CN108632043B - Optimized ring signature method and system - Google Patents

Optimized ring signature method and system Download PDF

Info

Publication number
CN108632043B
CN108632043B CN201810354020.7A CN201810354020A CN108632043B CN 108632043 B CN108632043 B CN 108632043B CN 201810354020 A CN201810354020 A CN 201810354020A CN 108632043 B CN108632043 B CN 108632043B
Authority
CN
China
Prior art keywords
ring
signature
user identity
user
ring signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201810354020.7A
Other languages
Chinese (zh)
Other versions
CN108632043A (en
Inventor
黎忠文
桑永宣
吴成宾
范文杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu University
Original Assignee
Chengdu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu University filed Critical Chengdu University
Priority to CN201810354020.7A priority Critical patent/CN108632043B/en
Publication of CN108632043A publication Critical patent/CN108632043A/en
Application granted granted Critical
Publication of CN108632043B publication Critical patent/CN108632043B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Abstract

The invention discloses an optimized ring signature method and system. The ring signature method comprises the following steps: acquiring each user identity and a message to be signed; randomly selecting parameters according to each user identity to generate system parameters and a master key; determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity; obtaining a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity; and judging whether the ring signature is a valid signature. By adopting the optimized ring signature method, the communication efficiency of the ring signature can be improved.

Description

Optimized ring signature method and system
Technical Field
The present invention relates to the field of communications, and in particular, to an optimized ring signature method and system.
Background
The ring signature scheme under the traditional Public Key Infrastructure (PKI) framework faces two major problems: firstly, the management of a user public key certificate is carried out, under a PKI system, the identity of a user and the public key of the user are bound through a digital certificate, and when the number of the users is large, the management and verification of the certificate occupy a large amount of system resources and become the bottleneck of the application of the whole system. In a ring signature system, the problem is particularly obvious, a verifier needs to verify not only a public key certificate of a signer but also public key certificates of other users in a ring, and the signer needs to verify the certificates of the other users in the ring before signing to ensure the anonymity of the signer, and when the number of users in the ring is large, the signing and verifying efficiency is seriously influenced. Under the architecture, identity information of a user is a public key of the user, and a corresponding private key is calculated by a Key Generation Center (KGC) according to the user identity and a private key of a system. The identity-based ring signature system is formed by fusing an identity-based cryptographic technology and a ring signature technology, and is slightly different from the original ring signature system in that the identity-based ring signature system has a trusted central KGC which is responsible for generating corresponding public and private keys for users in the system, but the existence of the KGC should not influence the anonymity of the ring signature, namely the KGC cannot know which user in the ring carries out the signature. So far, although there are a series of grid ring signature schemes and grid identity-based signature schemes, in the existing ring signature schemes, the main problems are focused on the aspects of calculation, communication efficiency and security of the system, which still need to be improved.
Disclosure of Invention
The invention aims to provide an optimized ring signature method and system, which can improve the communication efficiency of ring signatures.
In order to achieve the purpose, the invention provides the following scheme:
an optimized ring signature method, the ring signature method comprising:
acquiring each user identity and a message to be signed;
randomly selecting parameters according to each user identity to generate system parameters and a master key;
determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity;
obtaining a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity;
and judging whether the ring signature is a valid signature.
Optionally, the acquiring each user identity and the message to be signed specifically includes:
and acquiring a plurality of user identity IDs and the message m to be signed according to the two hash functions.
Optionally, the randomly selecting a parameter according to each user identity, and generating a system parameter and a corresponding master key specifically includes:
selecting a parameter n according to each user identity, and operating a trap generation function TrapGen (1) according to the parameter n and KGCn) Generating a matrix
Figure BDA0001634132410000021
And ^ a(A0) Corresponding to a short base S0And then, calculating the average value of the average value,
Figure BDA0001634132410000022
and order S0Is a master secretKey, order (A)0T) is a primary public key;
among them, TrapGen (1)n) Is a trap generation function that is run to output a pair of information (A, T), where A is statistically close to
Figure BDA0001634132410000023
One is uniformly distributed, T is ^(A) A good group of0Is a matrix of nxm dimensions, ID1Identity ID, indicating the first user in the ring2ID representing the second user in the ring, and so on, H0Representing hash functions, formulas
Figure BDA0001634132410000024
Representing the calculation of the sum of the public keys of the respective users.
Optionally, the determining, according to the system parameter, the master key, and the user identity, a private key corresponding to the user identity specifically includes:
calling the BasisDel function (A)0,H0(IDi),S0Sigma) algorithm gets
Figure BDA0001634132410000025
Wherein
Figure BDA0001634132410000026
Is a(A0(H0(IDi))-1) And
Figure BDA0001634132410000027
any one of the groups of (1);
wherein BasisDel is a base deletion function, sigma represents a normal distribution standard deviation parameter, and the function output is ^(A0(H0(IDi))-1) A random base of (1), and satisfy
Figure BDA0001634132410000028
Wherein A is0(H0(IDi))-1Represents a transpose of a matrix;
for j is more than or equal to 1 and less than or equal to m, a non-uniform small integer de-sampling function is called
Figure BDA0001634132410000031
To generate SijWherein t isjIs the jth column of T and
Figure BDA0001634132410000032
order to
Figure BDA0001634132410000033
Is IDiThe secret key of (a), and therefore,
Figure BDA0001634132410000034
and A is0(H0(IDi))-1Si=T。
Optionally, the obtaining a corresponding ring signature according to the message to be signed, the user identity, and the private key corresponding to the user identity specifically includes:
(a)
Figure BDA0001634132410000035
wherein the content of the first and second substances,
Figure BDA0001634132410000036
is a discrete normal distribution over Zm with standard deviation σ, y1,y2,…ylA feature vector for each user ID;
(b) computing
Figure BDA0001634132410000037
Wherein, y1,y2,…ylA syndrome (i.e., a feature vector) representing each user ID on the ring R, μ represents information of a signature of the ring R, and c represents information according to an algorithm formula
Figure BDA0001634132410000038
The calculated signature information;
(c) if j is i, then z is setj=Sic+yjZj represents the feature vector of the jth user ID on ring R, otherwise, set zj=yjOutput signature (. mu., z)1,z2,...zlC, the probability of R) is
Figure BDA0001634132410000039
R denotes a ring composed of respective user IDs,
Figure BDA00016341324100000310
where M represents a constant calculated, whose value is related to T,
Figure BDA00016341324100000311
expressed as a discrete normal distribution over Zm with standard deviation sigma,
Figure BDA00016341324100000312
denotes the value v ∈ ZmA discrete normal distribution on a vector Zm centered at and standard deviation σ, and l represents the number of users in the ring R.
Optionally, the determining whether the ring signature is a valid signature specifically includes:
sign the ring (μ, z)1,z2,...zlC, R) the following formula is input:
H(A0H0(ID1)-1z1+A0H0(ID2)-1z2...+A0H0(IDl)-1zl-Tc,μ)=c
judging whether the equation is established or not;
if the above equation is true, the ring signature is a valid signature;
if the above equation does not hold, the ring signature is an invalid signature.
In order to achieve the purpose, the invention provides the following scheme:
an optimized ring signature system, the ring signature system comprising:
the user identity acquisition module is used for acquiring each user identity;
the message to be signed acquisition module is used for acquiring the message to be signed;
the system parameter and master key acquisition module is used for randomly selecting parameters according to each user identity to generate system parameters and master keys;
the private key acquisition module is used for determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity;
the ring signature acquisition module is used for acquiring a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity;
and the judging module is used for judging whether the ring signature is a valid signature.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses an optimized ring signature method and system. The ring signature method comprises the following steps: acquiring each user identity and a message to be signed; randomly selecting parameters according to each user identity to generate system parameters and a master key; determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity; obtaining a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity; and judging whether the ring signature is a valid signature. By adopting the optimized ring signature method, the communication efficiency of the ring signature can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a flow chart of an optimized ring signature method according to an embodiment of the present invention;
fig. 2 is a diagram of an optimized ring signature system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide an optimized ring signature method and system, which can improve the communication efficiency of ring signatures.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a flowchart of an optimized ring signature method according to an embodiment of the present invention. As shown in fig. 1, an optimized ring signature method includes:
step 101: acquiring each user identity and a message to be signed, specifically comprising: and acquiring a plurality of user identity IDs and the message m to be signed according to the two hash functions.
Step 102: randomly selecting parameters according to each user identity to generate system parameters and a master key;
step 103: determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity;
step 104: obtaining a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity;
step 105: and judging whether the ring signature is a valid signature.
In step 102, the randomly selecting a parameter according to each user identity to generate a system parameter and a corresponding master key specifically includes:
according to eachSelecting a parameter n for each user identity, and operating a trap generation function TrapGen (1) according to the parameter n and KGCn) Generating a matrix
Figure BDA0001634132410000051
And ^ a(A0) Corresponding to a short base S0And then, calculating the average value of the average value,
Figure BDA0001634132410000052
and order S0Is a master private key, order (A)0T) is a primary public key;
among them, TrapGen (1)n) Is a trap generation function that is run to output a pair of information (A, T), where A is statistically close to
Figure BDA0001634132410000053
One is uniformly distributed, T is ^(A) A good group of0Is a matrix of nxm dimensions, ID1Identity ID, indicating the first user in the ring2ID representing the second user in the ring, and so on, H0Representing hash functions, formulas
Figure BDA0001634132410000061
Representing the calculation of the sum of the public keys of the respective users.
In step 103, the determining a private key corresponding to the user identity according to the system parameter, the master key, and the user identity specifically includes:
calling the BasisDel function (A)0,H0(IDi),S0Sigma) algorithm gets
Figure BDA0001634132410000062
Wherein
Figure BDA0001634132410000063
Is a(A0(H0(IDi))-1) And
Figure BDA0001634132410000064
any one of the groups of (1);
wherein BasisDel is a base deletion function, sigma represents a normal distribution standard deviation parameter, and the function output is ^(A0(H0(IDi))-1) A random base of (1), and satisfy
Figure BDA0001634132410000065
Wherein A is0(H0(IDi))-1Represents a transpose of a matrix;
for j is more than or equal to 1 and less than or equal to m, a non-uniform small integer de-sampling function is called
Figure BDA0001634132410000066
To generate SijWherein t isjIs the jth column of T and
Figure BDA0001634132410000067
order to
Figure BDA0001634132410000068
Is IDiThe secret key of (a), and therefore,
Figure BDA0001634132410000069
and A is0(H0(IDi))-1Si=T。
In step 104, obtaining a corresponding ring signature according to the message to be signed, the user identity, and the private key corresponding to the user identity specifically includes:
(a)
Figure BDA00016341324100000610
wherein the content of the first and second substances,
Figure BDA00016341324100000611
is a discrete normal distribution over Zm with standard deviation σ, y1,y2,…ylA feature vector for each user ID;
(b) computing
Figure BDA00016341324100000612
Wherein, y1,y2,…ylA syndrome (i.e., a feature vector) representing each user ID on the ring R, μ represents information of a signature of the ring R, and c represents information according to an algorithm formula
Figure BDA00016341324100000613
The calculated signature information;
(c) if j is i, then z is setj=Sic+yjZj represents the feature vector of the jth user ID on ring R, otherwise, set zj=yjOutput signature (. mu., z)1,z2,...zlC, the probability of R) is
Figure BDA00016341324100000614
R denotes a ring composed of respective user IDs,
Figure BDA00016341324100000615
where M represents a constant calculated, whose value is related to T,
Figure BDA00016341324100000616
expressed as a discrete normal distribution over Zm with standard deviation sigma,
Figure BDA00016341324100000617
denotes the value v ∈ ZmA discrete normal distribution on a vector Zm centered at and standard deviation σ, and l represents the number of users in the ring R.
In step 105, the method specifically includes:
sign the ring (μ, z)1,z2,...zlC, R) the following formula is input:
H(A0H0(ID1)-1z1+A0H0(ID2)-1z2...+A0H0(IDl)-1zl-Tc,μ)=c
judging whether the equation is established or not;
if the above equation is true, the ring signature is a valid signature;
if the above equation does not hold, the ring signature is an invalid signature.
Fig. 2 is a diagram of an optimized ring signature system according to an embodiment of the present invention. As shown in fig. 2, an optimized ring signature system includes:
a user identity obtaining module 201, configured to obtain each user identity;
a message to be signed acquisition module 202, configured to acquire a message to be signed;
a system parameter and master key obtaining module 203, configured to randomly select a parameter according to each user identity, and generate a system parameter and a master key;
a private key obtaining module 204, configured to determine, according to the system parameter, the master key, and the user identity, a private key corresponding to the user identity;
a ring signature obtaining module 205, configured to obtain a corresponding ring signature according to the message to be signed, the user identity, and the private key corresponding to the user identity;
a determining module 206, configured to determine whether the ring signature is a valid signature.
First, most ring signature schemes so far rely on the hard-theoretic problem, discrete logarithm, and bilinear peer-to-peer support techniques, but unfortunately, the above-described number-theoretic-based cryptographic problem can be easily broken in the latter quantum era. Because of its simplicity and high security, lattice-based cryptography is receiving great attention. The scheme provided by the invention only uses linear operations such as modular multiplication, modular addition and the like, so that the signature scheme provided by the invention has more advantages in efficiency compared with the traditional ring signature scheme based on number theory. Secondly, the efficiency of the lattice-based signature scheme is mainly determined by factors such as the length of a public key, a private key and a signature, lattice dimension, and the computation time in an extraction and signature algorithm, the scheme of the invention can realize the signature algorithm only by a few matrix vectors, and in order to embody the advantages of the scheme of the invention in the aspect of efficiency, two lattice-based ring signature schemes which have public impact on the generated public key length, the private key length and the signature length are selected as comparison.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (3)

1. An optimized ring signature method, the ring signature method comprising:
acquiring each user identity and a message to be signed;
randomly selecting parameters according to each user identity to generate system parameters and a master key;
determining a private key corresponding to the user identity according to the system parameter, the master key and the user identity;
obtaining a corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity;
judging whether the ring signature is a valid signature;
the randomly selecting parameters according to each user identity to generate system parameters and corresponding master keys specifically includes:
selecting a parameter n according to each user identity, and operating a trap generation function TrapGen (1) according to the parameter n and KGCn) Generating a matrix
Figure FDA0003061462620000011
And ^ a(A0) Corresponding to a short base S0And then, calculating the average value of the average value,
Figure FDA0003061462620000012
and order S0Is a master private key, order (A)0T) is a primary public key;
among them, TrapGen (1)n) Is a trap generation function that is run to output a pair of information (A, T), where A is statistically close to
Figure FDA0003061462620000013
One is uniformly distributed, T is ^(A) A good group of0Is a matrix of nxm dimensions, ID1Identity ID, indicating the first user in the ring2ID representing the second user in the ring, and so on, H0Representing hash functions, formulas
Figure FDA0003061462620000014
Representing calculating the sum of public keys of each user;
the determining, according to the system parameter, the master key, and the user identity, a private key corresponding to the user identity specifically includes:
calling the BasisDel function (A)0,H0(IDi),S0Sigma) algorithm gets
Figure FDA0003061462620000021
Wherein
Figure FDA0003061462620000022
Is a(A0(H0(IDi))-1) And
Figure FDA0003061462620000023
any one of the groups of (1);
wherein BasisDel is a base deletion function, sigma represents a normal distribution standard deviation parameter, and the function output is ^(A0(H0(IDi))-1) A random base of (1), and satisfy
Figure FDA0003061462620000024
Figure FDA0003061462620000025
Wherein A is0(H0(IDi))-1Represents a transpose of a matrix;
for j is more than or equal to 1 and less than or equal to m, a non-uniform small integer de-sampling function is called
Figure FDA0003061462620000026
To generate SijWherein t isjIs the jth column of T and
Figure FDA0003061462620000027
order to
Figure FDA0003061462620000028
Is IDiThe secret key of (a), and therefore,
Figure FDA0003061462620000029
and A is0(H0(IDi))-1Si=T;
The obtaining of the corresponding ring signature according to the message to be signed, the user identity and the private key corresponding to the user identity specifically includes:
(a)
Figure FDA00030614626200000210
wherein the content of the first and second substances,
Figure FDA00030614626200000211
z with standard deviation of sigmamDiscrete normal distribution of (a), y1,y2,…ylA feature vector for each user ID;
(b) computing
Figure FDA00030614626200000212
Wherein, y1,y2,…ylA syndrome representing each user ID on the ring R, i.e., a feature vector,. mu.represents information of the ring R signature, and c represents a formula according to an algorithm
Figure FDA00030614626200000213
The calculated signature information;
(c) if j is i, then z is setj=Sic+yj,zjA feature vector representing the jth user ID on ring R, otherwise, set zj=yjOutput signature (. mu., z)1,z2,...zlC, the probability of R) is
Figure FDA00030614626200000214
R denotes a ring composed of respective user IDs,
Figure FDA00030614626200000215
where M represents a constant calculated, whose value is related to T,
Figure FDA00030614626200000216
z expressed as standard deviation sigmamThe discrete normal distribution of (a) above,
Figure FDA0003061462620000031
denotes the value v ∈ ZmVector Z centered and having standard deviation σmAbove the discrete normal distribution, l denotes the users in the ring RThe number of (2);
the determining whether the ring signature is a valid signature specifically includes:
sign the ring (μ, z)1,z2,...zlC, R) the following formula is input:
H(A0H0(ID1)-1z1+A0H0(ID2)-1z2...+A0H0(IDl)-1zl-Tc,μ)=c
judging whether the formula is established or not;
if the formula is established, the ring signature is a valid signature;
and if the formula is not satisfied, the ring signature is an invalid signature.
2. The optimized ring signature method according to claim 1, wherein the obtaining of each user identity and the message to be signed specifically comprises:
and acquiring a plurality of user identity IDs and the message m to be signed according to the two hash functions.
3. An optimized ring signature system, the ring signature system comprising:
the user identity acquisition module is used for acquiring each user identity;
the message to be signed acquisition module is used for acquiring the message to be signed;
a system parameter and master key obtaining module for randomly selecting parameters according to each user identity to generate system parameters and master keys, specifically for selecting a parameter n according to each user identity and operating a trap generation function TrApgen (1) according to the parameter n and KGCn) Generating a matrix
Figure FDA0003061462620000032
And ^ a(A0) Corresponding to a short base S0And then, calculating the average value of the average value,
Figure FDA0003061462620000033
and order S0Is a master private key, order (A)0T) is a primary public key;
among them, TrapGen (1)n) Is a trap generation function that is run to output a pair of information (A, T), where A is statistically close to
Figure FDA0003061462620000034
One is uniformly distributed, T is ^(A) A good group of0Is a matrix of nxm dimensions, ID1Identity ID, indicating the first user in the ring2ID representing the second user in the ring, and so on, H0Representing hash functions, formulas
Figure FDA0003061462620000041
Representing calculating the sum of public keys of each user;
a private key obtaining module, configured to determine, according to the system parameter, the master key, and the user identity, a private key corresponding to the user identity, specifically,
for calling the BasisDel function (A)0,H0(IDi),S0Sigma) algorithm gets
Figure FDA0003061462620000042
Wherein
Figure FDA0003061462620000043
Is a(A0(H0(IDi))-1) And
Figure FDA0003061462620000044
any one of the groups of (1);
wherein BasisDel is a base deletion function, sigma represents a normal distribution standard deviation parameter, and the function output is ^(A0(H0(IDi))-1) A random base ofAnd satisfy
Figure FDA0003061462620000045
Figure FDA0003061462620000046
Wherein A is0(H0(IDi))-1Represents a transpose of a matrix;
for j is more than or equal to 1 and less than or equal to m, a non-uniform small integer de-sampling function is called
Figure FDA0003061462620000047
To generate SijWherein t isjIs the jth column of T and
Figure FDA0003061462620000048
order to
Figure FDA0003061462620000049
Is IDiThe secret key of (a), and therefore,
Figure FDA00030614626200000410
and A is0(H0(IDi))-1Si=T;
A ring signature obtaining module, configured to obtain a corresponding ring signature according to the message to be signed, the user identity, and the private key corresponding to the user identity, which is specifically used in (a)
Figure FDA00030614626200000411
Wherein the content of the first and second substances,
Figure FDA00030614626200000412
z with standard deviation of sigmamDiscrete normal distribution of (a), y1,y2,…ylA feature vector for each user ID;
(b) computing
Figure FDA00030614626200000413
Wherein, y1,y2,…ylA syndrome representing each user ID on the ring R, i.e., a feature vector,. mu.represents information of the ring R signature, and c represents a formula according to an algorithm
Figure FDA0003061462620000051
The calculated signature information;
(c) if j is i, then z is setj=Sic+yjZj represents the feature vector of the jth user ID on ring R, otherwise, set zj=yjOutput signature (. mu., z)1,z2,...zlC, the probability of R) is
Figure FDA0003061462620000052
R denotes a ring composed of respective user IDs,
Figure FDA0003061462620000053
where M represents a constant calculated, whose value is related to T,
Figure FDA0003061462620000054
z expressed as standard deviation sigmamThe discrete normal distribution of (a) above,
Figure FDA0003061462620000055
denotes the value v ∈ ZmVector Z centered and having standard deviation σmThe above discrete normal distribution, l represents the number of users in ring R;
a judging module for judging whether the ring signature is a valid signature, specifically for judging whether the ring signature (μ, z) is a valid signature1,z2,...zlC, R) the following formula is input:
H(A0H0(ID1)-1z1+A0H0(ID2)-1z2...+A0H0(IDl)-1zl-Tc,μ)=c
judging whether the formula is established or not;
if the formula is established, the ring signature is a valid signature;
and if the formula is not satisfied, the ring signature is an invalid signature.
CN201810354020.7A 2018-04-19 2018-04-19 Optimized ring signature method and system Expired - Fee Related CN108632043B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810354020.7A CN108632043B (en) 2018-04-19 2018-04-19 Optimized ring signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810354020.7A CN108632043B (en) 2018-04-19 2018-04-19 Optimized ring signature method and system

Publications (2)

Publication Number Publication Date
CN108632043A CN108632043A (en) 2018-10-09
CN108632043B true CN108632043B (en) 2021-08-24

Family

ID=63705574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810354020.7A Expired - Fee Related CN108632043B (en) 2018-04-19 2018-04-19 Optimized ring signature method and system

Country Status (1)

Country Link
CN (1) CN108632043B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831306B (en) * 2019-01-15 2021-08-31 如般量子科技有限公司 Anti-quantum computation ring signature method and system based on multiple key pools

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684885A (en) * 2012-05-25 2012-09-19 孙华 Identity-based threshold ring signature method
US9660813B1 (en) * 2012-03-27 2017-05-23 EMC IP Holding Company LLC Dynamic privacy management for communications of clients in privacy-preserving groups

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9660813B1 (en) * 2012-03-27 2017-05-23 EMC IP Holding Company LLC Dynamic privacy management for communications of clients in privacy-preserving groups
CN102684885A (en) * 2012-05-25 2012-09-19 孙华 Identity-based threshold ring signature method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
格上高效的基于身份的环签名体制;贾小英 等;《密码学报》;20170815;第4节 *

Also Published As

Publication number Publication date
CN108632043A (en) 2018-10-09

Similar Documents

Publication Publication Date Title
Lu et al. Raptor: a practical lattice-based (linkable) ring signature
Wang et al. Oruta: Privacy-preserving public auditing for shared data in the cloud
US10263773B2 (en) Method for updating a public key
JP2013066151A (en) Information processing device, information processing method, and program
CN110880977A (en) Safe and efficient SM9 ring signature generation and verification method
Nie et al. NCLAS: A novel and efficient certificateless aggregate signature scheme
He et al. An efficient certificateless designated verifier signature scheme.
Zhu et al. An identity‐based proxy signature on NTRU lattice
Noh et al. Strong designated verifier signature scheme from lattices in the standard model
Islam et al. Certificateless strong designated verifier multisignature scheme using bilinear pairings
CN109618348B (en) Method and device for realizing one-way proxy re-signature
Xin et al. Identity-based quantum designated verifier signature
Lizama-Pérez et al. Public hash signature for mobile network devices
CN108632043B (en) Optimized ring signature method and system
CN112989436A (en) Multi-signature method based on block chain platform
Zhang et al. Attack on Chen et al.'s certificateless aggregate signature scheme
CN116318736A (en) Two-level threshold signature method and device for hierarchical management
Yan et al. Identity‐based signcryption from lattices
Lin et al. F2p-abs: A fast and secure attribute-based signature for mobile platforms
CN110932866B (en) Ring signature generation method based on SM2 digital signature algorithm
Hu et al. An efficient designated verifier signature scheme with pairing‐free and low cost
CN110430041B (en) Certificateless digital signature method under cloud service scene
Zhou et al. A unidirectional certificateless proxy re‐signature scheme based on lattice
Yuan On the security of a proxy signature scheme in the standard model
Kim et al. Self proxy signature scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210824

CF01 Termination of patent right due to non-payment of annual fee