allograph identifier receives an allograph with step S4 generation, using system System parameter params and certificate of authority Warrant verifies the allograph received, if receiving this by verifying Otherwise allograph is refused.
10. the proxypassword method of identity-based as claimed in claim 9, which is characterized in that
It is described system parameter params to be established according to security parameter k and system master key s includes: one security parameter k of input, PKG runs output system common parameter params system master key s, i.e. IDC.Setup (1 after IDC.Setupk)→(params, S), wherein IDC is any one known ID-ased cryptography method, and IDC.Setup is the system initialization rank in IDC Section;
The private key d that primitive operation people is generated with system master key soInclude: input system common parameter params, system The identity information ID that master key s and primitive operation people O is submittedo, PKG run IDC.Extract after export primitive operation people private Key do, i.e. IDC.Extract (params, s, IDo)→do, wherein IDC.Extract is the private key extraction stage in IDC;
The private key d that agent operation people is generated with system master key spInclude: input system common parameter params, system The identity information ID that master key s and agent operation people P is submittedp, PKG run IDC.Extract after output agent operator private Key dp, i.e. IDC.Extract (params, s, IDo)→dp
CN201610028750.9A 2016-01-15 2016-01-15 General surrogate production method in the proxypassword method of identity-based Expired - Fee Related CN105721430B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610028750.9A CN105721430B (en) 2016-01-15 2016-01-15 General surrogate production method in the proxypassword method of identity-based

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610028750.9A CN105721430B (en) 2016-01-15 2016-01-15 General surrogate production method in the proxypassword method of identity-based

Publications (2)

Publication Number Publication Date
CN105721430A CN105721430A (en) 2016-06-29
CN105721430B true CN105721430B (en) 2019-03-05

Family

ID=56147287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610028750.9A Expired - Fee Related CN105721430B (en) 2016-01-15 2016-01-15 General surrogate production method in the proxypassword method of identity-based

Country Status (1)

Country Link
CN (1) CN105721430B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109286485B (en) * 2018-10-17 2019-10-25 西安邮电大学 General Identity Proxy label decryption method that can be compound

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378316A (en) * 2007-08-29 2009-03-04 索尼(中国)有限公司 Proxy blind signing system and method based on identification
WO2014088130A1 (en) * 2012-12-05 2014-06-12 Inha-Industry Partnership Institute Proxy signature scheme

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013115522A (en) * 2011-11-25 2013-06-10 Internatl Business Mach Corp <Ibm> Link access control method, program, and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378316A (en) * 2007-08-29 2009-03-04 索尼(中国)有限公司 Proxy blind signing system and method based on identification
WO2014088130A1 (en) * 2012-12-05 2014-06-12 Inha-Industry Partnership Institute Proxy signature scheme

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ID-Based Aggregate Proxy Signature Scheme Realizing Warrant-Based Delegation;Yenching LIN,等;《journal of information science and engineering 29》;20131231;全文
Provable Security of ID-Based Proxy Signature Schemes;Chunxiang Gu ,等;《ICCNMC 2005 LNCS 3619》;20051231;全文

Also Published As

Publication number Publication date
CN105721430A (en) 2016-06-29

Similar Documents

Publication Publication Date Title
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Huang et al. Building redactable consortium blockchain for industrial Internet-of-Things
CN105592100B (en) A kind of government affairs cloud access control method based on encryption attribute
CN109495465A (en) Privacy set intersection method based on intelligent contract
CN107947913A (en) The anonymous authentication method and system of a kind of identity-based
CN101958796B (en) Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof
Yin et al. SmartDID: a novel privacy-preserving identity based on blockchain for IoT
Shang et al. Identity-based dynamic data auditing for big data storage
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN103731261A (en) Secret key distribution method under encrypted repeating data deleted scene
CN106341232A (en) Anonymous entity identification method based on password
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
CN101488853A (en) Cross-certification method based on seed key management
CN104901804A (en) User autonomy-based identity authentication implementation method
CN108737391A (en) Information service entities identity manages system and identifies quick cancelling method
KR20030062401A (en) Apparatus and method for generating and verifying id-based blind signature by using bilinear parings
CN111274594A (en) Block chain-based secure big data privacy protection sharing method
CN108712259A (en) Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data
Ding et al. A public auditing protocol for cloud storage system with intrusion-resilience
CN114124371A (en) Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security
CN113468570A (en) Private data sharing method based on intelligent contract
CN114666032A (en) Block chain transaction data privacy protection method based on homomorphic encryption
CN104780047A (en) Certificateless verifiable encrypted signature method with forward security
CN113346992B (en) Identity-based multi-proxy signature method and device for protecting private key
CN108259180A (en) A kind of method of quantum Universal designated verifier signature

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190305

Termination date: 20220115

CF01 Termination of patent right due to non-payment of annual fee