CN106027240B - A kind of Key-insulated endorsement method based on attribute - Google Patents

A kind of Key-insulated endorsement method based on attribute Download PDF

Info

Publication number
CN106027240B
CN106027240B CN201610510247.7A CN201610510247A CN106027240B CN 106027240 B CN106027240 B CN 106027240B CN 201610510247 A CN201610510247 A CN 201610510247A CN 106027240 B CN106027240 B CN 106027240B
Authority
CN
China
Prior art keywords
key
attribute
signature
private key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610510247.7A
Other languages
Chinese (zh)
Other versions
CN106027240A (en
Inventor
孙知信
徐睿
洪汉舒
李冬军
陈梓洋
邰淳亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201610510247.7A priority Critical patent/CN106027240B/en
Publication of CN106027240A publication Critical patent/CN106027240A/en
Application granted granted Critical
Publication of CN106027240B publication Critical patent/CN106027240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Abstract

The invention discloses a kind of Key-insulated endorsement method based on attribute is for the computing cost problem existing in the prior art for lacking and causing to increase terminal to the safeguard measure of Key Exposure and due to Bilinear map operation.Entire signature system is divided into several independent time slices, after system enters new time slice, key helper generates private key more new segment, and user updates private key.For a certain file, user's private key corresponding to current time segment is signed, and the verification result of signature also corresponds to some time slice of system.If private key for user leaks in certain time slice, system is still able to maintain forward secrecy and backward security in other time slice, the harm that private key is revealed is fallen below minimum.During signature, the operation of any Bilinear map is not needed, reduces the computing cost of user terminal.When system time segment is evolved, no longer needs to update system common parameter, reduce synchronous common parameter bring communication overhead.

Description

A kind of Key-insulated endorsement method based on attribute
Technical field
The present invention relates to the secrecy of digital information transmission or safety communication technologies, and in particular to a kind of key based on attribute Endorsement method is isolated.
Background technique
Cryptography based on attribute is the important component in information security, and at the same time, the system of attribute signature is close It has also attracted and has been widely applied over year.In the signature system based on attribute, the corresponding attribute structure of the private key of user, certain conjunction Method user can be authenticated in owned corresponding attribute structure with the signature that corresponding private key generates.However current Attribute signature mechanism still has two problems and needs to solve: first, it is any when the attribute private key of some user is revealed The user for obtaining the private key may be by the private key and generate a legal signature, to bring a series of security risk. Second, the cryptography scheme for being currently based on attribute is all based on Bilinear map mostly.The computing cost of Bilinear map is much big In other operations (such as point multiplication operation, Hash operation etc.).Many two-wires pair are contained in conventional attribute endorsement method Operation can bring burden to the limited terminal of some computing capabilitys, to generate communication performance bottleneck.To sum up, in attribute signature system In, a kind of new mechanism is needed, the system after key can be protected to leak is safe and during signature generation and verifying More reduction Bilinear map operation times as far as possible.
It is (public that BJ University of Aeronautics & Astronautics in 2015 discloses entitled " the attribute base endorsement method and system in large attribute domain " The number of opening be CN105141419A) application for a patent for invention.The invention provides a kind of attribute base endorsement method in large attribute domain and is System, this method comprises: private key, which generates center, obtains common parameter and master key according to the system security parameter of input;Private key generates Center obtains private key for user according to master key and user property collection, and private key for user is sent to corresponding user;Signer according to Access structure, user property collection and the predetermined message that private key for user, user meet generate the digital signature of user;Authentication according to The digital signature of common parameter and user verify user.This method can realize fine-granularity access control, support " with door " And disjunction gate, flexible operation limit number of attributes without in initial phase, can neatly be extended to system, Common parameter length is constant, effectively mitigates the burden of system.However, lacking the safeguard measure to Key Exposure in this method. Once the attribute private key of user leaks, any malicious user for obtaining private key can forge a legitimate signature with it, To bring security threat to system.It is operated in addition, using a large amount of Bilinear map in scheme, the calculating for increasing terminal is opened Pin.
Summary of the invention
The technical problem to be solved by the present invention is to be directed to the safeguard measure existing in the prior art lacked to Key Exposure And since Bilinear map operation leads to the computing cost for increasing terminal.
For this purpose, the present invention proposes a kind of Key-insulated endorsement method based on attribute, specific technical solution includes following step It is rapid:
Step 1: system initialization
1. defining G1For an addition cyclic group, order is that q. defines p as G1On a generation member;
2. defining a hash function H1:{0,1}*→Zq, the function of the function is to project the character string of random length Finite field domain ZqOn;
3. attribute Authentication Center is in finite fieldInterior is one random number of each Attributions selectionIt is additionally each Time slice TPnChoose random numberFinally select random numberThen the main private key of system is { ti,kn, y }, be System common parameter is { G1, p, q, Y=yp, Kn=knP, Ti=tiP, H1};
Step 2: initial key distribution
Segment TP between at the beginning0, attribute Authentication Center attribute Authentication Center is according to the attribute structure tree T of each userk's Each leaf node chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, i.e. (dx=kx- 1), Q is arranged for root noderoot(0) q is arranged for other nodes in=yx(0)=qparent(x) index(x), wherein parent (x) For the father node of node x, index (x) is serial number of the node x in its all brotgher of node, and then attribute Authentication Center will be first Beginning keyIt is sent to signer;
Step 3: key updating:
1. when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is each attribute computation key More
New information
2. user obtainsAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature
1. couple file M, signer is chosen
2. data sender calculates following information according to the common parameter of system:
v1=xp,
3. data sender is by { v1,v2, M } be packaged be uploaded to data server;
Step 5: verifying
1. Data receiver downloads corresponding file and signature from data server;
2. Data receiver is calculated as follows using system common parameter:
It is legal to sign if equation is set up.
Further, in step 5, Data receiver carries out the legal correctness of judgement signature such as using system common parameter Under:
Compared with prior art, the beneficial effects of the present invention are:
1. the corresponding attribute structure of the private key of signer, verifier can be full to signature authentication with system common parameter Sufficient authentication in open.In order to guarantee the preceding backward security of attribute signature and solve the problems, such as that attribute key is revealed, the present invention is disclosed A kind of Key-insulated mechanism based on attribute, the information of each time slice can be embedded in the current private key of user. When user property revocation, update or private key for user leakage occur in system, pass through the private key for updating legitimate user To ensure the preceding backward security in system.
2. most variations are based on bilinear traditional based in properties secret system.The operation of two-wire pair is opened It sells larger, can meet to a large amount of operation of whole system arrival.In the present invention, the whole process of signature authentication does not need Any Bilinear map operation, significantly reduces the burden of system and terminal.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Now in conjunction with attached drawing, specific embodiments of the present invention will be described in further detail.
The invention discloses a kind of Key-insulated endorsement method based on attribute, entire signature system are divided into several independences Time slice, as shown in Figure 1.After system enters new time slice, key helper generates private key more new segment, uses Family updates private key.For a certain file, user's private key corresponding to current time segment is signed, the verification result of signature Also some time slice of system is corresponded to.If private key for user leaks in certain time slice, system is in other timeslice Section is still able to maintain forward secrecy and backward security, the harm that private key is revealed is fallen below minimum.
During signature, the operation of any Bilinear map is not needed, reduces the computing cost of user terminal.This Outside, it when system time segment is evolved, no longer needs to update system common parameter, reduces synchronous common parameter bring communication and open Pin.
The specific content of the present invention is described as follows: present invention assumes that system is by attribute Authentication Center, signer, verifier, Four functional entity compositions of data server.Wherein, attribute Authentication Center is responsible for managing the attribute of user, and dispatch user is first Beginning private key simultaneously enters the private key that user is updated when new time slice starts in system.Data server is by computer set group At physical node, be responsible for safety storing data.Signer generates file using private key and signs and be uploaded to data service Device;Whether verify legal by common parameter verifying signature after downloading file.
The following are process descriptions: a kind of Key-insulated endorsement method based on attribute includes initialization, initial key distribution, This five steps are signed and are verified in key updating, and each step is described in detail below:
Step 1: system initialization:
1. defining G1For an addition cyclic group, order is that q. defines p as G1On a generation member.
2. defining a hash function H1: { 0,1 }*→Zq, the function of the function is to project the character string of random length Finite field domain ZqOn.
3. attribute Authentication Center is in finite fieldInterior is one random number of each Attributions selectionIt is additionally each Time slice TPnChoose random numberFinally select random numberThen the main private key of system is { ti, kn, y }, be System common parameter is { G1, p, q, Y=yp, Kn=knp,Ti=tip,H1}
Step 2: initial key distribution:
Segment TP between at the beginning0, attribute Authentication Center attribute Authentication Center is according to the attribute structure tree T of each userk's Each leaf node chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, i.e. (dx=kx-1). Q is arranged for root noderoot(0) q is arranged for other nodes in=y.x(0)=qparent(x) index(x), wherein parent (x) For the father node of node x, index (x) is serial number of the node x in its all brotgher of node.Then attribute Authentication Center will be first Beginning keyIt is sent to signer.
Step 3: key updating:
1. when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is each attribute computation key More new information
2. user obtainsAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature:
1. couple file M, signer is chosen
2. data sender calculates following information according to the common parameter of system:
v1=xp
3. data sender is by { v1, v2, M } be packaged be uploaded to data server.
Step 5: signature authentication:
1. Data receiver downloads corresponding file and signature from data server.
2. Data receiver is calculated as follows using system common parameter:
It is legal to sign if equation is set up.
Correctness specification is as follows:
By above-mentioned five steps, the Key-insulated endorsement method overall process based on attribute is completed.
1. in key problem in technology point 1, the invention discloses a kind of the Key-insulated mechanism based on attribute, each timeslice The information of section can be all embedded in the current private key of user.When occurring in system, user property revocation, update or user are private When key leakage, ensure the preceding backward security in system by updating the private key of legitimate user.
2. eliminating the calculating of the Bilinear map in conventional attribute signature mechanism, signature authentication in key problem in technology point 2 Whole process do not need the operation of any Bilinear map, significantly reduce the burden of system and terminal.
The foregoing is merely a specific embodiments of the invention, are not intended to limit the invention, used in the present embodiment Data set and attack mode are only limitted to the present embodiment, and all within the spirits and principles of the present invention, made any modification is equal Replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (2)

1. a kind of Key-insulated endorsement method based on attribute, it is characterised in that include following step mule:
Step 1: system initialization
1.1 define G1For an addition cyclic group, order is q, and definition p is G1On a generation member;
1.2 define a hash function H1: { 0,1 }*→Zq, the function of the function is to have projected the character string of random length Confinement ZqOn;
1.3 attribute Authentication Center are in finite field ZqIt is interior, select random number y ∈ ZqIt as key parameter, while being each Attributions selection One random number ti∈Zq, it is additionally each time slice TPnChoose random number kn∈Zq, in this way, the main private key of system is {ti, kn, y }, system common parameter is { G1, p, q, Y=yp, Kn=knP, Ti=tiP, H1};
Step 2: initial key distribution
2.1 at the beginning between segment TP0, attribute Authentication Center is according to the attribute structure tree T of each userkEach leaf section Point x chooses a multinomial qx, polynomial degree dxFor the threshold value k of the nodexSubtract 1, for root node, q is setroot(0) Q is arranged for other nodes in=yx(0)=qparent(x) index(x), wherein parent (x) is the father node of node x, index It (x) is serial number of the node x in its all brotgher of node;
2.2 attribute Authentication Center are by initial keyIt is sent to signature Person;
Step 3: key updating
3.1 when the time slice of system is from TPn-1Evolve to TPnWhen, attribute Authentication Center is the update of each attribute computation key Information
3.2 users obtainAfterwards, by the key updating before oneself to latest edition, it is as follows to calculate step method:
Step 4: signature
4.1 couples of file M, signer choose a ∈ Zq
4.2 calculate following information according to the common parameter of system, data sender:
v1=ap,
4.3 data senders are by { v1,v2, M } be packaged be uploaded to data server;
Step 5: verifying
5.1 Data receivers download corresponding file and signature from data server;
5.2 Data receivers are calculated as follows using system common parameter:
It is legal to sign if equation is set up.
2. a kind of Key-insulated endorsement method based on attribute according to claim 1, it is characterised in that in step 5, sentence The legal correctness proof of disconnected signature is as follows:
CN201610510247.7A 2016-07-01 2016-07-01 A kind of Key-insulated endorsement method based on attribute Active CN106027240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610510247.7A CN106027240B (en) 2016-07-01 2016-07-01 A kind of Key-insulated endorsement method based on attribute

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610510247.7A CN106027240B (en) 2016-07-01 2016-07-01 A kind of Key-insulated endorsement method based on attribute

Publications (2)

Publication Number Publication Date
CN106027240A CN106027240A (en) 2016-10-12
CN106027240B true CN106027240B (en) 2019-06-04

Family

ID=57104847

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610510247.7A Active CN106027240B (en) 2016-07-01 2016-07-01 A kind of Key-insulated endorsement method based on attribute

Country Status (1)

Country Link
CN (1) CN106027240B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541538B (en) * 2017-07-06 2022-10-28 北京嘀嘀无限科技发展有限公司 Data transmission method and device, server, computer equipment and storage medium
CN109691010B (en) * 2017-07-06 2021-01-08 北京嘀嘀无限科技发展有限公司 System and method for data transmission
CN107979840B (en) * 2018-01-23 2021-02-09 重庆邮电大学 Internet of vehicles V2I authentication system and method with key isolation safety
KR102030785B1 (en) * 2019-04-26 2019-10-10 주식회사그린존시큐리티 An apparatus for obfuscating data of IoT devices using pseudorandom number and a method therefor
CN112926074B (en) * 2021-03-26 2022-08-23 成都卫士通信息产业股份有限公司 SM9 key thresholding generation method, device, equipment and storage medium
CN113055175B (en) * 2021-06-02 2021-08-06 杭州链城数字科技有限公司 Private key distribution method of distributed CA and electronic device
CN113922955B (en) * 2021-10-06 2023-07-07 烽火通信科技股份有限公司 All-hardware implementation architecture of XMS algorithm and system thereof
CN116484348A (en) * 2022-01-17 2023-07-25 中兴通讯股份有限公司 Cloud data security authentication method, system and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738237A (en) * 2004-04-05 2006-02-22 惠普开发有限公司 Key-configured topology with connection management
CN103873257A (en) * 2014-03-24 2014-06-18 中国工商银行股份有限公司 Secrete key updating, digital signature and signature verification method and device
CN105373091A (en) * 2014-08-11 2016-03-02 费希尔-罗斯蒙特系统公司 Securing Devices to Process Control Systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738237A (en) * 2004-04-05 2006-02-22 惠普开发有限公司 Key-configured topology with connection management
CN103873257A (en) * 2014-03-24 2014-06-18 中国工商银行股份有限公司 Secrete key updating, digital signature and signature verification method and device
CN105373091A (en) * 2014-08-11 2016-03-02 费希尔-罗斯蒙特系统公司 Securing Devices to Process Control Systems

Also Published As

Publication number Publication date
CN106027240A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
CN106027240B (en) A kind of Key-insulated endorsement method based on attribute
CN110300112A (en) Block chain key tiered management approach
CN107426165B (en) Bidirectional secure cloud storage data integrity detection method supporting key updating
CN110321735B (en) Business handling method, system and storage medium based on zero knowledge certification
US10491404B1 (en) Systems and methods for cryptographic key generation and authentication
CN108140093A (en) Secret is migrated using for the hardware root of trust of equipment
CN111033506B (en) Editing script verification with matching and differencing operations
CN101964789B (en) Method and system for safely accessing protected resources
CN110071808A (en) A kind of the secure digital identity verification method and device of block chain user
CN108551392A (en) A kind of Proxy Signature generation method and system based on SM9 digital signature
CN111444547B (en) Method, apparatus and computer storage medium for data integrity attestation
CN110008755B (en) Cloud storage revocable dynamic data integrity verification system and method
US9680655B2 (en) Public-key certificate management system and method
CN109255210A (en) The method, apparatus and storage medium of intelligent contract are provided in block chain network
CN104901804A (en) User autonomy-based identity authentication implementation method
CN107707354A (en) A kind of cloud storage data verification method and system based on elliptic curve cryptography
CN103916393B (en) Cloud data-privacy protection public's auditing method based on symmetric key
CN106611136A (en) Data tampering verification method in cloud storage
KR102250430B1 (en) Method for using service with one time id based on pki, and user terminal using the same
CN107612969B (en) B-Tree bloom filter-based cloud storage data integrity auditing method
CN109413084A (en) A kind of password update method, apparatus and system
KR101586439B1 (en) User data integrity verification method and apparatus capable of guaranteeing privacy
KR101593675B1 (en) User data integrity verification method and apparatus
CN105812144B (en) A kind of traceable attribute endorsement method of no trusted party
CN111339547B (en) Method for generating data tag, electronic device and computer storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant