CN108667624A - A kind of compact torus endorsement method under master pattern and system - Google Patents
A kind of compact torus endorsement method under master pattern and system Download PDFInfo
- Publication number
- CN108667624A CN108667624A CN201810679396.5A CN201810679396A CN108667624A CN 108667624 A CN108667624 A CN 108667624A CN 201810679396 A CN201810679396 A CN 201810679396A CN 108667624 A CN108667624 A CN 108667624A
- Authority
- CN
- China
- Prior art keywords
- signature
- calculate
- verification
- knowledge
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The present invention is suitable for digital-scrambling techniques field, provides the compact torus endorsement method under a kind of master pattern, including:Obtain security parameter, generate verification signature key, the first random number, programmable hash function public key and authentication secret, obtain ring, signature key, message and several second random numbers, it is randomized signature key again according to signature key and the second generating random number and corresponding is randomized authentication secret again, calculate the signature median and knowledge demonstration, are signed, when progress knowledge is proved, median quadrature is proved to generation, signature is obtained after obtaining product value;Ring, message and signature, calculate the signature median and the verification for carrying out epistemology card are obtained, then judges whether the output of two Bilinear map operations is equal, if equal, signature is effective.The embodiment of the present invention is by optimizing knowledge supporting part, to make the length of signature shorten nearly half, meanwhile, the Bilinear map calculation times in signature-verification process can be made to reduce nearly half.
Description
Technical field
The invention belongs under digital-scrambling techniques field more particularly to a kind of master pattern compact torus endorsement method and be
System.
Background technology
Ring signatures are a kind of digital signature, it can make a user represent a user group couple using the private key of oneself
Some information is signed, and to reveal the identity of signer, digital signature is made to have anonymity.
In the evolution of ring signatures, most of ring signatures are all based on random oracle (Random
Oracle Model, ROM) and common reference character string model (Common Reference String, CRS).2017, it is
Improve the safety of ring signatures, Molavolta et al. is proposed under a kind of efficient master pattern (Standard Model)
Ring signatures scheme.
The program solves the safety issue of ring signatures well, but there are the signature of ring signatures is excessive, ring signatures
Verification time length problem.
Invention content
Technical problem to be solved by the present invention lies in the compact torus endorsement method and system that provide under a kind of master pattern,
The prior art is aimed to solve the problem that when carrying out ring signatures, there are the signature of ring signatures is excessive, the problem of the verification time length of ring signatures.
The invention is realized in this way the compact torus endorsement method under a kind of master pattern, including:
Step A obtains security parameter, generates verification signature key, the first random number, programmable hash function public key and tests
Demonstrate,prove key;
Step B obtains ring, signature key, message and several second random numbers, according to the signature key and described second
Generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to the label again again
Name median carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to generate
Demonstration median quadrature, obtain product value, and the signature is obtained according to the product value;
Step C obtains the ring, the message and the signature, calculate the signature median, according to the signature being calculated
The verification that median carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear map operations after completing to verify
Output it is whether equal, if equal, the signature is effective, if unequal, the signature is invalid.
Further, in step, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- members of z, k, C
Element,Wherein, x indicates that the verification signature key, β indicate first random number, can described in k expressions
Program hash function public key, g1、g2For the generation member of cyclic group.
Further, in stepb, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, it is described
Message indicates that second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δ with mjIndicate, it is described again with
Machine authentication secret is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable
Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value is indicated with Q, described to carry out the first knowledge demonstration and the second knowledge demonstration according to signature median, is obtained
Include to signature:
Carry out first time knowledge demonstration:Calculate T=∏i∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained1,π2,c,y,s,z')。
Further, the step C includes:
Step C1 obtains the ring R={ vki}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Step C2 verifies first knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune
It calculates;
Step C3 verifies second knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne
(ci,Ti) whether true, if set up, by verification, otherwise refuse;
Step C4 judges the output of two Bilinear map operations after verifying two knowledge demonstrations
Whether true, if set up, signature is effective, and otherwise signature is invalid.
The embodiment of the present invention additionally provides the compact torus signature system under a kind of master pattern, including:
Acquiring unit generates verification signature key, the first random number, programmable hash function for obtaining security parameter
Public key and authentication secret;
Signature unit, for obtaining ring, signature key, message and several second random numbers, according to the signature key and
Second generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, root again again
The first knowledge demonstration and the second knowledge demonstration are carried out according to the signature median, is signed, wherein is carrying out knowledge demonstration
When, the demonstration median quadrature to generation obtains product value, and obtains the signature according to the product value;
Authentication unit, for obtaining the ring, the message and the signature, calculate the signature median, according to calculating
The verification that the signature median arrived carries out the first knowledge demonstration and the second knowledge demonstration judges two two-wires after completing to verify
Property it is whether equal to the output of operation, if equal, the signature is effective, if unequal, the signature is invalid.
Further, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates that the verification signature key, β indicate that first random number, k indicate described programmable
Hash function public key, g1、g2For the generation member of cyclic group.
Further, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, the message is with m tables
Show, second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δjIt indicates, it is described to be randomized verification again
Key is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable
Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that the signature unit is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained1,π2,c,y,s,z')。
Further, authentication unit is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune
It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne
(ci,Ti) whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, the output of two Bilinear map operations is judgedIt is
No establishment, if set up, signature is effective, and otherwise signature is invalid.
Compared with prior art, the present invention advantageous effect is:The embodiment of the present invention is tested by obtaining security parameter, generation
Demonstrate,prove signature key, the first random number, programmable hash function public key and authentication secret, and if obtain ring, signature key, message and
Dry second random number is randomized signature key according to the signature key and second generating random number and corresponding is randomized again again
Authentication secret calculates ci, c and y, according to ciThe first knowledge demonstration and the second knowledge demonstration are carried out, is signed, wherein carrying out
When knowledge is proved, to the Q of generationiQuadrature obtains Q, and obtains the signature according to obtained Q, finally obtains the ring, described disappears
Breath and the signature calculate ci, according to the c of calculatingiThe verification for carrying out the first knowledge demonstration and the second knowledge demonstration is completed to test
After card, judgeIt is whether true, if so, then the signature is effective, if not, the then signature
In vain.The embodiment of the present invention is by optimizing knowledge supporting part, the Q generated during knowledge is provediQuadrature obtains Q, from
And the length of signature is made to shorten nearly half, meanwhile, when verification knowledge is proved, corresponding Bilinear Pairing formula is changed,
The Bilinear map calculation times in signature-verification process can be made to reduce nearly half, embodiment substantially increases existing when of the invention
There is technology to carry out the efficiency of ring signatures, not to reduce the safety of ring signatures as cost.
Description of the drawings
Fig. 1 is the flow chart of the compact torus endorsement method under a kind of master pattern provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the compact torus signature system under a kind of master pattern provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Fig. 1 shows the compact torus endorsement method under a kind of master pattern provided in an embodiment of the present invention, including:
S101 obtains security parameter, generates verification signature key, the first random number, programmable hash function public key and tests
Demonstrate,prove key;
S102 obtains ring, signature key, message and several second random numbers, according to the signature key and described second
Generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to the label again again
Name median carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to generate
Demonstration median quadrature, obtain product value, and the signature is obtained according to the product value;
S103 obtains the ring, the message and the signature, calculate the signature median, according to the signature being calculated
The verification that median carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear map operations after completing to verify
Output it is whether equal, if equal, the signature is effective, if unequal, the signature is invalid.
The embodiment of the present invention is further illustrated below:
Gen:Security parameter λ is inputted, user generates verification signature key x, random number β, may be programmed hash function public key k,
Corresponding authentication secret vk is generated, it includes three elements:K,Wherein g1、g2For the generation member of cyclic group.
Sig:Input ring R={ vki}i∈n, signature key skj, message m, generation 3 random numbers s, ρ, δ are generated random again
Change signature key sk'j=skj+ ρ and corresponding it is randomized authentication secret againCalculate ci=φ (Heval (ki,m||
R)), c=Heval (kj, m | | R), wherein Heval is programmable hash function, and φ is the homomorphism of Bilinear Pairing, is calculated
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, export π1=(Q, { Ti}i∈n), C is indicated
A part for verification public key, c indicate the output of cryptographic Hash.
Carry out second of knowledge demonstration:Calculate T=∏i∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is exported1,π2,c,y,s,z')。
Verify:Input R={ vki}i∈n, message m and signature sigma, verifier calculate ci=φ (Heval (ki,m||R));
First knowledge demonstration of verification:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse;
Second knowledge demonstration of verification:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci,Ti)
It is whether true, if set up, by verification, otherwise refuse.
After two knowledge demonstrations of verification, verificationIf set up, signature is effective, nothing of otherwise signing
Effect.
In above-mentioned steps, unstated variable is intermediate parameters, no practical significance, in the present embodiment, with centre
Value is illustrated.It all can be to Q in the demonstration of knowledge twiceiQuadrature is carried out, Q is a part for the demonstration that knowledge demonstration generates, is needed
It is to be understood that in the present embodiment, Q and T in the demonstration that knowledge demonstration generates twiceiIt is different, but for table
It states conveniently, is indicated in the present embodiment using same parameters.
This embodiment of the present invention is by optimizing knowledge supporting part, the Q generated during knowledge is provediQuadrature obtains
To Q, to make the length of signature shorten nearly half, meanwhile, when verification knowledge is proved, change corresponding Bilinear Pairing
Formula can make the Bilinear map calculation times in signature-verification process reduce nearly half.The embodiment of the present invention greatly improves
The efficiency of former scheme, not to reduce the safety of ring signatures as cost.
Fig. 2 shows the compact torus signature systems under a kind of master pattern provided in an embodiment of the present invention, including:
Acquiring unit 201 generates verification signature key, the first random number, programmable Hash letter for obtaining security parameter
Number public key and authentication secret;
Signature unit 202, for obtaining ring, signature key, message and several second random numbers, according to the signature key
With second generating random number be randomized again signature key and it is corresponding be randomized authentication secret again, calculate the signature median,
The first knowledge demonstration and the second knowledge demonstration are carried out according to the signature median, is signed, wherein is carrying out knowledge demonstration
When, the demonstration median quadrature to generation obtains product value, and obtains the signature according to the product value;
Authentication unit 203, for obtaining the ring, the message and the signature, calculate the signature median, according to calculating
Obtained signature median carries out the verification that the first knowledge is proved and the second knowledge is proved, and after completing to verify, judges two pairs
Whether linearly equal to the output of operation, if equal, the signature is effective, if unequal, the signature is invalid.
Further, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates that the verification signature key, β indicate that first random number, k indicate described programmable
Hash function public key, g1、g2For the generation member of cyclic group.
Further, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, the message is with m tables
Show, second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δjIt indicates, it is described to be randomized verification again
Key is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable
Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that signature unit 202 is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T × (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained1,π2,c,y,s,z')。
Further, authentication unit 203 is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Пi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune
It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Пi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne
(ci,Ti) whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, judgeWhether true, if set up, signature has
Effect, otherwise signature is invalid.
The embodiment of the present invention additionally provides a kind of terminal, including memory, processor and storage on a memory and are being located
The computer program run on reason device, which is characterized in that when processor executes computer program, realize standard as shown in Figure 1
Each step in compact torus endorsement method under model.
A kind of readable storage medium storing program for executing is also provided in the embodiment of the present invention, is stored thereon with computer program, which is characterized in that
When the computer program is executed by processor, realize each in the compact torus endorsement method under master pattern as shown in Figure 1
A step.
In addition, each function module in each embodiment of the present invention can be integrated in a processing module, it can also
That modules physically exist alone, can also two or more modules be integrated in a module.Above-mentioned integrated mould
The form that hardware had both may be used in block is realized, can also be realized in the form of software function module.
If the integrated module is realized in the form of software function module and sells or use as independent product
When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention
Portion or part steps.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (8)
1. the compact torus endorsement method under a kind of master pattern, which is characterized in that including:
Step A obtains security parameter, and it is close to generate verification signature key, the first random number, programmable hash function public key and verification
Key;
Step B obtains ring, signature key, message and several second random numbers, at random according to the signature key and described second
Number generates to be randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according in the signature again again
Between value carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to the opinion of generation
Median quadrature is demonstrate,proved, obtains product value, and the signature is obtained according to the product value;
Step C obtains the ring, the message and the signature, calculate the signature median, among the signature being calculated
Value carries out the verification of the first knowledge demonstration and the second knowledge demonstration, after completing to verify, judges the defeated of two Bilinear map operations
Whether equal go out, if equal, the signature is effective, if unequal, the signature is invalid.
2. compact torus endorsement method as described in claim 1, which is characterized in that in step, the safety coefficient is with λ tables
Showing, the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates the verification signature key, β
Indicate that first random number, k indicate the programmable hash function public key, g1、g2For the generation member of cyclic group.
3. compact torus endorsement method as claimed in claim 2, which is characterized in that in stepb, the ring is with R={ vki}i∈n
It indicates, the signature key is with skjIndicate, the message indicates with m, and second random number is indicated with s, ρ, δ, it is described again with
Machine signature key is with sk'jIt indicates, the authentication secret that is randomized again is with z'jIt indicates, the signature median includes ci, c and
Y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates to may be programmed Hash
Function, φ indicate the homomorphism of Bilinear Pairing;
The product value is indicated with Q, described to carry out the first knowledge demonstration and the second knowledge demonstration according to signature median, is signed
Name include:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Пi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained1,π2,c,y,s,z')。
4. compact torus endorsement method as claimed in claim 3, which is characterized in that the step C includes:
Step C1 obtains the ring R={ vki}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Step C2 verifies first knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune
It calculates;
Step C3 verifies second knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci,
Ti) whether true, if set up, by verification, otherwise refuse;
Step C4 judges the output of two Bilinear map operations after verifying two knowledge demonstrationsWhether
It sets up, if set up, signature is effective, and otherwise signature is invalid.
5. the compact torus signature system under a kind of master pattern, which is characterized in that including:
Acquiring unit generates verification signature key, the first random number, programmable hash function public key for obtaining security parameter
And authentication secret;
Signature unit, for obtaining ring, signature key, message and several second random numbers, according to the signature key and described
Second generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to institute again again
It states median of signing and carries out the first knowledge demonstration and the second knowledge demonstration, signed, wherein is right when progress knowledge is proved
The demonstration median quadrature of generation obtains product value, and obtains the signature according to the product value;
Authentication unit, for obtaining the ring, the message and the signature, calculate the signature median, according to what is be calculated
The verification that median of signing carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear maps after completing to verify
Whether the output of operation is equal, if equal, the signature is effective, if unequal, the signature is invalid.
6. compact torus signature system as claimed in claim 5, which is characterized in that the safety coefficient indicates with λ, the verification
Key vk includes tri- elements of z, k, C,Wherein, x indicates the verification signature key, and β indicates described the
One random number, k indicate the programmable hash function public key, g1、g2For the generation member of cyclic group.
7. compact torus signature system as claimed in claim 6, which is characterized in that the ring is with R={ vki}i∈nIt indicates, it is described
Signature key is with skjIt indicates, the message is indicated with m, and second random number is indicated with s, ρ, δ, described to be randomized signature again
Key is with sk'jIt indicates, the authentication secret that is randomized again is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates to may be programmed Hash
Function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that the signature unit is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T × (∏i∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained1,π2,c,y,s,z')。
8. compact torus signature system as claimed in claim 7, which is characterized in that authentication unit is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune
It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci,Ti)
It is whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, the output of two Bilinear map operations is judgedWhether at
Vertical, if set up, signature is effective, and otherwise signature is invalid.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810679396.5A CN108667624B (en) | 2018-06-27 | 2018-06-27 | Compact ring signature method and system under standard model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810679396.5A CN108667624B (en) | 2018-06-27 | 2018-06-27 | Compact ring signature method and system under standard model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108667624A true CN108667624A (en) | 2018-10-16 |
CN108667624B CN108667624B (en) | 2020-11-13 |
Family
ID=63773207
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810679396.5A Active CN108667624B (en) | 2018-06-27 | 2018-06-27 | Compact ring signature method and system under standard model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108667624B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600704A (en) * | 2020-05-12 | 2020-08-28 | 北京海益同展信息科技有限公司 | SM 2-based key exchange method, system, electronic device and storage medium |
WO2020191700A1 (en) * | 2019-03-28 | 2020-10-01 | 深圳大学 | Linkable ring signature method, device, apparatus, and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102983971A (en) * | 2012-10-10 | 2013-03-20 | 中国科学技术大学苏州研究院 | Certificateless signature algorithm for user identity authentication in network environment |
CN103117860A (en) * | 2013-01-21 | 2013-05-22 | 孙华 | Certificateless blind ring signature method |
CN105812356A (en) * | 2016-03-04 | 2016-07-27 | 广东石油化工学院 | Anonymous inquiry treatment method for cloud service system |
-
2018
- 2018-06-27 CN CN201810679396.5A patent/CN108667624B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102983971A (en) * | 2012-10-10 | 2013-03-20 | 中国科学技术大学苏州研究院 | Certificateless signature algorithm for user identity authentication in network environment |
CN102983971B (en) * | 2012-10-10 | 2015-07-15 | 中国科学技术大学苏州研究院 | Certificateless signature algorithm for user identity authentication in network environment |
CN103117860A (en) * | 2013-01-21 | 2013-05-22 | 孙华 | Certificateless blind ring signature method |
CN105812356A (en) * | 2016-03-04 | 2016-07-27 | 广东石油化工学院 | Anonymous inquiry treatment method for cloud service system |
Non-Patent Citations (1)
Title |
---|
杨华杰: "环签名的分析与改进", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020191700A1 (en) * | 2019-03-28 | 2020-10-01 | 深圳大学 | Linkable ring signature method, device, apparatus, and storage medium |
CN111600704A (en) * | 2020-05-12 | 2020-08-28 | 北京海益同展信息科技有限公司 | SM 2-based key exchange method, system, electronic device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108667624B (en) | 2020-11-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104393999B (en) | Authentication method and system of a kind of main equipment to its slave | |
CN102170356B (en) | Authentication system realizing method supporting exclusive control of digital signature key | |
CN107360001A (en) | A kind of digital certificate management method, device and system | |
CN112069547B (en) | Identity authentication method and system for supply chain responsibility main body | |
JP5178826B2 (en) | Public key generation method for electronic device and electronic device | |
CN108540291A (en) | Data integrity verification method in the cloud storage of identity-based | |
CN106789033B (en) | Electronic contract signing method based on certificateless bookmark encryption | |
CN110113156A (en) | A kind of traceable layering authorizes ciphertext policy ABE base authentication method more | |
JP5099003B2 (en) | Group signature system and information processing method | |
CN107395370A (en) | Digital signature method and device based on mark | |
Yu et al. | Public cloud data auditing with practical key update and zero knowledge privacy | |
CN108667624A (en) | A kind of compact torus endorsement method under master pattern and system | |
CN106209730A (en) | A kind of method and device managing application identities | |
CN106209365A (en) | The method that Backup Data is heavily signed is utilized when user cancels under cloud environment | |
CN112149156A (en) | Selective disclosure of recorded attributes and data entries | |
CN112800482B (en) | Identity-based online/offline security cloud storage auditing method | |
CN110321734A (en) | A kind of file verification method and device | |
CN112613601B (en) | Neural network model updating method, equipment and computer storage medium | |
CN111262707B (en) | Digital signature method, verification method, device and storage medium | |
US20230224164A1 (en) | Signature verification system, signature verification method, and program | |
JPWO2013129084A1 (en) | Information processing apparatus, information processing method, and program | |
CN113112268A (en) | Anonymous multiple signature method, computer device, and storage medium | |
CN108234504A (en) | The proxy data integrality detection method of identity-based in a kind of cloud storage | |
WO2021143029A1 (en) | Zero-knowledge proof method, device, and storage medium | |
CN116389164A (en) | Data detection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |