CN109257181B - Without the blind label decryption method of elliptic curve under certificate environment - Google Patents
Without the blind label decryption method of elliptic curve under certificate environment Download PDFInfo
- Publication number
- CN109257181B CN109257181B CN201811210151.4A CN201811210151A CN109257181B CN 109257181 B CN109257181 B CN 109257181B CN 201811210151 A CN201811210151 A CN 201811210151A CN 109257181 B CN109257181 B CN 109257181B
- Authority
- CN
- China
- Prior art keywords
- key
- blind
- label
- recipient
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The blind label decryption method of elliptic curve under a kind of no certificate environment, by system initialization, generate the public and private key of user, generate the close public and private key of User Part, blind label, decryption, verification step form.Blind label secret skill art is expanded to no cryptographic certificate system and elliptic curve cipher system by the present invention, propose the blind label decryption method of elliptic curve under a kind of no certificate environment, it overcomes network in the prior art and must have trusted party that public key is generated for user, need that safe lane transmission secret information, computation complexity be relatively high, key needs the shortcomings that trustship is to trusted party, the close side of blind label and message owner is set to generate the ciphertext of message m for recipient by interaction, other people in addition to recipient can't see true messages, and recipient can be assured that the source of message.The present invention has the advantages that high safety, calculating and communications cost are low etc., suitable for technical fields such as electronic voting, e-payment, electronic contracts.
Description
Technical field
The invention belongs to art of cryptography, and in particular to Elliptic Curve Cryptography or without CertPubKey cryptography or blind
It signs close.
Background technique
In order to achieve the effect that secrecy simultaneously and authenticate, professor Zheng Yuliang in 1997, which proposes, signs close concept.Label
It is close to have many advantages, such as that flexible design, operation efficiency are high, it is one of main application of common key cryptosystem.Al- in 2003
RiyamiandPaterson gives no CertPubKey cryptographic system, overcomes the certificate management in conventional public-key infrastructure
Key escrow in problem and identification cipher system.It is integrated without cryptographic certificate and blind label secret skill art is formed without certificate environment
Under blind label it is close, since its advantage outstanding has become realization encryption and the important means authenticated and safety more and more at present
It is perfect.However, the overwhelming majority without label decryption method blind under certificate environment is designed using Bilinear map, it is larger to calculate cost.
The no blind label of certificate are close to be widely used in e-payment, electronic voting, electronic contract etc., in the prior art absolutely
It is most of be based on Bilinear map, how to be constructed using elliptic curve cryptography low computation complexity without certificate environment
The close lower blind label of elliptic curve are a current technical problems to be solved.
Summary of the invention
Technical problem to be solved by the present invention lies in above-mentioned the deficiencies in the prior art are overcome, provide a kind of high safety,
The blind label decryption method of elliptic curve under the low no certificate environment of computation complexity.
Technical solution used by above-mentioned technical problem is solved to be made of following step:
A, system initialization
(A1) key generation centre defines finite field FpOn elliptic curve E, choose rank be n elliptic curve E on one
A basic point G, G are addition cyclic group GpA generation member, wherein p be a Big prime be limited positive integer, n is that prime number is
Limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpIt is { 0,1 ..., p-1 } that it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A5) key generation centre secrecy master key s, public address system parameter γ:
γ=(p, Fp,E,Gp,G,y,l,h1,h2,h3)。
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG。
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG。
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key Sa。
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key Sb。
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG.
(D2) the blind close side of label sends β and gives message owner.
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula.
(D4) message owner sends μ to the blind close side of label.
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f;
(D5) the blind close side of label sends V and W and gives message owner.
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W.
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient.
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r。
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
In the step C1 of the generation public and private key step C of User Part of the invention, key generation centre determination possesses identity
IaThe close side of blind label part public key Ua, part private key SaGeneration method it is as follows:
(1) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, part
Private key Sa:
Ua=υaG
Sa=υa+s·h1(Ia,Ya)modn。
(2) key generation centre determines Ra:
Ra=SaG+υaYa
(3) key generation centre sends Sa、Ra、UaTo the blind close side of label.
(4) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity.
In the step C2 of the generation public and private key step C of User Part of the invention, key generation centre determination possesses identity
IaRecipient part public key Ub, part private key SbGeneration method it is as follows:
(1) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part it is private
Key Sb:
Ub=υbG
Sb=υb+s·h1(Ib,Yb)modn。
(2) key generation centre determines Rb:
Rb=SbG+υbYb。
(3) key generation centre sends Sb、Rb、UbTo recipient.
(4) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity.
Blind label secret skill art is expanded to no cryptographic certificate system and elliptic curve cipher system by the present invention, proposes a kind of nothing
The blind label decryption method of elliptic curve under certificate environment, eliminates certificate management problem in traditional Public Key Infrastructure and identity is close
Key escrow in code system, overcoming network in the prior art must have trusted party that public key, needs is generated for user
Safe lane transmission secret information, computation complexity are relatively high, key needs the shortcomings that trustship is to trusted party, make the blind close side of label
It by interaction is ciphertext that recipient generates message m with message owner, other people in addition to recipient, which can't see, really to disappear
Breath, recipient can be assured that the source of message.The present invention has the advantages that high safety, calculating and communications cost are low etc., is suitble to use
In technical fields such as electronic voting, e-payment, electronic contracts.
Detailed description of the invention
Fig. 1 is the flow chart of the embodiment of the present invention 1.
Specific embodiment
The present invention is described in more detail with reference to the accompanying drawings and examples, but the present invention is not limited to these Examples.
Embodiment 1
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2192-264For -1, under no certificate environment
The blind label decryption method of elliptic curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2192-264- 1, define finite field FpOn elliptic curve
E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a base on the elliptic curve E that rank is n
Point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is prime number
For limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpBe 0,1 ..., 2192-264- 2 }, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2192-264-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG。
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG。
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key SaIt is as follows:
(C1.1) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, portion
Divide private key Sa:
Ua=υaG
Sa=υa+s·h1(Ia,Ya)modn。
(C1.2) key generation centre determines Ra:
Ra=SaG+υaYa。
(C1.3) key generation centre sends Sa、Ra、UaTo the blind close side of label.
(C1.4) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity.
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key SbIt is as follows:
(C2.1) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part
Private key Sb:
Ub=υbG
Sb=υb+s·h1(Ib,Yb)modn。
(C2.2) key generation centre determines Rb:
Rb=SbG+υbYb。
(C2.3) key generation centre sends Sb、Rb、UbTo recipient.
(C2.4) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity.
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG.
(D2) the blind close side of label sends β and gives message owner.
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula.
(D4) message owner sends μ to the blind close side of label.
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f。
(D5) the blind close side of label sends V and W and gives message owner.
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W.
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient.
Since the present embodiment is using the blind label decryption method of no certificate, the certificate pipe in traditional Public Key Infrastructure is eliminated
Key escrow in reason problem and identification cipher system, overcoming network in the prior art to have trusted party is user
It generates public key, need that safe lane transmission secret information, computation complexity be relatively high, key needs trustship lacking to trusted party
Point makes the close side of blind label and message owner by the ciphertext that interaction is that recipient generates message m, other people in addition to recipient
It can't see true messages, recipient can be assured that the source of message.The present invention has high safety, calculating and communications cost low etc.
Advantage, suitable for technical fields such as electronic voting, e-payment, electronic contracts.
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r。
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
Embodiment 2
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2224-296For+1, under no certificate environment
The blind label decryption method of elliptic curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2224-296+ 1, define finite field FpOn elliptic curve
E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a base on the elliptic curve E that rank is n
Point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is prime number
For limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpBe 0,1 ..., 2224-296, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2224-296+1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 3
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2256-2224+2192+296For+1, no card
The blind label decryption method of elliptic curve is made of following step under book environment:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2256-2224+2192+296+ 1, define finite field FpOn
Elliptic curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant is chosen on the elliptic curve E that rank is n
Basic point a G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member,
N is that prime number is limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpBe 0,1 ..., 2256-2224+2192+296, it is identity length that l, which is message-length, t,.
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2256-2224+2192+296+1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 4
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2384-2128-296+232For -1, no certificate
The blind label decryption method of elliptic curve is made of following step under environment:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2384-2128-296+232- 1, define finite field FpOn it is ellipse
Circular curve E:y2≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant is chosen on the elliptic curve E that rank is n
One basic point G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n
Be prime number be limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpBe 0,1 ..., 2384-2128-296+232- 2 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2384-2128-296+232-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
Embodiment 5
The present embodiment is with Elliptic Curve y2≡x3+ ax+bmodp, Big prime p are 2521It is oval under no certificate environment for -1
The blind label decryption method of curve is made of following step:
A, system initialization
(A1) key generation centre selects Big prime a p, p 2521- 1, define finite field FpOn elliptic curve E:y2
≡x3+ ax+b, wherein a, b ∈ FpIt is to meet 4a3+27b2≠ 0 constant chooses a basic point on the elliptic curve E that rank is n
G, E (a, b) and infinite point O form an addition cyclic group Gp, G is addition cyclic group GpA generation member, n is that prime number is
Limited positive integer.
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash
Function h1It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein
ZpBe 0,1 ..., 2521- 2 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key.
(A4) key generation centre determines system public key y:
Y=sG.
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(2521-1,Fp,E,Gp,G,y,l,h1,h2,h3)。
Other steps are same as Example 1.
According to above-mentioned principle, the value of different Big prime q is taken, it can be deduced that different general Identity Proxy label that can be compound
Decryption method, it is within the scope of the present invention.
Claims (1)
1. the blind label decryption method of elliptic curve under a kind of no certificate environment, it is characterised in that it is made of following step:
A, system initialization
(A1) key generation centre defines finite field FpOn elliptic curve E, choose rank be n elliptic curve E on a basic point
G, G are addition cyclic group GpA generation member, wherein p be a Big prime be limited positive integer, n be prime number be it is limited
Positive integer;
(A2) key generation centre chooses the Hash function h of cryptography safety1, Hash function h2, Hash function h3: Hash function h1
It is { 0,1 }t×Gp→Zp, Hash function h2It is { 0,1 }l×Gp→Zp, Hash function h3It is Gp×Gp→{0,1}l, wherein ZpIt is
{ 0,1 ..., p-1 }, it is identity length that l, which is message-length, t,;
(A3) key generation centre choose random number s ∈ [1, n) be used as master key;
(A4) key generation centre determines system public key y:
Y=sG;
(A4) key generation centre secrecy master key s, public address system parameter γ:
γ=(p, Fp,E,Gp,G,y,l,h1,h2,h3);
B, the public and private key of user is generated
(B1) possess identity IaThe close side of blind label randomly select private key Xa∈ [1, n) and determine its public key Ya:
Ya=XaG;
(B2) possess identity IbRecipient randomly select private key Xb∈ [1, n) and determine its public key Yb:
Yb=XbG;
C, the public and private key of User Part is generated
(C1) key generation centre determination possesses identity IaThe close side of blind label part public key Ua, part private key Sa;
Its generation method is as follows:
(C101) key generation centre chooses a random number υa∈ [1, n) and determine the blind part public key U for signing close sidea, part it is private
Key Sa:
Ua=υaG
Sa=υa+s·h1(Ia,Ya)mod n;
(C102) key generation centre determines Ra:
Ra=SaG+υaYa;
(C103) key generation centre sends Sa、Ra、UaTo the blind close side of label;
(C104) the blind close side of label receives Sa、Ra、Ua, below two formulas:
SaG=Ua+h1(Ia,Ya)y
SaG=Ra-XaUa
It sets up simultaneously, part public key Ua, part private key SaWith authenticity;
(C2) key generation centre determination possesses identity IbRecipient part public key Ub, part private key Sb;
Its generation method is as follows:
(C201) key generation centre chooses a random number υb∈ [1, n) and determine recipient part public key Ub, part private key
Sb:
Ub=υbG
Sb=υb+s·h1(Ib,Yb)mod n;
(C202) key generation centre determines Rb:
Rb=SbG+υbYb;
(C203) key generation centre sends Sb、Rb、UbTo recipient;
(C204) recipient receives Sb、Rb、Ub, below two formulas:
SbG=Ub+h1(Ib,Yb)y
SbG=Rb-XbUb
It sets up simultaneously, part public key Ub, part private key SbWith authenticity;
D, blind label are close
(D1) the close side of blind label choose a random number f ∈ [1, n) and determine β:
β=fG;
(D2) the blind close side of label sends β and gives message owner;
(D3) message owner choose a blind factor ω ∈ [1, n) and determine r and μ:
R=ω β
μ=ω h2(m,r)
M is the message that length is l in formula;
(D4) message owner sends μ to the blind close side of label;
(D5) the blind close side of label receives μ and determines V and W:
V=f (Ub+h1(Ib,Yb)y+Yb)
W=μ-1(Xa+Sa)+f;
(D5) the blind close side of label sends V and W and gives message owner;
(D6) message owner receives V and W, determines J, c, s:
J=ω V
S=ω W;
(D7) message owner exports ciphertext σ:
σ=(r, c, s)
To recipient;
E, it decrypts
(E1) after recipient receives ciphertext σ, J is determined:
J=(Sb+Xb)r;
(E2) recipient recovers m:
F, it verifies
It is verified as the following formula:
SG=h2(m,r)-1·(Ua+h1(Ia,Ya)y+Ya)+r
It sets up, recipient receives the message restored;Otherwise, recipient does not receive the message restored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811210151.4A CN109257181B (en) | 2018-10-17 | 2018-10-17 | Without the blind label decryption method of elliptic curve under certificate environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811210151.4A CN109257181B (en) | 2018-10-17 | 2018-10-17 | Without the blind label decryption method of elliptic curve under certificate environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109257181A CN109257181A (en) | 2019-01-22 |
CN109257181B true CN109257181B (en) | 2019-10-29 |
Family
ID=65045782
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811210151.4A Active CN109257181B (en) | 2018-10-17 | 2018-10-17 | Without the blind label decryption method of elliptic curve under certificate environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109257181B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505062B (en) * | 2019-08-27 | 2023-06-09 | 杭州云象网络技术有限公司 | Dynamic elliptic curve encryption method applied to alliance chain |
CN110995412B (en) * | 2019-12-02 | 2020-11-10 | 西安邮电大学 | Certificateless ring signcryption method based on multiplicative group |
CN111583498A (en) * | 2020-05-29 | 2020-08-25 | 深圳市网心科技有限公司 | Electronic voting method, system, equipment and storage medium based on block chain |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
CN106027239A (en) * | 2016-06-30 | 2016-10-12 | 西安电子科技大学 | Multi-receiver signcryption method based on keyless trusteeship problem of elliptic curve |
CN106936593A (en) * | 2017-05-12 | 2017-07-07 | 西安电子科技大学 | Based on the efficient anonymity of elliptic curve without certificate multi-receiver label decryption method |
CN107682145A (en) * | 2017-09-12 | 2018-02-09 | 西安电子科技大学 | It is true anonymous without the more message multi-receiver label decryption methods of certificate |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7650497B2 (en) * | 2003-08-15 | 2010-01-19 | Venafi, Inc. | Automated digital certificate renewer |
CN100558035C (en) * | 2006-08-03 | 2009-11-04 | 西安电子科技大学 | A kind of mutual authentication method and system |
CN101540669A (en) * | 2008-03-20 | 2009-09-23 | 深圳市奥联科技有限公司 | Method for distributing keys and protecting information for wireless mobile communication network |
US8707043B2 (en) * | 2009-03-03 | 2014-04-22 | Riverbed Technology, Inc. | Split termination of secure communication sessions with mutual certificate-based authentication |
EP2334008A1 (en) * | 2009-12-10 | 2011-06-15 | Tata Consultancy Services Limited | A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure |
CN102983971B (en) * | 2012-10-10 | 2015-07-15 | 中国科学技术大学苏州研究院 | Certificateless signature algorithm for user identity authentication in network environment |
CN103023648B (en) * | 2012-11-27 | 2015-10-07 | 中国科学技术大学苏州研究院 | Based on elliptic curves discrete logarithm problem without certificate signature method |
CN103702326B (en) * | 2013-12-02 | 2016-09-28 | 北京理工大学 | A kind of Certificateless key agreement method based on mobile Ad Hoc network |
CN104539423B (en) * | 2014-12-16 | 2018-01-05 | 北京百旺信安科技有限公司 | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing |
US20160277372A1 (en) * | 2015-03-17 | 2016-09-22 | Riverbed Technology, Inc. | Optimization of a secure connection with enhanced security for private cryptographic keys |
CN105450396B (en) * | 2016-01-11 | 2017-03-29 | 长沙市迪曼森信息科技有限公司 | A kind of combination key without certificate is produced and application process |
-
2018
- 2018-10-17 CN CN201811210151.4A patent/CN109257181B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
CN106027239A (en) * | 2016-06-30 | 2016-10-12 | 西安电子科技大学 | Multi-receiver signcryption method based on keyless trusteeship problem of elliptic curve |
CN106936593A (en) * | 2017-05-12 | 2017-07-07 | 西安电子科技大学 | Based on the efficient anonymity of elliptic curve without certificate multi-receiver label decryption method |
CN107682145A (en) * | 2017-09-12 | 2018-02-09 | 西安电子科技大学 | It is true anonymous without the more message multi-receiver label decryption methods of certificate |
Also Published As
Publication number | Publication date |
---|---|
CN109257181A (en) | 2019-01-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN108989053A (en) | It is a kind of based on elliptic curve without CertPubKey cipher system implementation method | |
CN104811302B (en) | Mix based on the elliptic curve without certificate and sign decryption method | |
CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
WO2020103631A1 (en) | Hidden-identity-based signcryption method employing asymmetric bilinear pairing | |
CN109257181B (en) | Without the blind label decryption method of elliptic curve under certificate environment | |
CN111010272B (en) | Identification private key generation and digital signature method, system and device | |
CN105024994A (en) | Secure certificateless hybrid signcryption method without pairing | |
CN104539423A (en) | Achievement method of certificate-less public key cryptosystem without bilinear pairing operation | |
CN109639439B (en) | ECDSA digital signature method based on two-party cooperation | |
CN110896351B (en) | Identity-based digital signature method based on global hash | |
JP2004208262A (en) | Apparatus and method of ring signature based on id employing bilinear pairing | |
CN110138567A (en) | A kind of collaboration endorsement method based on ECDSA | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
US20050005125A1 (en) | Apparatus and method for generating and verifying ID-based blind signature by using bilinear parings | |
CN101697513A (en) | Digital signature method, device and system as well as digital signature verification method | |
ES2400895A2 (en) | A method for performing a group digital signature | |
CN113162773A (en) | Heterogeneous blind signcryption method capable of proving safety | |
CN111030821B (en) | Encryption method of alliance chain based on bilinear mapping technology | |
Wang et al. | Efficient identity based proxy-signcryption schemes with forward security and public verifiability | |
CN109617700A (en) | Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method | |
Yang et al. | A new efficient ID-based proxy blind signature scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |