CN110677243B - Construction method of proxy re-signature scheme supporting heterogeneous public key system - Google Patents

Construction method of proxy re-signature scheme supporting heterogeneous public key system Download PDF

Info

Publication number
CN110677243B
CN110677243B CN201910879330.5A CN201910879330A CN110677243B CN 110677243 B CN110677243 B CN 110677243B CN 201910879330 A CN201910879330 A CN 201910879330A CN 110677243 B CN110677243 B CN 110677243B
Authority
CN
China
Prior art keywords
signature
rsa
key
alice
bob
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910879330.5A
Other languages
Chinese (zh)
Other versions
CN110677243A (en
Inventor
李辉超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Aircraft Industrial Group Co Ltd
Original Assignee
Chengdu Aircraft Industrial Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Aircraft Industrial Group Co Ltd filed Critical Chengdu Aircraft Industrial Group Co Ltd
Priority to CN201910879330.5A priority Critical patent/CN110677243B/en
Publication of CN110677243A publication Critical patent/CN110677243A/en
Application granted granted Critical
Publication of CN110677243B publication Critical patent/CN110677243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Abstract

The invention relates to the field of cryptography, in particular to a construction method of a proxy re-signature scheme supporting a heterogeneous public key system, which is characterized by comprising the following steps: the first step is as follows: RSA key generation; the second step is that: ElGamal key generation; the third step: re-signing Key generation (Re-Key); the fourth step: RSA signature generation; the fifth step: generating an ElGamal signature; and a sixth step: re-signing; the seventh step: the invention enables users under different systems to cooperate and expands the application of the proxy re-signature scheme.

Description

Construction method of proxy re-signature scheme supporting heterogeneous public key system
Technical Field
The invention relates to the field of cryptography, in particular to a construction method of a proxy re-signature scheme supporting a heterogeneous public key system.
Background
The RSA public key cryptosystem proposed in 1977 by Rivest et al to be able to resist most cryptographic attacks known so far, being the most influential and most commonly used public key algorithm at present. The algorithm is established on the theoretical basis of large number decomposition and prime number detection. In 1985, ElGamal's discrete logarithm problem based on finite fields proposed ElGamal public key cryptosystem, which has significant results in the field of digital signatures.
In 1998, Blaze et al (BBS) first proposed the concept of proxy re-signatures. In proxy re-signing, a semi-trusted proxy server converts Alice's signature on a message to Bob's signature on the same message by converting the key, and the proxy server itself cannot generate the signatures of either Alice or Bob. But the advantages are not well recognized by Blaze et al because it does not propose a formal definition of proxy re-signatures. Up to 2005, Ateniese and Hohenberger formally defined a proxy re-signature and its security model while pointing out the BBS scheme deficiency. The proxy re-signing algorithm returns to the visual field of people again, and proxy re-signing schemes with the properties of multiple use, threshold, one-way, certificateless and the like are proposed successively. However, the existing proxy re-signature schemes are all based on a single public key cryptosystem, such as RSA, ElGamal, etc., which makes it difficult for users under different systems to cooperate, and limits the application of the proxy re-signature scheme.
Disclosure of Invention
In view of the above-mentioned deficiencies in the prior art, the present invention provides a method for constructing a proxy re-signature scheme supporting a heterogeneous public key system.
A construction method of a proxy re-signature scheme supporting a heterogeneous public key system is characterized by comprising the following steps:
the first step is as follows: RSA key generation;
the second step is that: ElGamal key generation;
the third step: re-signing Key generation (Re-Key);
the fourth step: RSA signature generation;
the fifth step: generating an ElGamal signature;
and a sixth step: re-signing;
the seventh step: ElGamal signature verification.
The detailed steps of the first step RSA key generation are as follows:
(a) the principal Alice randomly generates two large prime numbers p1And q is1
(b) Calculating n ═ p1·q1And Euler function' (n) of n, and deriving a specific function value
Figure GDA0003181639510000021
The euler function is formulated as follows:
’(n)=(p1-1)(q1-1);
(c) the principal Alice randomly selects a random number e,
Figure GDA0003181639510000022
and e with
Figure GDA00031816395100000210
Coprime;
(d) the integer d is calculated out and the integer d,
Figure GDA0003181639510000023
then there is
Figure GDA0003181639510000024
(e) The public key is (n; e) and the private key is d.
The detailed steps of the second step of ElGamal key generation are as follows:
(a) let p be
Figure GDA00031816395100000211
Large prime number, generating element, difficult to solve in the discrete logarithm problem
Figure GDA0003181639510000025
(b) The consignee Bob selects a random number x, wherein x is more than or equal to 1 and less than or equal to p-2;
(c) x is the private key of Bob and the public key is beta ═ alphaxmod p。
The third step of Re-signing Key generation (Re-Key) comprises the following detailed steps:
(a)
Figure GDA0003181639510000026
proxy server random selection
Figure GDA00031816395100000212
And sending the data to Alice;
the consignor Alice calculates w-d mod (p-1) and sends the w-d mod to Bob;
the delegatee Bob calculates w-d + x mod (p-1) and sends the w-d + x mod to the proxy server;
re-signing key
Figure GDA0003181639510000027
(b)
Figure GDA0003181639510000028
Proxy server random selection
Figure GDA00031816395100000213
And sending the data to Alice;
the client Alice calculates the u + d mod (p-1) and sends the u + d mod to the proxy server;
re-signing key
Figure GDA0003181639510000029
The u + d mod (p-1) performs modular operation on the private key of Alice under an RSA public key system, so that the proxy server cannot obtain the real private key of Alice on the premise that the random number u is known;
(c)
Figure GDA0003181639510000038
and
Figure GDA00031816395100000311
proxy server random selection
Figure GDA00031816395100000310
And sent to Bob;
bob randomly selects k 'to be in the range of [1,.. multidot.p-1 ], and k' is not equal to p-1;
calculate y + k' mod (p-1) and αk′mod p and sending to the proxy server;
re-signing key
Figure GDA0003181639510000031
Thus, the re-signing key is
Figure GDA0003181639510000032
The fourth step of RSA signature generation comprises the following detailed steps:
(a) inputting a message m and a private key d of a signer;
(b) calculating SRSA=H(m)d(mod n) wherein
Figure GDA0003181639510000033
σRSA=(m,SRSA) Is a signature on message m.
The detailed steps of the fifth step of ElGamal signature generation are as follows:
(a) inputting a message m and a private key x of a signer Bob;
(b) randomly selecting k,1< k < p-1, and gcd (k, p-1) ═ 1;
(c) calculating alphak(modp);
(d) Computing
Figure GDA0003181639510000034
(e)σRSA=(r,SRSA) Is a signature on message m.
The sixth step of re-signing comprises the following detailed steps:
(a) signature sigma of input truer Alice on message m under RSA public key systemRSA=(m,SRSA) And re-signing key
Figure GDA0003181639510000035
(b) First by calculation
Figure GDA0003181639510000036
Verifying the validity of the signature of the principal Alice;
(c) if the signature is invalid, rejecting; if the signature is valid, performing a re-signature operation:
Figure GDA0003181639510000037
σ'RSA(r',S'RSA) Is the signature under the ElGamal public key system generated by the re-signature algorithm.
Signature σ 'generated by the re-signature algorithm'RSA(r',S'RSA) Signature sigma generated by ElGamal signature algorithmRSA=(r,SRSA) Are structurally identical, wherein
Figure GDA0003181639510000041
Is equivalent to the private key of the trustee Bob, but does not cause the key to be leaked.
The detailed steps of the seventh step of ElGamal signature verification are as follows:
(a) inputting a public key of a signer and a signature of the signer on a message m;
(b) by passing
Figure GDA0003181639510000042
Verifying the signature validity;
(c) if the signature is valid, 1 is output; otherwise, outputting 0;
the RSA signature verification approach is as follows:
Figure GDA0003181639510000043
the ElGamal signature verification method is as follows:
βrrs=αxrαks
=αks+xr
=αH(m)
the re-signature verification mode is as follows:
Figure GDA0003181639510000044
in the steps 1-7, Alice and Bob actually refer to two users involved in the proxy re-signing process, and the specific proxy re-signing means that a semi-trusted third party exists, and the signature of the user Alice for the message M is converted into the signature of the user Bob for the same message M, and the third party cannot obtain the private keys of Alice and Bob, nor perform a signature operation on behalf of Alice or Bob.
The invention has the beneficial effects that:
the invention enables users under different systems to cooperate, and expands the application of the proxy re-signature scheme.
The specific implementation mode is as follows:
example 1:
a construction method of a proxy re-signature scheme supporting a heterogeneous public key system is characterized by comprising the following steps:
the first step is as follows: RSA key generation;
the second step is that: ElGamal key generation;
the third step: re-signing Key generation (Re-Key);
the fourth step: RSA signature generation;
the fifth step: generating an ElGamal signature;
and a sixth step: re-signing;
the seventh step: ElGamal signature verification.
Example 2:
a construction method of a proxy re-signature scheme supporting a heterogeneous public key system is characterized by comprising the following steps:
the first step is as follows: RSA key generation;
the second step is that: ElGamal key generation;
the third step: re-signing Key generation (Re-Key);
the fourth step: RSA signature generation;
the fifth step: generating an ElGamal signature;
and a sixth step: re-signing;
the seventh step: ElGamal signature verification.
The detailed steps of the first step RSA key generation are as follows:
(a) the principal Alice randomly generates two large prime numbers p1And q is1
(b) Calculating n ═ p1·q1And an Euler function of n (n) ═ p1-1)(q1-1) to derive a specific function value
Figure GDA0003181639510000051
(c) The principal Alice randomly selects a random number e, provided that
Figure GDA0003181639510000052
And e with
Figure GDA0003181639510000053
Coprime;
(d) calculate e for
Figure GDA0003181639510000054
The modulo element d of (1) means that there is an integer d, which can make ed be
Figure GDA0003181639510000061
The remainder of the division is 1, and the expression is
Figure GDA0003181639510000062
The detailed steps of the second step of ElGamal key generation are as follows:
(a) let p be
Figure GDA00031816395100000610
Large prime number, generating element, difficult to solve in the discrete logarithm problem
Figure GDA0003181639510000063
(b) The consignee Bob selects a random number x, wherein x is more than or equal to 1 and less than or equal to p-2;
(c) x is the private key of Bob and the public key is beta ═ alphaxmod p。
The third step of Re-signing Key generation (Re-Key) comprises the following detailed steps:
(a)
Figure GDA0003181639510000064
proxy server random selection
Figure GDA00031816395100000611
And sending the data to Alice;
the consignee Alice calculates omega-d mod (p-1) and sends the omega-d mod to Bob;
the delegatee Bob calculates omega-d + x mod (p-1) and sends the omega-d + x mod to the proxy server;
re-signing key
Figure GDA0003181639510000065
(b)
Figure GDA0003181639510000066
Proxy server random selection
Figure GDA00031816395100000612
And sending the data to Alice;
the client Alice calculates the u + d mod (p-1) and sends the u + d mod to the proxy server;
re-signing key
Figure GDA0003181639510000067
The u + d mod (p-1) performs modular operation on the private key of Alice under an RSA public key system, so that the proxy server cannot obtain the real private key of Alice on the premise that the random number u is known;
(c)
Figure GDA00031816395100000613
and
Figure GDA00031816395100000616
proxy server random selection
Figure GDA00031816395100000615
And sent to Bob;
bob randomly selects k 'to be in the range of [1,.. multidot.p-1 ], and k' is not equal to p-1;
calculate y + k' mod (p-1) and αk′mod p and sending to the proxy server;
re-signing key
Figure GDA0003181639510000068
Thus, the re-signing key is
Figure GDA0003181639510000069
The fourth step of RSA signature generation comprises the following detailed steps:
(a) inputting a message m and a private key d of a signer;
(b) alice extracts the message digest of the message m, the expression formula of the digest of the message m commonly used in the field is H (m), and then encrypts the digest H (m) by using the private key d of the Alice to generate a signature SRSASignature SRSAIs a general computational expression in the art as follows:
SRSA=H(m)d(mod n);
wherein
Figure GDA0003181639510000071
σRSA=(m,SRSA) Is a signature on message m.
The detailed steps of the fifth step of ElGamal signature generation are as follows:
(a) inputting a message m and a private key x of a signer Bob;
(b) randomly selecting k,1< k < p-1, and gcd (k, p-1) ═ 1;
(c) calculating alphak(mod p);
(d) Computing
Figure GDA0003181639510000072
(e)σRSA=(r,SRSA) Is a signature on message m.
The sixth step of re-signing comprises the following detailed steps:
(j) signature sigma of input truer Alice on message m under RSA public key systemRSA=(m,SRSA) And re-signing key
Figure GDA0003181639510000073
(k) Bob signs the public key by re-signing the secret key SRSAAnd decrypting to verify the validity of the signature of the Alice of the consignor, wherein a calculation formula for verification is as follows and is a general calculation expression in the field:
Figure GDA0003181639510000074
(l) If the signature is not valid, it is rejected. If the signature is valid, performing a re-signature operation:
Figure GDA0003181639510000075
σ'RSA(r',S'RSA) Is the signature under the ElGamal public key system generated by the re-signature algorithm.
The Alice and Bob in steps 1-7 actually refer to two users involved in the proxy re-signing process, and the specific proxy re-signing means that a semi-trusted third party exists, so that the signature of the user Alice for the message M can be converted into the signature of the user Bob for the same message M, and the third party cannot obtain the private keys of Alice and Bob, or cannot perform signature operation on behalf of Alice or Bob.
Example 3:
a construction method of a proxy re-signature scheme supporting a heterogeneous public key system is characterized by comprising the following steps:
the first step is as follows: RSA key generation;
the second step is that: ElGamal key generation;
the third step: re-signing Key generation (Re-Key);
the fourth step: RSA signature generation;
the fifth step: generating an ElGamal signature;
and a sixth step: re-signing;
the seventh step: ElGamal signature verification.
The detailed steps of the first step RSA key generation are as follows:
(a) the principal Alice randomly generates two large prime numbers p1And q is1
(b) Calculating n ═ p1·q1And an Euler function of n (n) ═ p1-1)(q1-1) to derive a specific function value
Figure GDA0003181639510000081
(c) The principal Alice randomly selects a random number e, provided that
Figure GDA0003181639510000082
And e with
Figure GDA0003181639510000083
Coprime;
(d) calculate e for
Figure GDA0003181639510000089
The modulo element d of (1) means that there is an integer d, which can make ed be
Figure GDA0003181639510000084
The remainder of the division is 1, and the expression is
Figure GDA0003181639510000085
The detailed steps of the second step of ElGamal key generation are as follows:
(a) let p be
Figure GDA00031816395100000810
Large prime number, generating element, difficult to solve in the discrete logarithm problem
Figure GDA0003181639510000086
(b) The consignee Bob selects a random number x, wherein x is more than or equal to 1 and less than or equal to p-2;
(c) x is the private key of Bob and the public key is beta ═ alphaxmod p。
The third step of Re-signing Key generation (Re-Key) comprises the following detailed steps:
(a)
Figure GDA0003181639510000087
proxy server random selection
Figure GDA00031816395100000811
And sending the data to Alice;
the consignor Alice calculates w-d mod (p-1) and sends the w-d mod to Bob;
the delegatee Bob calculates w-d + x mod (p-1) and sends the w-d + x mod to the proxy server;
re-signing key
Figure GDA0003181639510000088
(b)
Figure GDA0003181639510000091
Proxy server random selection
Figure GDA0003181639510000097
And sending the data to Alice;
the client Alice calculates the u + d mod (p-1) and sends the u + d mod to the proxy server;
re-signing key
Figure GDA0003181639510000092
The u + d mod (p-1) performs modular operation on the private key of Alice under an RSA public key system, so that the proxy server cannot obtain the real private key of Alice on the premise that the random number u is known;
(c)
Figure GDA0003181639510000098
and
Figure GDA00031816395100000911
proxy server random selection
Figure GDA00031816395100000910
And sent to Bob;
bob randomly selects k 'to be in the range of [1,.. multidot.p-1 ], and k' is not equal to p-1;
calculate y + k' mod (p-1) and αk′mod p and sending to the proxy server;
re-signing key
Figure GDA0003181639510000093
Thus, the re-signing key is
Figure GDA0003181639510000094
The fourth step of RSA signature generation comprises the following detailed steps:
(a) inputting a message m and a private key d of a signer;
(b) alice extracts the message digest H (m) of the message m, encrypts the digest H (m) by using the private key d of Alice, and generates a signature SRSASignature SRSAIs calculated as follows:
SRSA=H(m)d(mod n);
wherein
Figure GDA0003181639510000095
σRSA=(m,SRSA) Is a signature on message m.
The detailed steps of the fifth step of ElGamal signature generation are as follows:
(a) inputting a message m and a private key x of a signer Bob;
(b) randomly selecting k,1< k < p-1, and gcd (k, p-1) ═ 1;
(c) calculating alphak(modp);
(d) Computing
Figure GDA0003181639510000096
(e)σRSA=(r,SRSA) Is a signature on message m.
The sixth step of re-signing comprises the following detailed steps:
(j) signature sigma of input truer Alice on message m under RSA public key systemRSA=(m,SRSA) And re-signing key
Figure GDA0003181639510000101
(k) Bob signs the public key by re-signing the secret key SRSAAnd decrypting to verify the validity of the Alice signature of the consignor, wherein the calculation formula of the verification is as follows:
Figure GDA0003181639510000102
(l) If the signature is not valid, it is rejected. If the signature is valid, performing a re-signature operation:
Figure GDA0003181639510000103
σ'RSA(r',S'RSA) Is the signature under the ElGamal public key system generated by the re-signature algorithm.
Further, the signature σ 'generated by the re-signing algorithm'RSA(r',S'RSA) Signature sigma generated by ElGamal signature algorithmRSA=(r,SRSA) Are structurally identical, wherein
Figure GDA0003181639510000104
Is equivalent toThe private key of the delegator Bob, but the key cannot be leaked.
The detailed steps of the seventh step of ElGamal signature verification are as follows:
(a) inputting a public key of a signer and a signature of the signer on a message m;
(b) the signature validity is verified by the following calculation:
Figure GDA0003181639510000105
(c) if the signature is valid, 1 is output; otherwise, outputting 0;
the RSA signature verification approach is as follows:
Figure GDA0003181639510000106
the ElGamal signature verification method is as follows:
βrrs=αxrαks
=αks+xr
=αH(m)
the re-signature verification method is that, in verification, S in step 7 is substituted firstRSAR, then from the expression value of the equivalence equation pair in step 4
Figure GDA0003181639510000107
Making substitutions to arrive at the final computational expression and result, i.e.
Figure GDA0003181639510000111
The Alice and Bob in steps 1-7 actually refer to two users involved in the proxy re-signing process, and the specific proxy re-signing means that a semi-trusted third party exists, so that the signature of the user Alice for the message M can be converted into the signature of the user Bob for the same message M, and the third party cannot obtain the private keys of Alice and Bob, or cannot perform signature operation on behalf of Alice or Bob.

Claims (2)

1. A construction method of a proxy re-signature scheme supporting a heterogeneous public key system is characterized by comprising the following steps:
the first step is as follows: RSA key generation;
the second step is that: ElGamal key generation;
the third step: re-signing Key generation (Re-Key);
the fourth step: RSA signature generation;
the fifth step: generating an ElGamal signature;
and a sixth step: re-signing;
the seventh step: ElGamal signature verification;
the detailed steps of the first step RSA key generation are as follows:
(a) the principal Alice randomly generates two large prime numbers p1And q is1
(b) Calculating n ═ p1·q1And Euler function' (n) of n, and deriving a specific function value
Figure FDA0003181639500000011
The euler function is formulated as follows:
’(n)=(p1-1)(q1-1);
(c) the principal Alice randomly selects a random number e,
Figure FDA0003181639500000012
and e with
Figure FDA0003181639500000013
Coprime;
(d) the integer d is calculated out and the integer d,
Figure FDA0003181639500000014
then there is
Figure FDA0003181639500000015
(e) The public key is (n; e), and the private key is d;
the detailed steps of the second step of ElGamal key generation are as follows:
(a) let p be
Figure FDA0003181639500000016
Large prime number, generating element, difficult to solve in the discrete logarithm problem
Figure FDA0003181639500000017
(b) The consignee Bob selects a random number x, wherein x is more than or equal to 1 and less than or equal to p-2;
(c) x is the private key of Bob and the public key is beta ═ alphax mod p;
The third step of Re-signing Key generation (Re-Key) comprises the following detailed steps:
(a)
Figure FDA0003181639500000018
proxy server random selection
Figure FDA0003181639500000019
And sending the data to Alice;
the consignor Alice calculates w-d mod (p-1) and sends the w-d mod to Bob;
the delegatee Bob calculates w-d + x mod (p-1) and sends the w-d + x mod to the proxy server;
re-signing key
Figure FDA00031816395000000110
(b)
Figure FDA0003181639500000021
Proxy server random selection
Figure FDA0003181639500000022
And sending the data to Alice;
the client Alice calculates the u + d mod (p-1) and sends the u + d mod to the proxy server;
re-signing key
Figure FDA0003181639500000023
The u + d mod (p-1) performs modular operation on the private key of Alice under an RSA public key system, so that the proxy server cannot obtain the real private key of Alice on the premise that the random number u is known;
(c)
Figure FDA0003181639500000024
and
Figure FDA0003181639500000025
proxy server random selection
Figure FDA0003181639500000026
And sent to Bob;
bob randomly selects k 'to be in the range of [1,.. multidot.p-1 ], and k' is not equal to p-1;
calculate y + k' mod (p-1) and αk′mod p and sending to the proxy server;
re-signing key
Figure FDA0003181639500000027
Thus, the re-signing key is
Figure FDA0003181639500000028
The fourth step of RSA signature generation comprises the following detailed steps:
(a) inputting a message m and a private key d of a signer;
(b) calculating SRSA=H(m)d(mod n), where H (·):
Figure FDA0003181639500000029
σRSA=(m,SRSA) Is a signature on message m;
the detailed steps of the fifth step of ElGamal signature generation are as follows:
(a) inputting a message m and a private key x of a signer Bob;
(b) randomly selecting k,1< k < p-1, and gcd (k, p-1) ═ 1;
(c) calculating alphak(mod p);
(d) Computing
Figure FDA00031816395000000210
(e)σRSA=(r,SRSA) Is a signature on message m;
the sixth step of re-signing comprises the following detailed steps:
(a) signature sigma of input truer Alice on message m under RSA public key systemRSA=(m,SRSA) And re-signing key
Figure FDA00031816395000000211
(b) First by calculation
Figure FDA0003181639500000031
Verifying the validity of the signature of the principal Alice;
(c) if the signature is invalid, rejecting; if the signature is valid, performing a re-signature operation:
Figure FDA0003181639500000032
σ'RSA(r',S'RSA) The signature is generated by a re-signature algorithm under an ElGamal public key system;
signature σ 'generated by the re-signature algorithm'RSA(r',S'RSA) Signature sigma generated by ElGamal signature algorithmRSA=(r,SRSA) Are structurally identical, wherein
Figure FDA0003181639500000033
The key is equivalent to the private key of the consignee Bob, but the key cannot be leaked;
the detailed steps of the seventh step of ElGamal signature verification are as follows:
(a) inputting a public key of a signer and a signature of the signer on a message m;
(b) by passing
Figure FDA0003181639500000034
Verifying the signature validity;
(c) if the signature is valid, 1 is output; otherwise, outputting 0;
the RSA signature verification approach is as follows:
Figure FDA0003181639500000035
the ElGamal signature verification method is as follows:
βrrs=αxrαks
=αks+xr
=αH(m)
the re-signature verification mode is as follows:
Figure FDA0003181639500000036
2. the method for constructing a proxy re-signing scheme supporting heterogeneous public key systems according to claim 1, wherein: in the steps 1-7, Alice and Bob actually refer to two users involved in the proxy re-signing process, and the specific proxy re-signing means that a semi-trusted third party exists, and the signature of the user Alice for the message M is converted into the signature of the user Bob for the same message M, and the third party cannot obtain the private keys of Alice and Bob, nor perform a signature operation on behalf of Alice or Bob.
CN201910879330.5A 2019-09-18 2019-09-18 Construction method of proxy re-signature scheme supporting heterogeneous public key system Active CN110677243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910879330.5A CN110677243B (en) 2019-09-18 2019-09-18 Construction method of proxy re-signature scheme supporting heterogeneous public key system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910879330.5A CN110677243B (en) 2019-09-18 2019-09-18 Construction method of proxy re-signature scheme supporting heterogeneous public key system

Publications (2)

Publication Number Publication Date
CN110677243A CN110677243A (en) 2020-01-10
CN110677243B true CN110677243B (en) 2021-12-03

Family

ID=69076707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910879330.5A Active CN110677243B (en) 2019-09-18 2019-09-18 Construction method of proxy re-signature scheme supporting heterogeneous public key system

Country Status (1)

Country Link
CN (1) CN110677243B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314087B (en) * 2020-02-11 2023-04-07 南京信息工程大学 Electronic file front-end control method based on proxy re-signature
CN112995194A (en) * 2021-03-17 2021-06-18 黑龙江恒讯科技有限公司 Digital certificate authentication method based on iris recognition
CN113347009B (en) * 2021-08-05 2022-01-07 成都飞机工业(集团)有限责任公司 Certificateless threshold signcryption method based on elliptic curve cryptosystem

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109560926A (en) * 2018-11-19 2019-04-02 如般量子科技有限公司 Anti- quantum calculation Proxy Digital Signature method, signature system and computer equipment based on unsymmetrical key pond
CN109617700A (en) * 2019-01-21 2019-04-12 电子科技大学 Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method
CN109861826A (en) * 2019-02-18 2019-06-07 郑州师范学院 A kind of implementation method that bi-directional proxy is signed again and device
CN109902483A (en) * 2019-01-10 2019-06-18 如般量子科技有限公司 Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109560926A (en) * 2018-11-19 2019-04-02 如般量子科技有限公司 Anti- quantum calculation Proxy Digital Signature method, signature system and computer equipment based on unsymmetrical key pond
CN109902483A (en) * 2019-01-10 2019-06-18 如般量子科技有限公司 Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys
CN109617700A (en) * 2019-01-21 2019-04-12 电子科技大学 Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method
CN109861826A (en) * 2019-02-18 2019-06-07 郑州师范学院 A kind of implementation method that bi-directional proxy is signed again and device

Also Published As

Publication number Publication date
CN110677243A (en) 2020-01-10

Similar Documents

Publication Publication Date Title
CA2806357C (en) Authenticated encryption for digital signatures with message recovery
Hofheinz et al. Practical chosen ciphertext secure encryption from factoring
CA2808701C (en) Authenticated encryption for digital signatures with message recovery
CA2768861C (en) Incorporating data into ecdsa signature component
CN110677243B (en) Construction method of proxy re-signature scheme supporting heterogeneous public key system
CN106936584B (en) Method for constructing certificateless public key cryptosystem
Hofheinz et al. Practical chosen ciphertext secure encryption from factoring
Islam et al. Certificateless strong designated verifier multisignature scheme using bilinear pairings
Raghunandan et al. Comparative analysis of encryption and decryption techniques using mersenne prime numbers and phony modulus to avoid factorization attack of RSA
Kaya et al. Robust threshold schemes based on the Chinese remainder theorem
Yang et al. On-line/off-line threshold proxy re-signature scheme through the simulation approach
Sadkhan et al. Analysis of Different Types of Digital Signature
Sarde et al. Strong designated verifier signature scheme based on discrete logarithm problem
Yang et al. An efficient CCA-secure cryptosystem over ideal lattices from identity-based encryption
Wang et al. A threshold undeniable signature scheme without a trusted party
Asbullah et al. A proposed CCA-secure encryption on an ElGamal variant
Yuen et al. (Convertible) undeniable signatures without random oracles
Liu et al. A remote anonymous attestation protocol in trusted computing
Tripathi et al. Cryptographic keys generation using identity
Blackburn et al. Certification of secure RSA keys
Xie et al. Improvement of provably secure self-certified proxy convertible authenticated encryption scheme
Dong et al. A Certificateless Signature Scheme Based on Quadratic Residues
Sabitha et al. Survey on Asymmetric Key Cryptographic Algorithms
Arshad et al. A novel convertible authenticated encryption scheme based on RSA assumption
Tao et al. Multivariate threshold group signature scheme withstanding conspiracy attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant