CN110071812B - Editable, linkable and non-repudiatable ring signature method - Google Patents
Editable, linkable and non-repudiatable ring signature method Download PDFInfo
- Publication number
- CN110071812B CN110071812B CN201910353137.8A CN201910353137A CN110071812B CN 110071812 B CN110071812 B CN 110071812B CN 201910353137 A CN201910353137 A CN 201910353137A CN 110071812 B CN110071812 B CN 110071812B
- Authority
- CN
- China
- Prior art keywords
- signature
- key
- ring
- message
- list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
An editable, linkable and non-repudiatable ring signature method belongs to the field of network security and solves the problems that in the prior art, a ring signature is difficult to revoke, identity information of a malicious user is difficult to trace, the edited ring signature can still be authenticated by a signature, privacy protection and a flexible authentication mechanism are not provided, and the like. The method is used for sequentially carrying out system initialization, user key generation, Hash key generation, signature and providing the identity privacy, editable and non-repudiatable ring signature which can be conditionally revoked, respectively verifying the signature if the signature needs to be edited and whether the signature can be linked or repudiated is judged after the signature is signed, and carrying out signature editing, judgment whether the signature can be linked or repudiated and the like after the signature passes verification, and is used for providing the identity privacy, editable and non-repudiatable ring signature which can be conditionally revoked.
Description
Technical Field
An editable, linkable and non-repudiatable ring signature method belongs to the field of network security and is used for providing an identity privacy, editable and non-repudiatable ring signature capable of conditional cancellation.
Background
Ring signatures evolve from group signatures, as opposed to group signatures where there is one group administrator-centric, ring signatures do not rely on such one-centric. In short, ring signatures are spontaneous, that is, a certain user in a ring arbitrarily selects the public keys of other users to form a ring required by a signature together, so as to hide the public key of the user, and the other users on the ring do not know that the user is added into the ring at all, thereby realizing the identity privacy of a signer.
The current ring signature has the problems that the identity privacy condition can be difficult to revoke and cannot be edited. For the former (difficult revocable), due to the privacy problem of the ring signature, it is difficult to trace the identity information of the user, so that a malicious user may use this property to make a fake, and other users cannot know or cannot trace the identity information of the malicious user. If the cryptocurrency uses the ring signature to realize the user identity privacy (which is a good privacy protection mechanism for cryptocurrency), if the malicious user signs multiple transactions to realize the repeated use of the cryptocurrency (generally called as Double-blossom), the actual identity of the malicious user cannot be known due to the privacy of the ring signature. In the latter case (non-editable), generally, the digital signature is not editable, which brings disaster-tolerant alarm-backing difficulties to the digital currency mainly based on the block chain and the system derived from the digital currency, that is, after the system is attacked maliciously, the system needs to be restored to a certain normal state before the attack, and once this operation is executed, the validity of the signature is affected, so the signature needs to be re-edited to be able to correctly authenticate the current message (or to take effect at the current time point), and a typical technical means is to use a signature based on a chameleon hash function, such as: chameleon signatures, sanitizable signatures, editable signatures, and the like. At present, no one has proposed the concept of an editable ring signature.
The traditional chameleon signature and the cleanable signature can enable the signature to have editable characteristics, but the signature framework cannot support the privacy of the user, namely the signature and the public key of the user are publicly verifiable, and therefore a privacy protection mechanism is not provided.
The ring signature is a signature mechanism capable of effectively protecting the identity privacy of a user, but the traditional ring signature cannot realize the editing characteristic, namely, the message subjected to signature authentication is dynamically modified, and the modified message can still be authenticated by the signature, so that the flexible authentication mechanism is lacked.
Disclosure of Invention
In view of the above-mentioned research problems, an object of the present invention is to provide an editable, linkable and non-repudiatable ring signature method, which solves the problems in the prior art that a ring signature is difficult to revoke, it is difficult to trace the identity information of a malicious user, the signature can still be authenticated after editing, and the ring signature method does not have privacy protection and a flexible authentication mechanism.
In order to achieve the purpose, the invention adopts the following technical scheme:
an editable, linkable, non-repudiatable ring signature method, comprising the steps of:
step a, system initialization:
selecting a safety parameter lambda and setting a system public parameter P;
step b, generating a user key:
calculating the private key sk of the user i according to the system public parameter PiAnd the public key pk of user ii;
Step c, Hash key generation:
calculating a trapdoor key tk and a Hash key hk according to a system public parameter P;
step d, signature:
according to the Hash key hk, a list L consisting of n public keys and the private key x of the signerπComputing the signature σ of the message mL(m) wherein L ═ { pk ═ p1,…,pkn},i=1,…,n,xπB, calculating to obtain the signature, and using pi to refer to a signer due to the anonymity of the ring signature;
after signing, if the signature needs to be edited and whether the signature can be linked or repudiated is judged, firstly verifying the signature:
list L of n public keys, signature σ of the verification message mL(m) and outputting 0 or 1, 0 indicating that the verification is failed, and 1 indicating that the verification is passed;
if the signature passes the verification, editing the signature:
signing sigma to the target according to the trapdoor key tk, the list L consisting of n public keys and the new message mL(m) editing to output abnormal symbol ^ or edited signature σL(m);
If the signature passes the verification, judging whether the signature can be linked:
list L of n public keys, list of n public keysMessageAnd an array of signaturesdjRepresenting an unknown user, j is 0, 1, obtaining a pair of arrays, judging whether signatures of the two arrays can be linked, and outputting inverted T, 0 or 1;
step h, judging whether the signature can be repudiated:
list L of n public keys, dispute message and signature (m)*,σL(m*) Messages and signatures (m, σ)L(m)) performing dependence judgment, and outputting ^ 0 or 1.
Further, in the step a, a system public parameter P is set, and the specific steps are as follows:
selecting a group G with a generating element G and a group order q according to a safety parameter lambda;
the hash functions are set as follows: h1:{0,1}*→ G and H2:{0,1}*→Zq,ZqQ-1, which is a q-order integer group;
output system public parameter P ═<G,q,g,H1,H2>。
Further, in step b, the specific steps of generating the user key are as follows:
selecting a random number according to the system public parameter PAs the private key sk of user iiComputing user i public keyOutputting the private key and the public key (sk) of the user ii,pki) Wherein, in the step (A),represents from ZqA value is randomly selected from the group.
Further, in step c, the hash key generation specifically includes:
selecting a random number according to the system public parameter PAs the trapdoor key tk, the hash key hk y g is calculatedxThe trapdoor key and hash key (tk, from) are output.
Further, in said step d, the signature σ of the message m is calculatedLThe specific steps of (m) are as follows:
based on the hash key hk, a list L of n public keys y1,...,yn}1≤i≤nWherein each public key yiCorresponding to a private key xi,yi=pki,xi=skiMessage, messagePrivate key x of signerπN is not less than 1 and not more than pi, and H is calculated as H1(L) andwhere h is a hash value used to bind ring information, i.e., all public key information L included in the ring, to the ring signature,private key information representing the signer, for binding the private key of the signer to the ring signature;
based on h andselecting two random numbers for calculating the value of the last random number of the ringComputing cπ+1All public key information L including ring and private key information of signerColor change Lonhahi value g of last signeruHash value h related to information of last signer and current signervThe formed hash value is used for realizing the end-to-end connection of the ring;
based onWhen i ═ pi +1,.. times, n, 1.. times, pi-1, two random numbers are selected that keep the ends of the ring coincidentComputingAndthen calculate,riRepresenting the ith chameleon random number for distinguishing different chameleon hash valuesEdited ring signature, ci+1Representing the last point on the ring, i.e. the last signer, where cπ+1And ci+1Satisfy the same constitution, i.e. guCorrespond tohvCorrespond to
Calculating alphaπ=u-xπcπmod q,βπ=v-xπcπmod q;
Further, in said step e, the signature σ of the message m is verifiedLThe specific steps of (m) are as follows:
list L, message m, signature composed of n public keysCalculating H as H1(L) for i ═ 1.. times, n, calculatedFor i ≠ n, calculate
Check if the equation holds:if yes, returning 1 to represent that the verification is passed; otherwise, return 0 represents a verification failure.
Further, in the step f, the signature σ is editedLThe specific steps of (m) are as follows:
according to the trapdoor key tk, a list L consisting of n public keys, a new message m' and a target signature
For 1 ≦ i ≦ n, calculater′iDenotes the new chameleon random number, α 'of user i'iIndicating that it is not the original random number;
Further, in the step g, the specific step of judging whether the signature is linkable is as follows:
list L of n public keys, list of n public keysMessageAnd an array of signaturesj is 0, 1, and for j 0 and 1, it is checked whether or notIf yes, returning 1 to represent that the signature can be linked, namely the pair of signatures are generated by the same user; otherwise, returning 0 represents that the signature is not linkable.
Further, in the step h, the specific step of judging whether the signature can be repudiated is:
according to a list L consisting of n public keys, dispute messages and signatures Message and signatureFor 1 ≦ i ≦ n, check if there is an equation And isIf yes, returning 1 to represent successful repudiation; if not, return 0 represents a denial failure.
Compared with the prior art, the invention has the beneficial effects that:
firstly, the invention can detect a group of signature information from the same signer for the same group of public key information (the same ring) through a link algorithm (namely judging whether the signature is linkable or not), thereby providing the privacy protection with revocable conditions, namely providing the maximum privacy protection and ensuring that the privacy is not abused.
The invention allows editing the signed authentication information without the help of a signer in the editing process, the edited signature can authenticate a new message, so that the extensible signature function is realized, the message after signature authentication can be re-edited, and the edited signature and the message pair can still pass verification.
Third, the invention allows the original signer to repudiate a signature after being edited through a repudiation algorithm, so as to realize the non-repudiation (denability) of the signature editing, namely, the signer (the person holding the trap key tk) can not repudiate the signature edited by the signer, so as to realize the traceability of the signature editing function and ensure that the function is not abused.
The invention realizes a signature mechanism which can protect the identity privacy of the user and can be flexibly authenticated.
Drawings
FIG. 1 is a schematic flow diagram of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings and specific embodiments.
An editable, linkable, non-repudiatable ring signature method, comprising the steps of:
step a, system initialization:
selecting a safety parameter lambda and setting a system public parameter P;
setting a system public parameter P, which comprises the following specific steps:
selecting a group G with a generating element G and a group order q according to a safety parameter lambda;
the hash functions are set as follows: h1:{0,1}*→ G and H2:{0,1}*→Zq,ZqQ-1, which is a q-order integer group;
output system public parameter P ═<G,q,g,H1,H2>。
Step b, generating a user key:
calculating the private key sk of the user i according to the system public parameter PiAnd the public key pk of user ii;
The method comprises the following specific steps:
selecting a random number according to the system public parameter PAs the private key sk of user iiComputing user i public keyOutputting the private key and the public key (sk) of the user ii,pki) Wherein, in the step (A),represents from ZqA value is randomly selected from the group.
Step c, Hash key generation:
calculating a trapdoor key tk and a Hash key hk according to a system public parameter P;
the method comprises the following specific steps:
according to the system public parameter P, selectingA random numberAs the trapdoor key tk, the hash key hk y g is calculatedxAnd outputting the trapdoor key and the hash key (tk, hk).
Step d, signature:
according to the Hash key hk, a list L consisting of n public keys and the private key x of the signerπComputing the signature σ of the message mL(m) wherein L ═ { pk ═ p1,…,pkn},i=1,…,n,xπB, calculating to obtain the signature, and using pi to refer to a signer due to the anonymity of the ring signature;
computing a signature σ for a message mLThe specific steps of (m) are as follows:
based on the hash key hk, a list L of n public keys y1,...,yn}1≤i≤nWherein each public key yiCorresponding to a private key xi,yi=pki,xi=skiMessage, messagePrivate key x of signerπN is not less than 1 and not more than pi, and H is calculated as H1(L) andwhere h is a hash value used to bind ring information, i.e., all public key information L included in the ring, to the ring signature,private key information representing a signer for binding the signer's private key to a ring signature, so that ring signatures of the same signers can be linked because they share parameters
Based on h andselecting two random numbers for calculating the value of the last random number of the ringComputing cπ+1All public key information L including ring and private key information of signerColor change Lonhahi value g of last signeruHash value h related to information of last signer and current signervThe formed hash value is used for realizing the end-to-end connection of the ring;
based onWhen i ═ pi +1,.. times, n, 1.. times, pi-1, two random numbers are selected that keep the ends of the ring coincidentComputingAndthen calculate,riRepresenting the ith chameleon random number for distinguishing different chameleon hash valuesEdited ring signature, chameleon hash valueNamely, the key that the ring signature can be edited is ensured, the chameleon hash value has the capability of recalculation, so that the re-editing can be realized, and the chameleon hash value is editedIs kept constant, r corresponding to itiA change for realizing a ring signature editing characteristic based on the color changing ronchessman value, ci+1Representing the last point on the ring, i.e. the last signer, where cπ+1And ci+1Satisfy the same constitution, i.e. guCorrespond tohvCorrespond to
Calculating alphaπ=u-xπcπmod q,βπ=v-xπcπmod q;
In summary, based on the ring sequence of the L list corresponding to the signer, the parameters are sequentially calculated according to the ring sequence Finally, an end-to-end ring signature is obtained.
After signing, if the signature needs to be edited and whether the signature can be linked or repudiated is judged, firstly verifying the signature:
list L of n public keys, signature σ of the verification message mL(m)And outputs 0 or 1, 0 indicating that the verification is not passed, and 1 indicating that the verification is passed;
verifying the signature σ of a message mLThe specific steps of (m) are as follows:
list L, message m, signature composed of n public keysCalculating H as H1(L) for i ═ 1.. times, n, calculatedFor i ≠ n, calculate
Check if the equation holds:if yes, returning 1 to represent that the verification is passed; otherwise, return 0 represents a verification failure.
If the signature passes the verification, editing the signature:
signing sigma to the target according to the trapdoor key tk, the list L consisting of n public keys and the new message mL(m) editing to output abnormal symbol ^ or edited signature σL(m′);
Editing signature σLThe specific steps of (m) are as follows:
according to the trapdoor key tk, a list L consisting of n public keys, a new message m and a target signature
For 1 ≦ i ≦ n, calculater′iDenotes the new chameleon random number, α 'of user i'iIndicating that it is not the original random number;
If the signature passes the verification, judging whether the signature can be linked:
list L of n public keys, list of n public keysMessageAnd an array of signaturesdjRepresenting unknown users, j is 0, 1, obtaining a pair of arrays, judging whether signatures of the two arrays can be linked, and outputting the signatures to be 0 or 1;
the specific steps for judging whether the signature is linkable are as follows:
list L of n public keys, list of n public keysMessageAnd an array of signaturesj is 0, 1, and for j 0 and 1, it is checked whether or notIf true, returning 1 represents that the signature is linkable, i.e. the pair of signatures was generated by the same user 2 otherwise returning 0 represents that the signature is not linkable.
Step h, judging whether the signature can be repudiated:
list L of n public keys, dispute message and signature (m)*,σL(m*) Messages and signatures (m, σ)L(m)) makes a denial judgment and outputs an upper, 0 or 1.
The specific steps for judging whether the signature can be repudiated are as follows:
according to a list L consisting of n public keys, dispute messages and signatures Message and signatureFor 1 ≦ i ≦ n, check if there is an equation And isIf yes, returning 1 to represent successful repudiation; if not, return 0 represents a denial failure.
The above are merely representative examples of the many specific applications of the present invention, and do not limit the scope of the invention in any way. All the technical solutions formed by the transformation or the equivalent substitution fall within the protection scope of the present invention.
Claims (6)
1. An editable, linkable, non-repudiatable ring signature method, comprising the steps of:
step a, system initialization:
selecting a safety parameter lambda and setting a system public parameter P;
step b, generating a user key:
calculating the private key sk of the user i according to the system public parameter PiAnd the public key pk of user ii;
Step c, Hash key generation:
calculating a trapdoor key tk and a Hash key hk according to a system public parameter P;
step d, signature:
according to the Hash key hk, a list L consisting of n public keys and the private key x of the signerπComputing the signature σ of the message mL(m) wherein L ═ { pk ═ p1,…,pkn},i=1,…,n,xπB, calculating to obtain the signature, and using pi to refer to a signer due to the anonymity of the ring signature;
computing a signature σ for a message mLThe specific steps of (m) are as follows:
based on the hash key hk, a list L of n public keys y1,...,yn}1≤i≤nWherein each public key yiCorresponding to a private key xi,yi=pki,xi=skiMessage, messagePrivate key x of signerπN is not less than 1 and not more than pi, and H is calculated as H1(L) andwhere h is a hash value used to bind ring information, i.e., all public key information L included in the ring, to the ring signature,private key information representing the signer, for binding the private key of the signer to the ring signature;
based on h andtwo random numbers u are selected that calculate the value of the last random number of the ring,computing cπ+1All public key information L including ring and private key information of signerChameleon hash value g of last signeruHash value h related to information of last signer and current signervThe formed hash value is used for realizing the end-to-end connection of the rings;
based onWhen i ═ pi +1,.., n, 1,. and pi-1, two random numbers alpha are selected so that the heads and tails of the rings are consistenti,ComputingAndthen calculate riRepresenting the ith chameleon random number for distinguishing different chameleon hash valuesEdited ring signature, ci+1Representing the last point on the ring, i.e. the last signer, where cπ+1And ci+1Satisfy the same constitution, i.e. guCorrespond tohvCorrespond to
Calculating alphaπ=u-xπcπmod q,βπ=v-xπcπmod q;
after signing, if the signature needs to be edited and whether the signature can be linked or repudiated is judged, firstly verifying the signature:
list L of n public keys, signature σ of the verification message mL(m) and outputting 0 or 1, 0 indicating that the verification is failed, and 1 indicating that the verification is passed;
if the signature passes the verification, editing the signature:
signing sigma to the target according to the trapdoor key tk, the list L consisting of n public keys and the new message mL(m) editing, and outputting abnormal symbol T or edited signature sigmaL(m′);
If the signature passes the verification, judging whether the signature can be linked:
list L of n public keys, list of n public keysMessageAnd an array of signaturesdjRepresenting an unknown user, j is 0, 1, obtaining a pair of arrays, judging whether signatures of the two arrays can be linked, and outputting inverted T, 0 or 1;
in step g, the specific step of judging whether the signature is linkable is as follows:
list L of n public keys, list of n public keysMessageAnd an array of signaturesj is 0, 1, and for j 0 and 1, it is checked whether or notIf yes, returning 1 to represent that the signatures can be linked, namely the pair of signatures are generated by the same user; otherwise, returning 0 represents that the signature is not linkable;
step h, judging whether the signature can be repudiated:
list L of n public keys, dispute message and signature (m)*,σL(m*) Messages and signatures (m, σ)L(m)) performing denial judgment, and outputting T, 0 or 1;
in the step h, the specific steps of judging whether the signature can be repudiated are as follows:
2. The method as claimed in claim 1, wherein in the step a, a system public parameter P is set, and the specific steps are as follows:
selecting a group G with a generating element G and a group order q according to a safety parameter lambda;
the hash functions are set as follows: h1:{0,1}*→ G and H2:{0,1}*→Zq,ZqQ-1, which is a q-order integer group;
output system public parameter P ═<G,q,g,H1,H2>。
3. The method as claimed in claim 2, wherein the step b of generating the user key comprises the following steps:
4. The editable, linkable and non-repudiatable ring signature method according to claim 3, wherein in the step c, the hash key generation comprises the following specific steps:
5. An editable, linkable, non-repudiatable ring signature method according to claim 1, wherein in step e, the signature σ of the message m is verifiedLThe specific steps of (m) are as follows:
list L, message m, signature composed of n public keysCalculating H as H1(L) for i ═ 1.. times, n, calculatedFor i ≠ n, calculate
6. An editable, linkable, non-editable device as claimed in claim 5The method of ring signature for repudiation is characterized in that, in the step f, the signature sigma is editedLThe specific steps of (m) are as follows:
according to the trapdoor key tk, a list L consisting of n public keys, a new message m' and a target signature
For 1 ≦ i ≦ n, calculateri' means New chameleon random number, α ' of user i 'iIndicating that it is not the original random number;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910353137.8A CN110071812B (en) | 2019-04-29 | 2019-04-29 | Editable, linkable and non-repudiatable ring signature method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910353137.8A CN110071812B (en) | 2019-04-29 | 2019-04-29 | Editable, linkable and non-repudiatable ring signature method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110071812A CN110071812A (en) | 2019-07-30 |
CN110071812B true CN110071812B (en) | 2021-06-08 |
Family
ID=67369489
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910353137.8A Active CN110071812B (en) | 2019-04-29 | 2019-04-29 | Editable, linkable and non-repudiatable ring signature method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110071812B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474762B (en) * | 2019-08-22 | 2021-05-25 | 电子科技大学 | Method for constructing ring-type editable block chain |
CN111526009B (en) * | 2020-04-09 | 2021-06-15 | 西南交通大学 | Forward security editable block chain construction method suitable for alliance chain |
CN111698090B (en) * | 2020-05-22 | 2022-09-27 | 哈尔滨工程大学 | Ring signature method applied to threat intelligence transaction alliance chain |
CN112187455B (en) * | 2020-09-24 | 2023-04-18 | 西南交通大学 | Method for constructing distributed public key infrastructure based on editable block chain |
CN113360943A (en) * | 2021-06-23 | 2021-09-07 | 京东数科海益信息科技有限公司 | Block chain private data protection method and device |
CN113794556B (en) * | 2021-09-10 | 2023-05-23 | 福建师范大学 | PCH revocable method and system for collectable blockchain protocol |
CN114584280B (en) * | 2022-03-04 | 2024-06-21 | 浪潮云信息技术股份公司 | Key management method and system for AOS ring signature |
CN114417429B (en) * | 2022-04-02 | 2022-06-07 | 湖南宸瀚科技有限公司 | Editable block chain system based on ring type verification |
CN114726645B (en) * | 2022-05-06 | 2023-01-24 | 电子科技大学 | Linkable ring signature method based on user information security |
CN115017170B (en) * | 2022-08-04 | 2022-10-11 | 北京邮电大学 | Traceable block chain transaction credible erasing method and device |
CN115473632B (en) * | 2022-08-24 | 2024-05-31 | 武汉大学 | Improved multi-layer linkable ring signature generation method and device |
CN116743396B (en) * | 2023-08-14 | 2023-11-03 | 深圳奥联信息安全技术有限公司 | Optimized ring signature method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045164A (en) * | 2009-10-20 | 2011-05-04 | 广州信睿网络科技有限公司 | Key exposure free chameleon digital signature method based on ID (Identity) |
US20120166808A1 (en) * | 2010-12-23 | 2012-06-28 | Electronics And Telecommunications Research Institute | Lattice-based ring signature method |
CN109257184A (en) * | 2018-11-08 | 2019-01-22 | 西安电子科技大学 | Linkable ring signature method based on anonymous broadcast enciphering |
-
2019
- 2019-04-29 CN CN201910353137.8A patent/CN110071812B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045164A (en) * | 2009-10-20 | 2011-05-04 | 广州信睿网络科技有限公司 | Key exposure free chameleon digital signature method based on ID (Identity) |
US20120166808A1 (en) * | 2010-12-23 | 2012-06-28 | Electronics And Telecommunications Research Institute | Lattice-based ring signature method |
CN109257184A (en) * | 2018-11-08 | 2019-01-22 | 西安电子科技大学 | Linkable ring signature method based on anonymous broadcast enciphering |
Non-Patent Citations (2)
Title |
---|
《可证明安全数字签名的研究》;高伟;《中国博士学位论文全文数据库》;20070715;全文 * |
《数字签名在公平交易协议中的应用研究》;马晓静;《中国优秀硕士学位论文全文数据库》;20070615;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN110071812A (en) | 2019-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110071812B (en) | Editable, linkable and non-repudiatable ring signature method | |
CN109257184B (en) | Linkable ring signature method based on anonymous broadcast encryption | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN109905247B (en) | Block chain based digital signature method, device, equipment and storage medium | |
KR20130065278A (en) | Authentication method and apparatus for detection and prevention of source spoofing packets | |
CN103902925B (en) | The method and apparatus signed for digital document | |
CN101873307A (en) | Digital signature method, device and system based on identity forward secrecy | |
CN106899413B (en) | Digital signature verification method and system | |
CN104320259B (en) | Based on Schnorr signature algorithms without certificate signature method | |
CN108259506B (en) | SM2 whitepack password implementation method | |
EP2247025A1 (en) | Apparatus, method, and program for updating a pair of public and secret key for digital signature | |
Accorsi | Log data as digital evidence: What secure logging protocols have to offer? | |
CN116566626B (en) | Ring signature method and apparatus | |
CN106936584A (en) | A kind of building method without CertPubKey cryptographic system | |
CN110661816B (en) | Cross-domain authentication method based on block chain and electronic equipment | |
Feng et al. | White-box implementation of Shamir’s identity-based signature scheme | |
CN104410500A (en) | Specified verifier-based signing, signature verification and signature copy simulation method and system | |
WO2019174404A1 (en) | Digital group signature method, device and apparatus, and verification method, device and apparatus | |
TWI555370B (en) | Digital signature method | |
JP2004526387A (en) | Ring-based signature scheme | |
CN115174102A (en) | Efficient batch verification method and system based on SM2 signature | |
Zentai | On the efficiency of the Lamport Signature Scheme | |
CN113326527A (en) | Credible digital signature system and method based on block chain | |
CN114329551B (en) | Zk-SNARK-based lightweight ring signature method | |
WO2011106059A1 (en) | Method and apparatus for providing authenticity and integrity to stored data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |