CN109245897A - A kind of node authentication method and device based on noninteractive zero-knowledge proof - Google Patents
A kind of node authentication method and device based on noninteractive zero-knowledge proof Download PDFInfo
- Publication number
- CN109245897A CN109245897A CN201810966585.0A CN201810966585A CN109245897A CN 109245897 A CN109245897 A CN 109245897A CN 201810966585 A CN201810966585 A CN 201810966585A CN 109245897 A CN109245897 A CN 109245897A
- Authority
- CN
- China
- Prior art keywords
- authentication
- registration
- key
- public key
- requesting party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Registration side is arranged as third party's trust authority in the present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof between requesting party and authentication;Registration side carries out information to the verification process between requesting party and authentication and generates and send, so that other than authentication finally informs whether requesting party's certification is successful, being not necessarily to information exchange between requesting party and authentication again during entire entity authentication.Therefore, requesting party does not have any secret information and is leaked, reach the highly confidential of requesting party's privacy information with this, and success could be authenticated without carrying out multiple information exchange between requesting party and authentication, improves the efficiency of entity authentication process and the likability of user experience.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of entity authentications based on noninteractive zero-knowledge proof
Method and apparatus.
Background technique
As the emerging product of big data era, mobile gunz sensing network can will make the function extreme enrichment of people,
The perception data that people as independent individual in society will not only use in network, and can actively " production " data upload to
So as to other users use in network, user is initially as data perception, collection, analysis and excavates main body, spontaneously completes
All processes, and then complete to be published perception task in a network.With universal, the mobile intelligent perception of mobile terminal device
Network, which has begun, is widely used and has penetrated into different social sectors, such as environmental nonpollution quality
Monitoring, intelligent transportation trip and municipal administration service etc., it profoundly changes our Working and life styles extensively.
But when multi-user shares perception data to cooperate to complete same task in the presence of all, they need mutually to be harmonious
Make, and in order to ensure privacy is not leaked, it is needed between these mobile nodes in the feelings for not revealing any information to other nodes
Trust authentication is completed under condition, data are informed in reinflated cooperation later.
Traditional entity authentication mechanism, is generally divided into two kinds: one is the mechanism checked based on password, but this method has
The risk for having password stolen;For second the mechanism based on key encryption, but this method have key by repeated detection it
The risk being cracked afterwards.
Therefore, all there is privacy information in verification process to be leaked, cause to save for above two traditional entity authentication mechanism
The problem of point certification risk, therefore at present mainly using the entity authentication mode based on zero-knowledge proof, zero-knowledge proof
It can prove that oneself possesses secret information in the case where not divulging privacy information, well solve impermeable during entity authentication
The problem of completing entity authentication under the premise of leaking privacy information.
But traditional entity authentication mode based on zero-knowledge proof requires certification both sides and passes through repeatedly interaction, from
And determining that proof each time is not that accidentally, verifying can trust the side of being verified just now, this mode is in mobile gunz sensing network
In be clearly it is not efficient enough, will lead to certification both sides multiple information exchange needed just to can determine that and authenticate successfully, if horde
In intelligence sensing network use this entity authentication mode based on interactive zero-knowledge proof, then make entity authentication low efficiency,
Poor user experience influences product sales volume.
Summary of the invention
In order to solve in above-mentioned traditional entity authentication mode based on zero-knowledge proof, entity authentication low efficiency, user
Experience the problem of difference, on the one hand, the present invention provides a kind of node authentication methods, comprising:
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key
Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side
Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result
The side of asking.
Preferably, request direction registration side initiates registration, and registration side returns to requesting party with the main key of requesting party, comprising:
If the registration of requesting party is agreed to by registration side, the side of registration returns to requesting party with the main key of requesting party;
If registration side disagrees the registration of requesting party, requesting party's registration failure, entity authentication process stops.
Preferably, registration side calls registration side's key schedule to generate registration side's public key and registration side's private key, authentication
Authentication key schedule is called to generate authentication public key and authentication private key, the main key generating algorithm in call request side of registration side
The main key of requesting party is generated, authentication calls verification public key generating algorithm to generate verification public key, and requesting party calls verification result to generate
Algorithm is verified as a result, registration side calls verification public key validity checking algorithm to obtain investigation result, authentication call result
Check algorithm judges whether verification result is correct.
Preferably, registration side's key schedule, authentication key schedule, the main key generating algorithm of requesting party, verifying
Public key generating algorithm, verification result generating algorithm, verification public key validity checking algorithm and result check that algorithm is all made of high-order
Group is theoretical, and is stored in cloud.
Preferably, investigation result includes:
Requesting party is legitimate user, then exports non-zero natural number;
Requesting party is illegal user, then exports 0.
Preferably, it is one of correct node that authentication, which is verification result,.
On the other hand, the present invention provides a kind of entity authentication device based on zero-knowledge proof, comprising:
Request module, for initiating registration and the main key in acquisition request side to registration side;Or according to the main key of requesting party and verifying
Public key is verified result;
Registration module, for generating registration side's public key and registration side's private key, and broadcast registration side's public key;Or by requesting party master
Key informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and investigation result is informed into authentication;
Authentication module, for generating authentication public key and authentication private key;Or according to registration side's public key, authentication private key and
The main key of requesting party generates verification public key, and verification public key is informed registration side;Or according to authentication private key, verification result and tune
Look into as a result, whether correct, and inform requesting party if judging verification result.
Another aspect, the present invention provides a kind of electronic equipments for the entity authentication based on zero-knowledge proof, comprising:
Memory and processor, processor and memory complete mutual communication by bus;Memory is stored with can
The program instruction being executed by processor, the instruction of processor caller are able to carry out above-mentioned method.
In another aspect, being stored thereon with computer program the present invention provides a kind of computer readable storage medium, calculate
Machine program realizes above-mentioned method when being executed by processor.
The present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof, in requesting party and
Registration side is set between authentication and is used as third party's trust authority;Registration side to the verification process between requesting party and authentication into
Row information is generated and is sent, so that during entire entity authentication, in addition to authentication finally informs whether requesting party's certification succeeds
Except, information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, with
This reaches the highly confidential of requesting party's privacy information, and can just recognize between requesting party and authentication without carrying out multiple information exchange
Demonstrate,prove the likability of the efficiency and user experience that successfully improve entity authentication process.
Detailed description of the invention
Fig. 1 is the flow diagram according to a kind of node authentication method of a preferred embodiment of the invention;
Fig. 2 is the structural schematic diagram according to a kind of entity authentication device of a preferred embodiment of the invention;
Fig. 3 is the structural representation according to a kind of electronic equipment for entity authentication of a preferred embodiment of the invention
Figure;
Fig. 4 is the signaling interaction diagram according to a kind of node authentication method of a preferred embodiment of the invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below
Example is not intended to limit the scope of the invention for illustrating the present invention.
Currently, mobile gunz sensing network can will make the function extreme enrichment of people, as independent individual in society
The perception data that people will not only use in network, and can actively " production " data upload in network so that other users make
With user is initially as data perception, collection, analysis and excavates main body, spontaneously completes all processes, and then complete to be sent out
The perception task of cloth in a network.But when multi-user shares perception data to cooperate to complete same task in the presence of all, they
It needs to work in coordination, i.e. progress entity authentication.
In traditional entity authentication mode, there are privacy informations in verification process to be leaked, and leads to entity authentication risk, or
The problem of entity authentication low efficiency, poor user experience.
Fig. 1 is according to a kind of flow diagram of node authentication method of a preferred embodiment of the invention, such as Fig. 1 institute
Show, the present invention provides a kind of node authentication methods, comprising:
Step S101, registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Step S102, authentication generates authentication public key and authentication private key according to registration side's public key;
Step S103, request direction registration side initiates registration and the main key in acquisition request side, and registration side accuses the main key of requesting party
Know authentication;
Step S104, authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and
Verification public key is informed into registration side;
Step S105, requesting party is according to the main key of requesting party and verification public key, is verified as a result, registration side is by verification result
Inform authentication;
Step S106, registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed
Authentication;
Step S107, authentication judges whether verification result is correct according to authentication private key, verification result and investigation result
And inform requesting party.
Specifically, registration side is generally served as by task publisher, and registration side generates the public private key pair of oneself, i.e. registration side is public
Key and registration side's private key, and registration side's public key is broadcasted in a network;After authentication captures registration side's public key in a network,
Some of elements are first as the generation of oneself, generate the public private key pair of oneself, i.e. authentication public key and authentication private key;Please
It asks direction registration side to initiate registered task, if requesting party succeeds in registration, registers direction requesting party and send the main key of requesting party, and will
The main key of requesting party informs authentication;Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party
And inform registration side.
Next, requesting party according to the main key of requesting party and verification public key, is verified as a result, registration side is by the verification result
Inform verifying;And root is registered according to registration side's public key and verification public key, investigation result is obtained, and the investigation result is informed and is verified
Side.
Finally, it is verified that side is verified after result and investigation result, in conjunction with authentication private key, whether verification result is judged
Correctly and inform requesting party.That is authentication combination authentication private key, calculates verification result and investigation result;If calculating knot
Fruit reaches expected, then verification result is correct, judges requesting party for legitimate user, authentication informs that requesting party authenticates successfully;If meter
It calculates result to be not up to expected, then verification result is incorrect, judges requesting party for illegal user, authentication is informed that requesting party authenticates and lost
It loses.
The embodiment of the present invention is used by regarding registration side as third party's trust authority in the front transfer of requesting party and authentication
In the information of certification, so that during entire entity authentication, other than authentication finally informs whether requesting party's certification is successful,
Information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, and is reached with this
Requesting party's privacy information it is highly confidential, and could authenticate between requesting party and authentication without carrying out multiple information exchange
Function improves entity authentication process and user experience.
Based on the above embodiment, request direction registration side initiates registration, and registration side returns to requesting party with the main key of requesting party, packet
It includes:
If the registration of requesting party is agreed to by registration side, the side of registration returns to requesting party with the main key of requesting party;
If registration side disagrees the registration of requesting party, requesting party's registration failure, entity authentication process stops.
Further, registration side calls registration side's key schedule to generate registration side's public key and registration side's private key, verifying
Side calls authentication key schedule to generate authentication public key and authentication private key, and the main key in call request side of registration side, which generates, to be calculated
Method generates the main key of requesting party, and authentication calls verification public key generating algorithm to generate verification public key, and requesting party calls verification result raw
It is verified at algorithm as a result, registration side calls verification public key validity checking algorithm to obtain investigation result, authentication calls knot
Fruit checks algorithm judges whether verification result is correct.
It should be noted that registration side's key schedule, authentication key schedule, the main key of requesting party are generated and are calculated
Method, verification public key generating algorithm, verification result generating algorithm, verification public key validity checking algorithm and result check that algorithm is adopted
It is theoretical with high-order group, and it is stored in cloud.
Based on the above embodiment, registration root obtains investigation result, the investigation result according to registration side's public key and verification public key
Include:
Requesting party is legitimate user, then exports non-zero natural number;
Requesting party is illegal user, then exports 0.
It should be noted that it is one of correct node that authentication, which is verification result,.
Fig. 4 is according to a kind of signaling interaction diagram of node authentication method of a preferred embodiment of the invention, such as Fig. 4 institute
Show, the embodiment of the present invention provides a complete embodiment, for illustrating the concrete application mistake of node authentication method of the invention
Journey, be described below in serial number correspond to Fig. 4 in serial number.
The concrete application process of node authentication method of the invention includes:
1, registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key, authentication are caught in the broadcast
Grasp registration side's public key;
2, authentication generates authentication public key and authentication private key according to registration side's public key, and authentication public key is informed
Registration side;
3~5, request direction registration side initiates registration and the main key in acquisition request side, and registration side asks the main key informing of requesting party
The side of asking and authentication;
6~7, authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and will test
It demonstrate,proves public key and informs registration side;Registration side is verified after public key, and verification public key is informed requesting party;
8~9, requesting party is verified result and informs registration side according to the main key of requesting party and verification public key;Registration side
To after verification result, verification result is informed into authentication;
10, registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed and is verified
Side;
11, authentication judges whether verification result is correct and informs according to authentication private key, verification result and investigation result
Requesting party.
Fig. 2 is according to a kind of structural schematic diagram of entity authentication device of a preferred embodiment of the invention, such as Fig. 2 institute
Show, the embodiment of the invention provides a kind of entity authentication device based on zero-knowledge proof, the device include registration module 201,
Request module 202 and authentication module 203, in which:
Request module 201, for initiating registration and the main key in acquisition request side to registration side;Or it according to the main key of requesting party and tests
Public key is demonstrate,proved, result is verified;
Registration module 202, for generating registration side's public key and registration side's private key, and broadcast registration side's public key;Or it will request
The main key in side informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and investigation result is informed and is verified
Side;
Authentication module 203, for generating authentication public key and authentication private key;Or it is private according to registration side's public key, authentication
Key and the main key of requesting party generate verification public key, and verification public key are informed registration side;Or according to authentication private key, verification result
And investigation result, whether correct judge verification result, and inform requesting party.
Fig. 3 is the structural representation according to a kind of electronic equipment for entity authentication of a preferred embodiment of the invention
Figure, as shown in figure 3, the embodiment of the invention provides a kind of electronic equipment for the entity authentication based on zero-knowledge proof, it should
Equipment includes processor 301, memory 302 and bus 303;
Wherein, processor 301 and memory 302 complete mutual communication by bus 303;
Processor 301 is used to call the program instruction in memory 302, to execute provided by above-mentioned each method embodiment
Method, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key
Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side
Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result
The side of asking.
The embodiment of the present invention discloses a kind of computer program product, and computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, computer program include program instruction, when program instruction is computer-executed,
Computer is able to carry out method provided by above-mentioned each method embodiment, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key
Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side
Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result
The side of asking.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storage medium
Computer instruction is stored, computer instruction makes computer execute method provided by above-mentioned each method embodiment, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key
Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side
Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result
The side of asking.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
The various media that can store program code such as disk.
The embodiments such as device and equipment described above are only schematical, wherein single as illustrated by the separation member
Member may or may not be physically separated, and component shown as a unit may or may not be physics
Unit, it can it is in one place, or may be distributed over multiple network units.It can select according to the actual needs
Some or all of the modules therein realizes the purpose of the embodiment of the present invention.Those of ordinary skill in the art are not paying
In the case where creative labor, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
The method of certain parts of example or embodiment.
The present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof, in requesting party and
Registration side is set between authentication and is used as third party's trust authority;Registration side to the verification process between requesting party and authentication into
Row information is generated and is sent, so that during entire entity authentication, in addition to authentication finally informs whether requesting party's certification succeeds
Except, information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, with
This reaches the highly confidential of requesting party's privacy information, and can just recognize between requesting party and authentication without carrying out multiple information exchange
Demonstrate,prove the likability of the efficiency and user experience that successfully improve entity authentication process.
Finally, method of the invention is only preferable embodiment, it is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention
Within the scope of.
Claims (9)
1. a kind of node authentication method characterized by comprising
Registration side generates registration side's public key and registration side's private key, and broadcasts registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Registration side described in direction is requested to initiate registration and the main key in acquisition request side, the main key of the requesting party is informed by the registration side
The authentication;
The authentication generates verification public key according to registration side's public key, the authentication private key and the main key of the requesting party,
And the verification public key is informed into the registration side;
The requesting party is verified according to the main key of the requesting party and the verification public key as a result, the registration side will be described
Verification result informs the authentication;
The registration root obtains investigation result according to registration side's public key and the verification public key, and by the investigation result
Inform the authentication;
The authentication judges the verification result according to the authentication private key, the verification result and the investigation result
It is whether correct, and inform the requesting party.
2. a kind of node authentication method according to claim 1, which is characterized in that the hair of registration side described in the request direction
Registration is played, the registration side returns to the requesting party with the main key of requesting party, comprising:
If the registration of the requesting party is agreed to by the registration side, the registration side returns to the requesting party with the main key of requesting party;
If the registration side disagrees the registration of the requesting party, requesting party's registration failure, entity authentication process stops.
3. a kind of node authentication method according to claim 1, which is characterized in that call registration side's key in the registration side
Generating algorithm generates registration side's public key and registration side's private key, and the authentication calls authentication key schedule raw
At the authentication public key and the authentication private key, the main key generating algorithm in call request side of the registration side generates the request
The main key in side, the authentication call verification public key generating algorithm to generate the verification public key, and the requesting party calls verification result
Generating algorithm obtains the verification result, and the registration side calls verification public key validity checking algorithm to obtain the investigation knot
Fruit, the authentication call result check algorithm judges whether the verification result is correct.
4. a kind of node authentication method according to claim 3, which is characterized in that registration side's key schedule,
Authentication key schedule, the main key generating algorithm of requesting party, verification public key generating algorithm, verification result generating algorithm, verifying
It is theoretical that public key validity checking algorithm and result check that algorithm is all made of high-order group, and is stored in cloud.
5. a kind of node authentication method according to claim 1, which is characterized in that the investigation result includes:
The requesting party is legitimate user, then exports non-zero natural number;
The requesting party is illegal user, then exports 0.
6. a kind of node authentication method according to claim 1, which is characterized in that the authentication is the verification result
For one of correct node.
7. a kind of entity authentication device characterized by comprising
Request module, for initiating registration and the main key in acquisition request side to registration side;Or according to the main key of the requesting party and verifying
Public key is verified result;
Registration module for generating registration side's public key and registration side's private key, and broadcasts registration side's public key;Or by the request
The main key in side informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and by the investigation result
Inform the authentication;
Authentication module, for generating authentication public key and authentication private key;Or it is private according to registration side's public key, the authentication
Key and the main key of the requesting party generate verification public key, and the verification public key are informed the registration side;Or according to the verifying
Whether correct square private key, the verification result and the investigation result, judge the verification result, and inform requesting party.
8. a kind of electronic equipment for entity authentication characterized by comprising
Memory and processor, the processor and the memory complete mutual communication by bus;The memory
It is stored with the program instruction that can be executed by the processor, the processor calls described program instruction to be able to carry out right such as and wants
Seek 1 to 6 any method.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt
The method as described in claim 1 to 6 is any is realized when processor executes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810966585.0A CN109245897B (en) | 2018-08-23 | 2018-08-23 | Node authentication method and device based on non-interactive zero-knowledge proof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810966585.0A CN109245897B (en) | 2018-08-23 | 2018-08-23 | Node authentication method and device based on non-interactive zero-knowledge proof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109245897A true CN109245897A (en) | 2019-01-18 |
CN109245897B CN109245897B (en) | 2020-06-19 |
Family
ID=65068105
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810966585.0A Active CN109245897B (en) | 2018-08-23 | 2018-08-23 | Node authentication method and device based on non-interactive zero-knowledge proof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109245897B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110224837A (en) * | 2019-06-06 | 2019-09-10 | 西安纸贵互联网科技有限公司 | Zero-knowledge proof method and terminal based on distributed identity |
CN111245626A (en) * | 2020-01-19 | 2020-06-05 | 平安科技(深圳)有限公司 | Zero knowledge proving method, device and storage medium |
CN112636922A (en) * | 2020-12-21 | 2021-04-09 | 电子科技大学 | IOT identity authentication method based on non-interactive zero-knowledge proof |
CN113783705A (en) * | 2021-11-12 | 2021-12-10 | 北京华云安信息技术有限公司 | Zero knowledge proof method, verification terminal, equipment and storage medium of key |
CN114760067A (en) * | 2022-03-30 | 2022-07-15 | 西安电子科技大学 | Block chain group intelligent perception system privacy security protection method using zero knowledge certification |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008022158A2 (en) * | 2006-08-14 | 2008-02-21 | The Regents Of The University Of California | System for non-interactive zero-knowledge proofs |
CN101175076A (en) * | 2007-10-23 | 2008-05-07 | 赵运磊 | High-efficiency, deniable, safety-unforgeable cryptographic key exchanging protocol of on-line computation |
CN102263639A (en) * | 2010-05-31 | 2011-11-30 | 索尼公司 | Authentication device, authentication method, program, and signature generation device |
US20150100785A1 (en) * | 2013-10-09 | 2015-04-09 | Thomson Licensing | Method for ciphering a message via a keyed homomorphic encryption function, corresponding electronic device and computer program product |
WO2015055765A1 (en) * | 2013-10-16 | 2015-04-23 | Thomson Licensing | Method for generating a quasi-adaptive non-interactive zero-knowledge proof and corresponding electronic device |
CN104717067A (en) * | 2013-12-17 | 2015-06-17 | 中国移动通信集团辽宁有限公司 | Safety verification method, device and system based on non-interactive zero-knowledge |
US20170149796A1 (en) * | 2015-11-25 | 2017-05-25 | Yaron Gvili | Selectivity in privacy and verification with applications |
US20180034636A1 (en) * | 2017-09-12 | 2018-02-01 | QED-it Systems LTD | Method and system for creating public randomness |
-
2018
- 2018-08-23 CN CN201810966585.0A patent/CN109245897B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008022158A2 (en) * | 2006-08-14 | 2008-02-21 | The Regents Of The University Of California | System for non-interactive zero-knowledge proofs |
CN101175076A (en) * | 2007-10-23 | 2008-05-07 | 赵运磊 | High-efficiency, deniable, safety-unforgeable cryptographic key exchanging protocol of on-line computation |
CN102263639A (en) * | 2010-05-31 | 2011-11-30 | 索尼公司 | Authentication device, authentication method, program, and signature generation device |
US20150100785A1 (en) * | 2013-10-09 | 2015-04-09 | Thomson Licensing | Method for ciphering a message via a keyed homomorphic encryption function, corresponding electronic device and computer program product |
WO2015055765A1 (en) * | 2013-10-16 | 2015-04-23 | Thomson Licensing | Method for generating a quasi-adaptive non-interactive zero-knowledge proof and corresponding electronic device |
CN104717067A (en) * | 2013-12-17 | 2015-06-17 | 中国移动通信集团辽宁有限公司 | Safety verification method, device and system based on non-interactive zero-knowledge |
US20170149796A1 (en) * | 2015-11-25 | 2017-05-25 | Yaron Gvili | Selectivity in privacy and verification with applications |
US20180034636A1 (en) * | 2017-09-12 | 2018-02-01 | QED-it Systems LTD | Method and system for creating public randomness |
Non-Patent Citations (1)
Title |
---|
柳璐: "基于非交互零知识证明的匿名电子调查系统", 《网络与信息安全学报》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110224837A (en) * | 2019-06-06 | 2019-09-10 | 西安纸贵互联网科技有限公司 | Zero-knowledge proof method and terminal based on distributed identity |
CN110224837B (en) * | 2019-06-06 | 2021-11-19 | 西安纸贵互联网科技有限公司 | Zero-knowledge proof method and terminal based on distributed identity |
CN111245626A (en) * | 2020-01-19 | 2020-06-05 | 平安科技(深圳)有限公司 | Zero knowledge proving method, device and storage medium |
CN111245626B (en) * | 2020-01-19 | 2021-05-18 | 平安科技(深圳)有限公司 | Zero knowledge proving method, device and storage medium |
CN112636922A (en) * | 2020-12-21 | 2021-04-09 | 电子科技大学 | IOT identity authentication method based on non-interactive zero-knowledge proof |
CN113783705A (en) * | 2021-11-12 | 2021-12-10 | 北京华云安信息技术有限公司 | Zero knowledge proof method, verification terminal, equipment and storage medium of key |
CN114760067A (en) * | 2022-03-30 | 2022-07-15 | 西安电子科技大学 | Block chain group intelligent perception system privacy security protection method using zero knowledge certification |
CN114760067B (en) * | 2022-03-30 | 2023-09-12 | 西安电子科技大学 | Privacy security protection method for blockchain crowd sensing system by using zero knowledge proof |
Also Published As
Publication number | Publication date |
---|---|
CN109245897B (en) | 2020-06-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109245897A (en) | A kind of node authentication method and device based on noninteractive zero-knowledge proof | |
CN106209763B (en) | A kind of login method and system | |
CN103428696B (en) | Virtual SIM card achieving method and system and relevant device | |
JP2020064668A5 (en) | ||
CN108880822B (en) | Identity authentication method, device and system and intelligent wireless equipment | |
CN112000744B (en) | Signature method and related equipment | |
CN106302606B (en) | Across the application access method and device of one kind | |
CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
CN101527714B (en) | Method, device and system for accreditation | |
CN105898743B (en) | A kind of method for connecting network, apparatus and system | |
CN105227537A (en) | Method for authenticating user identity, terminal and service end | |
CN105871838A (en) | Third party account login control method and user center platform | |
CN109302370A (en) | A kind of client validation method, terminal and server | |
CN108647501A (en) | Multiple utility program shares password unlocking method, device, equipment and storage medium | |
CN106161475A (en) | The implementation method of subscription authentication and device | |
CN110324344A (en) | The method and device of account information certification | |
CN105337967A (en) | Method and system for achieving target server logging by user and central server | |
CN104486322B (en) | Terminal access authentication authorization method and terminal access authentication authoring system | |
CN106452763A (en) | Method for employing cipher key through remote virtual USB device | |
CN103391194A (en) | Method and system for unlocking safety equipment of user | |
CN111770087A (en) | Service node verification method and related equipment | |
Thomas et al. | Single sign-on in cloud federation using cloudsim | |
CN116402169B (en) | Federal modeling verification method, federal modeling verification device, federal modeling verification equipment and storage medium | |
CN109729048A (en) | A kind of joint qualification method, system, related platform and medium | |
CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |