CN109766716A - A kind of anonymous bidirectional authentication method based on trust computing - Google Patents
A kind of anonymous bidirectional authentication method based on trust computing Download PDFInfo
- Publication number
- CN109766716A CN109766716A CN201811596946.3A CN201811596946A CN109766716A CN 109766716 A CN109766716 A CN 109766716A CN 201811596946 A CN201811596946 A CN 201811596946A CN 109766716 A CN109766716 A CN 109766716A
- Authority
- CN
- China
- Prior art keywords
- signer
- protocol
- sub
- signature
- issuer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 15
- 238000001514 detection method Methods 0.000 claims abstract description 17
- 238000012790 confirmation Methods 0.000 claims abstract description 5
- 230000005540 biological transmission Effects 0.000 claims abstract description 4
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 239000004576 sand Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of anonymous bidirectional authentication method based on trust computing, include the following steps: that third-party certificate publisher Issuer executes setup sub-protocol, prepares agreement and run required parameter;Signer Signer and signature detection side Verifier runs join sub-protocol simultaneously, and to Issuer application DAA certificate, which is run between terminal device TPM and Issuer, and Host is responsible for message transmission and verifies the correctness of certificate;Signer executes sign sub-protocol using local legal certificate to information signature, and confirms the legal identity of Verifier to the Verifier value that challenges;Verifier receives Signer to the signature of message, executes the signature legitimacy of verify sub-protocol verifying Signer;If Signer has used the relevance that do not sign for empty and identical base name, Verifier according to the execution link sub-protocol confirmation of multiple signatures of Signer, i.e. whether this group signature comes from the same Signer.In the present invention, the legitimacy that communicating pair has been confirmed each other other side during the signature authentication of a message protects the privacy of itself again, can prevent the forgery attack by malice.
Description
Technical field
The present invention relates to field of information security technology, especially a kind of anonymous bidirectional authentication method based on trust computing.
Background technique
DAA (DirectAnonymousAttestation) agreement is by Brickell, Camenisch and Chen in 2004 years
It is put forward for the first time and obtains the approval of Trusted Computing Group and be widely used as TPMv1.2 standard, for verifying the legal of TPM
Identity.DAA agreement is divided into three entities, certificate publisher Issuer, signer Signer, signature detection side Verifier, label
Recipe includes host host again and credible platform module TPM, TPM are the safe core in the end PC or Intelligent internet of things terminal device
Piece, prevents the invasion of illegal user, and host is responsible for the message transmission between TPM and other entities and has born part and calculated to appoint
Business.The safety assurance of traditional DAA agreement is the problem based on the RSA big integer prime factorization difficulty assumed, usually to whole
The selection of numerical digit reaches 210Position, it is larger to result in DAA signature length, while bring computing cost is not suitable for Intelligent internet of things
Terminal device calculates and the limited scene of storage resource.
Nowadays, the DAA scheme based on elliptic curve becomes the mainstream of research.Compared with rsa cryptosystem system, elliptic curve is close
Code system reaches safe coefficient identical with RSA using shorter key length, calculation amount and requirement to communication bandwidth also compared with
It is low.The at present credible anonymous authentication of more mature scheme constructs between believable terminal device and server, provides list
To anonymity, it is ensured that transmit the privacy of data and the identity confidentiality of smart machine between equipment and server.But it is answered certain
With the intercommunication for needing message in scene, between equipment and equipment, require to prove that it has the money of legal person in verification process
Lattice do not expose important identity information but, prevent the loss of the forgery attack or user data by malice.
Summary of the invention
Technical problem to be solved by the present invention lies in, a kind of anonymous bidirectional authentication method based on trust computing is provided,
The legitimacy that communicating pair has been confirmed each other other side during the signature authentication of a message protects the privacy of itself again, can
To prevent the forgery attack by malice.
In order to solve the above technical problems, the present invention provides a kind of anonymous bidirectional authentication method based on trust computing, including
Following steps:
(1) third-party certificate publisher Issuer executes setup sub-protocol, prepares agreement and runs required parameter;
(2) signer Signer and signature detection side Verifier runs join sub-protocol simultaneously, to Issuer application DAA
Certificate, the sub-protocol are run between terminal device TPM and Issuer, and host Host is being responsible for message transmission and verifying certificate just
True property;
(3) Signer executes sign sub-protocol using local legal certificate to information signature;
(4) Signer to Verifier challenge value confirmation Verifier legal identity;
(5) Verifier receives Signer to the signature of message, and the signature for executing verify sub-protocol verifying Signer closes
Method;
(6) if Signer has been used not for sky and identical base name, Verifier are held according to multiple signatures of Signer
Whether the relevance of row link sub-protocol confirmation signature, i.e. this group signature come from the same Signer.
Preferably, in step (1), setup sub-protocol can only execute primary during Issuer does not update key.
Preferably, in step (1), setup sub-protocol is the initialization procedure of DAA agreement, by third-party authentic authentication
Center Issuer generates the call parameter of agreement operation: G1And G2Be rank be prime number q elliptic curve on addition cyclic group (G1
≠G2), wherein G1Generation member be g1, G2Generation member be g2, asymmetric Bilinear map e:GTFor multiplicative group,
Indicate the relationship of product;The public and private key of authentic authentication center Issuer is respectively ipk and isk, selects x, y ← ZqAs private key
Isk, public key ipk are (X, Y), X=xg2∈G2, Y=yg2∈G2;Each sub-protocol needs the Hash function used, H1:HG:Authentic authentication center Issuer announces (G1, G2, g1, g2, e, X, Y, H1, HG)。
Preferably, in step (2), join sub-protocol can only execute primary during Issuer does not update key.
Preferably, in step (2), join sub-protocol is the process that TPM obtains DAA certificate and registers, signer and signature
Detection side is as reciprocity entity respectively to Issuer application certificate.
Preferably, in step (3), sign sub-protocol is TPMsAnd hostsOne is generated using same base name bsn cooperation
The signature sigma of message m, base name are to detect for signing to DAA as relevance.
Preferably, in step (6), link sub-protocol is the relevance detection to DAA signature, mainly by signer selection
Whether base name determines two or more signatures by the same TPMsIt generates.
The invention has the benefit that the present invention is on the basis of the DAA agreement based on elliptic curve cryptosystem, in conjunction with
Zero-knowledge proof technology increases certification of the signer to signature detection side's identity;By introducing the mechanism of two-way authentication, improve
The safety of agreement and the application scenarios for being suitable for anonymous authentication between terminal device;Signature of the communicating pair in a message
The legitimacy that other side has been confirmed each other in verification process protects the privacy of itself again, can prevent the forgery by malice from attacking
It hits.
Detailed description of the invention
Fig. 1 is configuration diagram of the invention.
Fig. 2 is method flow schematic diagram of the invention.
Specific embodiment
As shown in Figure 1, be a kind of architecture diagram of anonymous bidirectional authentication method based on trust computing proposed by the present invention, packet
It includes: certificate publisher and terminal device.Signer and signature detection side are the legal person at authentic authentication center, Ren Heyi simultaneously
Side can carry out the intercommunication that signature realizes information to message.
As shown in Fig. 2, be a kind of flow chart of anonymous bidirectional authentication method based on trust computing proposed by the present invention, stream
Each step in journey has all corresponded to following specific steps:
S101:setup sub-protocol is the initialization procedure of DAA agreement, raw by third-party authentic authentication center Issuer
The call parameter run at agreement:
G1And G2Be rank be prime number q elliptic curve on addition cyclic group (G1≠G2), wherein G1Generation member be g1, G2
Generation member be g2.Asymmetric Bilinear map e:GTFor multiplicative group,Indicate the relationship of product, it is most intelligible
Bilinear map is matrix multiplication
The public and private key of authentic authentication center Issuer is respectively ipK and isk selects x, y ← ZqAs private key isk, public key
Ipk is (X, Y), X=xg2∈G2, Y=yg2∈G2。
Each sub-protocol needs the Hash function used, H1:HG:
Authentic authentication center Issuer announces (G1, G2, g1, g2, e, X, Y, H1, HG)。
S102:join sub-protocol is the process that TPM obtains DAA certificate and registers, signer and the conduct pair of signature detection side
Deng entity respectively to Issuer application certificate.The detail of join sub-protocol is illustrated by taking signer Signer as an example below:
Issuer generates a random train nI←{0,1}hIt is sent to hosts。
TPMsGenerate a secret value tsk ← Zq, randomly choose u ← Zq, calculate T=tskg1, U=ug1And will (T,
U) it is sent to hosts。
hostsCalculate ch=H1(nI| | X | | Y | | T | | U) it is sent to TPMs。
TPMsGenerate a random train nT←{0,1}h, calculate c=H1(ch||nT), s=u+ctskmodq.Finally will
(T, c, s, nT) via host submit to Issuer.
Issuer first confirms that TPMsIt whether is personation.Tsk ' the value of all TPM being broken all has one
On RougeList,With the presence or absence of T=tsk ' g1, and if it exists, refuse this join sub-protocol.
Issuer calculates U '=g1 s·T-c, verify c '=H1(H1(nI||X||Y||T||U′)||nT) whether consistent with c,
TPM is confirmed if equalsLegal identity, otherwise refuse this join sub-protocol.
Issuer randomly chooses r ∈ ZqDAA certificate cre is generated for the legal TPMs=(As, Bs, Cs, Ds), As=rg1,
Bs=yAs, Cs=xAs+ rxyT, Ds=ryT.Certificate is passed into hosts。
hostsThe legitimacy of DAA certificate is verified, e is selected1, e2←Zq, verify As≠1G1, Bs≠1G1, If being verified, hostsSend (Bs, Ds)
To TPMs。
Similarly, signature detection side Verifier executes above-mentioned steps and obtains DAA certificate crev=(Av, Bv, Cv, Dv)。
S103:sign sub-protocol is TPMsAnd hostsCooperate the signature sigma of one message m of generation using the same base name bsn.
Base name is to detect for signing to DAA as relevance, and detail describes in S106.
hostsRandomly choose rs←ZqProcessing (A is blinded to certificates′,Bs′,Cs′,Ds')=rs(As,Bs,Cs,Ds), meter
Calculate S=Bs′+HG(bsn), (m, S, bsn) is sent to TPMs。
(bsn is not empty), TPM as bsn ≠ ⊥sCalculate nym=tskHG(bsn), f ← Z is randomly choosedq, calculate F
=fS, c=H1(m | | bsn | | nym | | F), sf=f+cgskmodq, by (sf, c, nym) and it is sent to hosts。
hostsIn conjunction with blinding the final DAA signature sigma=(A of certificates constructings′,Bs′,Cs′,Ds′,sf,c,nym,S)。
S104: before Verifier verifies signature legitimacy, Signer needs first to confirm the legal identity of Verifier.
Signer is to hostvSend a challenging value R ∈ G2。
TPMvGenerate random train nv←{0,1}h, randomly choose k ← Zq, calculate K=kBv', cv=H1(nv| | R | | K), sv
=k+ctskmodq, by (sv, cv, nv) it is sent to hostv。
hostvTogether with blinding certificate for (Av′,Bv′,Cv′,Dv', sv, cv, nv) response value is used as to be sent to Signer.
Similar with Issuer verification platform legitimacy, Signer detects the legitimacy of Verifier,With the presence or absence of Dv'=tsk ' Bv', and if it exists, signature detection side is personation platform, abandons this time signing
Name verification process.
Select e1, e2←Zq, verify Av≠1G1, Bv≠1G1, If verifying does not pass through, this signature-verification process is abandoned.
Signer calculates K '=sv·Bv′-c·Dv', verify cv'=H1(nv| | R | | K ') it is whether consistent with c, if verifying is lost
It loses, abandons this signature-verification process.
S105:verify sub-protocol is detection of the Verifier to Signer identity legitimacy, and Verifier is received
After Signer is about the signature sigma of message m, first confirm that whether signer comes from personation platform:
With the presence or absence of Ds'=tsk ' Bs', and if it exists, verifying does not pass through.
Select e1, e2←Zq, verify As≠1G1, Bs≠1G1,
Calculate F '=sf·S-c(Ds'+nym), verify c '=H1(m | | bsn | | nym | | F ') it is whether consistent with c.If above-mentioned
All pass through, then mutual authentication success.
S106:link sub-protocol is the relevance detection to DAA signature, mainly determines two by the base name that signer selects
Or whether multiple signatures are by the same TPMsIt generates.
For two signatures (m, σ) and (m ', σ '), executes S105 and confirm that two signatures are legitimate signatures.
If bsn ≠ ⊥, detect in σ and σ 'Two signatures are by the same TPM if equalsLabel
Administration.
If bsn=⊥ or nym ≠ nym ', can not determine.
Attacker can not track the specific identity of signer by relevance detection, and signer can also pass through identical base name
Or different base names control the relevance of signature.During with a signature authentication, which is not required the step of executing.
S107: the private key of the safety in order to improve agreement, certificate authority person needs irregular update.Key not more
During new, S101 and S102 are only needed to be implemented once.After key updating, agreement will re-execute S101 and S102.
Claims (7)
1. a kind of anonymous bidirectional authentication method based on trust computing, which comprises the steps of:
(1) third-party certificate publisher Issuer executes setup sub-protocol, prepares agreement and runs required parameter;
(2) signer Signer and signature detection side Verifier runs join sub-protocol simultaneously, demonstrate,proves to Issuer application DAA
Book, the sub-protocol are run between terminal device TPM and Issuer, and host Host is responsible for message transmission and verifies the correct of certificate
Property;
(3) Signer executes sign sub-protocol using local legal certificate to information signature;
(4) Signer to Verifier challenge value confirmation Verifier legal identity;
(5) Verifier receives Signer to the signature of message, executes the signature legitimacy of verify sub-protocol verifying Signer;
(6) if Signer has been used not for empty and identical base name, Verifier is according to the execution of multiple signatures of Signer
Whether the relevance of link sub-protocol confirmation signature, i.e. this group signature come from the same Signer.
2. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (1),
Setup sub-protocol can only execute primary during Issuer does not update key.
3. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (1),
Setup sub-protocol is the initialization procedure of DAA agreement, by third-party authentic authentication center Issuer generate agreement operation must
Want parameter: G1And G2Be rank be prime number q elliptic curve on addition cyclic group, G1≠G2, wherein G1Generation member be g1, G2's
Generating member is g2, asymmetric Bilinear map e:GTFor multiplicative group,Indicate the relationship of product;Authentic authentication center
The public and private key of Issuer is respectively ipk and isk, selects x, y ← ZqIt is (X, Y), X=xg as private key isk, public key ipk2∈
G2, Y=yg2∈G2;Each sub-protocol needs the Hash function used, H1:HG:It is credible to recognize
Card center Issuer announces (G1, G2, g1, g2, e, X, Y, H1, HG)。
4. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (2),
Join sub-protocol can only execute primary during Issuer does not update key.
5. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (2),
Join sub-protocol is the process that TPM obtains DAA certificate and registers, signer and signature detection side as reciprocity entity respectively to
Issuer application certificate.
6. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (3),
Sign sub-protocol is TPMsAnd hostsCooperate the signature sigma of one message m of generation using the same base name bsn, base name is for right
DAA signature makees relevance detection.
7. as described in claim 1 based on the anonymous bidirectional authentication method of trust computing, which is characterized in that in step (6),
Link sub-protocol is the relevance detection to DAA signature, mainly determines that two or more signatures are by the base name that signer selects
It is no by the same TPMsIt generates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811596946.3A CN109766716A (en) | 2018-12-26 | 2018-12-26 | A kind of anonymous bidirectional authentication method based on trust computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811596946.3A CN109766716A (en) | 2018-12-26 | 2018-12-26 | A kind of anonymous bidirectional authentication method based on trust computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109766716A true CN109766716A (en) | 2019-05-17 |
Family
ID=66450297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811596946.3A Pending CN109766716A (en) | 2018-12-26 | 2018-12-26 | A kind of anonymous bidirectional authentication method based on trust computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109766716A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111245869A (en) * | 2020-04-24 | 2020-06-05 | 南京畅洋科技有限公司 | Cross-domain anonymous authentication method in information physical system |
| CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
| CN113596042A (en) * | 2021-08-03 | 2021-11-02 | 拉卡拉汇积天下技术服务(北京)有限公司 | Information delivery method, device, system, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638345A (en) * | 2012-05-09 | 2012-08-15 | 四川师范大学 | DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption |
| CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
| CN105915520A (en) * | 2016-04-18 | 2016-08-31 | 深圳大学 | File storage and searching method based on public key searchable encryption, and storage system |
| CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
-
2018
- 2018-12-26 CN CN201811596946.3A patent/CN109766716A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638345A (en) * | 2012-05-09 | 2012-08-15 | 四川师范大学 | DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption |
| CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
| CN105915520A (en) * | 2016-04-18 | 2016-08-31 | 深圳大学 | File storage and searching method based on public key searchable encryption, and storage system |
| CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
Non-Patent Citations (2)
| Title |
|---|
| 关晨至等: "基于DAA的可信双向匿名认证密钥协商协议", 《计算机系统应用》 * |
| 陈立全等: "M2M网络上的改进直接匿名认证方案", 《东南大学学报(自然科学版)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111245869A (en) * | 2020-04-24 | 2020-06-05 | 南京畅洋科技有限公司 | Cross-domain anonymous authentication method in information physical system |
| CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
| CN113596042A (en) * | 2021-08-03 | 2021-11-02 | 拉卡拉汇积天下技术服务(北京)有限公司 | Information delivery method, device, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2022224799B2 (en) | Methods for secure cryptogram generation | |
| US10944575B2 (en) | Implicitly certified digital signatures | |
| CN1941699B (en) | Cryptographic methods, host system, trusted platform module, and computer arrangement | |
| EP2737656B1 (en) | Credential validation | |
| CN102170352B (en) | Method of using ECDSA with winternitz one time signature | |
| CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
| EP3681093B1 (en) | Secure implicit certificate chaining | |
| CN108809658A (en) | A kind of digital signature method and system of the identity base based on SM2 | |
| US20130326602A1 (en) | Digital Signatures | |
| CN111211910A (en) | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof | |
| CN113360943A (en) | Block chain private data protection method and device | |
| CN109766716A (en) | A kind of anonymous bidirectional authentication method based on trust computing | |
| CN116566626B (en) | Ring signature method and apparatus | |
| Chiou et al. | Design and implementation of a mobile voting system using a novel oblivious and proxy signature | |
| CN113766452A (en) | V2X communication system, communication key distribution method and implicit authentication method | |
| CN110535655A (en) | A kind of new RSA Proxy Signature method | |
| CN116975936B (en) | Finance qualification proving method and finance qualification verifying method | |
| CN116633563A (en) | Identification signature construction and verification method | |
| CN116186729A (en) | Direct anonymous authentication method, device, equipment and medium for alliance chain | |
| CN109088893A (en) | Close Multiuser is signed based on polymerization under a kind of cloud environment and authenticates communication means |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190517 |
|
| RJ01 | Rejection of invention patent application after publication |