CN109150545A - (m, N) threshold group signatures method based on ECC - Google Patents

(m, N) threshold group signatures method based on ECC Download PDF

Info

Publication number
CN109150545A
CN109150545A CN201811015313.9A CN201811015313A CN109150545A CN 109150545 A CN109150545 A CN 109150545A CN 201811015313 A CN201811015313 A CN 201811015313A CN 109150545 A CN109150545 A CN 109150545A
Authority
CN
China
Prior art keywords
group
ecc
private key
calculate
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811015313.9A
Other languages
Chinese (zh)
Other versions
CN109150545B (en
Inventor
尚小朋
田文春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong urban construction vocational college
Original Assignee
Chengdu Bolin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Bolin Technology Co Ltd filed Critical Chengdu Bolin Technology Co Ltd
Priority to CN201811015313.9A priority Critical patent/CN109150545B/en
Publication of CN109150545A publication Critical patent/CN109150545A/en
Application granted granted Critical
Publication of CN109150545B publication Critical patent/CN109150545B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

The present invention discloses (m, N) threshold group signatures method based on ECC, comprising: a secret information k is safely randomly generated in S1, according to elliptic curvesAnd calculate its scalar multiplication K with basic point GS=ksG, (ks, KS) one key pair of composition, wherein ksFor private key, KsFor public key, elliptic curve parameter is p, a, b, n, G, and wherein p is Big prime or 2l, l is integer, and a, b are coefficient, and n is rank, and G is basic point;S2, by secret information ksIt is divided into m part, generates x at randomi, and according to xiCalculate yi, xiAs a part of group's verification public key, yiFor the signature private key of user, i ∈ { 1 ..., N };S3, possessing private key yi, i ∈'s { 1 ..., N } can realize (m, N) threshold group signatures by executing when any m member agreement in N number of member containing initiation ballot in N number of member organization.The present invention is highly-safe, and signature private key will not expose, and not needing third party (TC) can verify.

Description

(m, N) threshold group signatures method based on ECC
Technical field
The invention belongs to field of digital signature, and in particular to (m, N) threshold group signatures method based on ECC.
Background technique
Digital signature is an important invention of contemporary cryptology.Digital signature is also to guarantee data integrity, realize net Network certification and the important tool for carrying out hyundai electronics commercial affairs, in recent years, numerous researchers propose many special digital signature. Group ranking, threshold group signatures, non-repudiation group ranking and multiple party signatures are exactly four kinds therein.Group signature scheme is for the first time by Chaum [1] is proposed with Heyst.In group signature scheme, each member can represent entire group's signature.Draw in group signature scheme Enter secret sharing [2], just forms Threshold Group-signature Scheme [3-8] so that certain given subsets in group can represent entirely Group's signature.In non-repudiation group ranking, the verifying of signature needs the cooperation of signer.And in multiple party signatures scheme, it is each to sign The identity of name member is disclosed, and verifies the public key that each member is generally required when signing.In Threshold Group-signature Scheme, thresholding Group ranking is generated after the part number signature signed by each member for participating in signature combines in some way.According to point The difference of secret ways of distribution is deposited, existing Threshold Group-signature Scheme can be divided into two types: with secret Distribution Center Secret Threshold Group-signature Scheme [5-7] is deposited in Threshold Group-signature Scheme [4,7,8] and distributed distribution point.Good Threshold Group label Name should have following property:
(1) group ranking characteristic: the member only in group just can be generated effective part and sign, and non-group members can not be pseudo- Effective part is made to sign;
(2) only when signature number is no less than thresholding, effective threshold group signatures just threshold performance: be can produce out;
(3) anti-posing: any group cannot palm off other groups and generate group ranking;
(4) verify simplicity: the verifier of signature can be convenient and simply verify signature it is whether effective;
(5) anonymity: the verifier of signature does not know the signature is which member's signature in group;
(6) when subsequent generation dispute, the identity of signer can traceability: be run down;
(7) robustness: malice member still can not obtain system secret parameter when being more than or equal to thresholding;
(8) system stability: when rejecting violation member or newcomer be added, do not need or only need to change on a small quantity system parameter and Old constituent parameters.
However, existing Threshold Group-signature Scheme nearly all has disadvantage.Desmedt and Frankel are put forward for the first time based on RSA Threshold Group-signature Scheme [4], when still the malice member in [9] discovery [4] is greater than or equal to thresholding, they conspire can be high Probability obtains system secret (group's privacy key), and then can irresponsiblely forge the group ranking of other members.Langford exists [10] point out in: [5], the Key generation protocol in [6] and [7] are problematic.To the Threshold Group-signature Scheme that [11] are proposed, [12] indicate two attacks to the program: attacker pseudo- can produce group's label about other message according to existing group ranking Name.
Bibliography
1、D.Chaum and E.van Heyst.Group Signatures.In:Davies D W ed.Advances in Cryptology–Eurocrypt’91proceedings.Berlin:Springer-Verlag,1992.257-265.
2、A.Shamir.How to Share a Secret.Communication of ACM,1979,22(11): 612-613.
3、Y.Desmedt.Society and Group Oriented Cryptography.In:Pomerance C ed.Advances in Cryptology–Crypto’87proceedings.Berlin:Springer-Verlag, 1988.120-127.
4、Y.Desmedt and Y.Frankel.Shared Generation of Authenticators and Signatures.In:Feigenbaum J ed.Advancesin Cryptology–Crypto’ 91proceedings.Berlin:Springer-Verlag,1992.457-469.
5、L.Harn and S.Yang.Group-Oriented Undeniable Signature Schemes without the Assistance of a MutuallyTrusted Party.In:Seberry J and Zheng Y eds.Advances in Cryptology–Auscrypt’92 proceedings.Berlin:Springer-Verlag, 1992.133-142.
6、L.Harn.Group-Oriented(t,n)Threshold Digital Signature Scheme and Multisignature.IEE proceedings,Computers and digital techniques,1994,141(5): 307-313.
7、C.Li,T.Hwang and N.Lee.Threshold-Multisignature Schemes Where Suspected Forgery Implies Traceabilityof Adversarial Shareholders.In:Santis A D ed.Advances in Cryptology–Eurocrypt’94proceedings.Berlin:Springer-Verlag, 1995.194-204.
8、Lu Langru and Zhao Renjie.A(t,n)Threshold Group Signature Scheme.In:Pei Ding-yi,Zhao Ren-jie andZhou Jin-jun eds.Advances in Cryptology—Chinacrypt’96.Beijing:Science Press,1996.177-184.(Lu Langru and Zhao Renjie.A (t, n) Threshold Group Signature Scheme. Pei Ding mono-, it is close that Zhao Renjie, Zhou Jinjun compile Code learns progress --- 96. Beijing Chinacrypt ': scientific publication, 1996.177-184.)
9、C.Li,T.Hwang and N.Lee.Remark on the Threshold RSA Signature Scheme.In:Stinson D R ed.Advances inCryptology–Crypto’93proceedings.Berlin: Springer-Verlag,1993.413-419.
10、Susan K.Langford.Weakness in Some Threshold Cryptosystems.In: Koblitz N ed.Advances in Cryptology–Crypto’96proceedings.Berlin:Springer- Verlag,1996.74-82.
11、C.T.Wang,C.H.Lin and C.C.Chang.Threshold Signature Schemes with Traceable Signers in GroupCommunications.Computer Communications,1998,21(8): 771-776.
12、Y.M.Tseng,J.K.Jan.Attacks on Threshold Signature Schemes with Traceable Signers.Information ProcessingLetters,1999,71(1):1-4.13Xu Qiu- Liang.
Summary of the invention
In order to solve the above problems existing in the present technology, it is an object of that present invention to provide (m, N) Threshold Groups based on ECC Endorsement method.
The technical scheme adopted by the invention is as follows:
(m, N) threshold group signatures method based on ECC, includes the following steps;
S1, according to elliptic curve, a secret information k is safely randomly generatedsAnd calculate its scalar multiplication K with basic point GS =ksG, (ks, KS) one key pair of composition, wherein ksFor private key, KsFor public key, elliptic curve parameter is p, a, b, n, G, wherein P is Big prime or 2l, l is integer, and a, b are coefficient, and n is rank, and G is basic point;
S2, by secret information ksIt is divided into m part, generates x at randomi, and according to xiCalculate yi, xiAs group's verification public key A part, yiFor the signature private key of user, i ∈ { 1 ..., N };
S3, possessing private key yi, i ∈'s { 1 ..., N } votes containing initiation in N number of member organization, when in N number of member Any m member agrees to, can realize (m, N) threshold group signatures by executing.
ECC algorithm is the difficult math question based on discrete logarithm, i.e., a point Q on given an integer z and elliptic curve, Calculate Qz=zQ is easy, but gives Q in turnzAnd Q, it is infeasible for seeking z.
Specifically, in the step S1, the first kind curvilinear equation of elliptic curve are as follows:
y2=x3+ax+b
Wherein, a, b be coefficient, and the elliptic curve be applicable in the domain GF (p), due to p be Big prime, hereafter group's verification public key and It is 0,1,2,3,4,5,6 to the modulus value of p in the generating process of signature private key.
Alternatively, in the step S1, the second class curvilinear equation of elliptic curve are as follows:
y2+ xy=x3+ax+b
Wherein, a, b are coefficient, and the elliptic curve is applicable in GF (2l) domain, the hereafter life of group's verification public key and signature private key At in the process with use equation for y2=x3The calculation method of the elliptic curve of+ax+b is identical, only to 2 in calculatingmIt carries out Modulus, and modulus value is 0,1 ..., 31.
Any m (m < N) a above (containing m) partially can produce effective group ranking, by the verifying of group's public key, herein Group's public key be point on an elliptic curve, be denoted as Ks
When using first kind curvilinear equation, in the step S2, xiAnd yiSpecific calculation method are as follows:
S21, a secret information k is safely generated at randoms, calculate KS=ksG, a part as group's public key;
S22, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am-1Mod (p), wherein p is big Prime number, mod (p) is to carry out modular arithmetic to p, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1
S23, x is chosen1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi= Pm-1(xi) mod (p), i=1 ..., N;
S24, open x1, x2..., xN, i.e. xi, i ∈ { 1 ..., N } is used as system parameter, for verifying group ranking;
Secrecy y1, y2..., yN, by yi, i ∈ { 1 ..., N } is distributed to N number of member by hidden passageway respectively, as signature Private key, each member have a signature private key yi
When using the second class curvilinear equation, in the step S2, xiAnd yiSpecific calculation method are as follows:
S21, a secret information k is safely generated at randoms, calculate KS=ksG, a part as group's public key;
S22, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am-1mod(2l), wherein l is Integer, mod (2l) it is to 2lModular arithmetic is carried out, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1
S23, x is chosen1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi= Pm-1(xi)mod(2l), i=1 ..., N;
S24, open x1, x2..., xN, i.e. xi, i ∈ { 1 ..., N } is used as system parameter, for verifying group ranking;
Secrecy y1, y2..., yN, by yi, i ∈ { 1 ..., N } is distributed to N number of member by hidden passageway respectively, as signature Private key, each member have a signature private key yi
Further, in the step S3, specific endorsement method are as follows:
For an information text, each to the tissue of content approval, it is assumed that be i-th, corresponding signature private key is yi, It is done as follows:
S31, the hashed value h=Hash (text) for calculating information text;
S32, a random number k is generatedi, calculate Ri=kiG=(xR,i, yR,i), xR,i, yR,iRespectively X-axis and Y axis coordinate, Enable ci=xR,i
S33, calculatingWherein,For inverse element calculating, ciyiFor big integer, siIt is big Integer;
S34, (text, s are obtainedi,Ri) the signature value of member and announce away.
Still further, threshold group signatures method further includes verification step.
The verification step includes:
S41, member signature value (text, si,Ri) group the m that is less than, return to failure;If choosing m progress more than m Verifying calculates.
Still further, the verification step further include:
S42, assume that the member chosen corresponds to x1, x2..., xm, corresponding secret for y1, y2..., ym, then:
MatrixAdjoint matrix
Meeting XX*=det (X) I, I is unit matrix, and det (*) is the value for seeking determinant;
S43, to each group of (text, cj,sj,Rj), cj=xR,j, it is RjX-coordinate point, calculate elliptic curve on point Tj:
S44, calculating
S45, calculating
If S46,Then it is verified.
The invention has the benefit that
The present invention overcomes the defect of traditional group ranking, any m in N number of secret can produce effective group ranking, And m-1 then cannot.(m, N) threshold group signatures method based on ECC of the invention be it is safe, signature private key will not expose Out, it and does not need a believable third party (TC) and can verify.
Specific embodiment
The present invention is further elaborated combined with specific embodiments below.
Embodiment:
Fundamentals of Mathematics of the invention are as follows:
Adjoint matrix:
Referred to as n rank Vandermonde determinant, the value of determinant are as follows:
Obviously, if xiIt is different, then Dn≠0.Its corresponding matrix:
There are adjoint matrix X*:
So that XX*=det (X) I, I is unit matrix here.
(m, N) threshold group signatures method based on ECC of the present embodiment, includes the following steps:
The first step, according to the elliptic curve of formula (1) first kind curvilinear equation, a secret information k is safely randomly generateds And calculate its scalar multiplication K with basic point GS=ksG, (ks, KS) one key pair of composition, wherein ksFor private key, KsIt is ellipse for public key Curve parameters are p, a, b, n, G, and wherein p is Big prime or 2l, l is integer, and a, b are coefficient, and n is rank, and G is basic point:
y2=x3+ax+b (1)
Wherein, a, b be coefficient, and the elliptic curve be applicable in the domain GF (p), due to p be Big prime, hereafter group's verification public key and It is 0,1,2,3,4,5,6 to the modulus value of P in the generating process of signature private key.
Elliptic curve can be also the second class curvilinear equation:
y2+ xy=x3+ax+b
Wherein, a, b are coefficient, and the elliptic curve is applicable in GF (2l) domain, the hereafter life of group's verification public key and signature private key At in the process with use equation for y2x3The calculation method of the elliptic curve of+ax+b is identical, only to 2 in calculatingmIt is taken Mould, and modulus value is 0,1 ..., 31.
Key pair is meant that: being used private key signature, can be used public key verifications success.
ECC algorithm is the difficult math question based on discrete logarithm, i.e., a point Q on given an integer z and elliptic curve, Calculate Qz=zQ is easy, but gives Q in turnzAnd Q, it is infeasible for seeking z.
Under second step, ECC system, by secret information ksIt is divided into m part, generates x at randomi, and according to xiCalculate yi, xiMake For a part of group's verification public key, yiFor the signature private key of user, i ∈ { 1 ..., N } (contains above wherein any m (m < N) is a M) it partially can produce effective group ranking, by the verifying of group's public key, group's public key herein is the point on an elliptic curve, It is denoted as Ks, group's public key and the specific calculation method of signature private key are as follows:
Choose a secret information ks, calculate KS=ksG, a part as group's public key;
When using first kind curvilinear equation, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am- 1Mod (p), wherein p is Big prime, and mod (p) is to carry out modular arithmetic to p, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1 (2)
Choose x1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi=Pm-1 (xi) mod (p), i=1 ..., N;
When using the second class curvilinear equation, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am- 1mod(2l), wherein l is integer, mod (2l) it is to 2lModular arithmetic is carried out, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1
Choose x1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi=Pm-1 (xi)mod(2l), i=1 ..., N;
Open x1, x2..., xN, i.e. xi, i ∈ { 1 ... N } is used as system parameter, for verifying group ranking, secrecy y1, y2..., yN, by yi, i ∈ { 1 ..., N } is distributed to N number of member by hidden passageway respectively, as signature private key, each member There is a signature private key yi
Third step is possessing private key yi, i ∈'s { 1 ..., N } votes containing initiation in N number of member organization, as N number of member In any m member agree to, can pass through execute, realize (m, N) threshold group signatures.
Specific endorsement method are as follows:
For a text information text, each to the tissue of content approval, it is assumed that it is i-th, corresponding signature private key For yi, it is done as follows:
It is the hashed value of text firstly, calculating h=Hash (text);
Then, a random number k is generatedi, calculate Ri=kiG=(xR,i, yR,i), xR,i, yR,iRespectively X-axis and Y-axis are sat Mark, enables ci=xR,i
Then, it calculatesWherein,For inverse element calculating, ciyiFor big integer, siIt is big Integer;
Finally, (text, si,Ri) i.e. member signature value, announcement goes out.
(m, N) threshold group signatures method based on ECC, further includes verification step.
If (text, si,Ri) group the m that is less than, return to failure;If choosing m more than m and carrying out verifying calculating.It does not lose It is general, it is assumed that the member of selection corresponds to x1, x2..., xm, corresponding secret for y1, y2..., ym
MatrixAdjoint matrixMeet XX*=det (X) I, I is unit matrix, and det (*) seeks determinant Value.
Verification process is as follows:
Firstly, to each group of (text, cj, sj, Rj), cj=xR, j, it is RjX-coordinate point, calculate elliptic curve on point Tj, such as formula (3);
Then, it calculates
Then, it calculates
IfThen it is verified.
The present invention is proved as follows:
Symbol letter meaning is same as above, because of yi=Pm-1(xi) mod (p), i=1 ..., m.Remember Y=(y1, y2..., ym), it obtains Formula (4):
AX=Ymod (p) (4)
Enable X*For the adjoint matrix on integer field, then X*Meet XX*=det (X) I is enabled:
HereThen there are formula (6):
Det (X) A=YX*over Z (6)
Wherein, over Z is that the equation exists on integer field, therefore:
Same above formula is set up in GF (p) number field, i.e. formula (7):
By: siki=(h+ciyi), dot product is done to G simultaneously in both sides, obtains: sikiG=(hG +yi.ciG) i.e.:
siRi=hG+yi.ciG
It can obtainBoth sides simultaneously multiplied byAnd formula (8) are obtained by formula (3):
Formula (8) both sides sum to i, the right T, the left side are as follows:
So ifThen it is verified.
It is as follows that safety analysis is carried out to the present invention:
I. from proof procedure above it is found that any k-1 part in N cannot generate effective signature T.
Ii. due to from Tj, j=1 ..., k andMiddle calculating yjDifficulty be equal to and calculate discrete logarithm Complexity, theoretically attacker cannot be from SjIn obtain yj.Therefore, TjY will not be exposedjAny information.
Iii. the threshold group signatures method of the invention based on ECC is safe.
Thus, (k, N) thresholding ECC group signature method of the invention is safe.
The present invention is not limited to above-mentioned optional embodiment, anyone can show that other are various under the inspiration of the present invention The product of form, however, make any variation in its shape or structure, it is all to fall into the claims in the present invention confining spectrum Technical solution, be within the scope of the present invention.

Claims (9)

1. (m, N) threshold group signatures method based on ECC, it is characterised in that: include the following steps;
S1, according to elliptic curve, a secret information k is safely randomly generatedsAnd calculate its scalar multiplication K with basic point GS= ksG, (ks, KS) one key pair of composition, wherein ksFor private key, KsFor public key, elliptic curve parameter is p, a, b, n, G, wherein p For Big prime or 2l, l is integer, and a, b are coefficient, and n is rank, and G is basic point;
S2, by secret information ksIt is divided into m part, generates x at randomi, and according to xiCalculate yi, xiOne as group's verification public key Part, yiFor the signature private key of user, i ∈ { 1 ..., N };
S3, possessing private key yi, i ∈'s { 1 ..., N } votes containing initiation in N number of member organization, as any m in N number of member A member agrees to, can realize (m, N) threshold group signatures by executing.
2. (m, N) threshold group signatures method according to claim 1 based on ECC, it is characterised in that: the step S1 In, the equation of elliptic curve are as follows:
y2=x3+ax+b
Wherein, a, b are coefficient, and the elliptic curve is applicable in the domain GF (p).
3. (m, N) threshold group signatures method according to claim 1 based on ECC, it is characterised in that: the step S1 In, the equation of elliptic curve are as follows:
y2+ xy=x3+ax+b
Wherein, a, b are coefficient, and the elliptic curve is applicable in GF (2l) domain.
4. (m, N) threshold group signatures method according to claim 2 based on ECC, it is characterised in that: the step S2 In, xiAnd yiSpecific calculation method are as follows:
S21, a secret information k is safely generated at randoms, calculate KS=ksG, a part as group's public key;
S22, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am-1Mod (p), wherein p is big element Number, mod (p) is to carry out modular arithmetic to p, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1
S23, x is chosen1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi=Pm-1 (xi) mod (p), i=1 ..., N;
S24, open x1, x2..., xN, i.e. xi, i ∈ { 1 ..., N } is used as system parameter, for verifying group ranking;
Secrecy y1, y2..., yN, by yi, i ∈ { 1 ..., N } is distributed to N number of member by hidden passageway respectively, as signature private key, Each member has a signature private key yi
5. (m, N) threshold group signatures method according to claim 3 based on ECC, it is characterised in that: the step S2 In, xiAnd yiSpecific calculation method are as follows:
S21, a secret information k is safely generated at randoms, calculate KS=ksG, a part as group's public key;
S22, by ksIt is divided into m part a0, a1..., am-1, that is, meet ks=a0+a1+…+am-1mod(2l), wherein l is integer, mod(2l) it is to 2lModular arithmetic is carried out, in ring ZpUpper composition multinomial Pm-1(x):
Pm-1(x)=a0+a1x+a2x2+…+am-1xm-1
S23, x is chosen1, x2..., xN, so that meeting xi=xj, and if only if i=j;I, j ∈ 1 ..., and N }, calculate yi=Pm-1 (xi)mod(2l), i=1 ..., N;
S24, open x1, x2..., xN, i.e. xi, i ∈ { 1 ..., N } is used as system parameter, for verifying group ranking;
Secrecy y1, y2..., yN, by yi, i ∈ { 1 ..., N } is distributed to N number of member by hidden passageway respectively, as signature private key, Each member has a signature private key yi
6. (m, N) threshold group signatures method according to claim 4 or 5 based on ECC, it is characterised in that: the step In S3, specific endorsement method are as follows:
For an information text, each to the tissue of content approval, it is assumed that be i-th, corresponding signature private key is yi, do as Lower operation:
S31, the hashed value h=Hash (text) for calculating information text;
S32, a random number k is generatedi, calculate Ri=kiG=(xR,i, yR,i), xR,i, yR,iRespectively X-axis and Y axis coordinate, enable Ci =xR,i
S33, calculatingWherein,For inverse element calculating, ciyiFor big integer, siFor big integer;
S34, (text, s are obtainedi,Ri) the signature value of member and announce away.
7. (m, N) threshold group signatures method according to claim 6 based on ECC, it is characterised in that: threshold group signatures side Method further includes verification step.
8. (m, N) threshold group signatures method according to claim 7 based on ECC, it is characterised in that: the verification step Include:
S41, member signature value (text, si,Ri) group the m that is less than, return to failure;If choosing m more than m and being verified It calculates.
9. (m, N) threshold group signatures method according to claim 8 based on ECC, it is characterised in that: the verification step Further include:
S42, assume that the member chosen corresponds to x1, x2..., xm, corresponding secret for y1, y2..., ym, then:
MatrixAdjoint matrix
Meet XX*=det (X) I, I is unit matrix, and det (*) is the value for seeking determinant;
S43, to each group of (text, cj, sj, Rj), cj=xR,j, it is RjX-coordinate point, calculate elliptic curve on point Tj:
S44, calculating
S45, calculating
If S46,Then it is verified.
CN201811015313.9A 2018-08-31 2018-08-31 ECC-based (m, N) threshold group signature method Active CN109150545B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811015313.9A CN109150545B (en) 2018-08-31 2018-08-31 ECC-based (m, N) threshold group signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811015313.9A CN109150545B (en) 2018-08-31 2018-08-31 ECC-based (m, N) threshold group signature method

Publications (2)

Publication Number Publication Date
CN109150545A true CN109150545A (en) 2019-01-04
CN109150545B CN109150545B (en) 2021-10-08

Family

ID=64826034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811015313.9A Active CN109150545B (en) 2018-08-31 2018-08-31 ECC-based (m, N) threshold group signature method

Country Status (1)

Country Link
CN (1) CN109150545B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192928A (en) * 2006-12-01 2008-06-04 华为技术有限公司 Mobile ad hoc authentication method, network and system
CN101702806A (en) * 2009-07-24 2010-05-05 华中科技大学 Method for realizing wireless network anonymous access authentication system
CN103209413A (en) * 2013-01-29 2013-07-17 无锡南理工科技发展有限公司 Threshold tracking Ad Hoc network anonymous authentication method free of trusted center
CN104079412A (en) * 2014-07-08 2014-10-01 甘肃省电力设计院 Trusted PKG-free threshold proxy signature method based on identity safety of smart power grid
US20180146035A1 (en) * 2016-11-19 2018-05-24 Dominic Williams System architecture and method of processing data therein

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192928A (en) * 2006-12-01 2008-06-04 华为技术有限公司 Mobile ad hoc authentication method, network and system
CN101702806A (en) * 2009-07-24 2010-05-05 华中科技大学 Method for realizing wireless network anonymous access authentication system
CN103209413A (en) * 2013-01-29 2013-07-17 无锡南理工科技发展有限公司 Threshold tracking Ad Hoc network anonymous authentication method free of trusted center
CN104079412A (en) * 2014-07-08 2014-10-01 甘肃省电力设计院 Trusted PKG-free threshold proxy signature method based on identity safety of smart power grid
US20180146035A1 (en) * 2016-11-19 2018-05-24 Dominic Williams System architecture and method of processing data therein

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
AHMED KAMAL;HISHAM DAHSHAN: ""An Elliptic Curve Threshold Group Signature Scheme"", 《INTERNATIONAL CONFERENCE ON AEROSPACE SCIENCES AND AVIATION TECHNOLOGY》 *
XUEMING WANG; YURONG DONG: ""Threshold Group Signature Scheme with Privilege Subjects Based on ECC"", 《2010 INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND INTELLIGENCE INFORMATION SECURITY》 *
刘东: ""椭圆曲线密码体制的应用研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
刘雁孝: "" (k,n)门限密钥共享技术研究"", 《中国博士学位论文全文数据库 信息科技辑》 *
成凤舞: ""基于椭圆曲线密码体制的门限签密研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
李海峰: ""无可信中心的(t,n)门限群签名方案研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
王贵林; 卿斯汉: "" 几个门限群签名方案的弱点"", 《软件学报》 *

Also Published As

Publication number Publication date
CN109150545B (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN107733648B (en) Identity-based RSA digital signature generation method and system
Mandt et al. Certificateless authenticated two-party key agreement protocols
US7533270B2 (en) Signature schemes using bilinear mappings
US7584363B2 (en) Fair blind signature process
Brickell et al. Enhanced privacy ID from bilinear pairing
CN107707358A (en) A kind of EC KCDSA digital signature generation method and system
Yuan et al. Certificateless threshold signature scheme from bilinear maps
Liu et al. Certificate-based sequential aggregate signature
Nayak A secure ID-based signcryption scheme based on elliptic curve cryptography
Wang et al. Simulatable and secure certificate‐based threshold signature without pairings
Hwang et al. New efficient batch verification for an identity‐based signature scheme
CN109150545A (en) (m, N) threshold group signatures method based on ECC
Li et al. Secure obfuscation of a two-step oblivious signature
Shao et al. Efficient ID-based threshold signature schemes without pairings
El Kinani et al. Proposed Developments of Blind Signature Scheme based on The Elliptic Curve Discrete Logarithm Problem
CN109412815A (en) A kind of method and system for realizing cross-domain secure communication
Wang Signer‐admissible strong designated verifier signature from bilinear pairings
Alornyo et al. ID-based plaintext checkable signcryption with equality test in healthcare systems
Islam et al. Design of an efficient ID-based short designated verifier proxy signature scheme
Chang An ID-based group-oriented decryption scheme secure against adaptive chosen-ciphertext attacks
Bakshi et al. Privacy enhanced attribute based eSign
Qian et al. Efficient Pairing‐Based Threshold Proxy Signature Scheme with Known Signers
EP1921790A1 (en) Signature schemes using bilinear mappings
Sarier Biometric identity based signature revisited
Ren et al. Attribute–based signature schemes with accountability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210910

Address after: No.18-10, north section of Tianfu Avenue, high tech Zone, Chengdu, Sichuan 610000

Applicant after: Shang Xiaopeng

Address before: 2502-12, 25 / F, innovation building, Southwest Jiaotong University, No. 111, north section of the Second Ring Road, smart city, Jinniu District, Chengdu, Sichuan 610000

Applicant before: CHENGDU BOSHA TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20231204

Address after: No. 4657, tourist road, Licheng District, Jinan City, Shandong Province

Patentee after: SHANDONG URBAN CONSTRUCTION VOCATIONAL College

Address before: No.18-10, north section of Tianfu Avenue, high tech Zone, Chengdu, Sichuan 610000

Patentee before: Shang Xiaopeng

TR01 Transfer of patent right