CN109257181B - Without the blind label decryption method of elliptic curve under certificate environment - Google Patents

Without the blind label decryption method of elliptic curve under certificate environment Download PDF

Info

Publication number
CN109257181B
CN109257181B CN201811210151.4A CN201811210151A CN109257181B CN 109257181 B CN109257181 B CN 109257181B CN 201811210151 A CN201811210151 A CN 201811210151A CN 109257181 B CN109257181 B CN 109257181B
Authority
CN
China
Prior art keywords
key
blind
label
recipient
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811210151.4A
Other languages
Chinese (zh)
Other versions
CN109257181A (en
Inventor
俞惠芳
王之仓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Posts and Telecommunications
Qinghai Normal University
Original Assignee
Xian University of Posts and Telecommunications
Qinghai Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Posts and Telecommunications, Qinghai Normal University filed Critical Xian University of Posts and Telecommunications
Priority to CN201811210151.4A priority Critical patent/CN109257181B/en
Publication of CN109257181A publication Critical patent/CN109257181A/en
Application granted granted Critical
Publication of CN109257181B publication Critical patent/CN109257181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3257Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The blind label decryption method of elliptic curve under a kind of no certificate environment, by system initialization, generate the public and private key of user, generate the close public and private key of User Part, blind label, decryption, verification step form.Blind label secret skill art is expanded to no cryptographic certificate system and elliptic curve cipher system by the present invention, propose the blind label decryption method of elliptic curve under a kind of no certificate environment, it overcomes network in the prior art and must have trusted party that public key is generated for user, need that safe lane transmission secret information, computation complexity be relatively high, key needs the shortcomings that trustship is to trusted party, the close side of blind label and message owner is set to generate the ciphertext of message m for recipient by interaction, other people in addition to recipient can't see true messages, and recipient can be assured that the source of message.The present invention has the advantages that high safety, calculating and communications cost are low etc., suitable for technical fields such as electronic voting, e-payment, electronic contracts.

Description

Without the blind label decryption method of elliptic curve under certificate environment
Technical field
The invention belongs to art of cryptography, and in particular to Elliptic Curve Cryptography or without CertPubKey cryptography or blind It signs close.
Background technique
In order to achieve the effect that secrecy simultaneously and authenticate, professor Zheng Yuliang in 1997, which proposes, signs close concept.Label It is close to have many advantages, such as that flexible design, operation efficiency are high, it is one of main application of common key cryptosystem.Al- in 2003 RiyamiandPaterson gives no CertPubKey cryptographic system, overcomes the certificate management in conventional public-key infrastructure Key escrow in problem and identification cipher system.It is integrated without cryptographic certificate and blind label secret skill art is formed without certificate environment Under blind label it is close, since its advantage outstanding has become realization encryption and the important means authenticated and safety more and more at present It is perfect.However, the overwhelming majority without label decryption method blind under certificate environment is designed using Bilinear map, it is larger to calculate cost.
The no blind label of certificate are close to be widely used in e-payment, electronic voting, electronic contract etc., in the prior art absolutely It is most of be based on Bilinear map, how to be constructed using elliptic curve cryptography low computation complexity without certificate environment The close lower blind label of elliptic curve are a current technical problems to be solved.
Summary of the invention
Technical problem to be solved by the present invention lies in above-mentioned the deficiencies in the prior art are overcome, provide a kind of high safety, The blind label decryption method of elliptic curve under the low no certificate environment of computation complexity.
Technical solution used by above-mentioned technical problem is solved to be made of following step:
A, system initialization
(A1) key generation centre defines finite field FpOn elliptic curve E, choose rank be n elliptic curve E on one A basic point G, G are addition cyclic group GpA generation member, wherein p be a Big prime be limited positive integer, n is that prime number is Limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpIt is { 0,1 ..., p-1 } that it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A5) key generation centre secrecy master key s, public address system parameter γ:
γ=(p, Fp,E,Gp,G,y,l,h1,h2,h3)。
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG。
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG。
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key Sa
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key Sb
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG.
(D2) the blind close side of label sends β and gives message owner.
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula.
(D4) message owner sends μ to the blind close side of label.
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f;
(D5) the blind close side of label sends V and W and gives message owner.
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W.
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient.
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r。
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
In the step C1 of the generation public and private key step C of User Part of the invention, key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key SaGeneration method it is as follows:
(1) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, part Private key Sa:
UaaG
Saa+s·h1(Ia,Ya)modn。
(2) key generation centre determines Ra:
Ra=SaG+υaYa
(3) key generation centre sends Sa、Ra、UaTo the blind close side of label.
(4) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity.
In the step C2 of the generation public and private key step C of User Part of the invention, key generation centre determination possesses identity IaRecipient part public key Ub, part private key SbGeneration method it is as follows:
(1) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part it is private Key Sb:
UbbG
Sbb+s·h1(Ib,Yb)modn。
(2) key generation centre determines Rb:
Rb=SbG+υbYb
(3) key generation centre sends Sb、Rb、UbTo recipient.
(4) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity.
Blind label secret skill art is expanded to no cryptographic certificate system and elliptic curve cipher system by the present invention, proposes a kind of nothing The blind label decryption method of elliptic curve under certificate environment, eliminates certificate management problem in traditional Public Key Infrastructure and identity is close Key escrow in code system, overcoming network in the prior art must have trusted party that public key, needs is generated for user Safe lane transmission secret information, computation complexity are relatively high, key needs the shortcomings that trustship is to trusted party, make the blind close side of label It by interaction is ciphertext that recipient generates message m with message owner, other people in addition to recipient, which can't see, really to disappear Breath, recipient can be assured that the source of message.The present invention has the advantages that high safety, calculating and communications cost are low etc., is suitble to use In technical fields such as electronic voting, e-payment, electronic contracts.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention 1.
Specific embodiment
The present invention is described in more detail with reference to the accompanying drawings and examples, but the present invention is not limited to these Examples.
Embodiment 1
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2192-264For -1, under no certificate environment The blind label decryption method of elliptic curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2192-264- 1, define finite field FpOn elliptic curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a base on the elliptic curve E that rank is n Point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is prime number For limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpBe 0,1 ..., 2192-264- 2 }, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2192-264-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG。
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG。
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key SaIt is as follows:
(C1.1) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, portion Divide private key Sa:
UaaG
Saa+s·h1(Ia,Ya)modn。
(C1.2) key generation centre determines Ra:
Ra=SaG+υaYa
(C1.3) key generation centre sends Sa、Ra、UaTo the blind close side of label.
(C1.4) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity.
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key SbIt is as follows:
(C2.1) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part Private key Sb:
UbbG
Sbb+s·h1(Ib,Yb)modn。
(C2.2) key generation centre determines Rb:
Rb=SbG+υbYb
(C2.3) key generation centre sends Sb、Rb、UbTo recipient.
(C2.4) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity.
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG.
(D2) the blind close side of label sends β and gives message owner.
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula.
(D4) message owner sends μ to the blind close side of label.
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f。
(D5) the blind close side of label sends V and W and gives message owner.
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W.
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient.
Since the present embodiment is using the blind label decryption method of no certificate, the certificate pipe in traditional Public Key Infrastructure is eliminated Key escrow in reason problem and identification cipher system, overcoming network in the prior art to have trusted party is user It generates public key, need that safe lane transmission secret information, computation complexity be relatively high, key needs trustship lacking to trusted party Point makes the close side of blind label and message owner by the ciphertext that interaction is that recipient generates message m, other people in addition to recipient It can't see true messages, recipient can be assured that the source of message.The present invention has high safety, calculating and communications cost low etc. Advantage, suitable for technical fields such as electronic voting, e-payment, electronic contracts.
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r。
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
Embodiment 2
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2224-296For+1, under no certificate environment The blind label decryption method of elliptic curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2224-296+ 1, define finite field FpOn elliptic curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a base on the elliptic curve E that rank is n Point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is prime number For limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpBe 0,1 ..., 2224-296, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2224-296+1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 3
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2256-2224+2192+296For+1, no card The blind label decryption method of elliptic curve is made of following step under book environment:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2256-2224+2192+296+ 1, define finite field FpOn Elliptic curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant is chosen on the elliptic curve E that rank is n Basic point a G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, N is that prime number is limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpBe 0,1 ..., 2256-2224+2192+296, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2256-2224+2192+296+1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 4
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2384-2128-296+232For -1, no certificate The blind label decryption method of elliptic curve is made of following step under environment:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2384-2128-296+232- 1, define finite field FpOn it is ellipse Circular curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant is chosen on the elliptic curve E that rank is n One basic point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n Be prime number be limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpBe 0,1 ..., 2384-2128-296+232- 2 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2384-2128-296+232-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 5
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2521It is oval under no certificate environment for -1 The blind label decryption method of curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2521- 1, define finite field FpOn elliptic curve E:y2 ≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a basic point on the elliptic curve E that rank is n G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is that prime number is Limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpBe 0,1 ..., 2521- 2 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2521-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
According to above-mentioned principle, the value of different Big prime q is taken, it can be deduced that different general Identity Proxy label that can be compound Decryption method, it is within the scope of the present invention.

Claims (1)

1. the blind label decryption method of elliptic curve under a kind of no certificate environment, it is characterised in that it is made of following step:
A, system initialization
(A1) key generation centre defines finite field FpOn elliptic curve E, choose rank be n elliptic curve E on a basic point G, G are addition cyclic group GpA generation member, wherein p be a Big prime be limited positive integer, n be prime number be it is limited Positive integer;
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash function h1 It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpIt is { 0,1 ..., p-1 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key;
(A4) key generation centre determines system public key y:
Y=sG;
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(p, Fp,E,Gp,G,y,l,h1,h2,h3);
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG;
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG;
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key Sa
Its generation method is as follows:
(C101) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, part it is private Key Sa:
UaaG
Saa+s·h1(Ia,Ya)mod n;
(C102) key generation centre determines Ra:
Ra=SaG+υaYa
(C103) key generation centre sends Sa、Ra、UaTo the blind close side of label;
(C104) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity;
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key Sb
Its generation method is as follows:
(C201) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part private key Sb:
UbbG
Sbb+s·h1(Ib,Yb)mod n;
(C202) key generation centre determines Rb:
Rb=SbG+υbYb
(C203) key generation centre sends Sb、Rb、UbTo recipient;
(C204) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity;
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG;
(D2) the blind close side of label sends β and gives message owner;
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula;
(D4) message owner sends μ to the blind close side of label;
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f;
(D5) the blind close side of label sends V and W and gives message owner;
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W;
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient;
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r;
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
CN201811210151.4A 2018-10-17 2018-10-17 Without the blind label decryption method of elliptic curve under certificate environment Active CN109257181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811210151.4A CN109257181B (en) 2018-10-17 2018-10-17 Without the blind label decryption method of elliptic curve under certificate environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811210151.4A CN109257181B (en) 2018-10-17 2018-10-17 Without the blind label decryption method of elliptic curve under certificate environment

Publications (2)

Publication Number Publication Date
CN109257181A CN109257181A (en) 2019-01-22
CN109257181B true CN109257181B (en) 2019-10-29

Family

ID=65045782

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811210151.4A Active CN109257181B (en) 2018-10-17 2018-10-17 Without the blind label decryption method of elliptic curve under certificate environment

Country Status (1)

Country Link
CN (1) CN109257181B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505062B (en) * 2019-08-27 2023-06-09 杭州云象网络技术有限公司 Dynamic elliptic curve encryption method applied to alliance chain
CN110995412B (en) * 2019-12-02 2020-11-10 西安邮电大学 Certificateless ring signcryption method based on multiplicative group
CN111583498A (en) * 2020-05-29 2020-08-25 深圳市网心科技有限公司 Electronic voting method, system, equipment and storage medium based on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
CN106027239A (en) * 2016-06-30 2016-10-12 西安电子科技大学 Multi-receiver signcryption method based on keyless trusteeship problem of elliptic curve
CN106936593A (en) * 2017-05-12 2017-07-07 西安电子科技大学 Based on the efficient anonymity of elliptic curve without certificate multi-receiver label decryption method
CN107682145A (en) * 2017-09-12 2018-02-09 西安电子科技大学 It is true anonymous without the more message multi-receiver label decryption methods of certificate

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7650497B2 (en) * 2003-08-15 2010-01-19 Venafi, Inc. Automated digital certificate renewer
CN100558035C (en) * 2006-08-03 2009-11-04 西安电子科技大学 A kind of mutual authentication method and system
CN101540669A (en) * 2008-03-20 2009-09-23 深圳市奥联科技有限公司 Method for distributing keys and protecting information for wireless mobile communication network
US8707043B2 (en) * 2009-03-03 2014-04-22 Riverbed Technology, Inc. Split termination of secure communication sessions with mutual certificate-based authentication
EP2334008A1 (en) * 2009-12-10 2011-06-15 Tata Consultancy Services Limited A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN102983971B (en) * 2012-10-10 2015-07-15 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
CN103023648B (en) * 2012-11-27 2015-10-07 中国科学技术大学苏州研究院 Based on elliptic curves discrete logarithm problem without certificate signature method
CN103702326B (en) * 2013-12-02 2016-09-28 北京理工大学 A kind of Certificateless key agreement method based on mobile Ad Hoc network
CN104539423B (en) * 2014-12-16 2018-01-05 北京百旺信安科技有限公司 A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
US20160277372A1 (en) * 2015-03-17 2016-09-22 Riverbed Technology, Inc. Optimization of a secure connection with enhanced security for private cryptographic keys
CN105450396B (en) * 2016-01-11 2017-03-29 长沙市迪曼森信息科技有限公司 A kind of combination key without certificate is produced and application process

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
CN106027239A (en) * 2016-06-30 2016-10-12 西安电子科技大学 Multi-receiver signcryption method based on keyless trusteeship problem of elliptic curve
CN106936593A (en) * 2017-05-12 2017-07-07 西安电子科技大学 Based on the efficient anonymity of elliptic curve without certificate multi-receiver label decryption method
CN107682145A (en) * 2017-09-12 2018-02-09 西安电子科技大学 It is true anonymous without the more message multi-receiver label decryption methods of certificate

Also Published As

Publication number Publication date
CN109257181A (en) 2019-01-22

Similar Documents

Publication Publication Date Title
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN108551392B (en) Blind signature generation method and system based on SM9 digital signature
CN108989053A (en) It is a kind of based on elliptic curve without CertPubKey cipher system implementation method
CN104811302B (en) Mix based on the elliptic curve without certificate and sign decryption method
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
WO2020103631A1 (en) Hidden-identity-based signcryption method employing asymmetric bilinear pairing
CN109257181B (en) Without the blind label decryption method of elliptic curve under certificate environment
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN105024994A (en) Secure certificateless hybrid signcryption method without pairing
CN104539423A (en) Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN109639439B (en) ECDSA digital signature method based on two-party cooperation
CN110896351B (en) Identity-based digital signature method based on global hash
JP2004208262A (en) Apparatus and method of ring signature based on id employing bilinear pairing
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
US20050005125A1 (en) Apparatus and method for generating and verifying ID-based blind signature by using bilinear parings
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
ES2400895A2 (en) A method for performing a group digital signature
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
Wang et al. Efficient identity based proxy-signcryption schemes with forward security and public verifiability
CN109617700A (en) Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method
Yang et al. A new efficient ID-based proxy blind signature scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant