CN108667624A - A kind of compact torus endorsement method under master pattern and system - Google Patents

A kind of compact torus endorsement method under master pattern and system Download PDF

Info

Publication number
CN108667624A
CN108667624A CN201810679396.5A CN201810679396A CN108667624A CN 108667624 A CN108667624 A CN 108667624A CN 201810679396 A CN201810679396 A CN 201810679396A CN 108667624 A CN108667624 A CN 108667624A
Authority
CN
China
Prior art keywords
signature
calculate
verification
knowledge
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810679396.5A
Other languages
Chinese (zh)
Other versions
CN108667624B (en
Inventor
张鹏
任浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201810679396.5A priority Critical patent/CN108667624B/en
Publication of CN108667624A publication Critical patent/CN108667624A/en
Application granted granted Critical
Publication of CN108667624B publication Critical patent/CN108667624B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The present invention is suitable for digital-scrambling techniques field, provides the compact torus endorsement method under a kind of master pattern, including:Obtain security parameter, generate verification signature key, the first random number, programmable hash function public key and authentication secret, obtain ring, signature key, message and several second random numbers, it is randomized signature key again according to signature key and the second generating random number and corresponding is randomized authentication secret again, calculate the signature median and knowledge demonstration, are signed, when progress knowledge is proved, median quadrature is proved to generation, signature is obtained after obtaining product value;Ring, message and signature, calculate the signature median and the verification for carrying out epistemology card are obtained, then judges whether the output of two Bilinear map operations is equal, if equal, signature is effective.The embodiment of the present invention is by optimizing knowledge supporting part, to make the length of signature shorten nearly half, meanwhile, the Bilinear map calculation times in signature-verification process can be made to reduce nearly half.

Description

A kind of compact torus endorsement method under master pattern and system
Technical field
The invention belongs under digital-scrambling techniques field more particularly to a kind of master pattern compact torus endorsement method and be System.
Background technology
Ring signatures are a kind of digital signature, it can make a user represent a user group couple using the private key of oneself Some information is signed, and to reveal the identity of signer, digital signature is made to have anonymity.
In the evolution of ring signatures, most of ring signatures are all based on random oracle (Random Oracle Model, ROM) and common reference character string model (Common Reference String, CRS).2017, it is Improve the safety of ring signatures, Molavolta et al. is proposed under a kind of efficient master pattern (Standard Model) Ring signatures scheme.
The program solves the safety issue of ring signatures well, but there are the signature of ring signatures is excessive, ring signatures Verification time length problem.
Invention content
Technical problem to be solved by the present invention lies in the compact torus endorsement method and system that provide under a kind of master pattern, The prior art is aimed to solve the problem that when carrying out ring signatures, there are the signature of ring signatures is excessive, the problem of the verification time length of ring signatures.
The invention is realized in this way the compact torus endorsement method under a kind of master pattern, including:
Step A obtains security parameter, generates verification signature key, the first random number, programmable hash function public key and tests Demonstrate,prove key;
Step B obtains ring, signature key, message and several second random numbers, according to the signature key and described second Generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to the label again again Name median carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to generate Demonstration median quadrature, obtain product value, and the signature is obtained according to the product value;
Step C obtains the ring, the message and the signature, calculate the signature median, according to the signature being calculated The verification that median carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear map operations after completing to verify Output it is whether equal, if equal, the signature is effective, if unequal, the signature is invalid.
Further, in step, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- members of z, k, C Element,Wherein, x indicates that the verification signature key, β indicate first random number, can described in k expressions Program hash function public key, g1、g2For the generation member of cyclic group.
Further, in stepb, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, it is described Message indicates that second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δ with mjIndicate, it is described again with Machine authentication secret is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value is indicated with Q, described to carry out the first knowledge demonstration and the second knowledge demonstration according to signature median, is obtained Include to signature:
Carry out first time knowledge demonstration:Calculate T=∏i∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained12,c,y,s,z')。
Further, the step C includes:
Step C1 obtains the ring R={ vki}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Step C2 verifies first knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune It calculates;
Step C3 verifies second knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne (ci,Ti) whether true, if set up, by verification, otherwise refuse;
Step C4 judges the output of two Bilinear map operations after verifying two knowledge demonstrations Whether true, if set up, signature is effective, and otherwise signature is invalid.
The embodiment of the present invention additionally provides the compact torus signature system under a kind of master pattern, including:
Acquiring unit generates verification signature key, the first random number, programmable hash function for obtaining security parameter Public key and authentication secret;
Signature unit, for obtaining ring, signature key, message and several second random numbers, according to the signature key and Second generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, root again again The first knowledge demonstration and the second knowledge demonstration are carried out according to the signature median, is signed, wherein is carrying out knowledge demonstration When, the demonstration median quadrature to generation obtains product value, and obtains the signature according to the product value;
Authentication unit, for obtaining the ring, the message and the signature, calculate the signature median, according to calculating The verification that the signature median arrived carries out the first knowledge demonstration and the second knowledge demonstration judges two two-wires after completing to verify Property it is whether equal to the output of operation, if equal, the signature is effective, if unequal, the signature is invalid.
Further, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates that the verification signature key, β indicate that first random number, k indicate described programmable Hash function public key, g1、g2For the generation member of cyclic group.
Further, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, the message is with m tables Show, second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δjIt indicates, it is described to be randomized verification again Key is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that the signature unit is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained12,c,y,s,z')。
Further, authentication unit is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne (ci,Ti) whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, the output of two Bilinear map operations is judgedIt is No establishment, if set up, signature is effective, and otherwise signature is invalid.
Compared with prior art, the present invention advantageous effect is:The embodiment of the present invention is tested by obtaining security parameter, generation Demonstrate,prove signature key, the first random number, programmable hash function public key and authentication secret, and if obtain ring, signature key, message and Dry second random number is randomized signature key according to the signature key and second generating random number and corresponding is randomized again again Authentication secret calculates ci, c and y, according to ciThe first knowledge demonstration and the second knowledge demonstration are carried out, is signed, wherein carrying out When knowledge is proved, to the Q of generationiQuadrature obtains Q, and obtains the signature according to obtained Q, finally obtains the ring, described disappears Breath and the signature calculate ci, according to the c of calculatingiThe verification for carrying out the first knowledge demonstration and the second knowledge demonstration is completed to test After card, judgeIt is whether true, if so, then the signature is effective, if not, the then signature In vain.The embodiment of the present invention is by optimizing knowledge supporting part, the Q generated during knowledge is provediQuadrature obtains Q, from And the length of signature is made to shorten nearly half, meanwhile, when verification knowledge is proved, corresponding Bilinear Pairing formula is changed, The Bilinear map calculation times in signature-verification process can be made to reduce nearly half, embodiment substantially increases existing when of the invention There is technology to carry out the efficiency of ring signatures, not to reduce the safety of ring signatures as cost.
Description of the drawings
Fig. 1 is the flow chart of the compact torus endorsement method under a kind of master pattern provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the compact torus signature system under a kind of master pattern provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Fig. 1 shows the compact torus endorsement method under a kind of master pattern provided in an embodiment of the present invention, including:
S101 obtains security parameter, generates verification signature key, the first random number, programmable hash function public key and tests Demonstrate,prove key;
S102 obtains ring, signature key, message and several second random numbers, according to the signature key and described second Generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to the label again again Name median carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to generate Demonstration median quadrature, obtain product value, and the signature is obtained according to the product value;
S103 obtains the ring, the message and the signature, calculate the signature median, according to the signature being calculated The verification that median carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear map operations after completing to verify Output it is whether equal, if equal, the signature is effective, if unequal, the signature is invalid.
The embodiment of the present invention is further illustrated below:
Gen:Security parameter λ is inputted, user generates verification signature key x, random number β, may be programmed hash function public key k, Corresponding authentication secret vk is generated, it includes three elements:K,Wherein g1、g2For the generation member of cyclic group.
Sig:Input ring R={ vki}i∈n, signature key skj, message m, generation 3 random numbers s, ρ, δ are generated random again Change signature key sk'j=skj+ ρ and corresponding it is randomized authentication secret againCalculate ci=φ (Heval (ki,m|| R)), c=Heval (kj, m | | R), wherein Heval is programmable hash function, and φ is the homomorphism of Bilinear Pairing, is calculated
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, export π1=(Q, { Ti}i∈n), C is indicated A part for verification public key, c indicate the output of cryptographic Hash.
Carry out second of knowledge demonstration:Calculate T=∏i∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (∏i∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is exported12,c,y,s,z')。
Verify:Input R={ vki}i∈n, message m and signature sigma, verifier calculate ci=φ (Heval (ki,m||R));
First knowledge demonstration of verification:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse;
Second knowledge demonstration of verification:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci,Ti) It is whether true, if set up, by verification, otherwise refuse.
After two knowledge demonstrations of verification, verificationIf set up, signature is effective, nothing of otherwise signing Effect.
In above-mentioned steps, unstated variable is intermediate parameters, no practical significance, in the present embodiment, with centre Value is illustrated.It all can be to Q in the demonstration of knowledge twiceiQuadrature is carried out, Q is a part for the demonstration that knowledge demonstration generates, is needed It is to be understood that in the present embodiment, Q and T in the demonstration that knowledge demonstration generates twiceiIt is different, but for table It states conveniently, is indicated in the present embodiment using same parameters.
This embodiment of the present invention is by optimizing knowledge supporting part, the Q generated during knowledge is provediQuadrature obtains To Q, to make the length of signature shorten nearly half, meanwhile, when verification knowledge is proved, change corresponding Bilinear Pairing Formula can make the Bilinear map calculation times in signature-verification process reduce nearly half.The embodiment of the present invention greatly improves The efficiency of former scheme, not to reduce the safety of ring signatures as cost.
Fig. 2 shows the compact torus signature systems under a kind of master pattern provided in an embodiment of the present invention, including:
Acquiring unit 201 generates verification signature key, the first random number, programmable Hash letter for obtaining security parameter Number public key and authentication secret;
Signature unit 202, for obtaining ring, signature key, message and several second random numbers, according to the signature key With second generating random number be randomized again signature key and it is corresponding be randomized authentication secret again, calculate the signature median, The first knowledge demonstration and the second knowledge demonstration are carried out according to the signature median, is signed, wherein is carrying out knowledge demonstration When, the demonstration median quadrature to generation obtains product value, and obtains the signature according to the product value;
Authentication unit 203, for obtaining the ring, the message and the signature, calculate the signature median, according to calculating Obtained signature median carries out the verification that the first knowledge is proved and the second knowledge is proved, and after completing to verify, judges two pairs Whether linearly equal to the output of operation, if equal, the signature is effective, if unequal, the signature is invalid.
Further, the safety coefficient is indicated with λ, and the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates that the verification signature key, β indicate that first random number, k indicate described programmable Hash function public key, g1、g2For the generation member of cyclic group.
Further, the ring is with R={ vki}i∈nIt indicates, the signature key is with skjIt indicates, the message is with m tables Show, second random number indicates that the signature key that is randomized again is with sk' with s, ρ, δjIt indicates, it is described to be randomized verification again Key is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates programmable Hash function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that signature unit 202 is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T × (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained12,c,y,s,z')。
Further, authentication unit 203 is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Пi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Пi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne (ci,Ti) whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, judgeWhether true, if set up, signature has Effect, otherwise signature is invalid.
The embodiment of the present invention additionally provides a kind of terminal, including memory, processor and storage on a memory and are being located The computer program run on reason device, which is characterized in that when processor executes computer program, realize standard as shown in Figure 1 Each step in compact torus endorsement method under model.
A kind of readable storage medium storing program for executing is also provided in the embodiment of the present invention, is stored thereon with computer program, which is characterized in that When the computer program is executed by processor, realize each in the compact torus endorsement method under master pattern as shown in Figure 1 A step.
In addition, each function module in each embodiment of the present invention can be integrated in a processing module, it can also That modules physically exist alone, can also two or more modules be integrated in a module.Above-mentioned integrated mould The form that hardware had both may be used in block is realized, can also be realized in the form of software function module.
If the integrated module is realized in the form of software function module and sells or use as independent product When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.

Claims (8)

1. the compact torus endorsement method under a kind of master pattern, which is characterized in that including:
Step A obtains security parameter, and it is close to generate verification signature key, the first random number, programmable hash function public key and verification Key;
Step B obtains ring, signature key, message and several second random numbers, at random according to the signature key and described second Number generates to be randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according in the signature again again Between value carry out the first knowledge demonstration and the second knowledge demonstration, signed, wherein carry out knowledge prove when, to the opinion of generation Median quadrature is demonstrate,proved, obtains product value, and the signature is obtained according to the product value;
Step C obtains the ring, the message and the signature, calculate the signature median, among the signature being calculated Value carries out the verification of the first knowledge demonstration and the second knowledge demonstration, after completing to verify, judges the defeated of two Bilinear map operations Whether equal go out, if equal, the signature is effective, if unequal, the signature is invalid.
2. compact torus endorsement method as described in claim 1, which is characterized in that in step, the safety coefficient is with λ tables Showing, the authentication secret vk includes tri- elements of z, k, C,Wherein, x indicates the verification signature key, β Indicate that first random number, k indicate the programmable hash function public key, g1、g2For the generation member of cyclic group.
3. compact torus endorsement method as claimed in claim 2, which is characterized in that in stepb, the ring is with R={ vki}i∈n It indicates, the signature key is with skjIndicate, the message indicates with m, and second random number is indicated with s, ρ, δ, it is described again with Machine signature key is with sk'jIt indicates, the authentication secret that is randomized again is with z'jIt indicates, the signature median includes ci, c and Y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates to may be programmed Hash Function, φ indicate the homomorphism of Bilinear Pairing;
The product value is indicated with Q, described to carry out the first knowledge demonstration and the second knowledge demonstration according to signature median, is signed Name include:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Пi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained12,c,y,s,z')。
4. compact torus endorsement method as claimed in claim 3, which is characterized in that the step C includes:
Step C1 obtains the ring R={ vki}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Step C2 verifies first knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune It calculates;
Step C3 verifies second knowledge demonstration:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci, Ti) whether true, if set up, by verification, otherwise refuse;
Step C4 judges the output of two Bilinear map operations after verifying two knowledge demonstrationsWhether It sets up, if set up, signature is effective, and otherwise signature is invalid.
5. the compact torus signature system under a kind of master pattern, which is characterized in that including:
Acquiring unit generates verification signature key, the first random number, programmable hash function public key for obtaining security parameter And authentication secret;
Signature unit, for obtaining ring, signature key, message and several second random numbers, according to the signature key and described Second generating random number is randomized signature key and corresponding is randomized authentication secret, calculate the signature median, according to institute again again It states median of signing and carries out the first knowledge demonstration and the second knowledge demonstration, signed, wherein is right when progress knowledge is proved The demonstration median quadrature of generation obtains product value, and obtains the signature according to the product value;
Authentication unit, for obtaining the ring, the message and the signature, calculate the signature median, according to what is be calculated The verification that median of signing carries out the first knowledge demonstration and the second knowledge demonstration judges two Bilinear maps after completing to verify Whether the output of operation is equal, if equal, the signature is effective, if unequal, the signature is invalid.
6. compact torus signature system as claimed in claim 5, which is characterized in that the safety coefficient indicates with λ, the verification Key vk includes tri- elements of z, k, C,Wherein, x indicates the verification signature key, and β indicates described the One random number, k indicate the programmable hash function public key, g1、g2For the generation member of cyclic group.
7. compact torus signature system as claimed in claim 6, which is characterized in that the ring is with R={ vki}i∈nIt indicates, it is described Signature key is with skjIt indicates, the message is indicated with m, and second random number is indicated with s, ρ, δ, described to be randomized signature again Key is with sk'jIt indicates, the authentication secret that is randomized again is with z'jIt indicates, the signature median includes ci, c and y, then:
sk'j=skj+ ρ,
ci=φ (Heval (ki, m | | R)), c=Heval (kj, m | | R),Wherein, Heval indicates to may be programmed Hash Function, φ indicate the homomorphism of Bilinear Pairing;
The product value indicates that the signature unit is specifically used for Q:
Carry out first time knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T (Πi∈n\jTi)-1, Qj∈φ(Ti ρ), Q=∑si∈nQi, obtain π1=(Q, { Ti}i∈n);
Carry out second of knowledge demonstration:Calculate T=Πi∈nCi, for i ∈ n j, generate random number ti, calculateWithCalculate Tj=T × (∏i∈n\jTi)-1,Q=∑si∈nQi, obtain π2=(Q, { Ti}i∈n);
Finally, signature sigma=(π is obtained12,c,y,s,z')。
8. compact torus signature system as claimed in claim 7, which is characterized in that authentication unit is specifically used for:
First, the ring R={ vk are obtainedi}i∈n, message m and signature sigma calculate ci=φ (Heval (ki,m||R));
Then, first knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiAnd Bilinear PairingIt is whether true, if set up, by verification, otherwise refuse, wherein e indicates Bilinear map fortune It calculates;
Secondly, second knowledge demonstration is verified:Calculate T=Πi∈nCi, verification T=Πi∈nTiWith e (Q, g2)=Πi∈ne(ci,Ti) It is whether true, if set up, by verification, otherwise refuse;
Finally, it is verified that after two knowledge demonstrations, the output of two Bilinear map operations is judgedWhether at Vertical, if set up, signature is effective, and otherwise signature is invalid.
CN201810679396.5A 2018-06-27 2018-06-27 Compact ring signature method and system under standard model Active CN108667624B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810679396.5A CN108667624B (en) 2018-06-27 2018-06-27 Compact ring signature method and system under standard model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810679396.5A CN108667624B (en) 2018-06-27 2018-06-27 Compact ring signature method and system under standard model

Publications (2)

Publication Number Publication Date
CN108667624A true CN108667624A (en) 2018-10-16
CN108667624B CN108667624B (en) 2020-11-13

Family

ID=63773207

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810679396.5A Active CN108667624B (en) 2018-06-27 2018-06-27 Compact ring signature method and system under standard model

Country Status (1)

Country Link
CN (1) CN108667624B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600704A (en) * 2020-05-12 2020-08-28 北京海益同展信息科技有限公司 SM 2-based key exchange method, system, electronic device and storage medium
WO2020191700A1 (en) * 2019-03-28 2020-10-01 深圳大学 Linkable ring signature method, device, apparatus, and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102983971A (en) * 2012-10-10 2013-03-20 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
CN103117860A (en) * 2013-01-21 2013-05-22 孙华 Certificateless blind ring signature method
CN105812356A (en) * 2016-03-04 2016-07-27 广东石油化工学院 Anonymous inquiry treatment method for cloud service system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102983971A (en) * 2012-10-10 2013-03-20 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
CN102983971B (en) * 2012-10-10 2015-07-15 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
CN103117860A (en) * 2013-01-21 2013-05-22 孙华 Certificateless blind ring signature method
CN105812356A (en) * 2016-03-04 2016-07-27 广东石油化工学院 Anonymous inquiry treatment method for cloud service system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨华杰: "环签名的分析与改进", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020191700A1 (en) * 2019-03-28 2020-10-01 深圳大学 Linkable ring signature method, device, apparatus, and storage medium
CN111600704A (en) * 2020-05-12 2020-08-28 北京海益同展信息科技有限公司 SM 2-based key exchange method, system, electronic device and storage medium

Also Published As

Publication number Publication date
CN108667624B (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN104393999B (en) Authentication method and system of a kind of main equipment to its slave
CN102170356B (en) Authentication system realizing method supporting exclusive control of digital signature key
CN107360001A (en) A kind of digital certificate management method, device and system
CN112069547B (en) Identity authentication method and system for supply chain responsibility main body
JP5178826B2 (en) Public key generation method for electronic device and electronic device
CN108540291A (en) Data integrity verification method in the cloud storage of identity-based
CN106789033B (en) Electronic contract signing method based on certificateless bookmark encryption
CN110113156A (en) A kind of traceable layering authorizes ciphertext policy ABE base authentication method more
JP5099003B2 (en) Group signature system and information processing method
CN107395370A (en) Digital signature method and device based on mark
Yu et al. Public cloud data auditing with practical key update and zero knowledge privacy
CN108667624A (en) A kind of compact torus endorsement method under master pattern and system
CN106209730A (en) A kind of method and device managing application identities
CN106209365A (en) The method that Backup Data is heavily signed is utilized when user cancels under cloud environment
CN112149156A (en) Selective disclosure of recorded attributes and data entries
CN112800482B (en) Identity-based online/offline security cloud storage auditing method
CN110321734A (en) A kind of file verification method and device
CN112613601B (en) Neural network model updating method, equipment and computer storage medium
CN111262707B (en) Digital signature method, verification method, device and storage medium
US20230224164A1 (en) Signature verification system, signature verification method, and program
JPWO2013129084A1 (en) Information processing apparatus, information processing method, and program
CN113112268A (en) Anonymous multiple signature method, computer device, and storage medium
CN108234504A (en) The proxy data integrality detection method of identity-based in a kind of cloud storage
WO2021143029A1 (en) Zero-knowledge proof method, device, and storage medium
CN116389164A (en) Data detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant