CN106027240B - A kind of Key-insulated endorsement method based on attribute - Google Patents
A kind of Key-insulated endorsement method based on attribute Download PDFInfo
- Publication number
- CN106027240B CN106027240B CN201610510247.7A CN201610510247A CN106027240B CN 106027240 B CN106027240 B CN 106027240B CN 201610510247 A CN201610510247 A CN 201610510247A CN 106027240 B CN106027240 B CN 106027240B
- Authority
- CN
- China
- Prior art keywords
- key
- attribute
- signature
- private key
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
Abstract
The invention discloses a kind of Key-insulated endorsement method based on attribute is for the computing cost problem existing in the prior art for lacking and causing to increase terminal to the safeguard measure of Key Exposure and due to Bilinear map operation.Entire signature system is divided into several independent time slices, after system enters new time slice, key helper generates private key more new segment, and user updates private key.For a certain file, user's private key corresponding to current time segment is signed, and the verification result of signature also corresponds to some time slice of system.If private key for user leaks in certain time slice, system is still able to maintain forward secrecy and backward security in other time slice, the harm that private key is revealed is fallen below minimum.During signature, the operation of any Bilinear map is not needed, reduces the computing cost of user terminal.When system time segment is evolved, no longer needs to update system common parameter, reduce synchronous common parameter bring communication overhead.
Description
Technical field
The present invention relates to the secrecy of digital information transmission or safety communication technologies, and in particular to a kind of key based on attribute
Endorsement method is isolated.
Background technique
Cryptography based on attribute is the important component in information security, and at the same time, the system of attribute signature is close
It has also attracted and has been widely applied over year.In the signature system based on attribute, the corresponding attribute structure of the private key of user, certain conjunction
Method user can be authenticated in owned corresponding attribute structure with the signature that corresponding private key generates.However current
Attribute signature mechanism still has two problems and needs to solve: first, it is any when the attribute private key of some user is revealed
The user for obtaining the private key may be by the private key and generate a legal signature, to bring a series of security risk.
Second, the cryptography scheme for being currently based on attribute is all based on Bilinear map mostly.The computing cost of Bilinear map is much big
In other operations (such as point multiplication operation, Hash operation etc.).Many two-wires pair are contained in conventional attribute endorsement method
Operation can bring burden to the limited terminal of some computing capabilitys, to generate communication performance bottleneck.To sum up, in attribute signature system
In, a kind of new mechanism is needed, the system after key can be protected to leak is safe and during signature generation and verifying
More reduction Bilinear map operation times as far as possible.
It is (public that BJ University of Aeronautics & Astronautics in 2015 discloses entitled " the attribute base endorsement method and system in large attribute domain "
The number of opening be CN105141419A) application for a patent for invention.The invention provides a kind of attribute base endorsement method in large attribute domain and is
System, this method comprises: private key, which generates center, obtains common parameter and master key according to the system security parameter of input;Private key generates
Center obtains private key for user according to master key and user property collection, and private key for user is sent to corresponding user;Signer according to
Access structure, user property collection and the predetermined message that private key for user, user meet generate the digital signature of user;Authentication according to
The digital signature of common parameter and user verify user.This method can realize fine-granularity access control, support " with door "
And disjunction gate, flexible operation limit number of attributes without in initial phase, can neatly be extended to system,
Common parameter length is constant, effectively mitigates the burden of system.However, lacking the safeguard measure to Key Exposure in this method.
Once the attribute private key of user leaks, any malicious user for obtaining private key can forge a legitimate signature with it,
To bring security threat to system.It is operated in addition, using a large amount of Bilinear map in scheme, the calculating for increasing terminal is opened
Pin.
Summary of the invention
The technical problem to be solved by the present invention is to be directed to the safeguard measure existing in the prior art lacked to Key Exposure
And since Bilinear map operation leads to the computing cost for increasing terminal.
For this purpose, the present invention proposes a kind of Key-insulated endorsement method based on attribute, specific technical solution includes following step
It is rapid:
Step 1: system initialization
1. defining G1For an addition cyclic group, order is that q. defines p as G1On a generation member;
2. defining a hash function H1:{0,1}*→Zq, the function of the function is to project the character string of random length
Finite field domain ZqOn;
3. attribute Authentication Center is in finite fieldInterior is one random number of each Attributions selectionIt is additionally each
Time slice TPnChoose random numberFinally select random numberThen the main private key of system is { ti,kn, y }, be
System common parameter is { G1, p, q, Y=yp, Kn=knP, Ti=tiP, H1};
Step 2: initial key distribution
Segment TP between at the beginning0, attribute Authentication Center attribute Authentication Center is according to the attribute structure tree T of each userk's
Each leaf node chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, i.e. (dx=kx- 1),
Q is arranged for root noderoot(0) q is arranged for other nodes in=yx(0)=qparent(x) index(x), wherein parent (x)
For the father node of node x, index (x) is serial number of the node x in its all brotgher of node, and then attribute Authentication Center will be first
Beginning keyIt is sent to signer;
Step 3: key updating:
1. when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is each attribute computation key
More
New information
2. user obtainsAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature
1. couple file M, signer is chosen
2. data sender calculates following information according to the common parameter of system:
v1=xp,
3. data sender is by { v1,v2, M } be packaged be uploaded to data server;
Step 5: verifying
1. Data receiver downloads corresponding file and signature from data server;
2. Data receiver is calculated as follows using system common parameter:
It is legal to sign if equation is set up.
Further, in step 5, Data receiver carries out the legal correctness of judgement signature such as using system common parameter
Under:
Compared with prior art, the beneficial effects of the present invention are:
1. the corresponding attribute structure of the private key of signer, verifier can be full to signature authentication with system common parameter
Sufficient authentication in open.In order to guarantee the preceding backward security of attribute signature and solve the problems, such as that attribute key is revealed, the present invention is disclosed
A kind of Key-insulated mechanism based on attribute, the information of each time slice can be embedded in the current private key of user.
When user property revocation, update or private key for user leakage occur in system, pass through the private key for updating legitimate user
To ensure the preceding backward security in system.
2. most variations are based on bilinear traditional based in properties secret system.The operation of two-wire pair is opened
It sells larger, can meet to a large amount of operation of whole system arrival.In the present invention, the whole process of signature authentication does not need
Any Bilinear map operation, significantly reduces the burden of system and terminal.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Now in conjunction with attached drawing, specific embodiments of the present invention will be described in further detail.
The invention discloses a kind of Key-insulated endorsement method based on attribute, entire signature system are divided into several independences
Time slice, as shown in Figure 1.After system enters new time slice, key helper generates private key more new segment, uses
Family updates private key.For a certain file, user's private key corresponding to current time segment is signed, the verification result of signature
Also some time slice of system is corresponded to.If private key for user leaks in certain time slice, system is in other timeslice
Section is still able to maintain forward secrecy and backward security, the harm that private key is revealed is fallen below minimum.
During signature, the operation of any Bilinear map is not needed, reduces the computing cost of user terminal.This
Outside, it when system time segment is evolved, no longer needs to update system common parameter, reduces synchronous common parameter bring communication and open
Pin.
The specific content of the present invention is described as follows: present invention assumes that system is by attribute Authentication Center, signer, verifier,
Four functional entity compositions of data server.Wherein, attribute Authentication Center is responsible for managing the attribute of user, and dispatch user is first
Beginning private key simultaneously enters the private key that user is updated when new time slice starts in system.Data server is by computer set group
At physical node, be responsible for safety storing data.Signer generates file using private key and signs and be uploaded to data service
Device;Whether verify legal by common parameter verifying signature after downloading file.
The following are process descriptions: a kind of Key-insulated endorsement method based on attribute includes initialization, initial key distribution,
This five steps are signed and are verified in key updating, and each step is described in detail below:
Step 1: system initialization:
1. defining G1For an addition cyclic group, order is that q. defines p as G1On a generation member.
2. defining a hash function H1: { 0,1 }*→Zq, the function of the function is to project the character string of random length
Finite field domain ZqOn.
3. attribute Authentication Center is in finite fieldInterior is one random number of each Attributions selectionIt is additionally each
Time slice TPnChoose random numberFinally select random numberThen the main private key of system is { ti, kn, y }, be
System common parameter is { G1, p, q, Y=yp, Kn=knp,Ti=tip,H1}
Step 2: initial key distribution:
Segment TP between at the beginning0, attribute Authentication Center attribute Authentication Center is according to the attribute structure tree T of each userk's
Each leaf node chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, i.e. (dx=kx-1).
Q is arranged for root noderoot(0) q is arranged for other nodes in=y.x(0)=qparent(x) index(x), wherein parent (x)
For the father node of node x, index (x) is serial number of the node x in its all brotgher of node.Then attribute Authentication Center will be first
Beginning keyIt is sent to signer.
Step 3: key updating:
1. when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is each attribute computation key
More new information
2. user obtainsAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature:
1. couple file M, signer is chosen
2. data sender calculates following information according to the common parameter of system:
v1=xp
3. data sender is by { v1, v2, M } be packaged be uploaded to data server.
Step 5: signature authentication:
1. Data receiver downloads corresponding file and signature from data server.
2. Data receiver is calculated as follows using system common parameter:
It is legal to sign if equation is set up.
Correctness specification is as follows:
By above-mentioned five steps, the Key-insulated endorsement method overall process based on attribute is completed.
1. in key problem in technology point 1, the invention discloses a kind of the Key-insulated mechanism based on attribute, each timeslice
The information of section can be all embedded in the current private key of user.When occurring in system, user property revocation, update or user are private
When key leakage, ensure the preceding backward security in system by updating the private key of legitimate user.
2. eliminating the calculating of the Bilinear map in conventional attribute signature mechanism, signature authentication in key problem in technology point 2
Whole process do not need the operation of any Bilinear map, significantly reduce the burden of system and terminal.
The foregoing is merely a specific embodiments of the invention, are not intended to limit the invention, used in the present embodiment
Data set and attack mode are only limitted to the present embodiment, and all within the spirits and principles of the present invention, made any modification is equal
Replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (2)
1. a kind of Key-insulated endorsement method based on attribute, it is characterised in that include following step mule:
Step 1: system initialization
1.1 define G1For an addition cyclic group, order is q, and definition p is G1On a generation member;
1.2 define a hash function H1: { 0,1 }*→Zq, the function of the function is to have projected the character string of random length
Confinement ZqOn;
1.3 attribute Authentication Center are in finite field ZqIt is interior, select random number y ∈ ZqIt as key parameter, while being each Attributions selection
One random number ti∈Zq, it is additionally each time slice TPnChoose random number kn∈Zq, in this way, the main private key of system is
{ti, kn, y }, system common parameter is { G1, p, q, Y=yp, Kn=knP, Ti=tiP, H1};
Step 2: initial key distribution
2.1 at the beginning between segment TP0, attribute Authentication Center is according to the attribute structure tree T of each userkEach leaf section
Point x chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, for root node, q is setroot(0)
Q is arranged for other nodes in=yx(0)=qparent(x) index(x), wherein parent (x) is the father node of node x, index
It (x) is serial number of the node x in its all brotgher of node;
2.2 attribute Authentication Center are by initial keyIt is sent to signature
Person;
Step 3: key updating
3.1 when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is the update of each attribute computation key
Information
3.2 users obtainAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature
4.1 couples of file M, signer choose a ∈ Zq;
4.2 calculate following information according to the common parameter of system, data sender:
v1=ap,
4.3 data senders are by { v1,v2, M } be packaged be uploaded to data server;
Step 5: verifying
5.1 Data receivers download corresponding file and signature from data server;
5.2 Data receivers are calculated as follows using system common parameter:
It is legal to sign if equation is set up.
2. a kind of Key-insulated endorsement method based on attribute according to claim 1, it is characterised in that in step 5, sentence
The legal correctness proof of disconnected signature is as follows:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610510247.7A CN106027240B (en) | 2016-07-01 | 2016-07-01 | A kind of Key-insulated endorsement method based on attribute |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610510247.7A CN106027240B (en) | 2016-07-01 | 2016-07-01 | A kind of Key-insulated endorsement method based on attribute |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106027240A CN106027240A (en) | 2016-10-12 |
CN106027240B true CN106027240B (en) | 2019-06-04 |
Family
ID=57104847
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610510247.7A Active CN106027240B (en) | 2016-07-01 | 2016-07-01 | A kind of Key-insulated endorsement method based on attribute |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106027240B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111541538B (en) * | 2017-07-06 | 2022-10-28 | 北京嘀嘀无限科技发展有限公司 | Data transmission method and device, server, computer equipment and storage medium |
CN109691010B (en) * | 2017-07-06 | 2021-01-08 | 北京嘀嘀无限科技发展有限公司 | System and method for data transmission |
CN107979840B (en) * | 2018-01-23 | 2021-02-09 | 重庆邮电大学 | Internet of vehicles V2I authentication system and method with key isolation safety |
KR102030785B1 (en) * | 2019-04-26 | 2019-10-10 | 주식회사그린존시큐리티 | An apparatus for obfuscating data of IoT devices using pseudorandom number and a method therefor |
CN112926074B (en) * | 2021-03-26 | 2022-08-23 | 成都卫士通信息产业股份有限公司 | SM9 key thresholding generation method, device, equipment and storage medium |
CN113055175B (en) * | 2021-06-02 | 2021-08-06 | 杭州链城数字科技有限公司 | Private key distribution method of distributed CA and electronic device |
CN113922955B (en) * | 2021-10-06 | 2023-07-07 | 烽火通信科技股份有限公司 | All-hardware implementation architecture of XMS algorithm and system thereof |
CN116484348A (en) * | 2022-01-17 | 2023-07-25 | 中兴通讯股份有限公司 | Cloud data security authentication method, system and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1738237A (en) * | 2004-04-05 | 2006-02-22 | 惠普开发有限公司 | Key-configured topology with connection management |
CN103873257A (en) * | 2014-03-24 | 2014-06-18 | 中国工商银行股份有限公司 | Secrete key updating, digital signature and signature verification method and device |
CN105373091A (en) * | 2014-08-11 | 2016-03-02 | 费希尔-罗斯蒙特系统公司 | Securing Devices to Process Control Systems |
-
2016
- 2016-07-01 CN CN201610510247.7A patent/CN106027240B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1738237A (en) * | 2004-04-05 | 2006-02-22 | 惠普开发有限公司 | Key-configured topology with connection management |
CN103873257A (en) * | 2014-03-24 | 2014-06-18 | 中国工商银行股份有限公司 | Secrete key updating, digital signature and signature verification method and device |
CN105373091A (en) * | 2014-08-11 | 2016-03-02 | 费希尔-罗斯蒙特系统公司 | Securing Devices to Process Control Systems |
Also Published As
Publication number | Publication date |
---|---|
CN106027240A (en) | 2016-10-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106027240B (en) | A kind of Key-insulated endorsement method based on attribute | |
CN110300112A (en) | Block chain key tiered management approach | |
CN107426165B (en) | Bidirectional secure cloud storage data integrity detection method supporting key updating | |
CN110321735B (en) | Business handling method, system and storage medium based on zero knowledge certification | |
US10491404B1 (en) | Systems and methods for cryptographic key generation and authentication | |
CN108140093A (en) | Secret is migrated using for the hardware root of trust of equipment | |
CN111033506B (en) | Editing script verification with matching and differencing operations | |
CN101964789B (en) | Method and system for safely accessing protected resources | |
CN110071808A (en) | A kind of the secure digital identity verification method and device of block chain user | |
CN108551392A (en) | A kind of Proxy Signature generation method and system based on SM9 digital signature | |
CN111444547B (en) | Method, apparatus and computer storage medium for data integrity attestation | |
CN110008755B (en) | Cloud storage revocable dynamic data integrity verification system and method | |
US9680655B2 (en) | Public-key certificate management system and method | |
CN109255210A (en) | The method, apparatus and storage medium of intelligent contract are provided in block chain network | |
CN104901804A (en) | User autonomy-based identity authentication implementation method | |
CN107707354A (en) | A kind of cloud storage data verification method and system based on elliptic curve cryptography | |
CN103916393B (en) | Cloud data-privacy protection public's auditing method based on symmetric key | |
CN106611136A (en) | Data tampering verification method in cloud storage | |
KR102250430B1 (en) | Method for using service with one time id based on pki, and user terminal using the same | |
CN107612969B (en) | B-Tree bloom filter-based cloud storage data integrity auditing method | |
CN109413084A (en) | A kind of password update method, apparatus and system | |
KR101586439B1 (en) | User data integrity verification method and apparatus capable of guaranteeing privacy | |
KR101593675B1 (en) | User data integrity verification method and apparatus | |
CN105812144B (en) | A kind of traceable attribute endorsement method of no trusted party | |
CN111339547B (en) | Method for generating data tag, electronic device and computer storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |