CN108989049B - Agent re-encryption system and method without bilinear pairing - Google Patents
Agent re-encryption system and method without bilinear pairing Download PDFInfo
- Publication number
- CN108989049B CN108989049B CN201810878086.6A CN201810878086A CN108989049B CN 108989049 B CN108989049 B CN 108989049B CN 201810878086 A CN201810878086 A CN 201810878086A CN 108989049 B CN108989049 B CN 108989049B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- key
- proxy
- encryption
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The invention discloses a proxy re-encryption system without bilinear pairing, which comprises: the system comprises a system parameter setting module, a key generation module, an encryption module, an agent re-encryption key generation module, an agent re-encryption module and a decryption module. The invention applies the non-bilinear pairing method to the proxy re-encryption method, allows the cloud storage platform to forward the data encrypted by the data owner to the data encrypted by the data sharer under the authorization of the data owner, so that the data sharer can decrypt the data by directly downloading the re-encrypted ciphertext from the cloud storage, a large amount of resources are saved in the process, and the cloud storage platform cannot obtain any information of the data.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a proxy re-encryption system without bilinear pairing and an encryption method.
Background
In recent years, with the development and application of cloud computing technology and the deepening of the process of interconnection of everything, data security in cloud storage has received wide attention. In order to share the encrypted data in the cloud storage to other users, the data owner downloads the encrypted data from the cloud storage and then re-encrypts the data to the sharer, which consumes a lot of network and computing resources.
In order to improve the calculation efficiency, the proxy re-encryption algorithm can be adopted to analyze the encrypted data, but the conventional proxy re-encryption method usually adopts a bilinear pairing method, which has the obvious disadvantages of large calculation amount and low encryption speed, greatly reduces the calculation efficiency, cannot meet the requirements of the current big data era, and greatly reduces the practicability.
Therefore, it is an urgent need to solve the above-mentioned problems by those skilled in the art to provide a bilinear pairing-free proxy re-encryption system and method that is computationally efficient and ensures the inextensibility of the ciphertext.
Disclosure of Invention
In view of the above, the present invention provides a bilinear pairing-free proxy re-encryption system and encryption method, which combine a bilinear pairing-free proxy re-encryption scheme with a certificateless signature scheme, solve the problem of low efficiency of proxy re-encryption based on bilinear pairing, greatly improve the computation efficiency while ensuring the security of ciphertext attack selection, and ensure the inextensibility of ciphertext.
In order to achieve the purpose, the invention adopts the following technical scheme:
a bilinear pairing-free proxy re-encryption system comprising: the system comprises a system parameter setting module, a key generation module, an encryption module, an agent re-encryption key generation module, an agent re-encryption module and a decryption module; wherein the content of the first and second substances,
the system parameter setting module is used for generating a system master key and a system public parameter, sending the system master key to the encryption module, and sending the system public parameter to the key generation module, the encryption module, the proxy re-encryption key generation module, the proxy re-encryption module and the decryption module;
the key generation module is used for generating a public key, a private key and identity information of each user, sending the public key of each user to the encryption module and the proxy re-encryption key generation module, and sending the private key of each user to the proxy re-encryption key generation module and the decryption module;
the encryption module is used for generating an original ciphertext of a plaintext message to be sent and sending the original ciphertext to the proxy re-encryption module and the decryption module;
the agent re-encryption key generation module generates an agent re-encryption key according to the generated agent re-encryption key and sends the agent re-encryption key to the agent re-encryption module;
the proxy re-encryption module carries out signature authentication on the original ciphertext sent by the encryption module and the proxy re-encryption key sent by the proxy re-encryption key generation module according to the system public parameters sent by the system parameter setting module and the user identity information sent by the key generation module, and sends the proxy re-encryption ciphertext to the decryption module after the authentication is successful;
the decryption module is used for judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext and recovering corresponding plaintext information.
The private key of the user generated by the key generation module comprises a private key of a client and a private key of an acceptor, and the identity information of the user comprises identity information of the client and identity information of the acceptor.
The invention also discloses a proxy re-encryption method without bilinear pairing, which comprises the following steps:
s1, setting a system public parameter par and a system master key mk;
s2, generating identity id of the client according to the system public parameter pariID of recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj;
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci;
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij;
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authentication, and generating a proxy re-encryption ciphertext c after the authentication is successfulj,
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext, and decrypting to recover the corresponding plaintext information m.
Preferably, in the above method for proxy re-encryption without bilinear pairing, S1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, and G is a generator of G;
s12, selecting four habaThe hip functions H1, H2, H3, and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. xg → Zq; where no, n1 is the security parameter, and the plaintext space is {0, 1}n0;
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, z, H1, H2, H3, H4, n0 and n1 }.
Preferably, in the above method for proxy re-encryption without bilinear pairing, S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali;
S22, randomly selecting xiLet x bei∈Zq*;
S23, setting public key pk of trusteei=gxiSetting the private key sk of the clienti=xi。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali;
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi, Di),c3=sski;
S35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1 (Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi, vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si)。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj;
S42, generating a proxy re-encryption key rkij=skj/ski=xj/ximod q。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij;
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, calculating Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sskj=(xj, Dj),c3’=sskj;
S55、c4=pki;
S56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1 (Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj, vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj)。
Preferably, in the above method for proxy re-encryption without bilinear pairing, S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checkingWhether or not it is true, ifIf not, outputting the T, and if yes, performing the next step;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*Z+fj*g)=EjAnd vj×(Uj+Xj+aj*Z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1’=c4H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
Through the technical scheme, compared with the prior art, the invention has the following beneficial effects: the invention adopts an encryption method without bilinear pairing and a certificate-free signature authentication mechanism, greatly improves the calculation efficiency and protects the accuracy of information while ensuring the attack security of ciphertext selection; the performance is excellent, and the method is convenient to apply in an open network environment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic diagram of a proxy re-encryption system without bilinear pairing according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a proxy re-encryption system without bilinear pairing, which comprises: the system comprises a system parameter setting module 1, a key generation module 2, an encryption module 3, an agent re-encryption key generation module 4, an agent re-encryption module 5 and a decryption module 6; wherein the content of the first and second substances,
the system parameter setting module 1 is used for generating a system master key and a system public parameter, sending the system master key to the encryption module 3, and sending the system public parameter to the key generation module 2, the encryption module 3, the proxy re-encryption key generation module 4, the proxy re-encryption module 5 and the decryption module 6;
the key generation module 2 is used for generating a public key, a private key and identity information of a consignor and a public key, a private key and identity information of an acceptor, sending the public key of the consignor and the public key of the acceptor to the encryption module 3 and the proxy re-encryption key generation module 4, and sending the private key of the consignor and the private key of the acceptor to the proxy re-encryption key generation module 4 and the decryption module 6;
the encryption module 3 encrypts and signs the plaintext message to be sent through the system public parameters sent by the system parameter setting module 1, the public keys of the principal and the acceptor sent by the key generation module 2 and the identity information of the principal and the acceptor, generates an original ciphertext of the plaintext message to be sent, and sends the original ciphertext to the proxy re-encryption module 5 and the decryption module 6;
the proxy re-encryption key generation module 4 generates a proxy re-encryption key through the system public parameters sent by the system parameter setting module 1, the private key of the entrusting party and the private key of the accepting party sent by the user key generation module 2, and sends the proxy re-encryption key to the proxy re-encryption module 5;
the proxy re-encryption module 5 performs signature authentication through the system public parameters sent by the system parameter setting module 1, the identity information sent by the key generation module 2, the original ciphertext sent by the encryption module 3 and the proxy re-encryption key sent by the proxy re-encryption key generation module 4, generates a proxy re-encryption ciphertext after authentication is successful, and sends the ciphertext to the decryption module 6;
the decryption module 6 is used for judging whether the received ciphertext is an original ciphertext or an agent re-encrypted ciphertext and recovering corresponding plaintext information;
if the ciphertext is the original ciphertext, performing signature verification according to the system public parameter, the identity information of the entrusting party and the user private key of the entrusting party, and recovering the plaintext message after the verification is successful;
if the ciphertext is the proxy re-encrypted ciphertext, signature verification is carried out through the system public parameters, the private key of the accepting party and the identity information of the accepting party, and the plaintext message is recovered after verification is successful.
The embodiment of the invention discloses a proxy re-encryption method without bilinear pairing, which comprises the following steps:
s1, setting a system public parameter par and a system master key mk;
s2, generating the identity id of the client according to the system public parameter pariID of the recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj;
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci;
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij;
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authenticationAfter successful authentication, generating proxy re-encrypted ciphertext cj,
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext;
if the ciphertext is the original ciphertext ciAccording to the system public parameter par, identity id of the clientiPrivate key sk of the clientiSignature verification is carried out, and the plaintext message m is recovered after the verification is successful;
if the ciphertext is the proxy re-encrypted ciphertext cjThen, the parameter par and the private key sk of the acceptor are disclosed through the systemjAnd identity id of the recipientjAnd (5) signature verification is carried out, and the plaintext message m is recovered after the verification is successful.
Wherein the content of the first and second substances,
s1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, G is a generator of G, and Zq is an integer set;
s12, selecting four hash functions H1, H2, H3 and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. times G → Zq, where no, n1 is a parameter determined by the security parameter k, and the plaintext space is {0, 1}n0;
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, Z, H1, H2, H3, H4, n0 and n1 }.
S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali;
S22, randomly selecting xiLet x bei∈Zq*;
S23, setting public key pk of trusteei=gxiSetting the private key sk of the clienti=xi。
S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali;
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi, Di),c3=sski,sskiSigning a private key for the principal;
s35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1 (Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi, vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si)。
S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj;
S42, generating a proxy re-encryption key rkij=skj/ski=xj/ximod q。
S5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij;
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, calculating Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sski=(xj, Dj),c3’=sskj,sskjSigning the private key for the recipient;
S55、c4=pki;
s56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1 (Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj, vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj)。
S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checkingIf the T value is not true, outputting T, and if the T value is true, performing the next step;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*z+fj*g)=EjAnd vj×(Uj+Xj+aj*z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1 ═ c4H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (2)
1. A proxy re-encryption method without bilinear pairing is characterized by comprising the following steps:
s1, setting a system public parameter par and a system master key mk; s1 specifically includes the following steps:
s11, giving a security parameter k, selecting a prime number q with the length of k bits, wherein G is a q-order subgroup of Zq, and G is a generator of G;
s12, selecting four hash functions H1, H2, H3 and H4, H1: {0, 1} → Zq @, H2: {0,1}n0×{0,1}n1×G→Zq*,H3:G→{0,1}n0+n1H4: {0, 1 }. xg → Zq; where n0 and n1 are security parameters determined by the security parameter k, and the plaintext space is {0, 1}n0;
S13, randomly selecting a system master key mk, enabling mk to belong to Zq, calculating Z-mk-g, and keeping a system master key mk secret;
s14, and disclosing system parameters par { q, G, G, z, H1, H2, H3, H4, n0,n1};
S2, generating identity id of the client according to the system public parameter pariID of recipientjSecret value xiPublic key pkiPrivate key sk of the clientiAnd the private key sk of the acceptorj(ii) a S2 specifically includes the following steps:
s21, inputting system public parameter par, and giving the identity id of the clientiPublic key pk of the clientiAnd the private key sk of the principali;
S22, randomly selecting xiLet x bei∈Zq*;
S23, randomly selecting xjLet x bejE.g. Zq; setting a public key pk of a principali=gxiSetting the private key sk of the clienti=xiSetting the private key sk of the receiverj=xj;
S3, according to the system public parameter par, identity id of the principaliAnd the public key pkiEncrypting and signing to obtain an original ciphertext ci(ii) a S3 specifically includes the following steps:
s31, inputting system public parameter par, plaintext information m and identity id of clientiAnd the public key pk of the principali;
S32, random selectionCalculate t ═ H2(m, r, pk)i),c1=pki t(ii) a Wherein l1 represents the length of a string consisting of 0 or 1;
S34, selecting public and private key pair (spk) needing signaturei,sski) Randomly select uiE.g. Zq, calculating Ui=g×ui,Di=ui+mk×H4(idi,Ui),Xi=xi×g,spki=(Xi,Ui),sski=(xi,Di),c3=sski;
S35, running a signature algorithm, and randomly selecting an integer eiE.g. Zq, calculate Ei=ei×g,fi=H1(Ei||Xi||idi||m),hi=e/(xi+fi+Di),vi=xi/(xi+fi+Di) To obtain a signature Si=(fi,hi,vi);
S36, outputting original ciphertext ci=(c1,c2,c3,Si);
S4, according to the system public parameter par, the private key sk of the clientiAnd the private key sk of the acceptorjGenerating proxy re-encryption key rkij(ii) a S4 specifically includes the following steps:
s41, inputting private key sk of consignori=xiAnd the private key sk of the acceptorj=xj;
S42, generating proxy re-encryption key rkij=skj/ski mod q=xj/ximod q;
S5, according to the system public parameter par, original ciphertext ciIdentity id of the principaliID of recipientjAnd proxy re-encryption key rkijPerforming signature authentication, and generating a proxy re-encryption ciphertext c after the authentication is successfuljS5 specifically includes the following steps:
s51, inputting system public parameter par and original ciphertext ciIdentity id of the principaliIdentity id of the recipientjAnd proxy re-encryption key rkij;
S52, signature verification, calculation of ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
S54, selecting public and private key pair (spk) needing signaturej,sskj) Randomly select ujE.g. Zq, meterCalculate Uj=g×uj,Dj=uj+mk×H4(idj,Uj),Xj=xj×g,spkj=(Xj,Uj),sskj=(xj,Dj),c3’=sskj;
S55、c4=pki;
S56, running a signature algorithm, and randomly selecting an integer ejE.g. Zq, calculate Ej=ej×g,fj=H1(Ej||Xj||idj||m),hj=e/(xj+fj+Dj),vj=xj/(xj+fj+Dj) To obtain a signature Sj=(fj,hj,vj);
S57, outputting proxy re-encrypted ciphertext cj=(c1’,c2,c3’,c4,sj);
S6, judging whether the received ciphertext is the original ciphertext or the proxy re-encrypted ciphertext, and decrypting to recover the corresponding plaintext information m.
2. The method according to claim 1, wherein S6 specifically includes the following steps:
s61, judging whether the form of the ciphertext is the original ciphertext or the re-encrypted ciphertext;
s62, if the ciphertext is the original ciphertext, carrying out signature verification and calculating ai=H4(idi,Ui) Inspection hi×(Ui+Xi+ai*Z+fi*g)=EiAnd vi×(Ui+Xi+ai*Z+fi*g)=XiJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s63, checkingIf it is not true, outputtingAnd (7) obtaining the T, and if the T is true, performing the next step;
s65, if the ciphertext is the re-encrypted ciphertext, the signature verification is carried out, and a is calculatedj=H4(idj,Uj) Inspection hj×(Uj+Xj+aj*Z+fj*g)=EjAnd vj×(Uj+Xj+aj*Z+fj*g)=XjJudging whether the two formulas are true, if not, outputting T, and if true, performing the next step;
s66, test c1’=c4 H2(m,r,c4)If the T value is not true, outputting T, and if the T value is true, performing the next step;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810878086.6A CN108989049B (en) | 2018-08-03 | 2018-08-03 | Agent re-encryption system and method without bilinear pairing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810878086.6A CN108989049B (en) | 2018-08-03 | 2018-08-03 | Agent re-encryption system and method without bilinear pairing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108989049A CN108989049A (en) | 2018-12-11 |
CN108989049B true CN108989049B (en) | 2021-11-30 |
Family
ID=64554591
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810878086.6A Active CN108989049B (en) | 2018-08-03 | 2018-08-03 | Agent re-encryption system and method without bilinear pairing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989049B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109586903A (en) * | 2018-12-19 | 2019-04-05 | 南京航空航天大学 | A kind of restructural encryption method of the Agent advertisement of hazy condition |
CN110110554B (en) * | 2019-04-04 | 2023-03-21 | 安徽大学 | Agent-based cloud storage data integrity detection method |
WO2022155811A1 (en) * | 2021-01-20 | 2022-07-28 | 深圳技术大学 | Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium |
CN113268764A (en) * | 2021-02-24 | 2021-08-17 | 西安交通大学 | Personal credit data authorization method for mixed chain and threshold proxy re-encryption |
CN114338229B (en) * | 2022-01-27 | 2022-10-04 | 华东师范大学 | Lightweight dynamic broadcast agent re-encryption and cloud data sharing method |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105025024A (en) * | 2015-07-22 | 2015-11-04 | 河海大学 | Certificateless condition based proxy re-encryption system and method |
-
2018
- 2018-08-03 CN CN201810878086.6A patent/CN108989049B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105025024A (en) * | 2015-07-22 | 2015-11-04 | 河海大学 | Certificateless condition based proxy re-encryption system and method |
Non-Patent Citations (1)
Title |
---|
无双线性对的基于身份代理重签名方案;黄萍 等;《无双线性对的基于身份代理重签名方案》;20150610;参见正文第1679-1682页 * |
Also Published As
Publication number | Publication date |
---|---|
CN108989049A (en) | 2018-12-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108989049B (en) | Agent re-encryption system and method without bilinear pairing | |
CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
CN113364576B (en) | Data encryption evidence storing and sharing method based on block chain | |
CN103647642B (en) | A kind of based on certification agency re-encryption method and system | |
CN110113155B (en) | High-efficiency certificateless public key encryption method | |
CN107086911B (en) | CCA (clear channel assessment) safe proxy re-encryption method capable of delegating verification | |
CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
CN113297633B (en) | Quantum digital signature method | |
WO2018049601A1 (en) | Outsourcing access control method for fog computing and system thereof | |
CN111786786A (en) | Agent re-encryption method and system supporting equation judgment in cloud computing environment | |
CN110999202A (en) | Computer-implemented system and method for highly secure, high-speed encryption and transmission of data | |
CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method | |
CN116846556A (en) | SM 9-based data condition proxy re-encryption method, system and equipment | |
CN115941180A (en) | Key distribution method and system based on post-quantum security and identity identification | |
CN112733176B (en) | Identification password encryption method based on global hash | |
KR101793528B1 (en) | Certificateless public key encryption system and receiving terminal | |
CN113779593A (en) | Identity-based dual-server authorization ciphertext equivalence determination method | |
CN113312647A (en) | Multi-agent data sharing method based on block chain storage | |
CN114070549A (en) | Key generation method, device, equipment and storage medium | |
Omerasevic et al. | CryptoStego—A novel approach for creating cryptographic keys and messages | |
Kanagavalli | Secured Data Storage in Cloud Using Homomorphic Encryption | |
CN113343258B (en) | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |