CN106533699A - Identity-based blind signature method on lower lattice of standard model - Google Patents
Identity-based blind signature method on lower lattice of standard model Download PDFInfo
- Publication number
- CN106533699A CN106533699A CN201710007487.XA CN201710007487A CN106533699A CN 106533699 A CN106533699 A CN 106533699A CN 201710007487 A CN201710007487 A CN 201710007487A CN 106533699 A CN106533699 A CN 106533699A
- Authority
- CN
- China
- Prior art keywords
- message
- signature
- algorithm
- identity
- blind
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000005477 standard model Effects 0.000 title abstract 3
- 238000005070 sampling Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 4
- 239000011159 matrix material Substances 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims description 2
- 238000009795 derivation Methods 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 2
- 101000896740 Solanum tuberosum Cysteine protease inhibitor 9 Proteins 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an identity-based blind signature method on a lower lattice of a standard model. The method comprises the following steps: 1) a private key generator PKG operates a trapdoor generation algorithm TrapGen (1n) to generate a system public key A0 and a system master key S0; 2) the PKG generates a private key Sid corresponding to identity information according to the identity information id sent by a user and by using a short lattice derivation algorithm BasisDel (A0, H (id), S0, s), wherein s represents a Gauss sampling parameter; 3) a message owner blinds a message M by using a sampling algorithm SamplePre (A0H (id)-1, 3), and outputting the blind message u; 4) a signer signs the received blind message u by using a one-way trapdoor inversion algorithm SamplePre (A0H (id)-1, Sid, u, s), and outputs a signature of the blind message (the formula is as shown in the specification); and 5) the message owner performs bind removal processing on e ' to obtain the signature e of the message M, and any verifier can verify the correctness of the signature (M, e). The identity-based blind signature method has the advantages of having proved security in the standard model and being able to resist against the attack of a quantum computer. According to the method, the user identity is directly used as the public key, and the generated user private key and the signature length are shorter.
Description
Technical field
The present invention relates to field of information security technology, specially proposes a kind of blind label of identity-based on lattice under master pattern
Name method.
Background technology
The concept of Proxy Signature is proposed that Proxy Signature is a kind of numeral label with special nature first by Chaum in nineteen eighty-two
Name.Message owner obtains legitimate signature of the information signature person to true messages in the case of the true content that do not publish the news,
As Proxy Signature has the property of protection privacy of user so that Proxy Signature is led in electronic cash, electronic voting, Oblivious Transfer etc.
Domain presence is widely applied.In traditional common key cryptosystem, mainly using PKI (Public Key
Infrastructure, PKIX) come the dependency of verification public key and user identity, the certificate management mistake of this mode
Journey needs very high computing cost and storage overhead.
Shamir in 1985 proposes ID-based cryptosystem concept, and proposes first identity-based signature scheme
(Identity-Based Signature Scheme, IBS).The identity information of user used in IBS schemes as public key,
Private key is then calculated by believable key generation centre PKG (Private Key Generator), without using public key
Certificate, not only reduces the computing cost and cost of implementation of cryptographic algorithm, and eliminates the management of the public key certificate in PKI systems
Burden.
With reference to Proxy Signature and ID-based cryptosystem, Zhang and Kim was proposed based on body using Bilinear map in 2003
The blind signature scheme of part.At present, Many researchers are still studied to identity-based blind signature scheme in continuation, but mostly
The safety of scheme is, based on a number theory difficult problem, but on the premise of quantum computer is applied, to be assumed based on number theory
Difficult problem can be resolved in polynomial time.Therefore, design can resist quantum attack signature scheme become this
The problem that field need to solve.
It is one of minority classics public-key cryptosystem that quantum computer can not be broken through based on the public-key cryptosystem of lattice, and
Other good characteristics are also had based on the public-key cryptosystem of lattice, as average case as worst condition safety and it is simple efficiently
Deng, thus the close attention of domestic and international cryptologist was caused in recent years.Ajtai demonstrates small integer solution in a creative way within 1996
(SIS) difficulty of difficulty of the problem under average case with a class lattice difficult problem in worst case is of equal value.The work
It is the basis that development has been established based on the public-key cryptosystem of lattice.
Gentry and Peikert in 2008 etc. proposes a trap-door one-way function with preimage sampling based on SIS problems,
And construct accordingly a provable security under random oracle model Identity based encryption scheme and one random pre-
The signature scheme of provable security under speech model.Markus Ruckert devise first using preimage sampling function within 2010
The 3 wheel blind signature schemes based on lattice, but there is signature failure in the program.Agrawal and Boneh et al. are 2010
A new short lattice is proposed in year U.S. secret meeting derive from algorithm and do not increase the dimension of lattice, and first with the algorithm construction
Identity based encryption scheme on the lattice of individual master pattern lower leaf.Wang et al. proposed one in random oracle in 2012
Identity-based blind signature scheme on lattice under model, is based on the lattice that there is presently no a provable security under master pattern
The blind signature scheme of identity.
The content of the invention
For the problems referred to above, it is an object of the invention to provide identity-based on the lattice of provable security under a kind of master pattern
Proxy Signature method, the blind signature scheme that the method is set up directly use user identity as public key, with master pattern can
Safety is proved, and the attack of quantum computer can be resisted.
For achieving the above object, the present invention takes technical scheme below:Scheme mainly includes:Private key generates center, message
Owner, information signature person, information authentication person, specific implementation step is:
Parameter generation algorithm Setup (1n):Private cipher key maker PKG (private key generator) is with safety
Parameter n is input, operation trapdoor generating algorithm TrapGen (1n), generate system master key MK, system common parameter PP.Announce
Common parameter PP, preserves MK.
Key schedule Extract (PP, id, MK):Identity information id of the system according to the signer for receiving, by certainly
Oneself master key MK and common parameter PP, derives from the private key S that algorithm BasisDel exports signer with short latticeid。
Signature algorithm Sign (PP, SKid,μ):Message is blinded:Message owner C is blinded using sampling algorithm SampleD and is disappeared
Breath M, μ is the message after blinding, and μ is issued signer S.To blinding information signature:After signer receives μ, SK is usedidAnd use
Unidirectional trapdoor inversion algorithms SamplePre are signed to μ, and output blinds the signature e ' of message and verifies whether e ' meets and wants
Ask, chosen if being unsatisfactory for again, and at locally stored (μ, e '), (μ, e ') is sent to into message owner C then.Message
Go blind:After message owner C receives signature, the blind signature e for operating and obtaining M is removed.
Verification algorithm Verify (PP, id, M, e):Input common parameter PP, and user identity id, any verifier may be used
(M, correctness e) are able to verify that by certain calculating.
The present invention has the advantages that:
(1) it is safe
The present invention is a kind of very high blind signature scheme of safety.Not only safety can stipulations to seeking small integer solution (SIS)
Difficult problem, and with the provable security under master pattern.
(2) execution efficiency is high
This method mainly directly uses user identity as public key, eliminate the computing of public key certificate in PKI systems with
Administrative burden, and only using the identity-based blind signature side on simply linear operation (modular multiplication, mould add), with all numbeies theory
Case is compared, and computational efficiency is obviously higher.This method derives from algorithm using new lattice, it is ensured that dimension is constant so efficiency has been carried
Rise.
Description of the drawings
Fig. 1 is the flow chart of a kind of identity-based Proxy Signature method on lattice under master pattern
Specific embodiment
Make n and be greater than for security parameter and n zero integer, q is prime number and q >=2, m >=5n lg q,
It is a crash-resistant hash function.Scheme specific implementation step is as follows:
Parameter generation algorithm Setup (1n):Private cipher key maker PKG (private key generator) is with safety
Parameter n is input, operation trapdoor generating algorithm TrapGen (1n), generator matrixWith corresponding short base For system master key, A0For system public key.Assume that message M is by the bit of any d bit longs
String { 0,1 }dComposition, then d incoherent vector of random selectionThe common parameter PP=of public address system
<A0,C1,C2,…Cd>, master key MK=S0。
Key schedule Extract (PP, id, MK):Identity information id of the system according to the signer for receiving, by certainly
Oneself master key S0With common parameter PP, algorithm BasisDel (A are derived from using lattice0,H(id),S0, s) export the private of signer
Key Sid, wherein SidFor lattice Λ⊥(A0H(id)-1) a base, s be Gauss sampling parameter.
Signature algorithm Sign (PP, SKid,μ):Message is blinded, message owner C at random uniformly choose t ∈ D=t ∈ R | | |
T | | >=1/s } using sampling algorithm SampleD (A0H(id)-1, a vector u is exported s), is calculated:μ is the message after blinding, and μ is issued signer S.Signer S is gathered around receiving message
Unidirectional trapdoor inversion algorithms SamplePre (A is used after message mu that what the person of having C sent blind0H(id)-1,Sid, μ s) carried out to μ
Signature, output blind the signature of messageSigner S is verifiedAnd e ' ≠ 0, signed if being unsatisfactory for again
Name, and at locally stored (μ, e '), (μ, e ') is sent to into message owner C then.Message is gone blind, and message owner C is received
After signature, do such as blind operation of going down:E=t-1(e '-u), e are the signature of message M.
Verification algorithm Verify (PP, id, M, e):Arbitrarily verifier can verify (M, correctness e), by following
Calculate:
(1) verify e ≠ 0 andIf satisfaction carries out (2) checking, it is unsatisfactory for, refuses.
(2) verifyIntroduce if meeting, be unsatisfactory for, refuse.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any
Those skilled in the art are appreciated that its principle, in the case of without departing from the principles of the present invention can be to embodiment
Carry out various changes, modification or replace, should all be included within the scope of the present invention.Therefore, protection scope of the present invention
Should be defined by the scope of the claims.
Claims (1)
1. a kind of identity-based blind signature method on lattice under master pattern, it is characterised in that derive from algorithm using short lattice and combine
Trap-door one-way function with preimage sampling is constructing identity-based blind signature scheme.Identity-based on lattice under a kind of master pattern
Proxy Signature method include that private key generates center PKG (private key generator), message owner and tests signer
Card person, its specific implementation step is:
Parameter generation algorithm Setup (1n):Private cipher key maker PKG (private key generator) is with security parameter n
For input, operation trapdoor generating algorithm TrapGen (1n), generator matrixWith corresponding short base For system master key, A0For system public key.Assume that message M is by the Bit String { 0,1 } of any d bit longsdComposition,
D incoherent vector is randomly choosed soThe common parameter PP=of public address system<A0,C1,C2,…Cd
>, master key MK=S0。
Key schedule Extract (PP, id, MK):Identity information id of the system according to the signer for receiving, by oneself
Master key S0With common parameter PP, algorithm BasisDel (A are derived from using short lattice0,H(id),S0, s) wherein s be Gauss sampling
Parameter, exports the private key S of signerid, SidFor lattice Λ⊥(A0H(id)-1) a base.
Signature algorithm Sign (PP, SKid,μ):Message is blinded:Message owner C at random uniformly choose t ∈ D=t ∈ R | | | t | |
>=1/s } using sampling algorithm SampleD (A0H(id)-1, a vector u is exported s), is calculated:μ is the message after blinding, and μ is issued signer S.To blinding information signature:Signer
S receive that message owner C sends blind message mu after use unidirectional trapdoor inversion algorithms SamplePre (A0H(id
)-1,Sid, μ s) signs to μ, and output blinds the signature of messageSigner S is verifiedAnd e ' ≠ 0,
Rerun algorithm SamplePr if being unsatisfactory for, then signature is sent to message and is possessed by e at locally stored (μ, e ')
Person C.Message is gone blind:After message owner C receives signature, do such as blind operation of going down:E=t-1(e '-u), e are message M
Signature.
Verification algorithm Verify (PP, id, M, e):Arbitrarily verifier V can verify (M, correctness e), by calculating:
(1) verify e ≠ 0 andIf satisfaction carries out (2) checking, it is unsatisfactory for, refuses.
(2) verifyReceive if meeting, be unsatisfactory for, refuse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710007487.XA CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710007487.XA CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106533699A true CN106533699A (en) | 2017-03-22 |
CN106533699B CN106533699B (en) | 2019-12-17 |
Family
ID=58335247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710007487.XA Expired - Fee Related CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106533699B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107425955A (en) * | 2017-06-23 | 2017-12-01 | 河南理工大学 | A kind of identity base graded encryption method on lattice that can efficiently fix the derivation of dimension trapdoor |
CN110048854A (en) * | 2019-04-23 | 2019-07-23 | 西安邮电大学 | Rear quantum Proxy Signature method based on multivariable |
CN110166251A (en) * | 2019-05-17 | 2019-08-23 | 成都信息工程大学 | A kind of half quantum group signature method and system based on quantum walking |
CN110175473A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Digital signature method based on difficult problem on lattice |
CN111030809A (en) * | 2019-11-28 | 2020-04-17 | 南京邮电大学 | Lattice attribute-based signature method capable of supporting LSSS matrix |
CN112769575A (en) * | 2020-12-28 | 2021-05-07 | 中国科学院信息工程研究所 | Blind signature method based on rank distance coding |
CN113225190A (en) * | 2021-02-08 | 2021-08-06 | 数字兵符(福州)科技有限公司 | Quantum security digital signature method using new problem |
CN113507366A (en) * | 2021-05-21 | 2021-10-15 | 北方工业大学 | Grid-based searchable log blind signature scheme |
CN115225261A (en) * | 2022-05-19 | 2022-10-21 | 曲阜师范大学 | Lattice-based aggregation signature method based on revocable identity |
CN116094726A (en) * | 2023-01-03 | 2023-05-09 | 西安电子科技大学 | Partially blind signature method and system based on lattice public key cryptography |
WO2023207523A1 (en) * | 2022-04-28 | 2023-11-02 | 华为技术有限公司 | Quantum-resistant blind signature method, user equipment, signature apparatus and signature verification apparatus |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104158661A (en) * | 2014-07-23 | 2014-11-19 | 中国人民武装警察部队工程大学 | Disposable public key encryption structuring method based on fuzzy identity |
CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
-
2017
- 2017-01-05 CN CN201710007487.XA patent/CN106533699B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104158661A (en) * | 2014-07-23 | 2014-11-19 | 中国人民武装警察部队工程大学 | Disposable public key encryption structuring method based on fuzzy identity |
CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
Non-Patent Citations (2)
Title |
---|
王凤和: "基于格的盲签名方案", 《武汉大学学报 信息科学版》 * |
陈明: "标准模型下基于身份代理盲签名方案", 《计算机工程与应用》 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107425955B (en) * | 2017-06-23 | 2020-10-09 | 河南理工大学 | High-efficiency fixable-dimension trap door derived lattice upper identity base hierarchical encryption method |
CN107425955A (en) * | 2017-06-23 | 2017-12-01 | 河南理工大学 | A kind of identity base graded encryption method on lattice that can efficiently fix the derivation of dimension trapdoor |
CN110048854B (en) * | 2019-04-23 | 2021-11-30 | 西安邮电大学 | Multivariate-based post-quantum blind signature method |
CN110048854A (en) * | 2019-04-23 | 2019-07-23 | 西安邮电大学 | Rear quantum Proxy Signature method based on multivariable |
CN110166251A (en) * | 2019-05-17 | 2019-08-23 | 成都信息工程大学 | A kind of half quantum group signature method and system based on quantum walking |
CN110166251B (en) * | 2019-05-17 | 2020-12-04 | 成都信息工程大学 | Semi-quantum group signature method and system based on quantum walking |
CN110175473A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Digital signature method based on difficult problem on lattice |
CN110175473B (en) * | 2019-05-22 | 2022-12-27 | 西安电子科技大学 | Digital signature method based on lattice difficulty problem |
CN111030809A (en) * | 2019-11-28 | 2020-04-17 | 南京邮电大学 | Lattice attribute-based signature method capable of supporting LSSS matrix |
CN112769575A (en) * | 2020-12-28 | 2021-05-07 | 中国科学院信息工程研究所 | Blind signature method based on rank distance coding |
CN112769575B (en) * | 2020-12-28 | 2021-11-26 | 中国科学院信息工程研究所 | Blind signature method based on rank distance coding |
CN113225190A (en) * | 2021-02-08 | 2021-08-06 | 数字兵符(福州)科技有限公司 | Quantum security digital signature method using new problem |
CN113225190B (en) * | 2021-02-08 | 2024-05-03 | 数字兵符(福州)科技有限公司 | Quantum security digital signature method using new difficult problem |
CN113507366A (en) * | 2021-05-21 | 2021-10-15 | 北方工业大学 | Grid-based searchable log blind signature scheme |
CN113507366B (en) * | 2021-05-21 | 2024-04-26 | 北方工业大学 | Grid-based searchable log blind signature scheme |
WO2023207523A1 (en) * | 2022-04-28 | 2023-11-02 | 华为技术有限公司 | Quantum-resistant blind signature method, user equipment, signature apparatus and signature verification apparatus |
CN115225261A (en) * | 2022-05-19 | 2022-10-21 | 曲阜师范大学 | Lattice-based aggregation signature method based on revocable identity |
CN116094726A (en) * | 2023-01-03 | 2023-05-09 | 西安电子科技大学 | Partially blind signature method and system based on lattice public key cryptography |
Also Published As
Publication number | Publication date |
---|---|
CN106533699B (en) | 2019-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106533699A (en) | Identity-based blind signature method on lower lattice of standard model | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
CN103546567B (en) | Without certificate cross-domain authentication method in a kind of credible cloud computing environment | |
Wei et al. | Obtain confidentiality or/and authenticity in big data by ID-based generalized signcryption | |
Liu et al. | A Survey of Public Auditing for Shared Data Storage with User Revocation in Cloud Computing. | |
Li et al. | Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks | |
CN101978651B (en) | Group signature system, device, and method | |
CN105187205B (en) | The authentication key agreement method and negotiating system based on level identity base without certificate | |
CN110545279A (en) | block chain transaction method, device and system with privacy and supervision functions | |
CN102263638A (en) | Authentication device, authentication method, program, and signature generation device | |
CN109600233A (en) | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method | |
Bai et al. | Elliptic curve cryptography based security framework for Internet of Things (IoT) enabled smart card | |
CN104821880A (en) | Certificate-free generalized proxy signcryption method | |
CN109951288B (en) | Hierarchical signature method and system based on SM9 digital signature algorithm | |
US20150280924A1 (en) | Reissue of cryptographic credentials | |
CN102420691A (en) | Certificate-based forward security signature method and system thereof | |
CN107332665B (en) | Partial blind signature method based on identity on lattice | |
CN103746811A (en) | Anonymous signcryption method from identity public key system to certificate public key system | |
CN102594551A (en) | Method for reliable statistics of privacy data on radio frequency identification (RFID) tag | |
KR101382626B1 (en) | System and method for id-based strong designated verifier signature | |
Feiri et al. | Efficient and secure storage of private keys for pseudonymous vehicular communication | |
CN109617700A (en) | Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method | |
Chen et al. | Certificate-Based Aggregate Signature Scheme without Bilinear Pairings. | |
Tso | A new way to generate a ring: Universal ring signature | |
Youn et al. | An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191217 |
|
CF01 | Termination of patent right due to non-payment of annual fee |