CN108989049B - Agent re-encryption system and method without bilinear pairing - Google Patents

Agent re-encryption system and method without bilinear pairing Download PDF

Info

Publication number
CN108989049B
CN108989049B CN201810878086.6A CN201810878086A CN108989049B CN 108989049 B CN108989049 B CN 108989049B CN 201810878086 A CN201810878086 A CN 201810878086A CN 108989049 B CN108989049 B CN 108989049B
Authority
CN
China
Prior art keywords
ciphertext
key
proxy
encryption
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810878086.6A
Other languages
Chinese (zh)
Other versions
CN108989049A (en
Inventor
于银辉
任嘉鹏
杨莹
潘昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin University
Original Assignee
Jilin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin University filed Critical Jilin University
Priority to CN201810878086.6A priority Critical patent/CN108989049B/en
Publication of CN108989049A publication Critical patent/CN108989049A/en
Application granted granted Critical
Publication of CN108989049B publication Critical patent/CN108989049B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The invention discloses a proxy re-encryption system without bilinear pairing, which comprises: the system comprises a system parameter setting module, a key generation module, an encryption module, an agent re-encryption key generation module, an agent re-encryption module and a decryption module. The invention applies the non-bilinear pairing method to the proxy re-encryption method, allows the cloud storage platform to forward the data encrypted by the data owner to the data encrypted by the data sharer under the authorization of the data owner, so that the data sharer can decrypt the data by directly downloading the re-encrypted ciphertext from the cloud storage, a large amount of resources are saved in the process, and the cloud storage platform cannot obtain any information of the data.

Description

Agent re-encryption system and method without bilinear pairing
Technical Field
The invention relates to the technical field of cloud computing, in particular to a proxy re-encryption system without bilinear pairing and an encryption method.
Background
In recent years, with the development and application of cloud computing technology and the deepening of the process of interconnection of everything, data security in cloud storage has received wide attention. In order to share the encrypted data in the cloud storage to other users, the data owner downloads the encrypted data from the cloud storage and then re-encrypts the data to the sharer, which consumes a lot of network and computing resources.
In order to improve the calculation efficiency, the proxy re-encryption algorithm can be adopted to analyze the encrypted data, but the conventional proxy re-encryption method usually adopts a bilinear pairing method, which has the obvious disadvantages of large calculation amount and low encryption speed, greatly reduces the calculation efficiency, cannot meet the requirements of the current big data era, and greatly reduces the practicability.
Therefore, it is an urgent need to solve the above-mentioned problems by those skilled in the art to provide a bilinear pairing-free proxy re-encryption system and method that is computationally efficient and ensures the inextensibility of the ciphertext.
Disclosure of Invention
In view of the above, the present invention provides a bilinear pairing-free proxy re-encryption system and encryption method, which combine a bilinear pairing-free proxy re-encryption scheme with a certificateless signature scheme, solve the problem of low efficiency of proxy re-encryption based on bilinear pairing, greatly improve the computation efficiency while ensuring the security of ciphertext attack selection, and ensure the inextensibility of ciphertext.
In order to achieve the purpose, the invention adopts the following technical scheme:
a bilinear pairing-free proxy re-encryption system comprising: the system comprises a system parameter setting module, a key generation module, an encryption module, an agent re-encryption key generation module, an agent re-encryption module and a decryption module; wherein the content of the first and second substances,
the system parameter setting module is used for generating a system master key and a system public parameter, sending the system master key to the encryption module, and sending the system public parameter to the key generation module, the encryption module, the proxy re-encryption key generation module, the proxy re-encryption module and the decryption module;
the key generation module is used for generating a public key, a private key and identity information of each user, sending the public key of each user to the encryption module and the proxy re-encryption key generation module, and sending the private key of each user to the proxy re-encryption key generation module and the decryption module;
the encryption module is used for generating an original ciphertext of a plaintext message to be sent and sending the original ciphertext to the proxy re-encryption module and the decryption module;
the agent re-encryption key generation module generates an agent re-encryption key according to the generated agent re-encryption key and sends the agent re-encryption key to the agent re-encryption module;
the proxy re-encryption module carries out signature authentication on the original ciphertext sent by the encryption module and the proxy re-encryption key sent by the proxy re-encryption key generation module according to the system public parameters sent by the system parameter setting module and the user identity information sent by the key generation module, and sends the proxy re-encryption ciphertext to the decryption module after the authentication is successful;
the decryption module is used for judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext and recovering corresponding plaintext information.
The private key of the user generated by the key generation module comprises a private key of a client and a private key of an acceptor, and the identity information of the user comprises identity information of the client and identity information of the acceptor.
The invention also discloses a proxy re-encryption method without bilinear pairing, which comprises the following steps:
s1, setting a system public parameter par and a system master key mk;
s2, generating identity id of the client according to the system public parameter pariID of recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authentication, and generating a proxy re-encryption ciphertext c after the authentication is successfulj,
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext, and decrypting to recover the corresponding plaintext information m.
Preferably, in the above method for proxy re-encryption without bilinear pairing, S1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, and G is a generator of G;
s12, selecting four habaThe hip functions H1, H2, H3, and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. xg → Zq; where no, n1 is the security parameter, and the plaintext space is {0, 1}n0
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, z, H1, H2, H3, H4, n0 and n1 }.
Preferably, in the above method for proxy re-encryption without bilinear pairing, S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali
S22, randomly selecting xiLet x bei∈Zq*;
S23, setting public key pk of trusteei=gxiSetting the private key sk of the clienti=xi
Preferably, in the above method for proxy re-encryption without bilinear pairing, S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali
S32, random selection
Figure BDA0001753803510000031
Calculate t ═ H2(m, r, pk)i),c1=pki t
S33, calculating
Figure BDA0001753803510000032
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi, Di),c3=sski
S35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1 (Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi, vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si)。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj
S42, generating a proxy re-encryption key rkij=skj/ski=xj/ximod q。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s53, calculating
Figure BDA0001753803510000043
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, calculating Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sskj=(xj, Dj),c3’=sskj
S55、c4=pki
S56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1 (Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj, vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj)。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checking
Figure BDA0001753803510000041
Whether or not it is true, ifIf not, outputting the T, and if yes, performing the next step;
s64, calculating
Figure BDA0001753803510000042
Outputting a plaintext message m;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*Z+fj*g)=EjAnd vj×(Uj+Xj+aj*Z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1’=c4H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
s67, calculating
Figure BDA0001753803510000051
Outputting the plaintext message m.
Through the technical scheme, compared with the prior art, the invention has the following beneficial effects: the invention adopts an encryption method without bilinear pairing and a certificate-free signature authentication mechanism, greatly improves the calculation efficiency and protects the accuracy of information while ensuring the attack security of ciphertext selection; the performance is excellent, and the method is convenient to apply in an open network environment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic diagram of a proxy re-encryption system without bilinear pairing according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a proxy re-encryption system without bilinear pairing, which comprises: the system comprises a system parameter setting module 1, a key generation module 2, an encryption module 3, an agent re-encryption key generation module 4, an agent re-encryption module 5 and a decryption module 6; wherein the content of the first and second substances,
the system parameter setting module 1 is used for generating a system master key and a system public parameter, sending the system master key to the encryption module 3, and sending the system public parameter to the key generation module 2, the encryption module 3, the proxy re-encryption key generation module 4, the proxy re-encryption module 5 and the decryption module 6;
the key generation module 2 is used for generating a public key, a private key and identity information of a consignor and a public key, a private key and identity information of an acceptor, sending the public key of the consignor and the public key of the acceptor to the encryption module 3 and the proxy re-encryption key generation module 4, and sending the private key of the consignor and the private key of the acceptor to the proxy re-encryption key generation module 4 and the decryption module 6;
the encryption module 3 encrypts and signs the plaintext message to be sent through the system public parameters sent by the system parameter setting module 1, the public keys of the principal and the acceptor sent by the key generation module 2 and the identity information of the principal and the acceptor, generates an original ciphertext of the plaintext message to be sent, and sends the original ciphertext to the proxy re-encryption module 5 and the decryption module 6;
the proxy re-encryption key generation module 4 generates a proxy re-encryption key through the system public parameters sent by the system parameter setting module 1, the private key of the entrusting party and the private key of the accepting party sent by the user key generation module 2, and sends the proxy re-encryption key to the proxy re-encryption module 5;
the proxy re-encryption module 5 performs signature authentication through the system public parameters sent by the system parameter setting module 1, the identity information sent by the key generation module 2, the original ciphertext sent by the encryption module 3 and the proxy re-encryption key sent by the proxy re-encryption key generation module 4, generates a proxy re-encryption ciphertext after authentication is successful, and sends the ciphertext to the decryption module 6;
the decryption module 6 is used for judging whether the received ciphertext is an original ciphertext or an agent re-encrypted ciphertext and recovering corresponding plaintext information;
if the ciphertext is the original ciphertext, performing signature verification according to the system public parameter, the identity information of the entrusting party and the user private key of the entrusting party, and recovering the plaintext message after the verification is successful;
if the ciphertext is the proxy re-encrypted ciphertext, signature verification is carried out through the system public parameters, the private key of the accepting party and the identity information of the accepting party, and the plaintext message is recovered after verification is successful.
The embodiment of the invention discloses a proxy re-encryption method without bilinear pairing, which comprises the following steps:
s1, setting a system public parameter par and a system master key mk;
s2, generating the identity id of the client according to the system public parameter pariID of the recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authenticationAfter successful authentication, generating proxy re-encrypted ciphertext cj,
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext;
if the ciphertext is the original ciphertext ciAccording to the system public parameter par, identity id of the clientiPrivate key sk of the clientiSignature verification is carried out, and the plaintext message m is recovered after the verification is successful;
if the ciphertext is the proxy re-encrypted ciphertext cjThen, the parameter par and the private key sk of the acceptor are disclosed through the systemjAnd identity id of the recipientjAnd (5) signature verification is carried out, and the plaintext message m is recovered after the verification is successful.
Wherein the content of the first and second substances,
s1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, G is a generator of G, and Zq is an integer set;
s12, selecting four hash functions H1, H2, H3 and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. times G → Zq, where no, n1 is a parameter determined by the security parameter k, and the plaintext space is {0, 1}n0
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, Z, H1, H2, H3, H4, n0 and n1 }.
S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali
S22, randomly selecting xiLet x bei∈Zq*;
S23, setting public key pk of trusteei=gxiSetting the private key sk of the clienti=xi
S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali
S32, random selection
Figure BDA0001753803510000081
Calculate t ═ H2(m, r, pk)i),c1=pki t
S33, calculating
Figure BDA0001753803510000082
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi, Di),c3=sski,sskiSigning a private key for the principal;
s35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1 (Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi, vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si)。
S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj
S42, generating a proxy re-encryption key rkij=skj/ski=xj/ximod q。
S5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s53, calculating
Figure BDA0001753803510000083
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, calculating Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sski=(xj, Dj),c3’=sskj,sskjSigning the private key for the recipient;
S55、c4=pki
s56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1 (Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj, vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj)。
S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checking
Figure BDA0001753803510000091
If the T value is not true, outputting T, and if the T value is true, performing the next step;
s64, calculating
Figure BDA0001753803510000092
Outputting a plaintext message m;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*z+fj*g)=EjAnd vj×(Uj+Xj+aj*z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1 ═ c4H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
s67, calculating
Figure BDA0001753803510000093
Outputting the plaintext message m.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (2)

1. A proxy re-encryption method without bilinear pairing is characterized by comprising the following steps:
s1, setting a system public parameter par and a system master key mk; s1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, and G is a generator of G;
s12, selecting four hash functions H1, H2, H3 and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. xg → Zq; where n0 and n1 are security parameters determined by the security parameter k, and the plaintext space is {0, 1}n0
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, z, H1, H2, H3, H4, n0,n1};
S2, generating identity id of the client according to the system public parameter pariID of recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj(ii) a S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali
S22, randomly selecting xiLet x bei∈Zq*;
S23, randomly selecting xjLet x bejE.g. Zq; setting a public key pk of a principali=gxiSetting the private key sk of the clienti=xiSetting the private key sk of the receiverj=xj
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci(ii) a S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali
S32, random selection
Figure FDA0003154500950000011
Calculate t ═ H2(m, r, pk)i),c1=pki t(ii) a Wherein l1 represents the length of a string consisting of 0 or 1;
s33, calculating
Figure FDA0003154500950000012
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi,Di),c3=sski
S35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1(Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi,vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si);
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij(ii) a S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj
S42, generating proxy re-encryption key rkij=skj/ski mod q=xj/ximod q;
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authentication, and generating a proxy re-encryption ciphertext c after the authentication is successfuljS5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s53, calculating
Figure FDA0003154500950000021
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, meterCalculate Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sskj=(xj,Dj),c3’=sskj
S55、c4=pki
S56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1(Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj,vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj);
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext, and decrypting to recover the corresponding plaintext information m.
2. The method according to claim 1, wherein S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checking
Figure FDA0003154500950000031
If it is not true, outputtingAnd (7) obtaining the T, and if the T is true, performing the next step;
s64, calculating
Figure FDA0003154500950000032
Outputting a plaintext message m;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*Z+fj*g)=EjAnd vj×(Uj+Xj+aj*Z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1’=c4 H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
s67, calculating
Figure FDA0003154500950000033
Outputting the plaintext message m.
CN201810878086.6A 2018-08-03 2018-08-03 Agent re-encryption system and method without bilinear pairing Active CN108989049B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810878086.6A CN108989049B (en) 2018-08-03 2018-08-03 Agent re-encryption system and method without bilinear pairing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810878086.6A CN108989049B (en) 2018-08-03 2018-08-03 Agent re-encryption system and method without bilinear pairing

Publications (2)

Publication Number Publication Date
CN108989049A CN108989049A (en) 2018-12-11
CN108989049B true CN108989049B (en) 2021-11-30

Family

ID=64554591

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810878086.6A Active CN108989049B (en) 2018-08-03 2018-08-03 Agent re-encryption system and method without bilinear pairing

Country Status (1)

Country Link
CN (1) CN108989049B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586903A (en) * 2018-12-19 2019-04-05 南京航空航天大学 A kind of restructural encryption method of the Agent advertisement of hazy condition
CN110110554B (en) * 2019-04-04 2023-03-21 安徽大学 Agent-based cloud storage data integrity detection method
WO2022155811A1 (en) * 2021-01-20 2022-07-28 深圳技术大学 Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium
CN113268764A (en) * 2021-02-24 2021-08-17 西安交通大学 Personal credit data authorization method for mixed chain and threshold proxy re-encryption
CN114338229B (en) * 2022-01-27 2022-10-04 华东师范大学 Lightweight dynamic broadcast agent re-encryption and cloud data sharing method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025024A (en) * 2015-07-22 2015-11-04 河海大学 Certificateless condition based proxy re-encryption system and method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025024A (en) * 2015-07-22 2015-11-04 河海大学 Certificateless condition based proxy re-encryption system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
无双线性对的基于身份代理重签名方案;黄萍 等;《无双线性对的基于身份代理重签名方案》;20150610;参见正文第1679-1682页 *

Also Published As

Publication number Publication date
CN108989049A (en) 2018-12-11

Similar Documents

Publication Publication Date Title
CN108989049B (en) Agent re-encryption system and method without bilinear pairing
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
CN113364576B (en) Data encryption evidence storing and sharing method based on block chain
CN103647642B (en) A kind of based on certification agency re-encryption method and system
CN110113155B (en) High-efficiency certificateless public key encryption method
CN107086911B (en) CCA (clear channel assessment) safe proxy re-encryption method capable of delegating verification
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN110719295B (en) Identity-based food data security-oriented proxy re-encryption method and device
CN113297633B (en) Quantum digital signature method
WO2018049601A1 (en) Outsourcing access control method for fog computing and system thereof
CN111786786A (en) Agent re-encryption method and system supporting equation judgment in cloud computing environment
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN108809996B (en) Integrity auditing method for duplicate deletion stored data with different popularity
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
CN114095171A (en) Identity-based wearable proxy re-encryption method
CN116846556A (en) SM 9-based data condition proxy re-encryption method, system and equipment
CN115941180A (en) Key distribution method and system based on post-quantum security and identity identification
CN112733176B (en) Identification password encryption method based on global hash
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
CN113779593A (en) Identity-based dual-server authorization ciphertext equivalence determination method
CN113312647A (en) Multi-agent data sharing method based on block chain storage
CN114070549A (en) Key generation method, device, equipment and storage medium
Omerasevic et al. CryptoStego—A novel approach for creating cryptographic keys and messages
Kanagavalli Secured Data Storage in Cloud Using Homomorphic Encryption
CN113343258B (en) Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant