CN109831306B - Anti-quantum computation ring signature method and system based on multiple key pools - Google Patents

Anti-quantum computation ring signature method and system based on multiple key pools Download PDF

Info

Publication number
CN109831306B
CN109831306B CN201910034528.3A CN201910034528A CN109831306B CN 109831306 B CN109831306 B CN 109831306B CN 201910034528 A CN201910034528 A CN 201910034528A CN 109831306 B CN109831306 B CN 109831306B
Authority
CN
China
Prior art keywords
key
user
pool
public key
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910034528.3A
Other languages
Chinese (zh)
Other versions
CN109831306A (en
Inventor
富尧
钟一民
汪仲祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201910034528.3A priority Critical patent/CN109831306B/en
Publication of CN109831306A publication Critical patent/CN109831306A/en
Application granted granted Critical
Publication of CN109831306B publication Critical patent/CN109831306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a quantum computation ring signature resisting method and system based on a plurality of key pools, which are applied to a group of a plurality of users, wherein each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool; in the invention, a key fob is used to store a symmetric key, a public key, a private key and a public key pointer random number for encryption; and only the pointer random number of the public key is issued to the outside, and the original public key is not the public key itself. The key fob is a separate hardware-isolated device with a greatly reduced likelihood of key theft by malware or malicious operations.

Description

Anti-quantum computation ring signature method and system based on multiple key pools
Technical Field
The invention relates to the field of secure communication, in particular to a ring signature method for realizing quantum computation resistance by using a key fob technical means.
Background
Ring signatures are a mathematical signature scheme originally proposed by Rivest et al, which is a simplified group signature in which only ring members have no administrator and no cooperation between ring members is required.
The ring signature is named because the parameters in the signature form a ring shape according to a certain rule in an end-to-end connection mode. In fact, the actual signer uses the public keys of other possible signers to generate a ring with a break, and then uses the private key to connect the break into a complete ring. Any verifier can verify whether a ring signature is generated by a possible signer using the public key of the ring member. In 2001, three scientists, Rivest, shamir and Tauman, first proposed ring signatures. The signer can independently generate the signature by using the private key of the signer and the public key of other people in the signature set without the help of other people. Members of the signature set may not know that they are contained therein.
The ring signature is a special group signature, has no trust center, has no group establishing process, and is completely anonymous to the verifier. This unconditional anonymity of ring signatures is very useful in some special environments where long-term protection of information is required. For example, where anonymity must be protected even if RSA is breached.
The correctness of the ring signature is realized in that if the message is signed according to a correct signature step and the signature is not tampered in the process of propagation, the ring signature meets a verification equation; the unconditional anonymity of the ring signature is realized in that even if an attacker illegally acquires the private keys of all possible signers, the probability that the attacker can determine the real signer is not more than 1/N, wherein N is the number of all possible signers; it is not forgeable, and the probability of an external attacker successfully forging a legitimate signature is negligible, even if he can get the signature of any message m from a random speaker generating a ring signature, without knowing the private key of any member.
Quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. The difficulty of their cracking depends on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.
The prior art has the problem that in the prior art, as the quantum computer can quickly obtain the corresponding private key through the public key, the digital signature method based on the public and private keys is easy to crack by the quantum computer.
Disclosure of Invention
The invention provides a quantum computation ring signature resisting method and system based on multiple key pools, which have higher safety.
A quantum computation ring signature resisting method based on a plurality of key pools is applied to a group of a plurality of users, each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the quantum computation resistant ring signature method comprises the following steps of:
random number R by multiple public key pointers within key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user;
random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
R-1 random numbers x are selected1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
using a combining function Ck,v(y1,y2,…,yr) V and Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) to obtain a parameter ysAnd corresponding parameter xsWherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
in combinations of 2R +1 numbers, i.e. R1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
Optionally, the method for resisting quantum computation ring signature includes, during verification:
receiving ring signature and original text, and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
Using random number x in ring signatures1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
Random number R using public key pointer1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
Using formula Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v)))) C) is calculatedk,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
Wherein a combining function C is utilizedk,v(y1,y2,…,yr) V and Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) for loop computation, including:
according to formula v1=Ek(y1^ v) are calculated in sequence to obtain vs-1
According to the formula v ═ vr=Ek(yr⊕vr-1) V is obtained by sequential calculations+1
According to formula vs+1=Ek(ys+1⊕vs) By usingKs+1Decryption as a key yields ys+1⊕vsIs obtained as vs
According to the formula vs=Ek(ys⊕vs-1) By using KsDecryption as a key yields ys⊕vs-1To obtain ysA value of (d);
according to the formula xs=gs -1(ys) Using the private key of the signer as a parameter to perform operation to obtain xs
The invention also provides a quantum computation ring signature resisting system based on a plurality of key pools, which is applied to a group of a plurality of users, wherein each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the quantum computation resistant ring signature system comprises a signature party configured with:
a first module for pointing a random number R by a plurality of public keys in a key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user; random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
A second module for selecting r-1 random numbers x1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
a third module for utilizing a combining function Ck,v(y1,y2,…,yr)=v;
And Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) to obtain a parameter ysAnd corresponding parameter xsWherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
a fourth module for R being a combination of 2R +1 numbers1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
The quantum computation resistant ring signature system further comprises, configured at the verifier:
a fifth module for receiving the ring signature and the original text and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
A sixth module for using the random number x in the ring signature1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
A seventh module for pointing the random number R with a public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
An eighth module for utilizing formula Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v)))) C) is calculatedk,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
The invention also provides a quantum computation ring signature resisting system based on a plurality of key pools, which is applied to a group of a plurality of users, wherein each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
each user comprises a memory in which a computer program is stored and a processor which, when executing the computer program, implements the quantum computing ring signature robust method based on multiple key pools.
In the invention, a key fob is used to store a symmetric key, a public key, a private key and a public key pointer random number for encryption; and only the pointer random number of the public key is issued to the outside, and the original public key is not the public key itself. The key fob is a separate hardware-isolated device with a greatly reduced likelihood of key theft by malware or malicious operations. Because the quantum computer cannot obtain a plaintext public key and then cannot obtain a corresponding private key, the ring signature of the scheme is not easy to crack by the quantum computer.
Drawings
Fig. 1 is a view showing an internal structure of a key fob used in the present invention;
FIG. 2 is a diagram of the relationship between a public key and a quantum computation resistant public key in the present invention;
fig. 3 is a schematic diagram illustrating a manner in which a symmetric key is accessed in a key fob according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
It should be understood that steps may be performed in other sequences unless explicitly stated otherwise. Moreover, at least a portion of the steps may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least a portion of the sub-steps or stages of other steps.
The public signature key of each user in the present invention is not public, and public key pointer random numbers related to the location of the public key stored in the key pool in the key fob are publicly used. The storage method corresponding to the two methods is as follows: for a certain user, a public key pointer random number R is taken and acted on by a public key pointer function FPP to obtain a public key pointer PP, then the PP points to an asymmetric key pool (public key) in a key fob to obtain a position, the public key P of the user is stored in the position, and the public key pointer random number R is used as a quantum computation resistant public key. Correspondingly, the same procedure is used for taking the public key P from the key fob according to the public key pointer random number R. Because the asymmetric key pool (public key) is within the key fob, it is desirable to obtain the true original public key, which can only be obtained if the anti-quantum public key is operated in conjunction with the key pool within the key fob.
The key card of the invention is internally provided with a group symmetric key pool, an asymmetric key pool (public key), a random number of a public key pointer of each user and a private key of each user. The asymmetric key pool (public key) stores the public keys of all users of the organization; the public key pointer random number is published to the outside as a quantum computation resistant public key of the user, and any user can obtain public keys of other users according to the public key pointer random number and a key fob; the group symmetric key pool stores symmetric keys for encryption. And (m) calculating the value of k according to a formula k ═ h (m) (wherein m is an original text to be sent by a signer, and h is a hash function), taking a public key pointer random number R, using a pointer function fkp to act on k and R to obtain a pointer kp, pointing kp to a group symmetric key pool in the key fob to obtain a key seed rk, and using a function fk to act on rk to obtain a symmetric key. The random number R can be used to derive a symmetric key from not only the asymmetric key pool in the key fob but also the group symmetric key pool in the key fob based on the public key pointer. The users who own the key fob of the present invention are all members of an organization and the signature verifications are all directed to members of the organization.
In one embodiment, a quantum computation ring signature resisting method based on multiple key pools is provided, and is applied to a group of multiple users, each user is respectively configured with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the signature process comprises the following steps:
random number R by multiple public key pointers within key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user;
random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
R-1 random numbers x are selected1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
using a combining function Ck,v(y1,y2,…,yr) V and Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) to obtain a parameter ysAnd corresponding parameter xsWherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
in combinations of 2R +1 numbers, i.e. R1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
The verification comprises the following steps:
receiving ring signature and original text, and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
Using random number x in ring signatures1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
Random number R using public key pointer1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
Using formula Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v)))) C) is calculatedk,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
Wherein a combining function C is utilizedk,v(y1,y2,…,yr) V and Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) for loop computation, including:
according to formula v1=Ek(y1^ v) are calculated in sequence to obtain vs-1
According to the formula v ═ vr=Ek(yr⊕vr-1) V is obtained by sequential calculations+1
According to formula vs+1=Ek(ys+1⊕vs) By using Ks+1Decryption as a key yields ys+1⊕vsIs obtained as vs
According to the formula vs=Ek(ys⊕vs-1) By using KsDecryption as a key yields ys⊕vs-1To obtain ysA value of (d);
according to the formula xs=gs -1(ys) Using the private key of the signer as a parameter to perform operation to obtain xs
In one embodiment, a quantum computation ring signature resisting method based on multiple key pools is provided, and is applied to a group of multiple users, each user is respectively configured with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool; the quantum computation ring signature resisting method based on the multiple key pools specifically comprises the following steps:
1. signature
1.1 signer according to the public key pointer random number R published in this organization1、R2、R3…RrTaking out the public key P of each corresponding user from the asymmetric key pool in the key card1、P2、P3…Pr(ii) a Signer bases on public key pointer random number R published in this organization1、R2、R3…RrTaking out corresponding symmetric key K from group symmetric key pool in own key card1、K2、K3…Kr
1.2 signer selects a verification parameter v, then selects r-1 arbitrary values x1、x2、x3…xr-1Respectively corresponding to r-1 users in the organization, wherein the subscript of x is not equal to s, and x is setsIs the x value corresponding to the signer.
Using the extracted public key PiParticipating trapdoor function gi(e.g., RSA algorithm) using the formula yi=gi(xi) To obtain yiCalculating to obtain the division ysOther r-1 yiThe value is obtained.
1.3 according to the combinatorial function Ck,v(y1,y2,…,yr) V and Ck,v(y1,y2,…,yr)=Ekr(yr⊕Ek r-1(yr-1⊕Ek r-2(yr-2⊕Ekr-3(…⊕Ek1(y1≧ v))) can be calculated as follows (where Ek represents K obtained in 1.1, respectively)1、K2、K3…KrEncrypted as a key):
1) according to formula v1=Ek(y1^ v), using K obtained in 1.11Encrypting y as a key1XOR the result with v to obtain a value of v1(ii) a Then according to the formula v2=Ek(y2⊕v1) With K obtained in 1.12Encryption y2And v1The result of XOR is given by v2(ii) a ...; according to formula vs-1=Ek(ys-1⊕vs-2) With K obtained in 1.1s-1Encryption ys-1And vs-2The result of XOR is given by vs-1(ii) a According to formula vs=Ek(ys⊕vs-1) But because y is unknownsCan only stop the calculation.
2) Or according to the formula v ═ vr=Ek(yr⊕vr-1) With K obtained in 1.1rDecryption as a key may result in yr⊕vr-1Then obtain vr-1A value of (d); according to formula vr-1=Ek(yr-1⊕vr-2) With K obtained in 1.1r-1Decryption as a key may result in yr-1⊕vr-2Then obtain vr-2A value of (d); ...; according to formula vs+1=Ek(ys+1⊕vs) With K obtained in 1.1s+1Decryption as a key may result in ys+1⊕vsThen obtain vsThe value of (c).
3) V obtained according to the previous two stepss-1And vsAnd formula vs=Ek(ys⊕vs-1) From K obtained in 1.1sDecryption as a key yields ys⊕vs-1Then y is obtainedsThe value of (c).
1.4 according to the formula xs=gs -1(ys) Using the private key of the signer as a parameter to carry out operation to obtain x corresponding to the signersThis value may make the combining function true.
1.5 output ring signature, i.e. a combination of 2R +1 numbers (R)1,R2,…,Rr;v;x1,x2,…,xr). The ring signature is sent along with the original text to any other member within the organization.
2. Verifying signatures
2.1 obtaining a Ring signature (R) sent by a signer at some other member within the organization1,R2,…,Rr;v;x1,x2,…,xr) And an original text m.Firstly, taking out all corresponding public keys P from a key fob according to a public key pointer random number R in a ring signature; then all corresponding symmetric keys K are taken out from the key fob according to the random number R of the public key pointer in the ring signature1、K2、K3…Kr
2.2 the Member uses x in the Ring signatureiAccording to formula y with public key P participating in calculationi=gi(xi) To obtain yiIn which 1 is<=i<=r;
2.3 according to formula Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v)))) C) is calculatedk,v(y1,y2,…,yr) If the result is equal to v, the ring signature is verified, and the received text of the member is determined to be from a member in the organization; if the result is not equal to v, the verification of the ring signature fails, and whether the original text received by the member comes from a member in the organization cannot be confirmed.
In one embodiment, a quantum computation ring signature resisting system based on multiple key pools is provided, and is applied to a group of multiple users, each user is configured with a key fob, a group symmetric key pool, a private key, an asymmetric key pool, and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the quantum computation resistant ring signature system comprises a signature party configured with:
a first module for pointing a random number R by a plurality of public keys in a key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user; random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
A second module for selecting r-1 random numbers x1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
a third module for utilizing a combining function Ck,v(y1,y2,…,yr)=v;
And Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v))) to obtain a parameter ysAnd corresponding parameter xsWherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
a fourth module for R being a combination of 2R +1 numbers1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
The quantum computation resistant ring signature system further comprises, configured at the verifier:
a fifth module for receiving the ring signature and the original text and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
A sixth module for using the random number x in the ring signature1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
A seventh module for pointing the random number R with a public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
An eighth module for utilizing formula Ck,v(y1,y2,…,yr)=Ek(yr⊕Ek(yr-1⊕Ek(yr-2⊕Ek(…⊕Ek(y1≧ v)))) C) is calculatedk,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
For specific limitations of the quantum computation-resistant ring signature system, reference may be made to the above limitations of the quantum computation-resistant ring signature method, which are not described herein again. The various modules described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device, namely a quantum computation resistant ring signature system based on multiple key pools, is provided, the computer device may be a terminal, and the internal structure thereof may comprise a processor, a memory, a network interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement the above-described quantum computation ring signature resistant method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In one embodiment, a quantum computation ring signature resisting system based on multiple key pools is provided, and is applied to a group of multiple users, each user is configured with a key fob, a group symmetric key pool, a private key, an asymmetric key pool, and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
each user comprises a memory in which a computer program is stored and a processor which, when executing the computer program, implements the quantum computing ring signature robust method based on multiple key pools.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims (5)

1. The quantum computation ring signature resisting method based on the key pools is applied to a group of a plurality of users and is characterized in that each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the quantum computation resistant ring signature method comprises the following steps of:
random number R by multiple public key pointers within key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user;
random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
R-1 random numbers x are selected1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
using a combining function Ck,v(y1,y2,…,yr) V and
Figure FDA0003155278500000011
Figure FDA0003155278500000012
performing ring calculation to obtain a parameter ysAnd corresponding parameter xsThe method specifically comprises the following steps:
according to the formula
Figure FDA0003155278500000013
V is obtained by sequential calculations-1
According to the formula
Figure FDA0003155278500000014
V is obtained by sequential calculations+1
According to the formula
Figure FDA0003155278500000015
By Ks+1As a key decryption result
Figure FDA0003155278500000016
Is obtained as vs
According to the formula
Figure FDA0003155278500000017
By KsAs a key decryption result
Figure FDA0003155278500000018
To obtain ysA value of (d);
according to the formula xs=gs -1(ys) Using the private key of the signer as a parameter to perform operation to obtain xs
Wherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
in combinations of 2R +1 numbers, i.e. R1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
2. The quantum-resistant computational ring signature methodology based on multiple key pools as claimed in claim 1 wherein the quantum-resistant computational ring signature methodology upon verification comprises:
receiving ring signature and original text, and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
Using random number x in ring signatures1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
Random number R using public key pointer1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
Using formulas
Figure FDA0003155278500000021
Calculating Ck,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
3. The system is characterized in that each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
the quantum computation resistant ring signature system comprises a signature party configured with:
a first module for pointing a random number R by a plurality of public keys in a key fob1~RrObtaining public keys P corresponding to a plurality of users by combining the asymmetric key pool1~PrWhere R is less than or equal to the number of users in the group, and the public key pointer is a random number R1~RrAt least including the random number of the public key pointer of the corresponding signing party user; random number R is also indicated by the public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
A second module for selecting r-1 random numbers x1~xr-1And respectively participating in the calculation of the trapdoor function by utilizing the plurality of public keys to obtain a parameter yi(ii) a The trapdoor function is expressed as yi=gi(xi) Wherein i is the serial number from 1 to r-1, i also corresponds to the user index number, wherein i does not include the user index number of the signer;
a third module for utilizing a combining function Ck,v(y1,y2,…,yr)=v;
And
Figure FDA0003155278500000022
performing ring calculation to obtain a parameter ysAnd corresponding parameter xsThe method specifically comprises the following steps:
according to the formula
Figure FDA0003155278500000023
V is obtained by sequential calculations-1
According to the formula
Figure FDA0003155278500000031
V is obtained by sequential calculations+1
According to the formula
Figure FDA0003155278500000032
By Ks+1As a key decryption result
Figure FDA0003155278500000033
Is obtained as vs
According to the formula
Figure FDA0003155278500000034
By KsAs a key decryption result
Figure FDA0003155278500000035
To obtain ysA value of (d);
according to the formula xs=gs -1(ys) Using the private key of the signer as a parameter to perform operation to obtain xs
Wherein:
v is a preset verification parameter;
y1,y2,…,yrparameter y for corresponding sequence numberi
Ek denotes the use of said symmetric key K respectively1~KrCarrying out encryption;
s represents the user index number of the signer;
a fourth module for R being a combination of 2R +1 numbers1~Rr;v;x1~xrAs ring signatures, where x1~xrIn (a) contains xsAnd sending the information to the users as the verification parties in the group together.
4. The multiple-key-pool-based quantum computation-resistant ring signature system of claim 3, wherein the quantum computation-resistant ring signature system further comprises, configured at a verifier:
a fifth module for receiving the ring signature and the original text and according to the random number R of the public key pointer in the ring signature1~RrObtaining public keys P corresponding to multiple users by combining key fobs1~Pr
A sixth module for using the random number x in the ring signature1~xrAt the public key P1~PrParameter y is obtained by calculating a trapdoor function under participationi
A seventh module for pointing the random number R with a public key1~RrDeriving a plurality of symmetric keys K from a pool of group symmetric keys1~Kr
An eighth module for utilizing the formula
Figure FDA0003155278500000036
Figure FDA0003155278500000037
Calculating Ck,v(y1,y2,…,yr) And whether the result is the same as the verification parameter v in the ring signature or not is judged to obtain a corresponding verification result.
5. The system is characterized in that each user is respectively provided with a key fob, a group symmetric key pool, a private key, an asymmetric key pool and public key pointer random numbers respectively corresponding to each user are stored in the key fob, and the public key pointer random numbers of each user are used for obtaining a public key corresponding to the user in the asymmetric key pool and obtaining a symmetric key corresponding to the user in the group symmetric key pool;
each user comprises a memory in which a computer program is stored and a processor which, when executing the computer program, implements the multiple key pool based quantum computing ring signature method of any of claims 1-2.
CN201910034528.3A 2019-01-15 2019-01-15 Anti-quantum computation ring signature method and system based on multiple key pools Active CN109831306B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910034528.3A CN109831306B (en) 2019-01-15 2019-01-15 Anti-quantum computation ring signature method and system based on multiple key pools

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910034528.3A CN109831306B (en) 2019-01-15 2019-01-15 Anti-quantum computation ring signature method and system based on multiple key pools

Publications (2)

Publication Number Publication Date
CN109831306A CN109831306A (en) 2019-05-31
CN109831306B true CN109831306B (en) 2021-08-31

Family

ID=66861574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910034528.3A Active CN109831306B (en) 2019-01-15 2019-01-15 Anti-quantum computation ring signature method and system based on multiple key pools

Country Status (1)

Country Link
CN (1) CN109831306B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417547B (en) * 2019-07-19 2023-06-09 如般量子科技有限公司 Secret key updating method and system for secret communication based on certificateless cryptography
CN110557248B (en) * 2019-07-19 2023-06-09 如般量子科技有限公司 Secret key updating method and system based on signcryption of certificateless cryptography
CN113364579B (en) * 2020-03-04 2023-05-05 科大国盾量子技术股份有限公司 Multi-task key management method, system, storage medium and equipment
CN112769571A (en) * 2020-12-25 2021-05-07 珠海格力电器股份有限公司 Constant-length lattice group signature method and device, storage medium and electronic device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4250429B2 (en) * 2003-01-24 2009-04-08 キヤノン株式会社 Chained signature creation device and control method thereof
CN102006167B (en) * 2010-11-11 2013-03-13 西安理工大学 Ring signature method for anonymizing information based on algebra
KR101040588B1 (en) * 2010-12-13 2011-06-10 한국기초과학지원연구원 An efficient identity-based ring signature scheme with anonymity and system thereof
CN108632043B (en) * 2018-04-19 2021-08-24 成都大学 Optimized ring signature method and system
CN109040057B (en) * 2018-07-26 2020-12-01 百色学院 Multi-key hierarchical privacy protection system and method based on block chain
CN109151053B (en) * 2018-09-20 2021-08-10 如般量子科技有限公司 Anti-quantum computing cloud storage method and system based on public asymmetric key pool

Also Published As

Publication number Publication date
CN109831306A (en) 2019-05-31

Similar Documents

Publication Publication Date Title
CN109831306B (en) Anti-quantum computation ring signature method and system based on multiple key pools
CA2983163C (en) Generating cryptographic function parameters from compact source code
CN112822014B (en) Data processing method and device, electronic equipment and storage medium
Zhou et al. ExpSOS: Secure and verifiable outsourcing of exponentiation operations for mobile cloud computing
Zhang et al. Efficient public key encryption with equality test in the standard model
Cheon et al. Ghostshell: Secure biometric authentication using integrity-based homomorphic evaluations
US11316665B2 (en) Generating cryptographic function parameters based on an observed astronomical event
CN109936456B (en) Anti-quantum computation digital signature method and system based on private key pool
CN109919611B (en) Quantum computation resistant blockchain transaction method and system based on symmetric key pool server
US10079675B2 (en) Generating cryptographic function parameters from a puzzle
CN109921905B (en) Anti-quantum computation key negotiation method and system based on private key pool
CN109919609A (en) Anti- quantum calculation block chain secure transactions method and system based on public key pond
Odelu et al. A secure and efficient ECC‐based user anonymity preserving single sign‐on scheme for distributed computer networks
CN111512590A (en) Homomorphic encryption for password authentication
Diffie et al. New Directions in cryptography (1976)
CN114257366B (en) Information homomorphic processing method, device, equipment and computer readable storage medium
Lee et al. Security analysis and modification of ID-based encryption with equality test from ACISP 2017
CN109902483B (en) Anti-quantum computing proxy digital signature method and system based on multiple key pools
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
CN108809996B (en) Integrity auditing method for duplicate deletion stored data with different popularity
Srivastava et al. Integration of quantum computing and blockchain technology: a cryptographic perspective
Fanfara et al. Usage of asymmetric encryption algorithms to enhance the security of sensitive data in secure communication
CN109842493B (en) Anti-quantum computation ring signature method and system based on asymmetric key pool
CN109560926B (en) Anti-quantum computing proxy digital signature method based on asymmetric key pool, signature system and computer equipment
CN109787773B (en) Anti-quantum computation signcryption method and system based on private key pool and Elgamal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant