CN109245897A - A kind of node authentication method and device based on noninteractive zero-knowledge proof - Google Patents

A kind of node authentication method and device based on noninteractive zero-knowledge proof Download PDF

Info

Publication number
CN109245897A
CN109245897A CN201810966585.0A CN201810966585A CN109245897A CN 109245897 A CN109245897 A CN 109245897A CN 201810966585 A CN201810966585 A CN 201810966585A CN 109245897 A CN109245897 A CN 109245897A
Authority
CN
China
Prior art keywords
authentication
registration
key
public key
requesting party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810966585.0A
Other languages
Chinese (zh)
Other versions
CN109245897B (en
Inventor
刘杨
陈凯敏
关建峰
许长桥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201810966585.0A priority Critical patent/CN109245897B/en
Publication of CN109245897A publication Critical patent/CN109245897A/en
Application granted granted Critical
Publication of CN109245897B publication Critical patent/CN109245897B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Registration side is arranged as third party's trust authority in the present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof between requesting party and authentication;Registration side carries out information to the verification process between requesting party and authentication and generates and send, so that other than authentication finally informs whether requesting party's certification is successful, being not necessarily to information exchange between requesting party and authentication again during entire entity authentication.Therefore, requesting party does not have any secret information and is leaked, reach the highly confidential of requesting party's privacy information with this, and success could be authenticated without carrying out multiple information exchange between requesting party and authentication, improves the efficiency of entity authentication process and the likability of user experience.

Description

A kind of node authentication method and device based on noninteractive zero-knowledge proof
Technical field
The present invention relates to field of computer technology more particularly to a kind of entity authentications based on noninteractive zero-knowledge proof Method and apparatus.
Background technique
As the emerging product of big data era, mobile gunz sensing network can will make the function extreme enrichment of people, The perception data that people as independent individual in society will not only use in network, and can actively " production " data upload to So as to other users use in network, user is initially as data perception, collection, analysis and excavates main body, spontaneously completes All processes, and then complete to be published perception task in a network.With universal, the mobile intelligent perception of mobile terminal device Network, which has begun, is widely used and has penetrated into different social sectors, such as environmental nonpollution quality Monitoring, intelligent transportation trip and municipal administration service etc., it profoundly changes our Working and life styles extensively.
But when multi-user shares perception data to cooperate to complete same task in the presence of all, they need mutually to be harmonious Make, and in order to ensure privacy is not leaked, it is needed between these mobile nodes in the feelings for not revealing any information to other nodes Trust authentication is completed under condition, data are informed in reinflated cooperation later.
Traditional entity authentication mechanism, is generally divided into two kinds: one is the mechanism checked based on password, but this method has The risk for having password stolen;For second the mechanism based on key encryption, but this method have key by repeated detection it The risk being cracked afterwards.
Therefore, all there is privacy information in verification process to be leaked, cause to save for above two traditional entity authentication mechanism The problem of point certification risk, therefore at present mainly using the entity authentication mode based on zero-knowledge proof, zero-knowledge proof It can prove that oneself possesses secret information in the case where not divulging privacy information, well solve impermeable during entity authentication The problem of completing entity authentication under the premise of leaking privacy information.
But traditional entity authentication mode based on zero-knowledge proof requires certification both sides and passes through repeatedly interaction, from And determining that proof each time is not that accidentally, verifying can trust the side of being verified just now, this mode is in mobile gunz sensing network In be clearly it is not efficient enough, will lead to certification both sides multiple information exchange needed just to can determine that and authenticate successfully, if horde In intelligence sensing network use this entity authentication mode based on interactive zero-knowledge proof, then make entity authentication low efficiency, Poor user experience influences product sales volume.
Summary of the invention
In order to solve in above-mentioned traditional entity authentication mode based on zero-knowledge proof, entity authentication low efficiency, user Experience the problem of difference, on the one hand, the present invention provides a kind of node authentication methods, comprising:
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result The side of asking.
Preferably, request direction registration side initiates registration, and registration side returns to requesting party with the main key of requesting party, comprising:
If the registration of requesting party is agreed to by registration side, the side of registration returns to requesting party with the main key of requesting party;
If registration side disagrees the registration of requesting party, requesting party's registration failure, entity authentication process stops.
Preferably, registration side calls registration side's key schedule to generate registration side's public key and registration side's private key, authentication Authentication key schedule is called to generate authentication public key and authentication private key, the main key generating algorithm in call request side of registration side The main key of requesting party is generated, authentication calls verification public key generating algorithm to generate verification public key, and requesting party calls verification result to generate Algorithm is verified as a result, registration side calls verification public key validity checking algorithm to obtain investigation result, authentication call result Check algorithm judges whether verification result is correct.
Preferably, registration side's key schedule, authentication key schedule, the main key generating algorithm of requesting party, verifying Public key generating algorithm, verification result generating algorithm, verification public key validity checking algorithm and result check that algorithm is all made of high-order Group is theoretical, and is stored in cloud.
Preferably, investigation result includes:
Requesting party is legitimate user, then exports non-zero natural number;
Requesting party is illegal user, then exports 0.
Preferably, it is one of correct node that authentication, which is verification result,.
On the other hand, the present invention provides a kind of entity authentication device based on zero-knowledge proof, comprising:
Request module, for initiating registration and the main key in acquisition request side to registration side;Or according to the main key of requesting party and verifying Public key is verified result;
Registration module, for generating registration side's public key and registration side's private key, and broadcast registration side's public key;Or by requesting party master Key informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and investigation result is informed into authentication;
Authentication module, for generating authentication public key and authentication private key;Or according to registration side's public key, authentication private key and The main key of requesting party generates verification public key, and verification public key is informed registration side;Or according to authentication private key, verification result and tune Look into as a result, whether correct, and inform requesting party if judging verification result.
Another aspect, the present invention provides a kind of electronic equipments for the entity authentication based on zero-knowledge proof, comprising:
Memory and processor, processor and memory complete mutual communication by bus;Memory is stored with can The program instruction being executed by processor, the instruction of processor caller are able to carry out above-mentioned method.
In another aspect, being stored thereon with computer program the present invention provides a kind of computer readable storage medium, calculate Machine program realizes above-mentioned method when being executed by processor.
The present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof, in requesting party and Registration side is set between authentication and is used as third party's trust authority;Registration side to the verification process between requesting party and authentication into Row information is generated and is sent, so that during entire entity authentication, in addition to authentication finally informs whether requesting party's certification succeeds Except, information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, with This reaches the highly confidential of requesting party's privacy information, and can just recognize between requesting party and authentication without carrying out multiple information exchange Demonstrate,prove the likability of the efficiency and user experience that successfully improve entity authentication process.
Detailed description of the invention
Fig. 1 is the flow diagram according to a kind of node authentication method of a preferred embodiment of the invention;
Fig. 2 is the structural schematic diagram according to a kind of entity authentication device of a preferred embodiment of the invention;
Fig. 3 is the structural representation according to a kind of electronic equipment for entity authentication of a preferred embodiment of the invention Figure;
Fig. 4 is the signaling interaction diagram according to a kind of node authentication method of a preferred embodiment of the invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below Example is not intended to limit the scope of the invention for illustrating the present invention.
Currently, mobile gunz sensing network can will make the function extreme enrichment of people, as independent individual in society The perception data that people will not only use in network, and can actively " production " data upload in network so that other users make With user is initially as data perception, collection, analysis and excavates main body, spontaneously completes all processes, and then complete to be sent out The perception task of cloth in a network.But when multi-user shares perception data to cooperate to complete same task in the presence of all, they It needs to work in coordination, i.e. progress entity authentication.
In traditional entity authentication mode, there are privacy informations in verification process to be leaked, and leads to entity authentication risk, or The problem of entity authentication low efficiency, poor user experience.
Fig. 1 is according to a kind of flow diagram of node authentication method of a preferred embodiment of the invention, such as Fig. 1 institute Show, the present invention provides a kind of node authentication methods, comprising:
Step S101, registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Step S102, authentication generates authentication public key and authentication private key according to registration side's public key;
Step S103, request direction registration side initiates registration and the main key in acquisition request side, and registration side accuses the main key of requesting party Know authentication;
Step S104, authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and Verification public key is informed into registration side;
Step S105, requesting party is according to the main key of requesting party and verification public key, is verified as a result, registration side is by verification result Inform authentication;
Step S106, registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed Authentication;
Step S107, authentication judges whether verification result is correct according to authentication private key, verification result and investigation result And inform requesting party.
Specifically, registration side is generally served as by task publisher, and registration side generates the public private key pair of oneself, i.e. registration side is public Key and registration side's private key, and registration side's public key is broadcasted in a network;After authentication captures registration side's public key in a network, Some of elements are first as the generation of oneself, generate the public private key pair of oneself, i.e. authentication public key and authentication private key;Please It asks direction registration side to initiate registered task, if requesting party succeeds in registration, registers direction requesting party and send the main key of requesting party, and will The main key of requesting party informs authentication;Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party And inform registration side.
Next, requesting party according to the main key of requesting party and verification public key, is verified as a result, registration side is by the verification result Inform verifying;And root is registered according to registration side's public key and verification public key, investigation result is obtained, and the investigation result is informed and is verified Side.
Finally, it is verified that side is verified after result and investigation result, in conjunction with authentication private key, whether verification result is judged Correctly and inform requesting party.That is authentication combination authentication private key, calculates verification result and investigation result;If calculating knot Fruit reaches expected, then verification result is correct, judges requesting party for legitimate user, authentication informs that requesting party authenticates successfully;If meter It calculates result to be not up to expected, then verification result is incorrect, judges requesting party for illegal user, authentication is informed that requesting party authenticates and lost It loses.
The embodiment of the present invention is used by regarding registration side as third party's trust authority in the front transfer of requesting party and authentication In the information of certification, so that during entire entity authentication, other than authentication finally informs whether requesting party's certification is successful, Information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, and is reached with this Requesting party's privacy information it is highly confidential, and could authenticate between requesting party and authentication without carrying out multiple information exchange Function improves entity authentication process and user experience.
Based on the above embodiment, request direction registration side initiates registration, and registration side returns to requesting party with the main key of requesting party, packet It includes:
If the registration of requesting party is agreed to by registration side, the side of registration returns to requesting party with the main key of requesting party;
If registration side disagrees the registration of requesting party, requesting party's registration failure, entity authentication process stops.
Further, registration side calls registration side's key schedule to generate registration side's public key and registration side's private key, verifying Side calls authentication key schedule to generate authentication public key and authentication private key, and the main key in call request side of registration side, which generates, to be calculated Method generates the main key of requesting party, and authentication calls verification public key generating algorithm to generate verification public key, and requesting party calls verification result raw It is verified at algorithm as a result, registration side calls verification public key validity checking algorithm to obtain investigation result, authentication calls knot Fruit checks algorithm judges whether verification result is correct.
It should be noted that registration side's key schedule, authentication key schedule, the main key of requesting party are generated and are calculated Method, verification public key generating algorithm, verification result generating algorithm, verification public key validity checking algorithm and result check that algorithm is adopted It is theoretical with high-order group, and it is stored in cloud.
Based on the above embodiment, registration root obtains investigation result, the investigation result according to registration side's public key and verification public key Include:
Requesting party is legitimate user, then exports non-zero natural number;
Requesting party is illegal user, then exports 0.
It should be noted that it is one of correct node that authentication, which is verification result,.
Fig. 4 is according to a kind of signaling interaction diagram of node authentication method of a preferred embodiment of the invention, such as Fig. 4 institute Show, the embodiment of the present invention provides a complete embodiment, for illustrating the concrete application mistake of node authentication method of the invention Journey, be described below in serial number correspond to Fig. 4 in serial number.
The concrete application process of node authentication method of the invention includes:
1, registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key, authentication are caught in the broadcast Grasp registration side's public key;
2, authentication generates authentication public key and authentication private key according to registration side's public key, and authentication public key is informed Registration side;
3~5, request direction registration side initiates registration and the main key in acquisition request side, and registration side asks the main key informing of requesting party The side of asking and authentication;
6~7, authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and will test It demonstrate,proves public key and informs registration side;Registration side is verified after public key, and verification public key is informed requesting party;
8~9, requesting party is verified result and informs registration side according to the main key of requesting party and verification public key;Registration side To after verification result, verification result is informed into authentication;
10, registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed and is verified Side;
11, authentication judges whether verification result is correct and informs according to authentication private key, verification result and investigation result Requesting party.
Fig. 2 is according to a kind of structural schematic diagram of entity authentication device of a preferred embodiment of the invention, such as Fig. 2 institute Show, the embodiment of the invention provides a kind of entity authentication device based on zero-knowledge proof, the device include registration module 201, Request module 202 and authentication module 203, in which:
Request module 201, for initiating registration and the main key in acquisition request side to registration side;Or it according to the main key of requesting party and tests Public key is demonstrate,proved, result is verified;
Registration module 202, for generating registration side's public key and registration side's private key, and broadcast registration side's public key;Or it will request The main key in side informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and investigation result is informed and is verified Side;
Authentication module 203, for generating authentication public key and authentication private key;Or it is private according to registration side's public key, authentication Key and the main key of requesting party generate verification public key, and verification public key are informed registration side;Or according to authentication private key, verification result And investigation result, whether correct judge verification result, and inform requesting party.
Fig. 3 is the structural representation according to a kind of electronic equipment for entity authentication of a preferred embodiment of the invention Figure, as shown in figure 3, the embodiment of the invention provides a kind of electronic equipment for the entity authentication based on zero-knowledge proof, it should Equipment includes processor 301, memory 302 and bus 303;
Wherein, processor 301 and memory 302 complete mutual communication by bus 303;
Processor 301 is used to call the program instruction in memory 302, to execute provided by above-mentioned each method embodiment Method, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result The side of asking.
The embodiment of the present invention discloses a kind of computer program product, and computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, computer program include program instruction, when program instruction is computer-executed, Computer is able to carry out method provided by above-mentioned each method embodiment, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result The side of asking.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storage medium Computer instruction is stored, computer instruction makes computer execute method provided by above-mentioned each method embodiment, for example,
Registration side generates registration side's public key and registration side's private key, and broadcast registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Direction registration side is requested to initiate registration and the main key in acquisition request side, the main key of requesting party is informed authentication by registration side;
Authentication generates verification public key according to registration side's public key, authentication private key and the main key of requesting party, and by verification public key Inform registration side;
Requesting party is verified according to the main key of requesting party and verification public key as a result, verification result is informed verifying by registration side Side;
Registration root obtains investigation result according to registration side's public key and verification public key, and investigation result is informed authentication;
Authentication judges whether verification result is correct and informing is asked according to authentication private key, verification result and investigation result The side of asking.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light The various media that can store program code such as disk.
The embodiments such as device and equipment described above are only schematical, wherein single as illustrated by the separation member Member may or may not be physically separated, and component shown as a unit may or may not be physics Unit, it can it is in one place, or may be distributed over multiple network units.It can select according to the actual needs Some or all of the modules therein realizes the purpose of the embodiment of the present invention.Those of ordinary skill in the art are not paying In the case where creative labor, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation The method of certain parts of example or embodiment.
The present invention provides a kind of node authentication method and device based on noninteractive zero-knowledge proof, in requesting party and Registration side is set between authentication and is used as third party's trust authority;Registration side to the verification process between requesting party and authentication into Row information is generated and is sent, so that during entire entity authentication, in addition to authentication finally informs whether requesting party's certification succeeds Except, information exchange is not necessarily between requesting party and authentication again.Therefore, requesting party does not have any secret information and is leaked, with This reaches the highly confidential of requesting party's privacy information, and can just recognize between requesting party and authentication without carrying out multiple information exchange Demonstrate,prove the likability of the efficiency and user experience that successfully improve entity authentication process.
Finally, method of the invention is only preferable embodiment, it is not intended to limit the scope of the present invention.It is all Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention Within the scope of.

Claims (9)

1. a kind of node authentication method characterized by comprising
Registration side generates registration side's public key and registration side's private key, and broadcasts registration side's public key;
Authentication generates authentication public key and authentication private key according to registration side's public key;
Registration side described in direction is requested to initiate registration and the main key in acquisition request side, the main key of the requesting party is informed by the registration side The authentication;
The authentication generates verification public key according to registration side's public key, the authentication private key and the main key of the requesting party, And the verification public key is informed into the registration side;
The requesting party is verified according to the main key of the requesting party and the verification public key as a result, the registration side will be described Verification result informs the authentication;
The registration root obtains investigation result according to registration side's public key and the verification public key, and by the investigation result Inform the authentication;
The authentication judges the verification result according to the authentication private key, the verification result and the investigation result It is whether correct, and inform the requesting party.
2. a kind of node authentication method according to claim 1, which is characterized in that the hair of registration side described in the request direction Registration is played, the registration side returns to the requesting party with the main key of requesting party, comprising:
If the registration of the requesting party is agreed to by the registration side, the registration side returns to the requesting party with the main key of requesting party;
If the registration side disagrees the registration of the requesting party, requesting party's registration failure, entity authentication process stops.
3. a kind of node authentication method according to claim 1, which is characterized in that call registration side's key in the registration side Generating algorithm generates registration side's public key and registration side's private key, and the authentication calls authentication key schedule raw At the authentication public key and the authentication private key, the main key generating algorithm in call request side of the registration side generates the request The main key in side, the authentication call verification public key generating algorithm to generate the verification public key, and the requesting party calls verification result Generating algorithm obtains the verification result, and the registration side calls verification public key validity checking algorithm to obtain the investigation knot Fruit, the authentication call result check algorithm judges whether the verification result is correct.
4. a kind of node authentication method according to claim 3, which is characterized in that registration side's key schedule, Authentication key schedule, the main key generating algorithm of requesting party, verification public key generating algorithm, verification result generating algorithm, verifying It is theoretical that public key validity checking algorithm and result check that algorithm is all made of high-order group, and is stored in cloud.
5. a kind of node authentication method according to claim 1, which is characterized in that the investigation result includes:
The requesting party is legitimate user, then exports non-zero natural number;
The requesting party is illegal user, then exports 0.
6. a kind of node authentication method according to claim 1, which is characterized in that the authentication is the verification result For one of correct node.
7. a kind of entity authentication device characterized by comprising
Request module, for initiating registration and the main key in acquisition request side to registration side;Or according to the main key of the requesting party and verifying Public key is verified result;
Registration module for generating registration side's public key and registration side's private key, and broadcasts registration side's public key;Or by the request The main key in side informs authentication;Or according to registration side's public key and verification public key, investigation result is obtained, and by the investigation result Inform the authentication;
Authentication module, for generating authentication public key and authentication private key;Or it is private according to registration side's public key, the authentication Key and the main key of the requesting party generate verification public key, and the verification public key are informed the registration side;Or according to the verifying Whether correct square private key, the verification result and the investigation result, judge the verification result, and inform requesting party.
8. a kind of electronic equipment for entity authentication characterized by comprising
Memory and processor, the processor and the memory complete mutual communication by bus;The memory It is stored with the program instruction that can be executed by the processor, the processor calls described program instruction to be able to carry out right such as and wants Seek 1 to 6 any method.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt The method as described in claim 1 to 6 is any is realized when processor executes.
CN201810966585.0A 2018-08-23 2018-08-23 Node authentication method and device based on non-interactive zero-knowledge proof Active CN109245897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810966585.0A CN109245897B (en) 2018-08-23 2018-08-23 Node authentication method and device based on non-interactive zero-knowledge proof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810966585.0A CN109245897B (en) 2018-08-23 2018-08-23 Node authentication method and device based on non-interactive zero-knowledge proof

Publications (2)

Publication Number Publication Date
CN109245897A true CN109245897A (en) 2019-01-18
CN109245897B CN109245897B (en) 2020-06-19

Family

ID=65068105

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810966585.0A Active CN109245897B (en) 2018-08-23 2018-08-23 Node authentication method and device based on non-interactive zero-knowledge proof

Country Status (1)

Country Link
CN (1) CN109245897B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224837A (en) * 2019-06-06 2019-09-10 西安纸贵互联网科技有限公司 Zero-knowledge proof method and terminal based on distributed identity
CN111245626A (en) * 2020-01-19 2020-06-05 平安科技(深圳)有限公司 Zero knowledge proving method, device and storage medium
CN112636922A (en) * 2020-12-21 2021-04-09 电子科技大学 IOT identity authentication method based on non-interactive zero-knowledge proof
CN113783705A (en) * 2021-11-12 2021-12-10 北京华云安信息技术有限公司 Zero knowledge proof method, verification terminal, equipment and storage medium of key
CN114760067A (en) * 2022-03-30 2022-07-15 西安电子科技大学 Block chain group intelligent perception system privacy security protection method using zero knowledge certification

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008022158A2 (en) * 2006-08-14 2008-02-21 The Regents Of The University Of California System for non-interactive zero-knowledge proofs
CN101175076A (en) * 2007-10-23 2008-05-07 赵运磊 High-efficiency, deniable, safety-unforgeable cryptographic key exchanging protocol of on-line computation
CN102263639A (en) * 2010-05-31 2011-11-30 索尼公司 Authentication device, authentication method, program, and signature generation device
US20150100785A1 (en) * 2013-10-09 2015-04-09 Thomson Licensing Method for ciphering a message via a keyed homomorphic encryption function, corresponding electronic device and computer program product
WO2015055765A1 (en) * 2013-10-16 2015-04-23 Thomson Licensing Method for generating a quasi-adaptive non-interactive zero-knowledge proof and corresponding electronic device
CN104717067A (en) * 2013-12-17 2015-06-17 中国移动通信集团辽宁有限公司 Safety verification method, device and system based on non-interactive zero-knowledge
US20170149796A1 (en) * 2015-11-25 2017-05-25 Yaron Gvili Selectivity in privacy and verification with applications
US20180034636A1 (en) * 2017-09-12 2018-02-01 QED-it Systems LTD Method and system for creating public randomness

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008022158A2 (en) * 2006-08-14 2008-02-21 The Regents Of The University Of California System for non-interactive zero-knowledge proofs
CN101175076A (en) * 2007-10-23 2008-05-07 赵运磊 High-efficiency, deniable, safety-unforgeable cryptographic key exchanging protocol of on-line computation
CN102263639A (en) * 2010-05-31 2011-11-30 索尼公司 Authentication device, authentication method, program, and signature generation device
US20150100785A1 (en) * 2013-10-09 2015-04-09 Thomson Licensing Method for ciphering a message via a keyed homomorphic encryption function, corresponding electronic device and computer program product
WO2015055765A1 (en) * 2013-10-16 2015-04-23 Thomson Licensing Method for generating a quasi-adaptive non-interactive zero-knowledge proof and corresponding electronic device
CN104717067A (en) * 2013-12-17 2015-06-17 中国移动通信集团辽宁有限公司 Safety verification method, device and system based on non-interactive zero-knowledge
US20170149796A1 (en) * 2015-11-25 2017-05-25 Yaron Gvili Selectivity in privacy and verification with applications
US20180034636A1 (en) * 2017-09-12 2018-02-01 QED-it Systems LTD Method and system for creating public randomness

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
柳璐: "基于非交互零知识证明的匿名电子调查系统", 《网络与信息安全学报》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224837A (en) * 2019-06-06 2019-09-10 西安纸贵互联网科技有限公司 Zero-knowledge proof method and terminal based on distributed identity
CN110224837B (en) * 2019-06-06 2021-11-19 西安纸贵互联网科技有限公司 Zero-knowledge proof method and terminal based on distributed identity
CN111245626A (en) * 2020-01-19 2020-06-05 平安科技(深圳)有限公司 Zero knowledge proving method, device and storage medium
CN111245626B (en) * 2020-01-19 2021-05-18 平安科技(深圳)有限公司 Zero knowledge proving method, device and storage medium
CN112636922A (en) * 2020-12-21 2021-04-09 电子科技大学 IOT identity authentication method based on non-interactive zero-knowledge proof
CN113783705A (en) * 2021-11-12 2021-12-10 北京华云安信息技术有限公司 Zero knowledge proof method, verification terminal, equipment and storage medium of key
CN114760067A (en) * 2022-03-30 2022-07-15 西安电子科技大学 Block chain group intelligent perception system privacy security protection method using zero knowledge certification
CN114760067B (en) * 2022-03-30 2023-09-12 西安电子科技大学 Privacy security protection method for blockchain crowd sensing system by using zero knowledge proof

Also Published As

Publication number Publication date
CN109245897B (en) 2020-06-19

Similar Documents

Publication Publication Date Title
CN109245897A (en) A kind of node authentication method and device based on noninteractive zero-knowledge proof
CN106209763B (en) A kind of login method and system
CN103428696B (en) Virtual SIM card achieving method and system and relevant device
JP2020064668A5 (en)
CN108880822B (en) Identity authentication method, device and system and intelligent wireless equipment
CN112000744B (en) Signature method and related equipment
CN106302606B (en) Across the application access method and device of one kind
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN101527714B (en) Method, device and system for accreditation
CN105898743B (en) A kind of method for connecting network, apparatus and system
CN105227537A (en) Method for authenticating user identity, terminal and service end
CN105871838A (en) Third party account login control method and user center platform
CN109302370A (en) A kind of client validation method, terminal and server
CN108647501A (en) Multiple utility program shares password unlocking method, device, equipment and storage medium
CN106161475A (en) The implementation method of subscription authentication and device
CN110324344A (en) The method and device of account information certification
CN105337967A (en) Method and system for achieving target server logging by user and central server
CN104486322B (en) Terminal access authentication authorization method and terminal access authentication authoring system
CN106452763A (en) Method for employing cipher key through remote virtual USB device
CN103391194A (en) Method and system for unlocking safety equipment of user
CN111770087A (en) Service node verification method and related equipment
Thomas et al. Single sign-on in cloud federation using cloudsim
CN116402169B (en) Federal modeling verification method, federal modeling verification device, federal modeling verification equipment and storage medium
CN109729048A (en) A kind of joint qualification method, system, related platform and medium
CN110516427B (en) Terminal user identity authentication method and device, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant