CN107947913B - Anonymous authentication method and system based on identity - Google Patents

Anonymous authentication method and system based on identity Download PDF

Info

Publication number
CN107947913B
CN107947913B CN201711132811.7A CN201711132811A CN107947913B CN 107947913 B CN107947913 B CN 107947913B CN 201711132811 A CN201711132811 A CN 201711132811A CN 107947913 B CN107947913 B CN 107947913B
Authority
CN
China
Prior art keywords
authentication
user
private key
calculating
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711132811.7A
Other languages
Chinese (zh)
Other versions
CN107947913A (en
Inventor
何德彪
王婧
冯琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201711132811.7A priority Critical patent/CN107947913B/en
Publication of CN107947913A publication Critical patent/CN107947913A/en
Application granted granted Critical
Publication of CN107947913B publication Critical patent/CN107947913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an anonymous authentication method and system based on identity, comprising the following steps: the server generates two partial private keys and respectively sends the two partial private keys to the two parties P participating in authentication1And P2。P1And P2Generating a primary authentication code in an authentication process
Figure DDA0001469725210000011
And R, and zero knowledge proof to ensure P1And P2The privacy and reliability of the mutual information between the two. P1After obtaining the main authentication code, the pseudo address A is calculatedIDGenerating a third temporary public key R3Then, the final authentication code α is calculated, and the authentication information (A) is obtainedID,R,R3α, T), the server feeds back the verification authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.

Description

Anonymous authentication method and system based on identity
Technical Field
The invention belongs to the field of information security, and particularly relates to an identity-based authentication method and system.
Background
Anonymous authentication protocols are an important component of network secure communications. By implementing an anonymous authentication protocol, two participants can authenticate each other over a common channel and negotiate a session key to enable secure communication in an open network. In an anonymous protocol based on traditional public key cryptographic authentication, two communication parties possess a pair of public and private keys: the system comprises a public key and a private key, wherein the private key is used for generating authentication information, and the public key is used for verifying the legality of the information. In order to solve the problem that certificate management is difficult in an anonymous authentication protocol based on a traditional public key password, scientific research personnel propose the anonymous authentication protocol based on identity by using the idea of a public key. In the protocol, the identity (name, identification card number, e-mail address, etc.) of the user is the public key of the user, thereby greatly reducing the complexity of the system legal person.
The private key is the most confidential information of the cryptosystem and is the basis of secure communication, and the security degree of the private key directly determines the security level of the system. In order to enhance the security of the private key and avoid the potential safety hazard caused by the loss of the single-point key, an effective key management scheme is usually designed by adopting a secret sharing/threshold technology. This approach splits the private key into shares and spreads it over multiple users or devices so that only users that obtain enough shares can reconstruct the private key, while less than a threshold number of shares cannot. However, when recovering the private key, the user who has taken the complete private key can perform illegal authentication without the knowledge of other parties, and the rights and interests of other users and the security of the system are threatened.
Aiming at the situation, the invention designs a two-party distributed anonymous authentication scheme based on identity, a user can generate authentication information in a distributed manner between two devices, the authentication information needs to be completed by two credible devices selected by an authenticator in a joint participation manner, and a complete authentication private key does not need to be recovered in the generation process of the authentication information, so that the security of the private key is ensured.
Disclosure of Invention
The invention aims to ensure that an authenticated party can not reveal two partial private keys of the authenticated party at the same time, and can generate authenticatable information based on identity by the two partial private keys under the condition of not obtaining a complete authentication private key.
For the purpose of the present invention, the present invention proposes an authentication scheme based on two-party distributed information generation of identity, and a detailed description is given below.
An identity-based anonymous authentication method, comprising:
a key distribution step: generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; then, a certificate is generatedKey DIDH (s, ID) P, and a random number rIDMake it satisfy
Figure BDA0001469725190000021
Figure BDA0001469725190000022
Partial authentication key
Figure BDA0001469725190000023
Sending P1
Figure BDA0001469725190000024
Figure BDA0001469725190000025
Is sent to P2
Distributed authentication step: both parties P participating in authentication1And P2Respectively generating a random number r1And r2。P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2。P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculated
Figure BDA0001469725190000026
Cipher text C of2And the cipher text C is then generated2And R2Is sent to P1。P1Decryption C2And utilizes its own partial authentication key
Figure BDA0001469725190000027
Calculating to obtain a main authentication code r1r2DIDmod q and R, calculating the pseudo address A by using an exclusive OR operation and a hash algorithmIDGenerating a third temporary public key R3=r3P, generating the final authentication code by using a Hash algorithm
Figure BDA0001469725190000028
Figure BDA0001469725190000029
Then the authentication information (A)ID,R,R3α, T), the server feeds back the authentication information obtained by verification to the user, and after the three-way handshake is successfully completed, the server and the user can establish safe communication.
In the above anonymous authentication method based on identity, the key distribution step specifically includes:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
step 2.3, generating a random number rIDComputing a first partial private key
Figure BDA0001469725190000031
And a second partial private key
Figure BDA0001469725190000032
Wherein
Figure BDA0001469725190000033
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided with
Figure BDA0001469725190000034
Is sent to the first party P1Will be
Figure BDA0001469725190000035
To the second party P2
In the above anonymous authentication method based on identity, the distributed authentication step specifically includes:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertext
Figure BDA0001469725190000036
Where ρ is a random number. P2Handle (R)2,C2) Is sent to P1
Step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text of
Figure BDA0001469725190000037
Primary authentication code
Figure BDA0001469725190000038
Target temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication code
Figure BDA0001469725190000039
Where T is the current timestamp. P1Authentication information (A)ID,R,R3α, T) to the server.
And 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User real address ID ═ AID^h(R3R') and a primary authentication code
Figure BDA0001469725190000041
Calculate final recognitionCertificate code
Figure BDA0001469725190000042
Determining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equal
Figure BDA0001469725190000043
Figure BDA0001469725190000044
And sending (β, T ') to the user, wherein T' is the current timestamp.
Step 3.5, P1Computing
Figure BDA0001469725190000045
And judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
An identity-based anonymous authentication system, comprising:
a server: the user registers to the server firstly, the server provides the authentication private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q; the server generates an authentication private key D for the userIDH (s, ID) P, and a random number satisfies
Figure BDA0001469725190000046
A key distribution unit: for using parts of private keys
Figure BDA0001469725190000047
Sending P1
Figure BDA0001469725190000048
Is sent to P2
A distributed authentication unit: involving authenticationBoth parties P1And P2Respectively generating a random number r by the distributed authentication unit1And r2。P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2。P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculated
Figure BDA0001469725190000049
Cipher text C of2And the cipher text C is then generated2And R2Is sent to P1。P1Decryption C2And use its own partial private key
Figure BDA00014697251900000410
Calculating to obtain a main authentication code r1r2DIDmod q and R, calculating the pseudo address A by using an exclusive OR operation and a hash algorithmIDGenerating a third temporary public key R3=r3P, generating the final authentication code by using a Hash algorithm
Figure BDA00014697251900000411
Authentication information (A)ID,R,R3α, T), the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
In the above anonymous authentication method based on identity, the method for the key distribution unit to distribute the key specifically includes:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
step 2.3, generating a random number rIDComputing a first partial private key
Figure BDA0001469725190000051
And a second partial private key
Figure BDA0001469725190000052
Wherein
Figure BDA0001469725190000053
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided with
Figure BDA0001469725190000054
Is sent to the first party P1Will be
Figure BDA0001469725190000055
To the second party P2
In the above anonymous authentication method based on identity, the method for performing distributed authentication by the distributed authentication unit specifically includes:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertext
Figure BDA0001469725190000056
Where ρ is a random number. P2Handle (R)2,C2) Is sent to P1
Step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text of
Figure BDA0001469725190000057
Primary authentication code
Figure BDA0001469725190000058
Target temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication code
Figure BDA0001469725190000059
Where T is the current timestamp and the symbol "^" indicates an XOR operation. P1Authentication information (A)ID,R,R3α, T) to the server.
And 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User real address ID ═ AID^h(R3R') and a primary authentication code
Figure BDA0001469725190000061
Thereby calculating the final authentication code
Figure BDA0001469725190000062
Determining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equal
Figure BDA0001469725190000063
Sending (β, T ') to the user, where T' is the current timestamp, step 3.5, P1Computing
Figure BDA0001469725190000064
And judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
Compared with the prior art, the invention has the following advantages and beneficial effects: 1. regarding the security of the authentication private key, in the existing threshold secret sharing scheme, although the authentication private key can be divided, in the authentication stage, the private key is recovered and mastered by a certain party, which causes the disclosure of the private key of the user, thus reducing the security of the authentication. 2. Regarding the fairness of authentication, in the existing threshold secret sharing scheme, a party who finally holds a complete authentication private key can independently authenticate with a server without participating in the authentication together by all parties, so that the fairness of the authentication is reduced. 3. The invention realizes the identity-based distributed key negotiation and authentication, ensures that both parties do not expose part of the authentication private key in the authentication process and do not need to recover the original private key, and simultaneously, the both parties must participate in the authentication process at the same time, thereby realizing the security and fairness of the authentication. 4. The invention is based on the mathematical problem, and ensures that even if the authentication private key of one party is lost, the partial authentication private key held by the other party can not be leaked, and the complete authentication private key can not be leaked.
Drawings
Fig. 1 is a flow chart of two-party authentication of a key in the present invention.
Fig. 2 is a flow chart of partial (sub) key generation and anonymous authentication in the present invention.
Fig. 3 is a flowchart of authentication of communication parties (server and user) in the present invention.
Detailed description of the invention
The present invention is described in detail below with reference to examples, and the following embodiments are only one possible embodiment of the present invention, not all possible embodiments, and are not intended to limit the present invention.
In the following description of the present invention, the authenticated party is simply referred to as a user, and the authenticator party is simply referred to as a server. Multiplication of two integers (or multiplication of integer symbols) and, without ambiguity, omission of the multiplier "·", e.g. a · b reduction to ab. mod n denotes the modulo n operation, the priority of which is the lowest, e.g., a + b mod n is equivalent to (a + b) mod n, ab mod is equivalent to (ab) mod n. "≡" denotes the congruence, i.e. a ≡ b modn is equivalent to a mod n ≡ b mod n. gcd (a, b) represents the greatest common factor for integers a, b, and represents a, b mutualin if gcd (a, b) is 1.
For the present hairObviously, the key pair is generated by the server, and the pair of two parties P needing to participate in authentication1And P2Generating a partial authentication private key by a computing device (e.g., personal computer, smart mobile device)
Figure BDA0001469725190000071
And
Figure BDA0001469725190000072
any party P1Or P2The authentication information may be generated without obtaining the complete authentication private key, and the server may verify the correctness of the authentication information. Both parties respectively store and do not disclose their own partial authentication private keys.
In the following description of the authentication phase of the invention, P1And encrypting the message by using a homomorphic encryption algorithm, wherein a public and private key pair is (pk, sk). Definition of EncpkFor cryptographic operations, DecskIs a decryption operation. Definition of
Figure BDA0001469725190000073
Is c1,c2The "multiplication" operation of the ciphertext of (a) defines that the c ⊙ a operation is an "exponential" operation of the ciphertext in c with a, and defines that the x ^ y operation is an exclusive or operation between data x and data y, and the homomorphic encryption algorithm has the following properties:
the public key pk carries out message encryption, and only the only corresponding private key sk can decrypt the encrypted private key sk, namely Decsk(Encpk(m))=m;
Multiplication operations between ciphertexts may be mapped to addition operations between plaintexts, i.e.
Figure BDA0001469725190000074
The exponential operation of a ciphertext with a plaintext may be mapped to a multiplication of the plaintext with the ciphertext, i.e., Decsk(Encpk(m1)⊙m2)=m1m2
The invention specifically comprises the following steps:
firstly, a key distribution algorithm:
in the present invention, a private key for anonymous authentication of a user is generated by a registered server. Respectively generating partial authentication private keys aiming at two credible parties selected by a user, wherein the operations are as follows:
1. the user registers to the server firstly, the server provides the authentication private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
2. computing a user private key DIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
3. generating a random number rIDComputing a first partial private key
Figure BDA0001469725190000081
And a second partial private key
Figure BDA0001469725190000082
Wherein
Figure BDA0001469725190000083
4. Generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided with
Figure BDA0001469725190000084
Is sent to the first party P1Will be
Figure BDA0001469725190000085
To the second party P2
Secondly, distributed authentication algorithm:
in the invention, the user side authentication information of the identity-based authentication method is composed of two parties P1And P2The method is completed together, and comprises the following specific operations:
1、P1generating a first random number r1Calculating a first temporary public key R1=r1P, use samePublic key pk pair r of state encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2
2、P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertext
Figure BDA0001469725190000086
Where ρ is a random number. P2Handle (R)2,C2) Is sent to P1
3、P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text of
Figure BDA0001469725190000091
Primary authentication code
Figure BDA0001469725190000092
Target temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication code
Figure BDA0001469725190000093
Where T is the current timestamp. P1Authentication information (A)ID,R,R3α, T) to the server.
4. After receiving the authentication information, the server calculates R' ═ sR by using the private key3User real address ID ═ AID^h(R3R') and a primary authentication code
Figure BDA0001469725190000097
Calculating an authentication code
Figure BDA0001469725190000094
Determine whether the calculated authentication code α matches α sent by the userEtc., terminating the protocol if not equal, and calculating if equal
Figure BDA0001469725190000095
And sending (β, T ') to the user, wherein T' is the current timestamp.
5、P1Computing
Figure BDA0001469725190000096
And judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
The invention is in P1And P2In the communication, a zero-knowledge proof mechanism is added for proving that the sent data really comes from the sender, so that the risk of data tampering is reduced, and the safety of the scheme is improved.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made or substituted in a similar manner to the specific embodiments described herein by those skilled in the art without departing from the spirit of the invention or exceeding the scope thereof as defined in the appended claims.

Claims (6)

1. An identity-based anonymous authentication method, comprising:
a key distribution step: generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; then generates a user private key DIDH (s, ID) P, and a random number satisfies
Figure FDA0002535940410000011
To partially private key
Figure FDA0002535940410000012
Sending P1
Figure FDA0002535940410000013
Is sent to P2ID is the user's true identity;
distributed authentication step: both parties P participating in authentication1And P2Respectively generating a random number r1And r2;P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2;P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculated
Figure FDA0002535940410000014
Cipher text C of2ρ is a random number, and the ciphertext C is obtained2And R2Is sent to P1;P1Decryption C2And use its own partial private key
Figure FDA0002535940410000015
Calculating to obtain a main authentication code r1r2DIDmod q and a target temporary public key R, and calculating a pseudo address A by using an exclusive OR operation and a Hash algorithmIDGenerating a third temporary public key R3=r3P,r3Is P1Generating the third random number by using a Hash algorithm to generate a final authentication code
Figure FDA0002535940410000016
Figure FDA0002535940410000017
Is a main authentication code, and authenticates the information (A)ID,R,R3α, T) is sent to the server, T is the current timestamp, the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
2. The identity-based anonymous authentication method according to claim 1, wherein the key distribution step specifically comprises:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash of the user's true identity ID;
step 2.3, generating a random number rIDComputing a first partial private key
Figure FDA0002535940410000021
And a second partial private key
Figure FDA0002535940410000022
Wherein
Figure FDA0002535940410000023
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided with
Figure FDA0002535940410000024
Is sent to the first party P1Will be
Figure FDA0002535940410000025
To the second party P2
3. The identity-based anonymous authentication method according to claim 1, wherein the distributed authentication step specifically comprises:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1);P1Handle (R)1,C1) Is sent to P2
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertext
Figure FDA0002535940410000026
Where ρ is a random number; p2Handle (R)2,C2) Is sent to P1(ii) a Definition of
Figure FDA0002535940410000027
For multiplication, ⊙ operation is defined as exponential operation;
step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text of
Figure FDA0002535940410000028
Primary authentication code
Figure FDA0002535940410000029
Target temporary public key R ═ R1R2;P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication code
Figure FDA00025359404100000210
Wherein T is the current timestamp, and ^ represents the exclusive or operation; p1Authentication information (A)ID,R,R3α, T) to the server;
and 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User true identity ID ═ aID^h(R3R') and a primary authentication code
Figure FDA0002535940410000031
ComputingAuthentication code
Figure FDA0002535940410000032
Determining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equal
Figure FDA0002535940410000033
Sending (β, T ') to the user, wherein T' is the current timestamp;
step 3.5, P1Computing
Figure FDA0002535940410000034
And judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
4. An identity-based anonymous authentication system, comprising:
a server: the user registers to the server firstly, the server provides the user private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; the server generates a user private key D for the userIDH (s, ID) P, and a random number satisfies
Figure FDA0002535940410000035
The ID is the real identity of the user;
a key distribution unit: for combining partial keys
Figure FDA0002535940410000036
Sending P1
Figure FDA0002535940410000037
Is sent to P2
A distributed authentication unit:both parties P participating in authentication1And P2Respectively generating a random number r by the distributed authentication unit1And r2;P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2;P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculated
Figure FDA0002535940410000038
Cipher text C of2ρ is a random number, and the ciphertext C is obtained2And R2Is sent to P1;P1Decryption C2And use its own partial private key
Figure FDA0002535940410000039
Calculating to obtain a main authentication code r1r2DIDmod q and a target temporary public key R, and calculating a pseudo address A by using an exclusive OR operation and a Hash algorithmIDGenerating a third temporary public key R3=r3P,r3Is P1Generating the third random number by using a Hash algorithm to generate a final authentication code
Figure FDA00025359404100000310
Figure FDA00025359404100000311
Is a main authentication code, and authenticates the information (A)ID,R,R3α, T) is sent to the server, T is the current timestamp, the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
5. The identity-based anonymous authentication system according to claim 4, wherein the method for the key distribution unit to distribute the key specifically comprises:
step 2.1,Generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash of the user's true identity ID;
step 2.3, generating a random number rIDComputing a first partial private key
Figure FDA0002535940410000041
And a second partial private key
Figure FDA0002535940410000042
Wherein
Figure FDA0002535940410000043
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided with
Figure FDA0002535940410000044
Is sent to the first party P1Will be
Figure FDA0002535940410000045
To the second party P2
6. The identity-based anonymous authentication system as set forth in claim 4, wherein the method for distributed authentication by the distributed authentication unit specifically comprises:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1);P1Handle (R)1,C1) Is sent to P2
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertext
Figure FDA0002535940410000046
Where ρ is a random number; p2Handle (R)2,C2) Is sent to P1(ii) a Definition of
Figure FDA0002535940410000047
For multiplication, ⊙ operation is defined as exponential operation;
step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text of
Figure FDA0002535940410000051
Primary authentication code
Figure FDA0002535940410000052
Target temporary public key R ═ R1R2;P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication code
Figure FDA0002535940410000053
Wherein T is the current timestamp; p1Authentication information (A)ID,R,R3α, T) to the server;
and 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User true identity ID ═ aID^h(R3R') and a primary authentication code
Figure FDA0002535940410000054
Calculating an authentication code
Figure FDA0002535940410000055
Determining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equal
Figure FDA0002535940410000056
Sending (β, T ') to the user, wherein T' is the current timestamp;
step 3.5, P1Computing
Figure FDA0002535940410000057
And judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
CN201711132811.7A 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity Active CN107947913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711132811.7A CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711132811.7A CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Publications (2)

Publication Number Publication Date
CN107947913A CN107947913A (en) 2018-04-20
CN107947913B true CN107947913B (en) 2020-08-07

Family

ID=61932393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711132811.7A Active CN107947913B (en) 2017-11-15 2017-11-15 Anonymous authentication method and system based on identity

Country Status (1)

Country Link
CN (1) CN107947913B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617675B (en) * 2018-11-15 2024-02-06 国网电动汽车服务有限公司 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal
CN109523683B (en) * 2018-12-29 2021-05-04 杭州趣链科技有限公司 Anonymous electronic voting method based on block chain technology
CN109861816A (en) * 2019-02-22 2019-06-07 矩阵元技术(深圳)有限公司 Data processing method and device
CN109889541A (en) * 2019-03-25 2019-06-14 郑州轻工业学院 The mobile device authentication method for having anonymous reward distribution and privacy of identities protection
CN110166239B (en) * 2019-06-04 2023-01-06 成都卫士通信息产业股份有限公司 User private key generation method and system, readable storage medium and electronic device
CN110213036B (en) * 2019-06-17 2021-07-06 西安电子科技大学 Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things
CN111277571A (en) * 2020-01-13 2020-06-12 熊国华 Enterprise APP login management system based on zero-knowledge proof
CN111277411B (en) * 2020-01-21 2022-12-30 南京如般量子科技有限公司 Anti-quantum computing vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices
CN112039872B (en) * 2020-08-28 2022-07-05 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN114513316B (en) * 2020-10-27 2024-01-16 国家电网有限公司大数据中心 Anonymous authentication method based on identity, server and user terminal equipment
CN113545115B (en) * 2020-11-28 2022-09-23 华为技术有限公司 Communication method and device
CN113794693A (en) * 2021-08-25 2021-12-14 浪潮云信息技术股份公司 Distributed SM9 key secure distribution method for preventing server number expansion
CN114329421B (en) * 2021-12-03 2022-11-18 北京海泰方圆科技股份有限公司 Anonymous authentication method, device, system, medium and equipment
CN114826614B (en) * 2022-04-22 2024-02-23 安天科技集团股份有限公司 Distributed storage method and device for authenticatable password library file and electronic equipment
CN115766033B (en) * 2022-11-18 2024-04-16 电子科技大学 Threshold single sign-on method for privacy protection
CN116974624B (en) * 2023-06-28 2024-04-05 三峡科技有限责任公司 Enterprise-level interface document management system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity-based efficient anonymous batch authentication method in Internet of vehicles environment
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
GB2543359A (en) * 2015-10-16 2017-04-19 Samsung Electronics Co Ltd Methods and apparatus for secure communication
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2543359A (en) * 2015-10-16 2017-04-19 Samsung Electronics Co Ltd Methods and apparatus for secure communication
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity-based efficient anonymous batch authentication method in Internet of vehicles environment
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Fast Secure Two-Party ECDSA Signing;Yehuda Lindell;《Annual International Cryptology Conference》;20170729;第1-38页 *

Also Published As

Publication number Publication date
CN107947913A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
CN107947913B (en) Anonymous authentication method and system based on identity
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107634836B (en) SM2 digital signature generation method and system
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
CN107733648B (en) Identity-based RSA digital signature generation method and system
CN108199835B (en) Multi-party combined private key decryption method
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
US8930704B2 (en) Digital signature method and system
CN111277412B (en) Data security sharing system and method based on block chain key distribution
CN112468490B (en) Authentication method for access of power grid terminal layer equipment
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
CN112087428B (en) Anti-quantum computing identity authentication system and method based on digital certificate
CN111049647B (en) Asymmetric group key negotiation method based on attribute threshold
CN110278088A (en) A kind of SM2 collaboration endorsement method
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN106850584B (en) Anonymous authentication method facing client/server network
CN114070549B (en) Key generation method, device, equipment and storage medium
KR20080005344A (en) System for authenticating user's terminal based on authentication server
CN110572257A (en) Anti-quantum computing data source identification method and system based on identity
Mehta et al. Group authentication using paillier threshold cryptography
Harn et al. Fully deniable message authentication protocols preserving confidentiality
CN114070550B (en) Information processing method, device, equipment and storage medium
Hsu et al. Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant