CN107947913B - Anonymous authentication method and system based on identity - Google Patents
Anonymous authentication method and system based on identity Download PDFInfo
- Publication number
- CN107947913B CN107947913B CN201711132811.7A CN201711132811A CN107947913B CN 107947913 B CN107947913 B CN 107947913B CN 201711132811 A CN201711132811 A CN 201711132811A CN 107947913 B CN107947913 B CN 107947913B
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- private key
- calculating
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an anonymous authentication method and system based on identity, comprising the following steps: the server generates two partial private keys and respectively sends the two partial private keys to the two parties P participating in authentication1And P2。P1And P2Generating a primary authentication code in an authentication processAnd R, and zero knowledge proof to ensure P1And P2The privacy and reliability of the mutual information between the two. P1After obtaining the main authentication code, the pseudo address A is calculatedIDGenerating a third temporary public key R3Then, the final authentication code α is calculated, and the authentication information (A) is obtainedID,R,R3α, T), the server feeds back the verification authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
Description
Technical Field
The invention belongs to the field of information security, and particularly relates to an identity-based authentication method and system.
Background
Anonymous authentication protocols are an important component of network secure communications. By implementing an anonymous authentication protocol, two participants can authenticate each other over a common channel and negotiate a session key to enable secure communication in an open network. In an anonymous protocol based on traditional public key cryptographic authentication, two communication parties possess a pair of public and private keys: the system comprises a public key and a private key, wherein the private key is used for generating authentication information, and the public key is used for verifying the legality of the information. In order to solve the problem that certificate management is difficult in an anonymous authentication protocol based on a traditional public key password, scientific research personnel propose the anonymous authentication protocol based on identity by using the idea of a public key. In the protocol, the identity (name, identification card number, e-mail address, etc.) of the user is the public key of the user, thereby greatly reducing the complexity of the system legal person.
The private key is the most confidential information of the cryptosystem and is the basis of secure communication, and the security degree of the private key directly determines the security level of the system. In order to enhance the security of the private key and avoid the potential safety hazard caused by the loss of the single-point key, an effective key management scheme is usually designed by adopting a secret sharing/threshold technology. This approach splits the private key into shares and spreads it over multiple users or devices so that only users that obtain enough shares can reconstruct the private key, while less than a threshold number of shares cannot. However, when recovering the private key, the user who has taken the complete private key can perform illegal authentication without the knowledge of other parties, and the rights and interests of other users and the security of the system are threatened.
Aiming at the situation, the invention designs a two-party distributed anonymous authentication scheme based on identity, a user can generate authentication information in a distributed manner between two devices, the authentication information needs to be completed by two credible devices selected by an authenticator in a joint participation manner, and a complete authentication private key does not need to be recovered in the generation process of the authentication information, so that the security of the private key is ensured.
Disclosure of Invention
The invention aims to ensure that an authenticated party can not reveal two partial private keys of the authenticated party at the same time, and can generate authenticatable information based on identity by the two partial private keys under the condition of not obtaining a complete authentication private key.
For the purpose of the present invention, the present invention proposes an authentication scheme based on two-party distributed information generation of identity, and a detailed description is given below.
An identity-based anonymous authentication method, comprising:
a key distribution step: generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; then, a certificate is generatedKey DIDH (s, ID) P, and a random number rIDMake it satisfy Partial authentication keySending P1, Is sent to P2。
Distributed authentication step: both parties P participating in authentication1And P2Respectively generating a random number r1And r2。P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2。P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculatedCipher text C of2And the cipher text C is then generated2And R2Is sent to P1。P1Decryption C2And utilizes its own partial authentication keyCalculating to obtain a main authentication code r1r2DIDmod q and R, calculating the pseudo address A by using an exclusive OR operation and a hash algorithmIDGenerating a third temporary public key R3=r3P, generating the final authentication code by using a Hash algorithm Then the authentication information (A)ID,R,R3α, T), the server feeds back the authentication information obtained by verification to the user, and after the three-way handshake is successfully completed, the server and the user can establish safe communication.
In the above anonymous authentication method based on identity, the key distribution step specifically includes:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
step 2.3, generating a random number rIDComputing a first partial private keyAnd a second partial private keyWherein
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided withIs sent to the first party P1Will beTo the second party P2;
In the above anonymous authentication method based on identity, the distributed authentication step specifically includes:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2。
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertextWhere ρ is a random number. P2Handle (R)2,C2) Is sent to P1。
Step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text ofPrimary authentication codeTarget temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication codeWhere T is the current timestamp. P1Authentication information (A)ID,R,R3α, T) to the server.
And 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User real address ID ═ AID^h(R3R') and a primary authentication codeCalculate final recognitionCertificate codeDetermining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equal And sending (β, T ') to the user, wherein T' is the current timestamp.
Step 3.5, P1ComputingAnd judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
An identity-based anonymous authentication system, comprising:
a server: the user registers to the server firstly, the server provides the authentication private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q; the server generates an authentication private key D for the userIDH (s, ID) P, and a random number satisfies
A distributed authentication unit: involving authenticationBoth parties P1And P2Respectively generating a random number r by the distributed authentication unit1And r2。P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2。P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculatedCipher text C of2And the cipher text C is then generated2And R2Is sent to P1。P1Decryption C2And use its own partial private keyCalculating to obtain a main authentication code r1r2DIDmod q and R, calculating the pseudo address A by using an exclusive OR operation and a hash algorithmIDGenerating a third temporary public key R3=r3P, generating the final authentication code by using a Hash algorithmAuthentication information (A)ID,R,R3α, T), the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
In the above anonymous authentication method based on identity, the method for the key distribution unit to distribute the key specifically includes:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
step 2.3, generating a random number rIDComputing a first partial private keyAnd a second partial private keyWherein
Step 2.4, generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided withIs sent to the first party P1Will beTo the second party P2;
In the above anonymous authentication method based on identity, the method for performing distributed authentication by the distributed authentication unit specifically includes:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2。
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertextWhere ρ is a random number. P2Handle (R)2,C2) Is sent to P1。
Step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text ofPrimary authentication codeTarget temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication codeWhere T is the current timestamp and the symbol "^" indicates an XOR operation. P1Authentication information (A)ID,R,R3α, T) to the server.
And 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User real address ID ═ AID^h(R3R') and a primary authentication codeThereby calculating the final authentication codeDetermining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equalSending (β, T ') to the user, where T' is the current timestamp, step 3.5, P1ComputingAnd judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
Compared with the prior art, the invention has the following advantages and beneficial effects: 1. regarding the security of the authentication private key, in the existing threshold secret sharing scheme, although the authentication private key can be divided, in the authentication stage, the private key is recovered and mastered by a certain party, which causes the disclosure of the private key of the user, thus reducing the security of the authentication. 2. Regarding the fairness of authentication, in the existing threshold secret sharing scheme, a party who finally holds a complete authentication private key can independently authenticate with a server without participating in the authentication together by all parties, so that the fairness of the authentication is reduced. 3. The invention realizes the identity-based distributed key negotiation and authentication, ensures that both parties do not expose part of the authentication private key in the authentication process and do not need to recover the original private key, and simultaneously, the both parties must participate in the authentication process at the same time, thereby realizing the security and fairness of the authentication. 4. The invention is based on the mathematical problem, and ensures that even if the authentication private key of one party is lost, the partial authentication private key held by the other party can not be leaked, and the complete authentication private key can not be leaked.
Drawings
Fig. 1 is a flow chart of two-party authentication of a key in the present invention.
Fig. 2 is a flow chart of partial (sub) key generation and anonymous authentication in the present invention.
Fig. 3 is a flowchart of authentication of communication parties (server and user) in the present invention.
Detailed description of the invention
The present invention is described in detail below with reference to examples, and the following embodiments are only one possible embodiment of the present invention, not all possible embodiments, and are not intended to limit the present invention.
In the following description of the present invention, the authenticated party is simply referred to as a user, and the authenticator party is simply referred to as a server. Multiplication of two integers (or multiplication of integer symbols) and, without ambiguity, omission of the multiplier "·", e.g. a · b reduction to ab. mod n denotes the modulo n operation, the priority of which is the lowest, e.g., a + b mod n is equivalent to (a + b) mod n, ab mod is equivalent to (ab) mod n. "≡" denotes the congruence, i.e. a ≡ b modn is equivalent to a mod n ≡ b mod n. gcd (a, b) represents the greatest common factor for integers a, b, and represents a, b mutualin if gcd (a, b) is 1.
For the present hairObviously, the key pair is generated by the server, and the pair of two parties P needing to participate in authentication1And P2Generating a partial authentication private key by a computing device (e.g., personal computer, smart mobile device)Andany party P1Or P2The authentication information may be generated without obtaining the complete authentication private key, and the server may verify the correctness of the authentication information. Both parties respectively store and do not disclose their own partial authentication private keys.
In the following description of the authentication phase of the invention, P1And encrypting the message by using a homomorphic encryption algorithm, wherein a public and private key pair is (pk, sk). Definition of EncpkFor cryptographic operations, DecskIs a decryption operation. Definition ofIs c1,c2The "multiplication" operation of the ciphertext of (a) defines that the c ⊙ a operation is an "exponential" operation of the ciphertext in c with a, and defines that the x ^ y operation is an exclusive or operation between data x and data y, and the homomorphic encryption algorithm has the following properties:
the public key pk carries out message encryption, and only the only corresponding private key sk can decrypt the encrypted private key sk, namely Decsk(Encpk(m))=m;
Multiplication operations between ciphertexts may be mapped to addition operations between plaintexts, i.e.
The exponential operation of a ciphertext with a plaintext may be mapped to a multiplication of the plaintext with the ciphertext, i.e., Decsk(Encpk(m1)⊙m2)=m1m2。
The invention specifically comprises the following steps:
firstly, a key distribution algorithm:
in the present invention, a private key for anonymous authentication of a user is generated by a registered server. Respectively generating partial authentication private keys aiming at two credible parties selected by a user, wherein the operations are as follows:
1. the user registers to the server firstly, the server provides the authentication private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein G is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
2. computing a user private key DIDH (s, ID) P, where h (ID) represents a hash value of the user identity ID;
3. generating a random number rIDComputing a first partial private keyAnd a second partial private keyWherein
4. Generating a pair of public and private keys (pk, sk) of a homomorphic encryption algorithm; will be provided withIs sent to the first party P1Will beTo the second party P2;
Secondly, distributed authentication algorithm:
in the invention, the user side authentication information of the identity-based authentication method is composed of two parties P1And P2The method is completed together, and comprises the following specific operations:
1、P1generating a first random number r1Calculating a first temporary public key R1=r1P, use samePublic key pk pair r of state encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1)。P1Handle (R)1,C1) Is sent to P2。
2、P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertextWhere ρ is a random number. P2Handle (R)2,C2) Is sent to P1。
3、P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text ofPrimary authentication codeTarget temporary public key R ═ R1R2。P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication codeWhere T is the current timestamp. P1Authentication information (A)ID,R,R3α, T) to the server.
4. After receiving the authentication information, the server calculates R' ═ sR by using the private key3User real address ID ═ AID^h(R3R') and a primary authentication codeCalculating an authentication codeDetermine whether the calculated authentication code α matches α sent by the userEtc., terminating the protocol if not equal, and calculating if equalAnd sending (β, T ') to the user, wherein T' is the current timestamp.
5、P1ComputingAnd judging whether the value is equal to the received value β, if so, establishing communication connection, and otherwise, terminating the communication.
The invention is in P1And P2In the communication, a zero-knowledge proof mechanism is added for proving that the sent data really comes from the sender, so that the risk of data tampering is reduced, and the safety of the scheme is improved.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made or substituted in a similar manner to the specific embodiments described herein by those skilled in the art without departing from the spirit of the invention or exceeding the scope thereof as defined in the appended claims.
Claims (6)
1. An identity-based anonymous authentication method, comprising:
a key distribution step: generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; then generates a user private key DIDH (s, ID) P, and a random number satisfiesTo partially private keySending P1,Is sent to P2ID is the user's true identity;
distributed authentication step: both parties P participating in authentication1And P2Respectively generating a random number r1And r2;P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2;P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculatedCipher text C of2ρ is a random number, and the ciphertext C is obtained2And R2Is sent to P1;P1Decryption C2And use its own partial private keyCalculating to obtain a main authentication code r1r2DIDmod q and a target temporary public key R, and calculating a pseudo address A by using an exclusive OR operation and a Hash algorithmIDGenerating a third temporary public key R3=r3P,r3Is P1Generating the third random number by using a Hash algorithm to generate a final authentication code Is a main authentication code, and authenticates the information (A)ID,R,R3α, T) is sent to the server, T is the current timestamp, the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
2. The identity-based anonymous authentication method according to claim 1, wherein the key distribution step specifically comprises:
step 2.1, generating a random large integer satisfying the security parameters as a main private key s, and calculating a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash of the user's true identity ID;
step 2.3, generating a random number rIDComputing a first partial private keyAnd a second partial private keyWherein
3. The identity-based anonymous authentication method according to claim 1, wherein the distributed authentication step specifically comprises:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1);P1Handle (R)1,C1) Is sent to P2;
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertextWhere ρ is a random number; p2Handle (R)2,C2) Is sent to P1(ii) a Definition ofFor multiplication, ⊙ operation is defined as exponential operation;
step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text ofPrimary authentication codeTarget temporary public key R ═ R1R2;P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication codeWherein T is the current timestamp, and ^ represents the exclusive or operation; p1Authentication information (A)ID,R,R3α, T) to the server;
and 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User true identity ID ═ aID^h(R3R') and a primary authentication codeComputingAuthentication codeDetermining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equalSending (β, T ') to the user, wherein T' is the current timestamp;
4. An identity-based anonymous authentication system, comprising:
a server: the user registers to the server firstly, the server provides the user private key for the user, the server generates a random large integer meeting the security parameters as a main private key s, and calculates a corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q; the server generates a user private key D for the userIDH (s, ID) P, and a random number satisfiesThe ID is the real identity of the user;
A distributed authentication unit:both parties P participating in authentication1And P2Respectively generating a random number r by the distributed authentication unit1And r2;P1First, calculate R1=r1P, encrypting r using a homomorphic encryption method1To obtain C1Then send C1And R1To P2;P2Calculation of R2=r2P, while P2By the nature of homomorphic encryption, it can be calculatedCipher text C of2ρ is a random number, and the ciphertext C is obtained2And R2Is sent to P1;P1Decryption C2And use its own partial private keyCalculating to obtain a main authentication code r1r2DIDmod q and a target temporary public key R, and calculating a pseudo address A by using an exclusive OR operation and a Hash algorithmIDGenerating a third temporary public key R3=r3P,r3Is P1Generating the third random number by using a Hash algorithm to generate a final authentication code Is a main authentication code, and authenticates the information (A)ID,R,R3α, T) is sent to the server, T is the current timestamp, the server feeds back the verified authentication information to the user, and after the three-way handshake is successfully completed, the server and the user can establish secure communication.
5. The identity-based anonymous authentication system according to claim 4, wherein the method for the key distribution unit to distribute the key specifically comprises:
step 2.1,Generating a random large integer satisfying the security parameters as the main private key s, and calculating the corresponding public key PpubThe main private key is kept secret and the public key is published as sP, wherein P is a base point of a cyclic addition point group, and the order of the point group is a prime number q;
step 2.2, calculating the private key D of the userIDH (s, ID) P, where h (ID) represents a hash of the user's true identity ID;
step 2.3, generating a random number rIDComputing a first partial private keyAnd a second partial private keyWherein
6. The identity-based anonymous authentication system as set forth in claim 4, wherein the method for distributed authentication by the distributed authentication unit specifically comprises:
step 3.1, P1Generating a first random number r1Calculating a first temporary public key R1=r1P, public key pk pair r using homomorphic encryption algorithm1Make encryption, i.e. the first ciphertext C1=Encpk(r1);P1Handle (R)1,C1) Is sent to P2;
Step 3.2, P2Generating a second random number r2Calculating a second temporary public key R2=r2P, calculating a second ciphertextWhere ρ is a random number; p2Handle (R)2,C2) Is sent to P1(ii) a Definition ofFor multiplication, ⊙ operation is defined as exponential operation;
step 3.3, P1Using the private key of the homomorphic encryption algorithm to decrypt and calculate C2In the clear text ofPrimary authentication codeTarget temporary public key R ═ R1R2;P1Generating a third random number r3Calculating a third temporary public key R3=r3P and pseudo address AID=ID^h(R3,r3Ppub) And a final authentication codeWherein T is the current timestamp; p1Authentication information (A)ID,R,R3α, T) to the server;
and 3.4, after receiving the authentication information, the server calculates R' ═ sR by using a private key of the server3User true identity ID ═ aID^h(R3R') and a primary authentication codeCalculating an authentication codeDetermining whether the calculated authentication code α is equal to α sent by the user, terminating the protocol if not equal, and calculating if equalSending (β, T ') to the user, wherein T' is the current timestamp;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711132811.7A CN107947913B (en) | 2017-11-15 | 2017-11-15 | Anonymous authentication method and system based on identity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711132811.7A CN107947913B (en) | 2017-11-15 | 2017-11-15 | Anonymous authentication method and system based on identity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107947913A CN107947913A (en) | 2018-04-20 |
CN107947913B true CN107947913B (en) | 2020-08-07 |
Family
ID=61932393
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711132811.7A Active CN107947913B (en) | 2017-11-15 | 2017-11-15 | Anonymous authentication method and system based on identity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107947913B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617675B (en) * | 2018-11-15 | 2024-02-06 | 国网电动汽车服务有限公司 | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal |
CN109523683B (en) * | 2018-12-29 | 2021-05-04 | 杭州趣链科技有限公司 | Anonymous electronic voting method based on block chain technology |
CN109861816A (en) * | 2019-02-22 | 2019-06-07 | 矩阵元技术(深圳)有限公司 | Data processing method and device |
CN109889541A (en) * | 2019-03-25 | 2019-06-14 | 郑州轻工业学院 | The mobile device authentication method for having anonymous reward distribution and privacy of identities protection |
CN110166239B (en) * | 2019-06-04 | 2023-01-06 | 成都卫士通信息产业股份有限公司 | User private key generation method and system, readable storage medium and electronic device |
CN110213036B (en) * | 2019-06-17 | 2021-07-06 | 西安电子科技大学 | Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things |
CN111277571A (en) * | 2020-01-13 | 2020-06-12 | 熊国华 | Enterprise APP login management system based on zero-knowledge proof |
CN111277411B (en) * | 2020-01-21 | 2022-12-30 | 南京如般量子科技有限公司 | Anti-quantum computing vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices |
CN112039872B (en) * | 2020-08-28 | 2022-07-05 | 武汉见邦融智科技有限公司 | Cross-domain anonymous authentication method and system based on block chain |
CN114513316B (en) * | 2020-10-27 | 2024-01-16 | 国家电网有限公司大数据中心 | Anonymous authentication method based on identity, server and user terminal equipment |
CN113545115B (en) * | 2020-11-28 | 2022-09-23 | 华为技术有限公司 | Communication method and device |
CN113794693A (en) * | 2021-08-25 | 2021-12-14 | 浪潮云信息技术股份公司 | Distributed SM9 key secure distribution method for preventing server number expansion |
CN114329421B (en) * | 2021-12-03 | 2022-11-18 | 北京海泰方圆科技股份有限公司 | Anonymous authentication method, device, system, medium and equipment |
CN114826614B (en) * | 2022-04-22 | 2024-02-23 | 安天科技集团股份有限公司 | Distributed storage method and device for authenticatable password library file and electronic equipment |
CN115766033B (en) * | 2022-11-18 | 2024-04-16 | 电子科技大学 | Threshold single sign-on method for privacy protection |
CN116974624B (en) * | 2023-06-28 | 2024-04-05 | 三峡科技有限责任公司 | Enterprise-level interface document management system and method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105847235A (en) * | 2016-03-14 | 2016-08-10 | 安徽大学 | Identity-based efficient anonymous batch authentication method in Internet of vehicles environment |
CN106341232A (en) * | 2016-09-18 | 2017-01-18 | 中国科学院软件研究所 | Anonymous entity identification method based on password |
GB2543359A (en) * | 2015-10-16 | 2017-04-19 | Samsung Electronics Co Ltd | Methods and apparatus for secure communication |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
-
2017
- 2017-11-15 CN CN201711132811.7A patent/CN107947913B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2543359A (en) * | 2015-10-16 | 2017-04-19 | Samsung Electronics Co Ltd | Methods and apparatus for secure communication |
CN105847235A (en) * | 2016-03-14 | 2016-08-10 | 安徽大学 | Identity-based efficient anonymous batch authentication method in Internet of vehicles environment |
CN106341232A (en) * | 2016-09-18 | 2017-01-18 | 中国科学院软件研究所 | Anonymous entity identification method based on password |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
Non-Patent Citations (1)
Title |
---|
Fast Secure Two-Party ECDSA Signing;Yehuda Lindell;《Annual International Cryptology Conference》;20170729;第1-38页 * |
Also Published As
Publication number | Publication date |
---|---|
CN107947913A (en) | 2018-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107947913B (en) | Anonymous authentication method and system based on identity | |
CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
CN107634836B (en) | SM2 digital signature generation method and system | |
CN107948189B (en) | Asymmetric password identity authentication method and device, computer equipment and storage medium | |
CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
CN108199835B (en) | Multi-party combined private key decryption method | |
CN107707358B (en) | EC-KCDSA digital signature generation method and system | |
CN107659395B (en) | Identity-based distributed authentication method and system in multi-server environment | |
US8930704B2 (en) | Digital signature method and system | |
CN111277412B (en) | Data security sharing system and method based on block chain key distribution | |
CN112468490B (en) | Authentication method for access of power grid terminal layer equipment | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
CN112087428B (en) | Anti-quantum computing identity authentication system and method based on digital certificate | |
CN111049647B (en) | Asymmetric group key negotiation method based on attribute threshold | |
CN110278088A (en) | A kind of SM2 collaboration endorsement method | |
CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
CN106850584B (en) | Anonymous authentication method facing client/server network | |
CN114070549B (en) | Key generation method, device, equipment and storage medium | |
KR20080005344A (en) | System for authenticating user's terminal based on authentication server | |
CN110572257A (en) | Anti-quantum computing data source identification method and system based on identity | |
Mehta et al. | Group authentication using paillier threshold cryptography | |
Harn et al. | Fully deniable message authentication protocols preserving confidentiality | |
CN114070550B (en) | Information processing method, device, equipment and storage medium | |
Hsu et al. | Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |