CN108449326A - A kind of deniable authentication method of isomery and system - Google Patents

A kind of deniable authentication method of isomery and system Download PDF

Info

Publication number
CN108449326A
CN108449326A CN201810163893.XA CN201810163893A CN108449326A CN 108449326 A CN108449326 A CN 108449326A CN 201810163893 A CN201810163893 A CN 201810163893A CN 108449326 A CN108449326 A CN 108449326A
Authority
CN
China
Prior art keywords
transmitting terminal
private key
public key
key
receiving terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810163893.XA
Other languages
Chinese (zh)
Other versions
CN108449326B (en
Inventor
金春花
于长辉
单劲松
徐成杰
陈冠华
殷路
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN201810163893.XA priority Critical patent/CN108449326B/en
Publication of CN108449326A publication Critical patent/CN108449326A/en
Application granted granted Critical
Publication of CN108449326B publication Critical patent/CN108449326B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Abstract

Present invention seek to address that transmitting terminal based on the deniable certification communication issue of the isomery of no certificate environment, receiving terminal based on Public Key Infrastructure environment, provides a kind of deniable authentication method of isomery and system, the method for the present invention includes:Centrally disposed systematic parameter is generated in the private key of no certificate environment, generates main private key and Your Majesty's key that private key generates center;Systematic parameter without certificate environment of the transmitting terminal without certificate environment according to setting, transmitting terminal identity IDA, transmitting terminal public key PKAWith the complete private key S of transmitting terminalA, receiving terminal public key pkB, message m generate one deny authentication code and send it to receiving terminal;Receiving terminal receives message m and verifies the correctness for denying authentication code after denying authentication code.Deniable certification communication of the present invention from no certificate environment to Public Key Infrastructure environment, end-by-end security guarantee and falsifiability service are provided for the user based on no certificate environment and the user based on Public Key Infrastructure environment.

Description

A kind of deniable authentication method of isomery and system
Technical field
The present invention relates to field of communication technology more particularly to a kind of deniable authentication methods of isomery and system.
Background technology
Certification is the important safety requirement in many Networks and information security applications.Certification is to ensure that communication party really It is that position that his (she) is claimed.Usually, certification means non-repudiation.Non-repudiation be prevent communication party to Preceding promise or behavior is denied.Authentication property and non-repudiation can be obtained using digital signature system.However, at certain In a little applications, non-repudiation is unwelcome, such as electronic voting system (electronic voting system) With safety negotiation (secure negotiation) [Aumann Y, Rabin M.Authentication on Internet enhanced security and error correcting codes.Advances in Cryptology-CRYPTO’ 98,LNCS 1462,1998:299-303.], need exist for a kind of new cryptographic technique -- deniable authentication (deniable Authentication) agreement.Compared with traditional certification, deniable authentication agreement has following two important features:
(1) recipient is allowed to differentiate the source for giving message;
(2) recipient cannot prove to give the source of message to third party.
Such feature breaks away from the safety negotiation right and wrong carried out on compulsory voting and Internet in electronic voting system It is often important.In an electronic voting system, if Alice is a voter, Bob is vote-counting center.Assuming that Carol thinks by force Compel Alice and elect a candidate, but Alice is but not intended to elect this candidate.Alice is required to send her ballot paper M and authentication code (authenticator) give Bob, so as to Bob can be confident that this ballot paper come from Alice rather than other people. In addition, even if Bob cooperates with Carol, Bob can not prove the source of ballot paper m to Carol.If Bob cooperates with Carol, Carol may suspect that Bob provides the authenticity of evidence.In this case, Carol would not force Alice to elect this Candidate.Therefore, in order to allow a voter to break away from compulsory voting, deniable authentication agreement is needed.Another example is The safety negotiation carried out on Internet.If Alice is a customer, Bob is businessman, and Alice wishes to order one from the theres Bob A commodity.Under normal conditions, Alice to send one she propose price m and authentication code to Bob.Alice wishes that Bob cannot It is enough that the bid of oneself is shown to third party.If the bid of Alice can be shown to third party by Bob, he may Draw a better price.Bob can be confident that bid m comes from Alice, but even if Bob cooperates Bob with third party It cannot prove that bid m comes from Alice to third party.The identical bid with Alice can be generated by being mainly due to Bob also M and authentication code, third party may can suspect that Bob provides the authenticity of evidence.Above-mentioned two example shows deniable authentication Agreement plays an important roll in practical applications.Deniable authentication agreement can be divided into interactive deniable authentication agreement and Fei Jiao Mutual two class of formula deniable authentication agreement.In interactive deniable authentication agreement, sender and recipients need send two or It is two or more message.In non-interactive type deniable authentication agreement, sender only needs to send a piece of news, and recipient is not It needs to send message.
In cryptography, there are three types of methods for the public key of certification user:Based on Public Key Infrastructure (public key Infrastructure, PKI) method, the method for identity-based (identity-based) and without certificate (certificateless) method.It is in fact possible to according to the difference of authentication public key method, public-key cryptosystem is divided into base In the cipher system of Public Key Infrastructure, Identity- based cryptography and certificateless cryptosystem.These three are close for explained later The characteristics of code system.
(1) cipher system based on Public Key Infrastructure:For the public key of each user with a public key certificate, this is public Key certificate is signed and issued by CA.Public key certificate is the data record of a structuring, it includes the identity information of user, public key parameter With the signature of CA etc..Anyone can be by verifying the legitimacy (signature of CA) of certificate come certification public key.This method has Following two disadvantages:1. using being required for first verifying the legitimacy of public key certificate before any public key, the calculation amount of user is increased; 2. CA needs to manage a large amount of certificate, including certificate is issued, is stored, cancelling.
(2) Identity- based cryptography:In order to simplify key management, Shamir was put forward for the first time in 1984 is based on body Concept [the Shamir A.Identity-based cryptosystems and signature of the cipher system of part schemes.Advances in Cryptology-CRYPTO’84,LNCS 196,1985:47-53.].In the close of identity-based In code system, the public key of user can be according to the identity information of user (such as name, ID card No., telephone number, E-mail Location etc.) directly calculate, the private key of user be then by one be known as private key generate center (private key generator, PKG trusted party) generates.Identity- based cryptography eliminates public key certificate, reduces the storage of public key certificate and legal Property verification.But there are one fatal disadvantages for Identity- based cryptography:The private key of all users is all generated by PKG.PKG Know that the private key of all users inevitably causes key escrow
(3) certificateless cryptosystem:In order to overcome the key escrow in Identity- based cryptography, Al- Riyami and Paterson proposes the concept [Al- of certificateless cryptosystem (certificateless cryptography) Riyami S S,Paterson K G.Certificateless public key cryptography.Advances in Cryptology-ASIACRYPT 2003,LNCS 2894,2003:452-473.].In this cipher system, the private of user Key comes from two parts, and a part is the secret value of user oneself selection, and a part is to generate center (key by private key Generating centre, KGC) according to the part private key of the identity information of user calculating.Public key usually utilizes secret value next life At, but public key here is not necessarily with the public key certificate of independent certification.That is, the part that user needs joint KGC to generate is private Key and the secret value of oneself generate complete private key.KGC is not aware that the complete private key of user, is asked to eliminate key escrow Topic.
Wang and Song propose one it is noninteractive based on Designated-Verifier deniable authentication protocol [Wang B, Song Z X.A non-interactive deniable authentication scheme based on designated verifier proofs[J].Information Sciences,2009,179(6):858-865.].Their scheme is in DDH It is provable security under the hypothesis of difficult problem.Raimondo and Gennaro propose the concept of a forward direction property denied [Di Raimondo M,Gennaro R.New approaches for deniable authentication[J] .Journal of cryptology,2009,22(4):572-615.].This concept requirement certification is deniable, even if hair Sending end is wanted to prove that it is authenticated message later.Tian et al. [Tian H, Chen X, Jiang Z.Non- interactive deniable authentication protocols[C]//International Conference on Information Security and Cryptology.Springer,Berlin,Heidelberg,2011:142-159.] An example is given to construct noninteractive deniable authentication protocol, and demonstrates and is carried in the security model that they define The safety of scheme.Li and Takagi [Li F, Takagi T.Cryptanalysis and improvement of robust deniable authentication protocol[J].Wireless personal communications,2013,69 (4):1391-1398.] devise a deniable certificate scheme, the program meet deniable authentication, being mutually authenticated property and Confidentiality.Gambs et al. [Gambs S, Onete C, Robert J M.Prover anonymous and deniable distance-bounding authentication[C]//Proceedings of the 9th ACM symposium on Information,computer and communications security.ACM,2014:501-506.] devise one Certificate scheme in certifier's anonymity and deniable distance range.They two give formalization security model and define proof The anonymity of person.In order to realize falsifiability, they determine the behavior and malice verifier that back-end server cannot be certifier Behavior distinguish.Zeng et al. [Zeng S, Chen Y, Tan S, et al.Concurrently deniable ring authentication and its application to LBS in VANETs[J].Peer-to-Peer Networking and Applications,2017,10(4):844-856.] propose a deniable ring certificate scheme To handle Parallel Problem.The method that they construct the multi-receiver encryption of a CCA2- safety, this method only need 2 wheels logical Letter has advantage in terms of communication overhead.These above-mentioned schemes, transmitting terminal and receiving terminal are all in Public Key Infrastructure Environment.Lu et al. [Lu R, Cao Z, Wang S, et al.A new ID-based deniable authentication protocol[J].Informatica,2007,18(1):67-78.] devise identity-based under RSA hypothesis could The certificate scheme recognized, and they analyze suggested plans safety using provable security technology.Li et al. people [Li F, Xiong P,Jin C.Identity-based deniable authentication for ad hoc networks[J] .Computing,2014,96(9):843-853.] using Bilinear map an effective deniable certificate scheme is proposed, And they give Security Proof under random oracle.Yao and Zhao [Yao A C C, Zhao Y.Privacy-preserving authenticated key-exchange over Internet[J].IEEE Transactions on Information Forensics and Security,2014,9(1):125-140.] it devises Two deniable Internet Key Exchange.One of agreement identity-based environment.These above-mentioned schemes are sent End and receiving terminal are all in identity-based facilities environment.Jin et al. [Jin C, Xu C, Zhang X, et al.An efficient certificateless deniable authentication protocol without pairings [J].International Journal of Electronic Security and Digital Forensics,2015,7 (2):179-196.] devise one non-pair of the deniable certificate scheme based on no certificate, and they are in random oracle Security Proof is given under machine model.Jin et al. [Jin C, Xu C, Li F, et al.A novel certificateless deniable authentication protocol[J].International Journal of Computers and Applications,2015,37(3-4):181-192.] using Bilinear map one is devised without certificate Deniable certificate scheme, and their scheme is provable security under the hypothesis of BDH and CDH difficult problems.With On these schemes for mentioning, transmitting terminal and receiving terminal are all in the environment based on no certificate.
In the discussion above, people usually assume that participant belongs to identical authentication public key environment, i.e. two sides or more Side either belongs to Public Key Infrastructure environment, either belongs to identity-based environment or belongs to no certificate environment.So And the computer and communication system in the modern interconnection whole world formed are miscellaneous.Internet of Things, cloud computing these new technologies Occur having aggravated the isomery degree of network.Different country, area and enterprises may use different network technology and different Safe practice (difference for referring mainly to authentication public key technology here).Under general calculation environment, Li et al. people [Li F, Hong J, Omala A A.Practical deniable authentication for pervasive computing environments[J].Wireless Networks,2018,24(1):139-149.] two are proposed based on heterogeneous system Deniable certificate scheme.The first string allows the transmitting terminal belonged in Public Key Infrastructure environment to send messages to belong to Receiving terminal in identity-based environment, second scheme allow the transmitting terminal belonged in identity-based environment to send messages to belong to Receiving terminal in Public Key Infrastructure environment, they can realize falsifiability and authentication property.
Above-mentioned deniable authentication method is all based on without discussing that transmitting terminal belongs to belong to based on no certificate environment, receiving terminal The communication issue of Public Key Infrastructure environment.
Invention content
Belonged to based on Public Key Infrastructure environment based on no certificate environment, receiving terminal present invention seek to address that transmitting terminal belongs to The deniable certification communication issue of isomery.
In order to realize that above-mentioned target, the present invention provide a kind of deniable authentication method of isomery, which is characterized in that including:
1) private key without certificate environment generates centrally disposed systematic parameter, generates main private key and Your Majesty that private key generates center Key;
2) transmitting terminal without certificate environment sends message m to the receiving terminal of Public Key Infrastructure environment and denies authentication code It is used to indicate the transmitting terminal and executes the certification request for denying authentication operation with the receiving terminal, it is described to deny that authentication code is by sending out Sending end is according to the systematic parameter without certificate environment of setting, the identity ID of transmitting terminalA, transmitting terminal public key PKAIt is completely private with transmitting terminal Key SA, receiving terminal public key pkB, message m generate message m deny authentication code σ;The wherein described complete private key S of transmitting terminalABy The secret value x that transmitting terminal generates at random according to local terminalAThe part private key D for the transmitting terminal being centrally generated is generated with private keyAIt is raw At;
3) after the receiving terminal of the Public Key Infrastructure environment receives the message m from transmitting terminal and denies authentication code The correctness of authentication code is denied in verification.
In order to realize above-mentioned target, the present invention also provides a kind of deniable Verification Systems of isomery, which is characterized in that packet It includes:No diploma system parameter module sends end part private key module, the complete private key module of transmitting terminal, transmitting terminal public key module, connects Receiving end private key and public key module deny authentication module, authentication module;
The no diploma system parameter module generates private key and generates center for the systematic parameter without certificate environment to be arranged Main private key and Your Majesty's key;
The transmission end part private key module is used for the systematic parameter according to no certificate environment and the transmission without certificate environment Hold the identity information ID for the transmitting terminal submittedAGenerate the part private key D of corresponding transmitting terminalA
The secret value x that the complete private key module of transmitting terminal is used to be generated at random according to local terminalACome with what is received The part private key D that center is sent is generated from private keyAThe complete private key S of transmitting terminal is setA=(xA, DA);
The transmitting terminal public key module is used to generate the public key of transmitting terminal according to systematic parameter and the secret value of transmitting terminal;
The random number that the receiving terminal private key and public key module are used to be selected according to receiving terminal is as receiving terminal private key and life At the public key of receiving terminal;
It is described to deny authentication module for according to systematic parameter, the identity of transmitting terminal, the public key of transmitting terminal and private key, reception The public key and message at end generate one and deny authentication code and be sent to receiving terminal;
The authentication module be used for according to systematic parameter, the identity of transmitting terminal, the public key of transmitting terminal, receiving terminal public key and Private key denies that authentication code and message, output indicate symbol correctly or incorrectly.
The advantageous effect that the present invention is reached:The present invention realize from based on no certificate environment to based on Public Key Infrastructure ring The deniable certification in border communicates, for user and Public Key Infrastructure environment based on no certificate environment user provide it is end-to-end Safety guarantee;It can be provided end to end for the user based on no certificate environment and the user based on Public Key Infrastructure environment Authentication property and falsifiability service.
Description of the drawings
Fig. 1 is a kind of isomery deniable authentication method one embodiment flow chart of the present invention;
Fig. 2 is a kind of isomery deniable authentication method one embodiment authentication operation flow chart of the present invention;
Fig. 3 is a kind of isomery deniable authentication method one embodiment verification operation flow chart of the present invention.
Specific implementation mode
In order to keep the objectives, technical solutions, and advantages of the present invention clearer, the present invention is made into one below in conjunction with the accompanying drawings Step description.It should be appreciated that the following examples are only intended to illustrate the technical solution of the present invention more clearly, and cannot be limited with this Protection scope of the present invention processed.
The present invention provides a kind of deniable authentication method of isomery, including
Private key of the step 1) without certificate environment generates centrally disposed systematic parameter, generate private key generate center main private key and Your Majesty's key;
Fig. 1 gives a kind of deniable authentication method one embodiment flow chart of isomery;Private key generates center in Fig. 1 Generate the main private key s and Your Majesty's key P at private key centerpub, detailed process is as follows:
If G1For the circled addition group generated by generating member P, rank q, G2For the cycle multiplicative group with phase same order q, e:G1 ×G1→G2For a bilinear map.Define the Hash functions H of two safety1And H2。H1It is from { 0,1 }*It is mapped toH2From {0,1}*×G1It is mapped toSystematic parameter is
{G1,G2,q,e,P,H1,H2}
Private key generates center and randomly chooses a private keyCalculate corresponding public key Ppub=sP, wherein s are random Number, P are to generate member.
Transmitting terminal of the step 2) without certificate environment sends message m to the receiving terminal of Public Key Infrastructure environment and denies recognizing Card code is used to indicate the transmitting terminal and executes the certification request for denying authentication operation with the receiving terminal, described to deny that authentication code is By transmitting terminal according to the systematic parameter without certificate environment of setting, the identity ID of transmitting terminalA, transmitting terminal public key PKAIt is complete with transmitting terminal Full private key SA, receiving terminal public key pkB, message m generate message m deny authentication code σ;The wherein described complete private key of transmitting terminal SAThe secret value x generated at random according to local terminal by transmitting terminalAThe part private key D for the transmitting terminal being centrally generated is generated with private keyA It generates;
In Fig. 1, the transmitting terminal of no certificate environment submits identity information ID firstACenter is generated to private key, to obtain Part private key DA, private key generation center is according to systematic parameter and identity information IDAGenerating portion private key DAAnd it is sent to transmitting terminal, Then transmitting terminal generates a secret value x at randomA, according to secret value xAWith part private key DAComplete private key S is setA=(xA,DA) With public key PKA
Transmitting terminal public key PKAThe difference of specific embodiment that can be according to the method for the present invention is arranged different values, in this hair In one embodiment of bright method, PK is setA=xAP, wherein xAFor the secret value that transmitting terminal generates at random, P is to generate Member.
Receiving terminal selection random number sk based on Public Key Infrastructure environmentBAs receiving terminal private key and generate corresponding The public key pk of receiving terminalB, wherein pkB=skBP, P are to generate member;
Transmitting terminal is according to systematic parameter, the identity ID of transmitting terminalA, transmitting terminal public key PKAWith the complete private key of transmitting terminal SA, receiving terminal public key pkBWith and message m, generate one deny authentication code σ and be sent to receiving terminal.
It generates one and denies authentication code σ in combination with shown in Fig. 2, detailed process is as follows:
(1) transmitting terminal without certificate environment generates a random number at random It indicates that group of integers removes 0, and calculates Promise to undertake U=rQA, wherein QAFor transmitting terminal identity IDAHash value;
(2) transmitting terminal without certificate environment calculates hash value h2, calculation formula is as follows:
h2=H2(m,U,PKA,pkB,xApkB)
Wherein H2For hash function, m is message, U is commitment value, PKAPublic key, pk for transmitting terminalBFor the public affairs of receiving terminal Key, xApkBFor transmitting terminal secret value xAWith receiving terminal public key pkBProduct;
(3) signature V is generated, calculation formula is as follows:
V=(r+h2)DA
R is random number, h in formula2For hash value, DAFor the part private key of transmitting terminal;
(4) the value S of Bilinear map is generated, formula is as follows:
S=e (V, pkB);
Wherein e is bilinear map, V is signature, pkBFor the public key of receiving terminal;
(5) generate message m denies that authentication code σ, form are as follows:
σ=(U, S), wherein U are commitment value, and S is the value of Bilinear map;
The complete private key S of transmitting terminalAThere are two parts, including transmitting terminal secret value xAWith the part private key D of transmitting terminalA;In life Hash value h is calculated at the transmitting terminal without certificate environment when denying authentication code σ2In used SAIn xA, used when generating signature V SAIn DA
The receiving terminal of step 3) the Public Key Infrastructure environment receives the message m from transmitting terminal and denies certification The correctness of authentication code is denied in verification after code σ.
For verification process in combination with shown in attached drawing 3, detailed process is as follows:
(1) receiving terminal of Public Key Infrastructure environment calculates hash value h '2, formula is as follows:
h′2=H2(m,U,PKA,pkB,skBPKA),
Wherein H2For hash function, m is message, U is commitment value, PKAPublic key, pk for transmitting terminalBFor the public affairs of receiving terminal Key, skBPKAFor receiving terminal private key skBWith transmitting terminal public key PKAProduct;
(2) Bilinear map S ' is calculated, formula is as follows:
S '=e (U+h '2QA,skBPpub),
Wherein e is Bilinear map, and U is commitment value, h '2For hash function value, QAFor transmitting terminal identity IDAHash value, skBPpubFor receiving terminal private key skBYour Majesty's key P at center is generated with private keypubProduct;
(3) whether verification equation S '=S is true;If set up, output indicates correct symbol;If invalid, output Indicate the symbol of mistake.
Preferably, in one embodiment of the method for the present invention, whether receiving terminal verifies equation S '=S true;If at Vertical, then receiving terminal receives;Otherwise, then receiving terminal is refused.
The present invention also provides a kind of deniable Verification Systems of isomery, which is characterized in that including:Without diploma system parameter mould Block, transmission end part private key module, the complete private key module of transmitting terminal, transmitting terminal public key module, receiving terminal private key and public key module, Deny authentication module, authentication module;
The no diploma system parameter module generates the main private at private key center for the systematic parameter without certificate environment to be arranged Key and Your Majesty's key;
The transmission end part private key module is used for the systematic parameter according to no certificate environment and the transmission without certificate environment Hold the identity information ID for the transmitting terminal submittedAGenerate the part private key D of corresponding transmitting terminalA
The secret value x that the complete private key module of transmitting terminal is used to be generated at random according to local terminalACome with what is received The part private key D that center is sent is generated from private keyAThe complete private key S of transmitting terminal is setA=(xA,DA);
The transmitting terminal public key module is used to generate the public key of transmitting terminal according to systematic parameter and the secret value of transmitting terminal;
The random number that the receiving terminal private key and public key module are used to be selected according to receiving terminal is as receiving terminal private key and life At the public key of receiving terminal;
It is described to deny authentication module for according to systematic parameter, the identity of transmitting terminal, the public key of transmitting terminal and private key, reception The public key and message at end generate one and deny authentication code and be sent to receiving terminal;
The authentication module be used for according to systematic parameter, the identity of transmitting terminal, the public key of transmitting terminal, receiving terminal public key and Private key denies that authentication code and message, output indicate symbol correctly or incorrectly.
The complete private key module of transmitting terminal specifically includes the secret value cell of setting and complete private key unit is arranged.
The secret value cell is for generating a random number as secret value;
The complete private key unit is used to secret value and part private key jointly forming complete private key.
It is described to deny that authentication module specifically includes generation Committing unit, calculates hash value unit, signature unit, calculates two-wire Property denies authentication code unit to unit and transmission;
The generation Committing unit is for generating random number and generating promise;
The hash value for calculating hash value unit and being used to calculate given message;
The signature unit is for given message of signing;
The calculating Bilinear map unit denies authentication code for generating part;
The transmission denies authentication code unit for that will deny that authentication code is sent to receiving terminal.
The authentication module, which specifically includes, to be calculated hash value unit, calculates Bilinear map unit and authentication unit;
The hash value for calculating hash value unit and being used to calculate given message;
The calculating Bilinear map unit denies authentication code for generating part;
The authentication unit is used to verify the part generated and denies whether authentication code is consistent;If consistent, correct symbol is exported Number " ";Otherwise, output error symbol " ⊥ ".
The present invention carries out message using transmitting terminal private key to deny that certification, receiving terminal can utilize the private key of oneself, generate One undistinguishable denies authentication code on probability with transmitting terminal.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of deniable authentication method of isomery, which is characterized in that including:
1) private key without certificate environment generates centrally disposed systematic parameter, generates main private key and Your Majesty's key that private key generates center;
2) transmitting terminal without certificate environment sends message m to the receiving terminal of Public Key Infrastructure environment and denies that authentication code is used for Indicate that the transmitting terminal executes the certification request for denying authentication operation with the receiving terminal, it is described to deny that authentication code is by transmitting terminal According to the systematic parameter without certificate environment of setting, the identity ID of transmitting terminalA, transmitting terminal public key PKAWith the complete private key of transmitting terminal SA, receiving terminal public key pkB, message m generate message m deny authentication code σ;The wherein described complete private key S of transmitting terminalABy sending out The secret value x that sending end generates at random according to local terminalAThe part private key D for the transmitting terminal being centrally generated is generated with private keyAIt generates;
3) receiving terminal of the Public Key Infrastructure environment receives the message m from transmitting terminal and is verified after denying authentication code Deny the correctness of authentication code.
2. the deniable authentication method of a kind of isomery according to claim 1, which is characterized in that the no certificate environment The method that private key generates centrally disposed systematic parameter is as follows:
If G1For the circled addition group generated by generating member P, rank q, G2For the cycle multiplicative group with phase same order q, e:G1×G1 →G2, e is a bilinear map;Define the Hash functions H of two safety1And H2;H1It is from { 0,1 }*It is mapped toH2From {0,1}*×G1It is mapped to Indicate that group of integers removes 0;Systematic parameter is:
{G1,G2,q,e,P,H1,H2};
Private key generates center and selects a random number s as main private key,And calculate the master that corresponding private key generates center Public key Ppub, wherein Ppub=sP, wherein s are random number, and P is to generate member.
3. the deniable authentication method of a kind of isomery according to claim 1, which is characterized in that the no certificate environment Transmitting terminal sends message m to the receiving terminal of Public Key Infrastructure environment and denies that the operation of authentication code includes:
31) private key generate center according to systematic parameter and the transmitting terminal without certificate environment submit transmitting terminal identity information IDAIt is raw At the part private key D of corresponding transmitting terminalA, expression formula DA=sQA, wherein s is random number, QAFor transmitting terminal identity IDA's Hash values, QA=H1(IDA), H1It is from { 0,1 }*It is mapped toG1For the circled addition group generated by generating member P, IDATo send The identity information at end;
32) the secret value x that the transmitting terminal without certificate environment generates at randomA, Indicate that group of integers removes 0;It sends End is according to xAWith what is received the part private key D that center is sent is generated from private keyAThe complete private key S of transmitting terminal is setA=(xA, DA) and transmitting terminal public key PKA
33) the receiving terminal selection random number sk based on Public Key Infrastructure environmentBAs receiving terminal private key and generate connect accordingly The public key pk of receiving endB, wherein pkB=skBP, P are to generate member;
34) transmitting terminal without certificate environment is according to systematic parameter, the identity ID of transmitting terminalA, transmitting terminal public key PKAWith transmitting terminal Complete private key SA, receiving terminal public key pkBWith and message m, generate denying authentication code σ and being sent to reception for message m End.
4. the deniable authentication method of a kind of isomery according to claim 3, which is characterized in that the generation one is denied The specific method of authentication code σ includes:
41) transmitting terminal without certificate environment generates a random number r at random, It indicates that group of integers removes 0, and calculates and hold Promise value U, U=rQA, wherein QAFor transmitting terminal identity IDAHash values;
42) transmitting terminal without certificate environment calculates hash value h2, calculation formula is as follows:
h2=H2(m,U,PKA,pkB,xApkB)
Wherein H2For hash function, m is message, U is commitment value, PKAPublic key, pk for transmitting terminalBFor receiving terminal public key, xApkBFor transmitting terminal secret value xAWith receiving terminal public key pkBProduct;
43) signature V is generated, calculation formula is as follows:
V=(r+h2)DA
R is random number, h in formula2For hash value, DAFor the part private key of transmitting terminal;
44) the value S of Bilinear map is generated, formula is as follows:
S=e (V, pkB);
Wherein e is bilinear map, V is signature, pkBFor the public key of receiving terminal;
45) generate message m denies that authentication code σ, formula are as follows:
σ=(U, S), wherein U are commitment value, and S is the value of Bilinear map.
5. the deniable authentication method of a kind of isomery according to claim 1, which is characterized in that the Public Key Infrastructure The receiving terminal of environment receives the message m from transmitting terminal and executes following operation after denying authentication code σ:
51) receiving terminal of Public Key Infrastructure environment calculates hash value h '2, formula is as follows:
h′2=H2(m,U,PKA,pkB,skBPKA),
Wherein H2For hash function, m is message, U is commitment value, PKAPublic key, pk for transmitting terminalBFor receiving terminal public key, skBPKAFor receiving terminal private key skBWith transmitting terminal public key pkAProduct;
52) the value S ' of Bilinear map is calculated, formula is as follows:
S '=e (U+h '2QA,skBPpub),
Wherein e is bilinear map, and U is commitment value, h '2Hash function value, QAFor transmitting terminal identity IDAHash values, skBPpub For receiving terminal private key skBYour Majesty's key P at center is generated with private keypubProduct;
53) whether verification equation S '=S is true;If set up, output indicates correct symbol;If invalid, output indicates The symbol of mistake.
6. a kind of deniable Verification System of isomery, it is characterised in that including:No diploma system parameter module sends end part private The complete private key module of key module, transmitting terminal, transmitting terminal public key module, receiving terminal private key and public key module deny authentication module, test Demonstrate,prove module;
The no diploma system parameter module for be arranged the systematic parameter without certificate environment, generate the main private key at private key center with Your Majesty's key;
The transmission end part private key module is carried for the systematic parameter according to no certificate environment and the transmitting terminal without certificate environment The identity information ID of the transmitting terminal of friendshipAGenerate the part private key D of corresponding transmitting terminalA
The secret value x that the complete private key module of transmitting terminal is used to be generated at random according to local terminalAPrivate key is come from what is received The part private key D that generation center is sentAThe complete private key S of transmitting terminal is setA=(xA,DA);
The transmitting terminal public key module is used to generate the public key of transmitting terminal according to systematic parameter and the secret value of transmitting terminal;
The random number that the receiving terminal private key and public key module are used to select according to receiving terminal connects as receiving terminal private key and generation The public key of receiving end;
It is described to deny authentication module for according to systematic parameter, the identity of transmitting terminal, public key and the private key of transmitting terminal, receiving terminal Public key and message generate one and deny authentication code and be sent to receiving terminal;
The authentication module is used for according to systematic parameter, the identity of transmitting terminal, the public key of transmitting terminal, the public key of receiving terminal and private Key denies that authentication code and message, output indicate symbol correctly or incorrectly.
7. the deniable Verification System of a kind of isomery according to claim 6, it is characterised in that:
The complete private key module of transmitting terminal specifically includes the secret value cell of setting and complete private key unit is arranged.
8. the deniable Verification System of a kind of isomery according to claim 7, it is characterised in that:
The secret value cell is for generating a random number as secret value;
The complete private key unit is used to secret value and part private key jointly forming complete private key.
9. the deniable Verification System of a kind of isomery according to claim 6, it is characterised in that:
It is described to deny that authentication module specifically includes generation Committing unit, calculates hash value unit, signature unit, calculates Bilinear map Authentication code unit is denied in unit and transmission;
The generation Committing unit is for generating random number and generating promise;
The hash value for calculating hash value unit and being used to calculate given message;
The signature unit is for given message of signing;
The calculating Bilinear map unit denies authentication code for generating part;
The transmission denies authentication code unit for that will deny that authentication code is sent to receiving terminal.
10. the deniable Verification System of a kind of isomery according to claim 6, it is characterised in that:
The authentication module, which specifically includes, to be calculated hash value unit, calculates Bilinear map unit and authentication unit;
The hash value for calculating hash value unit and being used to calculate given message;
The calculating Bilinear map unit denies authentication code for generating part;
The authentication unit is used to verify the part generated and denies whether authentication code is consistent;If consistent, correct symbol is exported;It is no Then, output error symbol.
CN201810163893.XA 2018-02-27 2018-02-27 Authentication method and system for heterogeneous repudiation Active CN108449326B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810163893.XA CN108449326B (en) 2018-02-27 2018-02-27 Authentication method and system for heterogeneous repudiation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810163893.XA CN108449326B (en) 2018-02-27 2018-02-27 Authentication method and system for heterogeneous repudiation

Publications (2)

Publication Number Publication Date
CN108449326A true CN108449326A (en) 2018-08-24
CN108449326B CN108449326B (en) 2021-03-16

Family

ID=63192610

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810163893.XA Active CN108449326B (en) 2018-02-27 2018-02-27 Authentication method and system for heterogeneous repudiation

Country Status (1)

Country Link
CN (1) CN108449326B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN110191089A (en) * 2019-04-25 2019-08-30 西安邮电大学 Non-interactive type authentication method and system for internet of things data processing
CN113572603A (en) * 2021-07-21 2021-10-29 淮阴工学院 Heterogeneous user authentication and key agreement method
CN114501442A (en) * 2021-12-07 2022-05-13 珠海格力电器股份有限公司 Message tampering detection method, auxiliary method, device, medium and terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
CN104301108A (en) * 2014-09-23 2015-01-21 电子科技大学 Signcryption method based from identity environment to certificateless environment
CN104767611A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from public key infrastructure environment to certificateless environment
CN104767612A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from certificateless environment to public key infrastructure environment
US20170214529A1 (en) * 2016-01-27 2017-07-27 Lg Electronics Inc. System and method for authentication of things

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
CN104301108A (en) * 2014-09-23 2015-01-21 电子科技大学 Signcryption method based from identity environment to certificateless environment
CN104767611A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from public key infrastructure environment to certificateless environment
CN104767612A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from certificateless environment to public key infrastructure environment
US20170214529A1 (en) * 2016-01-27 2017-07-27 Lg Electronics Inc. System and method for authentication of things

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
金春花: "具有特殊性质的认证协议设计及应用研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN110113150B (en) * 2019-04-08 2021-09-17 淮阴工学院 Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN110191089A (en) * 2019-04-25 2019-08-30 西安邮电大学 Non-interactive type authentication method and system for internet of things data processing
CN113572603A (en) * 2021-07-21 2021-10-29 淮阴工学院 Heterogeneous user authentication and key agreement method
CN113572603B (en) * 2021-07-21 2024-02-23 淮阴工学院 Heterogeneous user authentication and key negotiation method
CN114501442A (en) * 2021-12-07 2022-05-13 珠海格力电器股份有限公司 Message tampering detection method, auxiliary method, device, medium and terminal
CN114501442B (en) * 2021-12-07 2023-11-03 珠海格力电器股份有限公司 Message tamper detection method, auxiliary method, device, medium and terminal

Also Published As

Publication number Publication date
CN108449326B (en) 2021-03-16

Similar Documents

Publication Publication Date Title
Mandt et al. Certificateless authenticated two-party key agreement protocols
CN107947913B (en) Anonymous authentication method and system based on identity
Xie et al. Privacy-preserving matchmaking for mobile social networking secure against malicious users
US8930704B2 (en) Digital signature method and system
Harn et al. Generalized digital certificate for user authentication and key establishment for secure communications
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
US5796833A (en) Public key sterilization
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
US20070242830A1 (en) Anonymous Certificates with Anonymous Certificate Show
CN101821987B (en) Efficient certified email protocol
Toorani et al. LPKI-a lightweight public key infrastructure for the mobile environments
JPWO2008146667A1 (en) Anonymous authentication system and anonymous authentication method
Al-Riyami Cryptographic schemes based on elliptic curve pairings
US20040123110A1 (en) Apparatus and method for ID-based ring structure by using bilinear pairings
US9860069B2 (en) Group signature using a pseudonym
CN108449326A (en) A kind of deniable authentication method of isomery and system
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
Waheed et al. Cryptanalysis and improvement of a proxy signcryption scheme in the standard computational model
CN1905447B (en) Authentication encryption method and E-mail system
Chen Secure multicast key protocol for electronic mail systems with providing perfect forward secrecy
CN111669275B (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
Wang et al. An efficient anonymous batch authenticated and key agreement scheme using self-certified public keys in VANETs
CN109412815B (en) Method and system for realizing cross-domain secure communication
Tiwari et al. Analysis on the generalization of proxy signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180824

Assignee: Huai'an road data Co.,Ltd.

Assignor: HUAIYIN INSTITUTE OF TECHNOLOGY

Contract record no.: X2021980011162

Denomination of invention: A heterogeneous deniable authentication method and system

Granted publication date: 20210316

License type: Common License

Record date: 20211022