CN109902483A - Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys - Google Patents
Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys Download PDFInfo
- Publication number
- CN109902483A CN109902483A CN201910023293.8A CN201910023293A CN109902483A CN 109902483 A CN109902483 A CN 109902483A CN 201910023293 A CN201910023293 A CN 201910023293A CN 109902483 A CN109902483 A CN 109902483A
- Authority
- CN
- China
- Prior art keywords
- proxy
- key
- pond
- random number
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention relates to the anti-quantum calculation Proxy Digital Signature method and systems based on multiple pool of keys, each participant is configured with key card, private key, the first random number, unsymmetrical key pond and proxy parameter pond are stored in the key card, wherein public key corresponding with the private key can be obtained using unsymmetrical key pond described in conjunction with first random number;The anti-quantum calculation Proxy Digital Signature method includes that original signature side sends signature request: obtaining proxy parameter using the second random number combination proxy parameter pond;Proxy private key is obtained through operation using the private key and the proxy parameter of signer;By original text to be signed, first random number, second random number and using the proxy private key that the proxy parameter encrypts be sent to allograph side, for allograph side it is signed after be sent to authentication and verified.
Description
Technical field
The present invention relates to secure communications, especially a kind of generation that anti-quantum calculation is realized using key card technological means
Manage digital signature method and system.
Background technique
In real world, people are frequently necessary to allow the certain assignable of authority of oneself to reliable agent agent
Representative goes to exercise these power in person.Signature in the power that these can be entrusted including people is weighed.The biography of commission signature power
System method is using seal, because seal can neatly transmit between people.Digital signature is the electronic die of handwritten signature
It is quasi-, but digital signature cannot provide agent functionality.
1996, Mambo, Usuda and Okamoto proposed the concept of allograph, gave and solved this problem
A kind of method.Proxy Signature Scheme should meet six properties such as non-repudiation, verifiability, unforgeable, ga s safety degree.
Since allograph plays an important role in practical applications, so allograph is received significant attention once proposing, both at home and abroad
Scholar has carried out deep discussion and research to it.So far, people have been presented for a variety of Proxy Signature Schemes.Firstly,
Mambo, Usuda and Okamoto propose complete allograph, part allograph and the allograph with the certificate of authority.
Zhang proposes part allograph and threshold proxy signature with the certificate of authority.Sun, Lee and Hwang point out Zhang and
The Threshold Proxy Signature Scheme of Kim, Park and Won are unsafe, and give an improvement project.Li Jiguo, Cao Zhenfu
The scheme for further pointing out Sun, Lee and Hwang cannot resist public key substitution attack, and give one it is safer could not
Recognize Threshold Proxy Signature Scheme.Later, Sun proposed effective undeniable threshold proxy signature side with known signature person
Case has some preferable properties.But Hwang, Lin and Lu point out that the scheme of Sun is also unsafe, and provide and change accordingly
Into.Sun and Chen and Sun proposes the time stamp allograph with tracking recipient.Recently, Yi Lijiang etc. and Qi Ming,
Harn proposes new Proxy Signature Scheme: PROXY MULTI SIGNATURE respectively.Li Jiguo etc. is respectively referred to Wang Xiaoming, Fu Fangwei
Their scheme is unsafe out, and gives and be correspondingly improved.Non-repudiation is the critical nature of allograph, existing
Most of Proxy Signature Scheme do not have non-repudiation.In practice, non-repudiation is very important.For example, working as
When signature abuse is disputed on, authoritative institution must determine the real signer who is allograph.Mambo etc. and Kim etc. claims
Their agent protection Proxy Signature Scheme has non-repudiation, but Sun and Hsieh indicate their Proxy Signature Scheme
It is unsafe, and gives and be correspondingly improved.Lee, Hwang and Wang also indicate that the undeniable allograph side of Zhang
Case is unsafe.The scheme that Hwang and Shi is proposed can carry out fair security protection to original signer and proxy signers.
Li Jiguo etc. has carried out compared with in-depth study the non-repudiation of allograph.It can be seen that about undeniable agency's label
Name scheme waits further to study.
Mambo, Usuda and Okamoto are divided into three categories allograph: complete allograph, part allograph and
Allograph with certificate.
Complete allograph (full delegation) in complete allograph, original signer directly oneself
Signature key is sent to proxy signers by safe lane, they can generate identical signature.
Signature is undistinguishable caused by the signature as caused by proxy signers and original signer, so not
Possible signature abuse can be prevented.Complete allograph does not have identifiability and non-repudiation yet.It is former in many cases,
Beginning signer is had to the signature key for modifying him later.Therefore this signature is not suitable for business application.
For part allograph (partial delegation) in the allograph of part, original signer uses oneself
Signature key s generates proxy signature key σ, and σ is sent to proxy signers in a secured manner.Due to safety concerns, it
Seek the key s that original signer cannot be found out from proxy signature key σ.There are two types of the schemes of type in this way:
Non-protected allograph (proxy-unprotected proxy signature) is acted on behalf of in addition to original signer,
Specified proxy signers can replace original signer to generate effective allograph.But it is not designated as proxy signers
Third party cannot generate effective allograph.
Agent protection allograph (proxy-protected proxy signature) only has specified proxy signers
Original signer can be replaced to generate effective allograph.But original signer and third party cannot generate effective agency
Signature.
In the allograph of part, proxy signers generate allograph by common signature scheme using σ as signature key,
The verifying equation of modification can be used to verify the validity of allograph.Because there is the public affairs of original signer in verifying equation
Key, so verifier can be assured that allograph is through original signer authorization.People propose respectively according to different needs
The part allograph of kind various kinds.For example, threshold proxy signature, undeniable allograph, multi-proxy signature, have receive
The allograph of person, the allograph with time stamp and the part allograph with certificate, greatly enrich and have developed portion
Subagent's signature.
Quantum computer has great potential in password cracking.Asymmetric (public key) Encryption Algorithm of current mainstream, such as
RSA cryptographic algorithms, the calculating of most of factorization or the discrete logarithm in finite field for being all based on big integer the two
Difficult math question.Their difficulty that cracks also is dependent on the efficiency solved these problems.On traditional computer, it is desirable that solve the two
Difficult math question, cost time are exponential time (cracking the time as the growth of public key length is increased with exponential), this is in reality
It is unacceptable in the application of border.It and is that your the elegant algorithm that quantum computer is made to measure (can be broken in polynomial time
The solution time is increased with the growth of public key length with the speed of k power, and wherein k is the constant unrelated with public key length) carry out it is whole
Number factorization or discrete logarithm calculate, to provide possibility for RSA, cracking for discrete logarithm Encryption Algorithm.
Problem of the existing technology:
1. in the prior art, corresponding private key is obtained quickly through public key due to quantum calculation function, based on public and private
The digital signature method of key is easy to be cracked by quantum computer.
2. the outputting and inputting for digital signature in the prior art, based on public and private key can be known to enemy, in quantum meter
In the presence of calculation machine, it may be derived private key, digital signature is caused to be cracked by quantum computer.
Summary of the invention
Based on this, it is necessary to be easy to crack problem by quantum computer for the digital signature method based on public and private key, mention
For a kind of higher digital signature method of safety and system.
The present invention is based on the anti-quantum calculation Proxy Digital Signature method of multiple pool of keys, each participant is configured with key
Card, is stored with private key, the first random number, unsymmetrical key pond and proxy parameter pond, wherein with the private in the key card
The corresponding public key of key can be obtained using first random number in conjunction with the unsymmetrical key pond;
The anti-quantum calculation Proxy Digital Signature method includes that original signature side sends signature request:
Proxy parameter is obtained using the second random number combination proxy parameter pond;
Proxy private key is obtained through operation using the private key and the proxy parameter of signer;
By original text to be signed, first random number, second random number and utilize proxy parameter encryption
Proxy private key be sent to allograph side, for allograph side it is signed after be sent to authentication and verified.
Several optional ways also provided below, but be not intended as the additional qualification to above-mentioned overall plan, only into
The supplement of one step is preferred, and under the premise of no technology or logical contradiction, each optional way can be individually for above-mentioned totality side
Case is combined, and be can also be and is combined between multiple optional ways.
Optionally, the proxy parameter pond includes the first agent's parameter pond for prestoring first agent's parameter, and prestores
Second agent's parameter pond of two proxy parameters;Meet between first agent's parameter and second agent's parameter default
Conversion relation.
Optionally, first agent's parameter is Ki, and second agent's parameter is ki and is a random number;And meet Ki
=gkiMod p, wherein p is prime number, and q is a prime factor of p-1, and g is that a q rank generates member.
Optionally, the participant includes original signature side, allograph side and authentication;
First agent's parameter pond is configured in the key card of each participant, first agent's parameter pond includes 1~N
Number unit cells, N are the key card sum issued;
It only as configuring second agent's parameter pond in the key card of original signature side, and is wherein one in 1~No. N
Unit cells;
The method of proxy parameter is prestored in the proxy parameter pond are as follows:
It takes random number ri as the pointer random number in second agent's parameter pond, acts on random number ri with pointer function, obtain
It is directed toward the corresponding position of unit cells in second agent's parameter pond, stores corresponding ki in the position to pointer kp, pointer kp;
Pointer Kp is obtained after the pointer kp operation, pointer Kp is directed toward the corresponding position in first agent's parameter pond, at this
Position stores corresponding Ki.
Optionally, first identity of first random number as original signature side, original signature side is also to agency
Signer sends the second identity corresponding with allograph side.
Optionally, the anti-quantum calculation Proxy Digital Signature method includes that allograph side signs, comprising:
It receives the original text to be signed, first random number, second random number and is joined using the agency
The proxy private key of number encryption;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the proxy private key is obtained by decryption;
It is signed using the proxy private key to the original text, and obtains ciphertext using the proxy parameter ciphering signature
Signature;
The original text, ciphertext signature, first random number and second random number are sent to authentication
It is verified.
The allograph side also sends corresponding with allograph side the second identity to authentication, and with verifying
The corresponding tiers e'tat mark in side.
Optionally, allograph side is in signature, further includes:
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
Utilize the validity of proxy private key described in the proxy parameter, the proxy private key and the public key verifications;
It signs again to the original text after being verified.
Optionally, it is obtained using first random number in conjunction with the unsymmetrical key pond corresponding with the private key public
Key, comprising: act on the first random number with a public key pointer function and obtain public key pointer, be directed toward in public key pointer asymmetric close
Extract the public key prestored in the corresponding position in key pond.
Optionally, the anti-quantum calculation Proxy Digital Signature method includes that authentication is verified, comprising:
Receive the original text, ciphertext signature, first random number and second random number;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the signature is obtained by decryption;
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
It is verified using the public key, the signature and the original text.
The anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys that the present invention also provides a kind of, each participant are matched
It is equipped with key card, private key, the first random number, unsymmetrical key pond and proxy parameter pond are stored in the key card, wherein
Public key corresponding with the private key can be obtained using unsymmetrical key pond described in conjunction with first random number;
The anti-quantum calculation Proxy Digital Signature system configuration is in original signature side, comprising:
First module, for obtaining proxy parameter using the second random number combination proxy parameter pond;
Second module, for using signer private key and the proxy parameter through operation obtain proxy private key;
Third module, for by original text to be signed, first random number, second random number and utilize institute
State proxy parameter encryption proxy private key be sent to allograph side, for allograph side it is signed after be sent to authentication carry out
Verifying.
The anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys that the present invention also provides a kind of, each participant are matched
It is equipped with key card, private key, the first random number, unsymmetrical key pond and proxy parameter pond are stored in the key card, wherein
Public key corresponding with the private key can be obtained using unsymmetrical key pond described in conjunction with first random number;
Each participant includes memory and processor, is stored with computer program in memory, which executes calculating
The anti-quantum calculation Proxy Digital Signature method of the present invention based on multiple pool of keys is realized when machine program.
In the present invention, key card storage of public keys, private key and public key pointer random number and K value or k value are used;And to outgoing
The pointer random number of the only public key of cloth, is not original public key itself.Key card is independent hardware isolated equipment, is disliked
Meaning software or malicious operation are stolen key possibility and are substantially reduced.Since quantum computer is unable to get plaintext public key, then
It is unable to get corresponding private key, therefore Proxy Digital Signature is not easy to be cracked by quantum computer.In the present invention, it is based on public and private key
Digital signature further encrypted by symmetric key related with K value, form the digital signature of encryption.Even if in quantum computer
In the presence of, it is also difficult to it is derived private key.Therefore the Proxy Digital Signature of the program is not easy to be broken by quantum computer
Solution.
Detailed description of the invention
Fig. 1 is the internal structure chart of signer key card in the present invention;
Fig. 2 is the internal structure chart of succedaneum's key card in the present invention;
Fig. 3 is the internal structure chart of verifier's key card in the present invention;
Fig. 4 is the relational graph in the present invention between each user and key card;
Fig. 5 is the structure chart in the pond K in the present invention;
Fig. 6 is the access method schematic diagram of K value and k value in the present invention;
Fig. 7 is the relational graph of the public key and anti-quantum calculation public key in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing
The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side
The limitation of the range of any one in formula.
The present invention is based on the anti-quantum calculation Proxy Digital Signature method of multiple pool of keys, each participant is configured with key
Card, is stored with private key, the first random number, unsymmetrical key pond and proxy parameter pond, wherein with the private in the key card
The corresponding public key of key can be obtained using first random number in conjunction with the unsymmetrical key pond;
The anti-quantum calculation Proxy Digital Signature method includes that original signature side sends signature request:
Proxy parameter is obtained using the second random number combination proxy parameter pond;
Proxy private key is obtained through operation using the private key and the proxy parameter of signer;
By original text to be signed, first random number, second random number and utilize proxy parameter encryption
Proxy private key be sent to allograph side, for allograph side it is signed after be sent to authentication and verified.
Public key in the present invention is all underground, and what disclosure used is all the public affairs with storing in unsymmetrical key pond in key card
The related public key pointer random number in the position of key, i.e. the first random number.Wherein anti-amount of the public key pointer random number as the user
Son calculates public key and externally announces, and any participant can obtain other users according to disclosed public key pointer random number and key card
Public key.
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number, comprising:
The first random number is acted on a public key pointer function and obtains public key pointer, is directed toward the phase in unsymmetrical key pond in public key pointer
Answer the public key that extraction prestores at position.
Such as a public key pointer random number rk is taken, it is acted on a public key pointer function frkp, public key is obtained and refers to
Needle rkp, then the unsymmetrical key pond (public key) being directed toward in key card rkp is obtained into a position, it is stored in the user in the position
Public key krk for being used in subsequent process.Using disclosed public key pointer random number rk as anti-quantum calculation public key.Because non-right
Claim pool of keys (public key) in key card, it is desirable to obtain really original public key, only in key card anti-quantum public key with
Pool of keys combines operation just available original public key.
Heretofore described participant includes original signature side, allograph side and authentication;Key card is divided into three kinds, point
It Wei not signer key card, succedaneum's key card and verifier's key card.Certainly this is only according in certain signature authentication mistake
Partition of role in journey, role as needed also can change.
The proxy parameter pond includes the first agent's parameter pond (the hereinafter referred to as pond K) for prestoring first agent's parameter, and
Prestore second agent's parameter pond (the hereinafter referred to as pond k) of second agent's parameter;First agent's parameter and the second agent
Meet preset conversion relation between parameter.
First agent's parameter pond is configured in the key card of each participant, first agent's parameter pond includes 1~N
Number unit cells, N are the key card sum issued;Only as configuring second agent's parameter in the key card of original signature side
Pond, and be the wherein unit cells in 1~No. N.
All there are the pond K, unsymmetrical key pond (public key), the respective public key pointer random number of user and use in three kinds of key cards
In addition to this respective private key in family also has the k cell pond of some number in signer key card.
It is stored with K value in the pond K, k value is stored in the pond k.
The pond K is divided into N number of unit cells, and from No. 1 K unit cells to N K unit cells, the number of N is close as needed by issuing organization
The number of key card determines that the K unit cells of N number of number are referred to as the pond K altogether.
The pond k is also classified into N number of, and from No. 1 k cell pond to N k cell pond, and corresponds with the pond K, i.e. same No.
The K value stored in the pond K of code and the k value stored in the pond k are corresponding.
The pond K inside three kinds of key cards all includes No. 1 to N K unit cells, and possess in original signer key card
The pond k is then some in N number of k cell pond, referred to as the pond n k (1 < < n < < N).
K unit cells and the size in k cell pond are followed successively by S1, S2, S3 according to number ... SN.
It is a prime factor of p-1, g ∈ Z that issuing organization, which takes Big prime a p, q,pIt * is that a q rank generates member, parameter is set
It sets following all general.A random number k i is taken again, according to formula Ki=gkiMod p calculates Ki, one group (ki, Ki) is obtained, by it
It is stored in the pond K and the pond k respectively.
The method of proxy parameter is prestored in the proxy parameter pond are as follows:
It takes random number ri as the pointer random number in second agent's parameter pond, acts on random number ri with pointer function, obtain
It is directed toward the corresponding position of unit cells in second agent's parameter pond, stores corresponding ki in the position to pointer kp, pointer kp;
Pointer Kp is obtained after the pointer kp operation, pointer Kp is directed toward the corresponding position in first agent's parameter pond, at this
Position stores corresponding Ki.
Such as it to some key card, takes a random number ri as the pond k pointer random number, is acted on the pond k pointer function fp
In ri, the pond k pointer kp is obtained, the pond k is directed toward with kp and obtains a position, store corresponding k value ki in the position;
Pointer kp operation mode can be allow kp plus Ks (Ks be current key card in the pond K initial position, can be Ks1
To some in KsN) Kp is obtained, the pond K is directed toward with Kp and obtains a position, stores corresponding K value Ki in the position.
All K values of generation can all be existed to the pond K of each key card with this method, by all k values of generation point
In the pond k that not there is N number of signer key card.
It is assumed that original signature side (hereinafter referred to as A), allograph side (hereinafter referred to as B) and authentication (hereinafter referred to as C) are right
The public, private key answered is respectively Va/sa, Vb/sb and Vc/sc, and corresponding public key pointer random number is respectively Pa, Pb and Pc, and three
Public key pointer random number also identifies personal identification as the ID of A, B, C simultaneously.A, B and C takes from key card issuing organization
Belong to the key card of one's own side.
The anti-quantum calculation Proxy Digital Signature method includes that allograph side signs, comprising:
It receives the original text to be signed, first random number, second random number and is joined using the agency
The proxy private key of number encryption;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the proxy private key is obtained by decryption;
It is signed using the proxy private key to the original text, and obtains ciphertext using the proxy parameter ciphering signature
Signature;
The original text, ciphertext signature, first random number and second random number are sent to authentication
It is verified.
Allograph side is in signature, further includes:
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
Utilize the validity of proxy private key described in the proxy parameter, the proxy private key and the public key verifications;
It signs again to the original text after being verified.
The anti-quantum calculation Proxy Digital Signature method includes that authentication is verified, comprising:
Receive the original text, ciphertext signature, first random number and second random number;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the signature is obtained by decryption;
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
It is verified using the public key, the signature and the original text.
Wherein in an embodiment, the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys includes:
1.A generates proxy private key and is sent to B
The private key sa ∈ of ARZq, corresponding public key is Va=gsamod p.(R indicates set of real numbers)
A, which appoints, takes the second random number ri, according to storage K value and the corresponding method of k value, obtains from the pond K and the pond k of key card
Ki and ki obtains first agent's parameter and second agent's parameter using the second random number combination proxy parameter pond.
Proxy private key is obtained through operation using the private key and the proxy parameter of signer:
σ=sa+ki*Ki mod q
Using proxy parameter encryption agents private key, i.e., Ki is acted on Hash function and obtains H (Ki), enable HKi=H (Ki),
Encryption σ is gone to obtain { σ } HKi with HKi.
Message including original text m, ri, Pb, Pa and { σ } HKi is sent to B.Wherein,
First random number Pa indicates the message from A as the first identity of original signature side;
Pb indicates that the message is destined to B's as the second identity corresponding with allograph side.
2.B generates signσ(m) and it is sent to C
After B receives the message from A, according to the storage corresponding method of K value, obtained from the pond K of key card according to ri
Ki obtains HKi with Ki is acted on Hash function identical in step 1, then obtains σ with HKi decryption { σ } HK.
B also verifies the validity of the proxy private key σ before signature, comprising:
The public key Va of A is taken out from key card according to the public key pointer random number Pa of A.
B verifies equation gσ=VaKiKiWhether mod p is true.If the equation is set up, (σ, Ki) is an effective generation
Manage key.Otherwise, B refusal receives the key, and requires A to send a new proxy signature key to him again, or stop agreement.
After being verified, B represents A when signing on original text m, i.e., replaces sa to execute common signature operation using σ, generates
signσ(m).That is the original text m that B will sign makees one-way hash function operation and obtains eap-message digest, is calculated with σ eap-message digest
Method encryption, obtains digital signature signσ(m)。
When obtaining ciphertext signature using proxy parameter ciphering signature, i.e., sign is encrypted with HKiσ(m) { sign is obtainedσ(m)}
HKi will include Pa, Pb, Pc, ri, m and { signσ(m) } message of HKi is sent to C.Wherein, Pa indicates that the signature permission comes from
Indicate that the signature permission is acted on behalf of by B in A, Pb, Pc is identified as tiers e'tat corresponding with authentication c indicates that the message is to send
To C's.
3.C verifying signature
C is received after the message for acting on behalf of B, according to the ri method the same according to storage K value, from the pond K of key card
Ki is obtained, obtains HKi with Ki is acted on Hash function identical in step 1, then decrypt { sign with HKiσ(m) } HKi is obtained
signσ(m);The public key Va of A is taken out from key card according to the public key pointer random number Pa of A.
When being verified using public key, signature and original text, C calculates Va '=VaKi firstKiMod p, is then replaced with Va '
Va can verify the validity of allograph using verifying operation identical with verifying common signature.That is C will obtain original text m
It is separated with digital signature, one-way hash function operation equally is carried out to original text m and obtains new eap-message digest;Number is signed with Va '
Name carries out algorithm decryption, obtains original eap-message digest and is compared with new eap-message digest, illustrates if completely the same
The sender of original text m is reliable, and the process original text m transmitted is not tampered with.
It should be understood that there is no stringent for the execution of each these steps of embodiment unless expressly stating otherwise herein
Sequence limitation, these steps can execute in other order.Moreover, at least part step may include multiple sub-steps
Perhaps these sub-steps of multiple stages or stage are not necessarily to execute completion in synchronization, but can be different
Moment executes, and the execution in these sub-steps or stage sequence, which is also not necessarily, successively to be carried out, but can with other steps or
The sub-step or at least part in stage of the other steps of person execute in turn or alternately.
Wherein in an embodiment, a kind of anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys is provided, respectively
Participant is configured with key card, and private key, the first random number, unsymmetrical key pond and proxy parameter are stored in the key card
Pond, wherein public key corresponding with the private key can be obtained using unsymmetrical key pond described in conjunction with first random number;
The anti-quantum calculation Proxy Digital Signature system configuration is in original signature side, comprising:
First module, for obtaining proxy parameter using the second random number combination proxy parameter pond;
Second module, for using signer private key and the proxy parameter through operation obtain proxy private key;
Third module, for by original text to be signed, first random number, second random number and utilize institute
State proxy parameter encryption proxy private key be sent to allograph side, for allograph side it is signed after be sent to authentication carry out
Verifying.
Specific restriction about anti-quantum calculation Proxy Digital Signature system may refer to above for anti-quantum calculation
The restriction of Proxy Digital Signature method, details are not described herein.Each mould in above-mentioned anti-quantum calculation Proxy Digital Signature system
Block can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independence
In processor in computer equipment, it can also be stored in a software form in the memory in computer equipment, in order to
Processor, which calls, executes the corresponding operation of the above modules.
In one embodiment, a kind of computer equipment, i.e., a kind of anti-quantum calculation based on multiple pool of keys are provided
Proxy Digital Signature system, the computer equipment can be terminal, and internal structure may include being connected by system bus
Processor, memory, network interface, display screen and input unit.Wherein, the processor of the computer equipment is for providing calculating
And control ability.The memory of the computer equipment includes non-volatile memory medium, built-in storage.The non-volatile memories are situated between
Matter is stored with operating system and computer program.The built-in storage is operating system and computer in non-volatile memory medium
The operation of program provides environment.The network interface of the computer equipment is used to communicate with external terminal by network connection.It should
To realize above-mentioned anti-quantum calculation Proxy Digital Signature method when computer program is executed by processor.The computer equipment is shown
Display screen can be liquid crystal display or electric ink display screen, and the input unit of the computer equipment can be to be covered on display screen
The touch layer of lid is also possible to the key being arranged on computer equipment shell, trace ball or Trackpad, can also be external key
Disk, Trackpad or mouse etc..
The anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys that the present embodiment provides a kind of, each participant are matched
It is equipped with key card, private key, the first random number, unsymmetrical key pond and proxy parameter pond are stored in the key card, wherein
Public key corresponding with the private key can be obtained using unsymmetrical key pond described in conjunction with first random number;
Each participant includes memory and processor, is stored with computer program in memory, which executes calculating
The anti-quantum calculation Proxy Digital Signature method of the present invention based on multiple pool of keys is realized when machine program.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (10)
1. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys, which is characterized in that each participant is configured with close
Key card is stored with private key, the first random number, unsymmetrical key pond and proxy parameter pond, wherein with described in the key card
The corresponding public key of private key can be obtained using first random number in conjunction with the unsymmetrical key pond;
The anti-quantum calculation Proxy Digital Signature method includes that original signature side sends signature request:
Proxy parameter is obtained using the second random number combination proxy parameter pond;
Proxy private key is obtained through operation using the private key and the proxy parameter of signer;
By original text to be signed, first random number, second random number and the generation encrypted using the proxy parameter
Reason private key is sent to allograph side, for allograph side it is signed after be sent to authentication and verified.
2. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as described in claim 1, which is characterized in that
The proxy parameter pond includes the first agent's parameter pond for prestoring first agent's parameter, and prestores the second of second agent's parameter
Proxy parameter pond;Meet preset conversion relation between first agent's parameter and second agent's parameter.
3. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 2, which is characterized in that
First agent's parameter is Ki, and second agent's parameter is ki and is a random number;And meet Ki=gkiMod p, wherein p
For prime number, q is a prime factor of p-1, and g is that a q rank generates member.
4. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 3, which is characterized in that
The participant includes original signature side, allograph side and authentication;
First agent's parameter pond is configured in the key card of each participant, first agent's parameter pond includes 1~N mono-
First pond, N are the key card sum issued;
It only as configuring second agent's parameter pond in the key card of original signature side, and is the wherein unit in 1~No. N
Pond;
The method of proxy parameter is prestored in the proxy parameter pond are as follows:
It takes random number ri as the pointer random number in second agent's parameter pond, acts on random number ri with pointer function, referred to
Needle kp, pointer kp are directed toward the corresponding position of unit cells in second agent's parameter pond, store corresponding ki in the position;
Pointer Kp is obtained after the pointer kp operation, pointer Kp is directed toward the corresponding position in first agent's parameter pond, in the position
Store corresponding Ki.
5. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 4, which is characterized in that
The anti-quantum calculation Proxy Digital Signature method includes that allograph side signs, comprising:
It receives the original text to be signed, first random number, second random number and is added using the proxy parameter
Close proxy private key;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the proxy private key is obtained by decryption;
It is signed using the proxy private key to the original text, and obtains ciphertext label using the proxy parameter ciphering signature
Name;
The original text, ciphertext signature, first random number and second random number are sent to authentication to carry out
Verifying.
6. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 5, which is characterized in that
Allograph side is in signature, further includes:
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
Utilize the validity of proxy private key described in the proxy parameter, the proxy private key and the public key verifications;
It signs again to the original text after being verified.
7. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 6, which is characterized in that
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number, comprising: with a public affairs
Key pointer function acts on the first random number and obtains public key pointer, is directed toward the corresponding position in unsymmetrical key pond in public key pointer
Extract the public key prestored.
8. the anti-quantum calculation Proxy Digital Signature method based on multiple pool of keys as claimed in claim 7, which is characterized in that
The anti-quantum calculation Proxy Digital Signature method includes that authentication is verified, comprising:
Receive the original text, ciphertext signature, first random number and second random number;
Proxy parameter is obtained using the second random number combination proxy parameter pond, and the signature is obtained by decryption;
Public key corresponding with the private key is obtained in conjunction with the unsymmetrical key pond using first random number;
It is verified using the public key, the signature and the original text.
9. the anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys, which is characterized in that each participant is configured with close
Key card is stored with private key, the first random number, unsymmetrical key pond and proxy parameter pond, wherein with described in the key card
The corresponding public key of private key can be obtained using first random number in conjunction with the unsymmetrical key pond;
The anti-quantum calculation Proxy Digital Signature system configuration is in original signature side, comprising:
First module, for obtaining proxy parameter using the second random number combination proxy parameter pond;
Second module, for using signer private key and the proxy parameter through operation obtain proxy private key;
Third module, for by original text to be signed, first random number, second random number and utilize the generation
The proxy private key of reason parameter encryption is sent to allograph side, for allograph side it is signed after be sent to authentication and tested
Card.
10. the anti-quantum calculation Proxy Digital Signature system based on multiple pool of keys, which is characterized in that each participant is configured with close
Key card is stored with private key, the first random number, unsymmetrical key pond and proxy parameter pond, wherein with described in the key card
The corresponding public key of private key can be obtained using first random number in conjunction with the unsymmetrical key pond;
Each participant includes memory and processor, is stored with computer program in memory, which executes computer journey
The anti-quantum calculation Proxy Digital Signature method according to any one of claims 1 to 8 based on multiple pool of keys is realized when sequence.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910023293.8A CN109902483B (en) | 2019-01-10 | 2019-01-10 | Anti-quantum computing proxy digital signature method and system based on multiple key pools |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910023293.8A CN109902483B (en) | 2019-01-10 | 2019-01-10 | Anti-quantum computing proxy digital signature method and system based on multiple key pools |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109902483A true CN109902483A (en) | 2019-06-18 |
CN109902483B CN109902483B (en) | 2023-01-10 |
Family
ID=66943609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910023293.8A Active CN109902483B (en) | 2019-01-10 | 2019-01-10 | Anti-quantum computing proxy digital signature method and system based on multiple key pools |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109902483B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677243A (en) * | 2019-09-18 | 2020-01-10 | 成都飞机工业(集团)有限责任公司 | Construction method of proxy re-signature scheme supporting heterogeneous public key system |
CN114329618A (en) * | 2021-09-24 | 2022-04-12 | 江苏海洋大学 | Proxy signature method based on Mambo |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050271207A1 (en) * | 2004-06-05 | 2005-12-08 | Helmut Frey | Method and system for chaotic digital signature, encryption, and authentication |
US20130268756A1 (en) * | 2011-09-07 | 2013-10-10 | Elwha Llc | Computational systems and methods for anonymized storage of double-encrypted data |
WO2014088130A1 (en) * | 2012-12-05 | 2014-06-12 | Inha-Industry Partnership Institute | Proxy signature scheme |
CN104821880A (en) * | 2015-05-05 | 2015-08-05 | 九江学院 | Certificate-free generalized proxy signcryption method |
US20150358167A1 (en) * | 2013-09-16 | 2015-12-10 | Huawei Device Co., Ltd. | Certificateless Multi-Proxy Signature Method and Apparatus |
EP3007409A1 (en) * | 2014-10-10 | 2016-04-13 | Secret Medica, Inc. | Reliable user-device content and media delivery apparatuses, methods and systems |
CN106789066A (en) * | 2016-12-12 | 2017-05-31 | 西北工业大学 | Agency's weight endorsement method based on IP signatures |
US20170163425A1 (en) * | 2015-12-04 | 2017-06-08 | Verisign, Inc. | Hash-based electronic signatures for data sets such as dnssec |
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
CN108173649A (en) * | 2018-01-10 | 2018-06-15 | 如般量子科技有限公司 | A kind of message authentication method and system based on quantum key card |
CN108599926A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys |
CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
-
2019
- 2019-01-10 CN CN201910023293.8A patent/CN109902483B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050271207A1 (en) * | 2004-06-05 | 2005-12-08 | Helmut Frey | Method and system for chaotic digital signature, encryption, and authentication |
US20130268756A1 (en) * | 2011-09-07 | 2013-10-10 | Elwha Llc | Computational systems and methods for anonymized storage of double-encrypted data |
WO2014088130A1 (en) * | 2012-12-05 | 2014-06-12 | Inha-Industry Partnership Institute | Proxy signature scheme |
US20150358167A1 (en) * | 2013-09-16 | 2015-12-10 | Huawei Device Co., Ltd. | Certificateless Multi-Proxy Signature Method and Apparatus |
EP3007409A1 (en) * | 2014-10-10 | 2016-04-13 | Secret Medica, Inc. | Reliable user-device content and media delivery apparatuses, methods and systems |
CN104821880A (en) * | 2015-05-05 | 2015-08-05 | 九江学院 | Certificate-free generalized proxy signcryption method |
US20170163425A1 (en) * | 2015-12-04 | 2017-06-08 | Verisign, Inc. | Hash-based electronic signatures for data sets such as dnssec |
CN106789066A (en) * | 2016-12-12 | 2017-05-31 | 西北工业大学 | Agency's weight endorsement method based on IP signatures |
CN107124272A (en) * | 2017-05-02 | 2017-09-01 | 西南石油大学 | The lattice cloud storage data safety auditing method for supporting agent data to upload |
CN108173649A (en) * | 2018-01-10 | 2018-06-15 | 如般量子科技有限公司 | A kind of message authentication method and system based on quantum key card |
CN108599926A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys |
CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
Non-Patent Citations (9)
Title |
---|
XIAOJUN ZHANG 等: "Identity-based key-exposure resilient cloud storage public auditing scheme from lattices", 《INFORMATION SCIENCES》 * |
ZHA XUAN等: "Anti-Pollution Source Location Privacy Preserving Scheme in Wireless Sensor Networks", 《IEEE INTERNATIONAL CONFERENCE ON SENSING IEEE》 * |
孙昌毅等: "基于多变量公钥密码体制的代理重签名方案", 《计算机工程》 * |
孙昌毅等: "基于多变量密码体制的新型代理签名方案", 《四川大学学报(自然科学版)》 * |
杨小东等: "可证安全的部分盲代理重签名方案", 《通信学报》 * |
钱晓捷等: "基于非纠缠量子秘密共享的盲签名方案", 《计算机应用与软件》 * |
闫德勤等: "无可信中心的可验证门限代理签名方案", 《计算机科学》 * |
陈莉等: "抗量子攻击的高效盲签名方案", 《信息网络安全》 * |
陶羽: "多变量数字签名的研究与设计", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677243A (en) * | 2019-09-18 | 2020-01-10 | 成都飞机工业(集团)有限责任公司 | Construction method of proxy re-signature scheme supporting heterogeneous public key system |
CN110677243B (en) * | 2019-09-18 | 2021-12-03 | 成都飞机工业(集团)有限责任公司 | Construction method of proxy re-signature scheme supporting heterogeneous public key system |
CN114329618A (en) * | 2021-09-24 | 2022-04-12 | 江苏海洋大学 | Proxy signature method based on Mambo |
Also Published As
Publication number | Publication date |
---|---|
CN109902483B (en) | 2023-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110011802B (en) | Efficient method and system for cooperatively generating digital signature by two parties of SM9 | |
Srinivas et al. | Designing anonymous signature-based authenticated key exchange scheme for Internet of Things-enabled smart grid systems | |
Jiang et al. | On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services | |
Shen et al. | A modified remote user authentication scheme using smart cards | |
US9698985B2 (en) | Authentication | |
US6985583B1 (en) | System and method for authentication seed distribution | |
US8971540B2 (en) | Authentication | |
CN106341232B (en) | A kind of anonymous entity discrimination method based on password | |
US9106644B2 (en) | Authentication | |
CN1922816B (en) | One way authentication | |
US20120278628A1 (en) | Digital Signature Method and System | |
CN109728906A (en) | Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond | |
CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
CN108494559B (en) | Electronic contract signing method based on semi-trusted third party | |
Wang et al. | Comments on an advanced dynamic ID-based authentication scheme for cloud computing | |
CN102546173A (en) | Digital signature system and signature method based on certificate | |
CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
CN109905229A (en) | Anti- quantum calculation Elgamal encryption and decryption method and system based on group's unsymmetrical key pond | |
US9641333B2 (en) | Authentication methods, systems, devices, servers and computer program products, using a pairing-based cryptographic approach | |
CN109902483A (en) | Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys | |
CN113055161B (en) | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms | |
CN109687978A (en) | Anti- quantum calculation Proxy Digital Signature method and system based on private key pond and Elgamal | |
CN109560926A (en) | Anti- quantum calculation Proxy Digital Signature method, signature system and computer equipment based on unsymmetrical key pond | |
CN110324357A (en) | Data transmission method for uplink and device, data receiver method and device | |
CN109412809A (en) | SDN information access control method based on identifiable stratification encryption attribute |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |