CN110351093B - Linkable network ring signature method based on attributes - Google Patents
Linkable network ring signature method based on attributes Download PDFInfo
- Publication number
- CN110351093B CN110351093B CN201910514752.2A CN201910514752A CN110351093B CN 110351093 B CN110351093 B CN 110351093B CN 201910514752 A CN201910514752 A CN 201910514752A CN 110351093 B CN110351093 B CN 110351093B
- Authority
- CN
- China
- Prior art keywords
- signature
- attribute
- signer
- key
- attributes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a linkable network ring signature method based on attributes, which mainly comprises the following steps: in the signature stage, the mode of randomly selecting parameters to generate the link tags ensures that the signatures with the same link tags have the linkability which can be independently determined by a signer and can prove whether the two signatures are issued by the same person on the premise of not revealing the identity of a real signer; by injecting the identity into each user private key in the attribute key generation stage, the method can resist collusion attack. The method has strong anonymity and high safety, can effectively solve the problem of secondary signature existing in electronic cash, electronic voting and the like, and provides the functions of anonymous identity authentication and access control.
Description
Technical Field
The invention belongs to the technical field of digital signatures in cryptography, and relates to a network anonymous identity authentication method supporting chaining.
Background
As a novel asymmetric cryptographic technology based on attribute signature, the asymmetric cryptographic technology has the advantages of strong expression capability, flexible use, convenience in identity hiding and the like, is particularly suitable for providing an anonymous identity authentication function in the Internet, and is paid more and more attention by students. The system divides a crowd fine-grained through attributes, represents the identity in the original identity-based signature system as an attribute set, adds the concept of an access structure into the identity-based signature system, and can use an attribute private key to sign if and only if a user attribute set meets the access structure. Compared with the identity-based signature system, the attribute-based signature system not only can provide finer-grained access control for data, but also can protect the privacy of the user identity, namely the identity information of the user cannot be disclosed in the signature process. Through deep research and analysis, the existing attribute-based ring signature method still has the following problems to be solved urgently:
firstly, the existing attribute-based ring signature scheme has the problem that the linkability cannot be realized, and is difficult to provide powerful anonymous identity authentication for the fields of complex and dynamic electronic voting, electronic election and the like, so that the system cannot judge whether different signatures have the linkability or not; secondly, most of the existing attribute-based ring signature schemes have the problems that users with complementary attributes can generate legal signatures which can not be generated independently in a key combination mode, and then collusion attack can not be resisted, so that how to design an attribute-based network ring signature method which supports linkability and can resist collusion attack is a problem to be solved, and the method has important academic significance and wide application value;
in 2018, the southwest university of transportation applies for patent number 201810934093.3, entitled "an attribute-based network signature method supporting dynamic attribute space", which mainly includes that the structure of the dynamic attribute space is realized through a layering technology (divided into an attribute layer and a secret sharing layer), and a more flexible access strategy is realized by utilizing an access structure of linear secret sharing. The method solves the problems of poor attribute space expandability, inflexible access structure and the like of most of the current attribute-based signature methods, and simultaneously the safety is further enhanced compared with the existing methods. However, this method fails to achieve linkability, cannot determine whether two signatures are signed by the same person, and is difficult to solve the problem of secondary signatures in the internet field such as electronic cash, electronic election, and electronic expense. In addition, the signature method has the problem that collusion attack cannot be resisted, and users with complementary attributes can still generate legal signatures which cannot be generated by the users alone in a key combination mode.
Disclosure of Invention
The invention aims to provide a linkable network ring signature method based on attributes, which aims to have the linkable property, ensure whether the signatures with the same linked label have the linkable property or not, and embed the identity information ID in the private key of the user attribute so that the method can resist the collusion attack initiated by the user with the complementary attributes.
The invention adopts the technical scheme that the invention achieves the aim that: a linkable network ring signature method based on attributes comprises the following steps:
(1) system set-up phase
a) System disclosure parameter generation
First, the attribute authority AA is in a finite domainRandomly selecting an integer alpha as a system master key MSK, wherein q is more than 2512The security prime number of (1); then, the attribute authority AA randomly selects two cyclic multiplication groups G with the order of p1、G2And defining a bilinear map e: G1×G1→G2(ii) a Finally, the attribute authority AA follows the group G1Two elements of the public key are randomly selected as a public key one g1And public key three g3While the public key is one g1Performing modular exponentiation to obtain public key of two g2:Using the public key two g2Public key of three g3Carry out bilinear pairing operation to generate four g public keys4,g4=e(g2,g3);
The attribute authority AA outputs the public parameter PK ═ G1,G2,e,g1,g2,g3,g4Storing the system master key MSK as alpha secret;
b) selection of hash function
The attribute authority AA defines three hash functions, first a file hash function H1:H1M → G, where m → G is the mapping of the file m to the cyclic multiplicative group G1Performing hash operation on the upper element; secondly, a function hash function H2:H2:wi→ G, wherein wi→ G is attribute wiMapping to group G1Performing hash operation on the upper element;finally, the identity hash function H3:H3:WhereinTo map a {0,1} string of arbitrary length into a finite fieldPerforming hash operation on the upper element; finally, the attribute authority AA hashes the function H1、H2、H3Publishing;
(2) attribute key generation phase
a) Shamir secret sharing polynomial generation
Assume that the user ID is aggregated W according to its possession propertyID={WID,1,…,WID,i,…,WID,IIn which wID,iFor a user attribute set WIDThe ith attribute of the first time, and a key is applied to an attribute authorization center AA;
after receiving a user ID key application, an attribute authorization center AA randomly selects a d-1 order polynomial f (x), wherein d is a threshold value of AA predefined recovery secret, f (0) is alpha, and the rest coefficients are AA in a finite fieldD-1 elements selected randomly;
b) attribute key generation
First, for an attribute W owned by a userID={WID,1,…,WID,i,…,WID,IAnd the attribute authorization center AA belongs to W for each attribute i belonging to WIDRandomly selecting an integer tID,iUsing the public key three g at the same time3Function hash function H2And identity hash function H3Generating an attribute key-S1,i,The attribute authority AA then utilizes itselfHash function H3Generating an attribute key with the public key2,i,
c) Attribute key delivery
First, the attribute authority AA assigns an attribute key oneAttribute key twoSecret sending to the user ID;
(3) signature phase
A network server gives a file m to be signed and randomly selects N attributes as a declaration signature attribute set W*:Wherein Wn *Signing a collection of attributes W for a declaration*An nth subset of declarative signature attributes;
when a user ID accesses a web service, the signer, i.e., the user ID, signs a collection of attributes W from the claim*And its set of user attributes WIDD attributes are randomly selected to form a signature attribute set W'ID,W′ID={wID',1,…,wID',i,…,wID',d}; wherein, wID',iIs a signature attribute set W'IDThe ith attribute of (1);
a) first signature generation
First, the signer calculates a first partial signature σ1First part σ of1,1,σ1,1=H1(m)vWhereinA file random factor selected for the signer;
the signer then selects a random numberTo obtain T ═ g1 tAnd using T as a link label to further calculate sigma1Second part σ of1,2,Wherein the content of the first and second substances,randomly selected attribute w in signature attribute set for signerID',i(ii) an attribute random factor;the Lagrange coefficient of the polynomial f' (x) at x ═ 0 is calculated byWherein wID',jIs W'IDJ ≠ i;
second, calculate σ1Is a third partial signature of1,3,WhereinIs a set of declarative attributes W*And signature Attribute set W'IDDifference set W of*\W′IDThe (c) th attribute of (a),the signer is W*\W′IDA corresponding attribute random factor is selected for each attribute in the data;
finally, the signer will sign σ1,1、σ1,2、σ1,3Performing multiplication to obtain a first partial signature sigma1:σ1=σ1,1σ1,2σ1,3;
b) Second signature generation
Signer utilizes the above in a finite fieldRandomly selecting a file random factor v, and calculating a signature sigma of a second part of the signature sigma of the file m2:σ2=g1 v
c) Third signature generation
The signer utilizes the selected attribute random factor r'i、ri #And then calculating a third partial signature sigma of the file m3:
d) Fourth signature Generation
The signer calculates the fourth partial signature of the file m by the following method:
e) outputting signatures
(4) verification phase
After receiving the signature generated by using the signature algorithm, the network server verifies whether the signature is legal or not as follows:
if both ends of equation (1) above are true, then the signature is valid; otherwise, the signature is illegal;
(5) linkability verification
The network server receives two different signatures generated by the signatures algorithm for the files m and m', which are respectively sigma (m):and σ (m'):wherein; sigma'1Adopting a first signature, sigma ', generated for the message m ' by the step a in the (3) signature stage for the signer '2Adopting a second signature, sigma ', generated for the message m ' by the step b in the (3) signature stage for the signer '3The third signature generated for the message m' by step c in the (3) th signature phase is adopted for the signer,generating a fourth signature for the message m ' by the step d in the signing stage (3) for the signer, and generating a link label for the message m ' by the step a in the signing stage (3) for the signer by T ';
the following validation was performed:
if the equation T ═ T ' holds, it is determined that the signature σ (m) of the file m and the signature σ (m ') of the file m ' have linkability; otherwise, it is determined that the signature σ (m) of the document m and the signature σ (m ') of the document m' do not have linkability.
Compared with the prior art, the beneficial results of the invention are as follows:
firstly, in the signature stage, the mode of randomly selecting random numbers to generate the link tags is adopted to ensure that the signatures with the same link tags have the linkability which can be independently determined by a signer, and whether two signatures are issued by the same person can be proved on the premise of not revealing the identity of a real signer. At the same time, the invention enables any attacker to: the malicious user or the malicious attribute authorization center can not link the signatures without the linkability by modifying the link tags within the polynomial time, thereby ensuring the linkability of the method provided by the invention.
In the key distribution stage, the attribute authorization center embeds the user identity identification in the user attribute key, so that the user attribute keys of all users are different aiming at the same attribute, so that malicious users with complementary attribute sets cannot mutually collude, and the signatures which cannot be independently generated by the malicious users can be forged by combining the complementary user attribute keys, thereby ensuring the collusion attack resistance of the method.
The method has strong anonymity and high safety, can effectively solve the problem of secondary signature existing in electronic cash, electronic voting and the like, and provides the functions of anonymous identity authentication and access control.
The present invention will be described in further detail with reference to specific embodiments.
Detailed Description
Examples
A specific embodiment of the present invention is a linkable network ring signature method based on attributes, the proposed method process is as follows:
(1) system set-up phase
a) System disclosure parameter generation
First, the attribute authority AA is in a finite domainRandomly selecting an integer alpha as a system master key MSK, wherein q is more than 2512The security prime number of (1); then, the attribute authority AA randomly selects two cyclic multiplication groups G with the order of p1、G2And defining a bilinear map e: G1×G1→G2(ii) a Finally, the attribute authority AA follows the group G1Two elements of the public key are randomly selected as a public key one g1And public key three g3While the public key is one g1Performing modular exponentiation to obtain public key of two g2:Using the public key two g2Public key of three g3Carry out bilinear pairing operation to generate four g public keys4,g4=e(g2,g3);
The attribute authority AA outputs the public parameter PK ═ G1,G2,e,g1,g2,g3,g4Storing the system master key MSK as alpha secret;
b) selection of hash function
The attribute authority AA defines three hash functions, first a file hash function H1:H1M → G, where m → G is the mapping of the file m to the cyclic multiplicative group G1Performing hash operation on the upper element; secondly, a function hash function H2:H2:wi→ G, wherein wi→ G is attribute wiMapping to group G1Performing hash operation on the upper element; finally, the identity hash function H3:H3:WhereinTo map a {0,1} string of arbitrary length into a finite fieldPerforming hash operation on the upper element; finally, the attribute authority AA hashes the function H1、H2、H3Publishing;
(2) attribute key generation phase
a) Shamir secret sharing polynomial generation
Assume that the user ID is aggregated W according to its possession propertyID={WID,1,…,WID,i,…,WID,IIn which wID,iFor a user attribute set WIDThe ith attribute of the first time, and a key is applied to an attribute authorization center AA;
attribute authorization center AA receiptsAfter the user ID key is applied, a d-1 order polynomial f (x) is randomly selected, wherein d is a threshold value of AA predefined recovery secret, f (0) is alpha, and the rest coefficients are AA in a finite fieldD-1 elements selected randomly;
b) attribute key generation
First, for an attribute W owned by a userID={WID,1,…,WID,i,…,WID,IAnd the attribute authorization center AA belongs to W for each attribute i belonging to WIDRandomly selecting an integer tID,iUsing the public key three g at the same time3Function hash function H2And identity hash function H3Generating an attribute key-S1,i,The attribute authority AA then uses the identity hash function H3Generating an attribute key with the public key2,i,
c) Attribute key delivery
First, the attribute authority AA assigns an attribute key oneAttribute key twoSecret sending to the user ID;
(3) signature phase
A network server gives a file m to be signed and randomly selects N attributes as a declaration signature attribute set W*:Wherein Wn *Signing a collection of attributes W for a declaration*An nth subset of declarative signature attributes;
when a user ID accesses a web service, the signer, i.e., the user ID, signs a collection of attributes W from the claim*And its set of user attributes WIDD attributes are randomly selected to form a signature attribute set W'ID,W′ID={wID′,1,…,wID',i,…,wID',d}; wherein, wID',iIs a signature attribute set W'IDThe ith attribute of (1);
a) first signature generation
First, the signer calculates a first partial signature σ1First part σ of1,1,σ1,1=H1(m)vWhereinA file random factor selected for the signer;
the signer then selects a random numberTo obtain T ═ g1 tAnd using T as a link label to further calculate sigma1Second part σ of1,2,Wherein the content of the first and second substances,randomly selected attribute w in signature attribute set for signerID',i(ii) an attribute random factor;the Lagrange coefficient of the polynomial f' (x) at x ═ 0 is calculated byWherein wID',jIs W'IDJ ≠ i;
second, calculate σ1Is a third partial signature of1,3,WhereinIs a set of declarative attributes W*And signature Attribute set W'IDDifference set W of*\W′IDThe (c) th attribute of (a),the signer is W*\W′IDA corresponding attribute random factor is selected for each attribute in the data;
finally, the signer will sign σ1,1、σ1,2、σ1,3Performing multiplication to obtain a first partial signature sigma1:σ1=σ1,1σ1,2σ1,3;
b) Second signature generation
Signer utilizes the above in a finite fieldRandomly selecting a file random factor v, and calculating a signature sigma of a second part of the signature sigma of the file m2:σ2=g1 v
c) Third signature generation
The signer utilizes the selected attribute random factor r'i、ri #And then calculating a third partial signature sigma of the file m3:
d) Fourth signature Generation
The signer calculates the fourth partial signature of the file m by the following method:
e) outputting signatures
(4) verification phase
After receiving the signature generated by using the signature algorithm, the network server verifies whether the signature is legal or not as follows:
if both ends of equation (1) above are true, then the signature is valid; otherwise, the signature is illegal;
(5) linkability verification
The network server receives two different signatures generated by the signatures algorithm for the files m and m', which are respectively sigma (m):and σ (m'):wherein; sigma'1Adopting a first signature, sigma ', generated for the message m ' by the step a in the (3) signature stage for the signer '2Adopting a second signature, sigma ', generated for the message m ' by the step b in the (3) signature stage for the signer '3The third signature generated for the message m' by step c in the (3) th signature phase is adopted for the signer,generating a fourth signature for the message m ' by the step d in the signing stage (3) for the signer, and generating a link label for the message m ' by the step a in the signing stage (3) for the signer by T ';
the following validation was performed:
if the equation T ═ T ' holds, it is determined that the signature σ (m) of the file m and the signature σ (m ') of the file m ' have linkability; otherwise, it is determined that the signature σ (m) of the document m and the signature σ (m ') of the document m' do not have linkability.
Claims (1)
1. A linkable network ring signature method based on attributes comprises the following steps:
(1) system set-up phase
a) System disclosure parameter generation
First, the attribute authority AA is in a finite domainRandomly selecting an integer alpha as a system master key MSK, wherein q is more than 2512The security prime number of (1); then, the attribute authority AA randomly selects two cyclic multiplication groups G with the order of p1、G2And defining a bilinear map e: G1×G1→G2(ii) a Finally, the attribute authority AA follows the group G1Two elements of the public key are randomly selected as a public key one g1And public key three g3While the public key is one g1Performing modular exponentiation to obtain public key of two g2:Using the public key two g2Public key of three g3Carry out bilinear pairing operation to generate four g public keys4,g4=e(g2,g3);
The attribute authority AA outputs the public parameter PK ═ G1,G2,e,g1,g2,g3,g4Storing the system master key MSK as alpha secret;
b) selection of hash function
The attribute authority AA defines three hash functions, first a file hash function H1:H1M → G, where m → G is the mapping of the file m to the cyclic multiplicative group G1Performing hash operation on the upper element; secondly, an attribute hash function H2:H2W → G, wherein w → G is the attribute w mapped to the group G1Performing hash operation on the upper element; finally, the identity hash function H3:WhereinTo map a {0,1} string of arbitrary length into a finite fieldPerforming hash operation on the upper element; finally, the attribute authority AA hashes the function H1、H2、H3Publishing;
(2) attribute key generation phase
a) Shamir secret sharing polynomial generation
Assume that the user ID is aggregated W according to its possession propertyID={wID,1,L,wID,i,L,wID,IWherein, I is the number of all attributes owned by the user ID, wID,iFor a user attribute set WIDThe ith attribute (I is more than or equal to 1 and less than or equal to I), and a key is applied to an attribute authorization center AA;
after receiving a user ID key application, an attribute authorization center AA randomly selects a d-1 order polynomial f (x), wherein d is a threshold value of AA predefined recovery secret, f (0) is alpha, and the rest coefficients are AA in a finite fieldD-1 elements selected randomly;
b) attribute key generation
First, for an attribute W owned by a userID={wID,1,L,wID,i,L,wID,IAn attribute authority AA for each attribute wID,i∈WIDRandomly selecting an integer tID,iUsing the public key three g at the same time3Function hash function H2And identity hash function H3Generating an attribute key-S1,i,The attribute authority AA then uses the identity hash function H3Generating an attribute key with the public key2,i,
c) Attribute key delivery
First, the attribute authority AA assigns an attribute key oneAttribute key twoSecret sending to the user ID;
(3) signature phase
A network server gives a file m to be signed and randomly selects N attributes as a declaration signature attribute set W*:WhereinSigning a collection of attributes W for a declaration*An nth subset of declarative signature attributes;
when a user ID accesses a web service, the signer, i.e., the user ID, signs a collection of attributes W from the claim*And its set of user attributes WIDD attributes are randomly selected to form a signature attribute set W'ID,W′ID={wID',1,L,wID',i,L,wID',d}; wherein, wID',iIs a signature attribute set W'IDThe ith attribute of (1);
a) first signature generation
First, the signer calculates a first partial signature σ1First part σ of1,1,σ1,1=H1(m)vWhereinA file random factor selected for the signer;
the signer then selects a random numberTo obtain T ═ g1 tAnd using T as a link label to further calculate sigma1Second part σ of1,2,Wherein the content of the first and second substances,randomly selected attribute w in signature attribute set for signerID',i(ii) an attribute random factor;the Lagrange coefficient of the polynomial f' (x) at x ═ 0 is calculated byWherein wID',jIs W'IDJ ≠ i;
second, calculate σ1Is a third partial signature of1,3,WhereinIs a set of declarative attributes W*And signature Attribute set W'IDDifference set W of*\W′IDThe (c) th attribute of (a),the signer is W*\W′IDA corresponding attribute random factor is selected for each attribute in the data;
finally, the signer will sign σ1,1、σ1,2、σ1,3Performing multiplication to obtain a first partial signature sigma1:σ1=σ1,1σ1,2σ1,3;
b) Second signature generation
Signer utilizes the above in a finite fieldRandomly selecting a file random factor v, and calculating a signature sigma of a second part of the signature sigma of the file m2:σ2=g1 v
c) Third signature generation
The signer utilizes the selected attribute random factor ri′、ri #And then calculating a third partial signature sigma of the file m3:
d) Fourth signature Generation
The signer calculates the fourth partial signature of the file m by the following method:
e) outputting signatures
(4) verification phase
After receiving the signature generated by using the signature algorithm, the network server verifies whether the signature is legal or not as follows:
if both ends of equation (1) above are true, then the signature is valid; otherwise, the signature is illegal;
(5) linkability verification
The network server receives two different signatures generated by the signatures algorithm for the files m and m', which are respectively sigma (m):and σ (m'):wherein; sigma'1Adopting a first signature, sigma ', generated for the message m ' by the step a in the (3) signature stage for the signer '2Adopting a second signature, sigma ', generated for the message m ' by the step b in the (3) signature stage for the signer '3The third signature generated for the message m' by step c in the (3) th signature phase is adopted for the signer,the signer adopts the step d in the signing stage (3) as cancellationA fourth signature is generated by the message m ', and T ' is a signer which generates a link label for the message m ' by adopting the step a in the signature stage (3);
the following validation was performed:
if the equation T ═ T ' holds, it is determined that the signature σ (m) of the file m and the signature σ (m ') of the file m ' have linkability; otherwise, it is determined that the signature σ (m) of the document m and the signature σ (m ') of the document m' do not have linkability.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910514752.2A CN110351093B (en) | 2019-06-14 | 2019-06-14 | Linkable network ring signature method based on attributes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910514752.2A CN110351093B (en) | 2019-06-14 | 2019-06-14 | Linkable network ring signature method based on attributes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110351093A CN110351093A (en) | 2019-10-18 |
CN110351093B true CN110351093B (en) | 2021-08-03 |
Family
ID=68182149
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910514752.2A Active CN110351093B (en) | 2019-06-14 | 2019-06-14 | Linkable network ring signature method based on attributes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110351093B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113271200A (en) * | 2021-05-26 | 2021-08-17 | 陕西理工大学 | Lattice attribute signature method for resisting quantum attack |
CN114726645B (en) * | 2022-05-06 | 2023-01-24 | 电子科技大学 | Linkable ring signature method based on user information security |
CN115378613A (en) * | 2022-08-25 | 2022-11-22 | 天津大学 | Anonymous information supervision method and system based on block chain |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014068427A1 (en) * | 2012-10-30 | 2014-05-08 | International Business Machines Corporation | Reissue of cryptographic credentials |
CN104967513A (en) * | 2015-05-29 | 2015-10-07 | 西北工业大学 | Identity-based multi-recipient ring signcryption method with multiple safety attributes |
CN107342990A (en) * | 2017-06-23 | 2017-11-10 | 西南交通大学 | A kind of attribute base net network ring signatures method of distributed authorization |
CN108777626A (en) * | 2018-08-16 | 2018-11-09 | 西南交通大学 | A kind of attribute base net network endorsement method for supporting dynamic attribute space |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
CN109104284A (en) * | 2018-07-11 | 2018-12-28 | 四川大学 | A kind of block chain anonymity transport protocol based on ring signatures |
CN109246137A (en) * | 2018-10-23 | 2019-01-18 | 北京航空航天大学 | The safety protecting method and device of naval warfare data based on block chain |
-
2019
- 2019-06-14 CN CN201910514752.2A patent/CN110351093B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014068427A1 (en) * | 2012-10-30 | 2014-05-08 | International Business Machines Corporation | Reissue of cryptographic credentials |
CN104967513A (en) * | 2015-05-29 | 2015-10-07 | 西北工业大学 | Identity-based multi-recipient ring signcryption method with multiple safety attributes |
CN107342990A (en) * | 2017-06-23 | 2017-11-10 | 西南交通大学 | A kind of attribute base net network ring signatures method of distributed authorization |
CN108880801A (en) * | 2018-07-09 | 2018-11-23 | 西南交通大学 | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice |
CN109104284A (en) * | 2018-07-11 | 2018-12-28 | 四川大学 | A kind of block chain anonymity transport protocol based on ring signatures |
CN108777626A (en) * | 2018-08-16 | 2018-11-09 | 西南交通大学 | A kind of attribute base net network endorsement method for supporting dynamic attribute space |
CN109246137A (en) * | 2018-10-23 | 2019-01-18 | 北京航空航天大学 | The safety protecting method and device of naval warfare data based on block chain |
Non-Patent Citations (4)
Title |
---|
"An Attribute-Based Ring Signature Scheme in Lattice";LI Wei , FAN Mingyu , JIA Zhenhong;《Wuhan University Journal of Natural Sciences》;20120824;全文 * |
"Certificate based (linkable) ring signature";Au M H , Liu J K , Susilo W;《International Conference on Information Security Practice and Experience》;20070331;全文 * |
"属性基门限签名方案及其安全性研究";马春光;石岚;周长利;《电子学报》;20130801;全文 * |
"高效的基于属性的环签名方案";陈少真;王文强;彭书娟;《计算机研究与发展》;20110315;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN110351093A (en) | 2019-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Li et al. | Attribute-based signature and its applications | |
Zhang et al. | Anonymous attribute-based encryption supporting efficient decryption test | |
Liu et al. | White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures | |
Li et al. | Hidden attribute-based signatures without anonymity revocation | |
CN107342990B (en) | Distributed authorized attribute-based network ring signature method | |
CN110351093B (en) | Linkable network ring signature method based on attributes | |
Bao et al. | Comment on “privacy-enhanced data aggregation scheme against internal attackers in smart grid” | |
Liu et al. | Server-aided anonymous attribute-based authentication in cloud computing | |
Cao et al. | An attack on a certificateless signature scheme | |
Kang et al. | Identity-based strong designated verifier signature schemes: attacks and new construction | |
CN109951288B (en) | Hierarchical signature method and system based on SM9 digital signature algorithm | |
Hur et al. | Removing escrow from ciphertext policy attribute-based encryption | |
KR20030062401A (en) | Apparatus and method for generating and verifying id-based blind signature by using bilinear parings | |
Rastegari et al. | Efficient Certificateless Signcryption in the standard model: Revisiting Luo and Wan’s scheme from wireless personal communications (2018) | |
Li et al. | ABKS-SKGA: Attribute-based keyword search secure against keyword guessing attack | |
Padhye et al. | ECDLP‐based certificateless proxy signature scheme with message recovery | |
CN109936456A (en) | Anti- quantum calculation digital signature method and system based on private key pond | |
Sahu et al. | Identity‐based multi‐proxy multi‐signature scheme provably secure in random oracle model | |
Liu et al. | Certificate-based sequential aggregate signature | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
Zhang et al. | On the security of an ID-based anonymous proxy signature scheme and its improved scheme | |
Zhang et al. | Attack on Chen et al.'s certificateless aggregate signature scheme | |
CN111431715A (en) | Policy control signature method supporting privacy protection | |
Yang et al. | Certificateless universal designated verifier signature schemes | |
Cheng et al. | Cryptanalysis and improvement of a certificateless partially blind signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230418 Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province Patentee after: Yami Technology (Guangzhou) Co.,Ltd. Address before: 610031 science and technology division, Southwest Jiao Tong University, 111 north section of two ring road, Sichuan, Chengdu Patentee before: SOUTHWEST JIAOTONG University |