CN111030809B - Attribute-based signature system on lattice capable of supporting LSSS matrix - Google Patents
Attribute-based signature system on lattice capable of supporting LSSS matrix Download PDFInfo
- Publication number
- CN111030809B CN111030809B CN201911196611.7A CN201911196611A CN111030809B CN 111030809 B CN111030809 B CN 111030809B CN 201911196611 A CN201911196611 A CN 201911196611A CN 111030809 B CN111030809 B CN 111030809B
- Authority
- CN
- China
- Prior art keywords
- signature
- attribute
- matrix
- signer
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a lattice based attribute signature method capable of supporting an LSSS matrix, which is characterized in that a security parameter lambda is input into a system, a private key generation center PKG generates a system public parameter PK and a system master key MK, the public parameter PK is disclosed, and the master key MK is stored by the PKG; the signer inputs public parameters PK, a master key MK and an access structure T, generates a signature private key SK associated with the access structure T, and sends the signature private key to the signer through a secure channel; inputting public parameters PK, a message space sigma to be signed, a signature key SK, a signer attribute set W and an output attribute set W, wherein the signer of the access structure T can sign sigma of a message M; and inputting the signature sigma to be verified, the signed message space sigma and the signer attribute set W, judging whether the attribute set W is truly and effectively output for the signature of the message M, outputting 1 if yes, and outputting 0 if no. The private key in the KP-LABS algorithm adopted by the invention is related to the access structure, the signature is related to the signer attribute set, and the authority control of the data owner on the visitor is easier to realize; by adopting the linear secret sharing structure access structure, the attribute of the visitor can be described in a fine granularity mode, and the access authority can be flexibly controlled.
Description
Technical Field
The invention relates to a lattice based attribute signature system capable of supporting an LSSS matrix, which can resist quantum attack and realize the most flexible access structure of a Linear Secret Sharing Structure (LSSS), and belongs to the field of cryptography security.
Background
In 2008, maji et al put forward an ABS scheme for the first time, and discussed in detail the concept of ABS, that is, a signer obtains a signing key from an attribute authority, and after verifying that an attribute set of the signer satisfies an access structure, a message can be signed, which is secure only under a general group model. ABS can be classified into two types according to access policies, namely signature policy ABS (signature police attribute based signature, SPABS for short) and key policy ABS (key police attribute based signature, KPABS for short). In the SPABS, signing keys are generated from the property sets, and signing the message is done by the access structure satisfied by the property sets. In KPABS, the signing key is generated from the access structure and signing the message is done by the set of attributes that satisfy the access structure.
In 2009 Shahandashti et al proposed an ABS scheme that only supports a threshold access structure under a selection model, and if the intersection of the attribute set of the signer and the attribute set of the verifier reaches the threshold of the system, the verifier can check whether the signature is legal. In 2011, ge and the like propose an ABS scheme supporting only a threshold access structure in the decimal field, the decimal field refers to that a general attribute set is fixed after a system is established, the signature length of the scheme is irrelevant to the number of attributes, the fixed signature length is realized, and the verification process only needs three pairing operations, so that the calculation cost and the communication cost are low. In 2012, herranz et al proposed ABS schemes supporting only a threshold access structure in a large number of fields, which means that the generic set of properties can be dynamically changed after the system is established, which also realizes a fixed signature length. Rao et al propose ABS schemes supporting LSSS matrix in fractional and large number fields, respectively, in 2014 and 2016, and extend the threshold access structure, thereby realizing more flexible access control. So far, attribute-based signature schemes have achieved flexible access control, but all the attribute signature schemes are based on bilinear pair construction, the construction process not only involves complex mathematical operations, but also cannot resist attack of quantum computers with development of quantum technology. Thus, a lattice-based signature scheme has received great attention.
In 2008 Gentry and Peikert et al define a trapdoor one-way function based on SIS problems, and construct an identity-based encryption scheme that can prove security under a random predictive model and a signature scheme that can prove security under a random predictive model accordingly. Gordon et al in 2010 constructed a first lattice-based group signature scheme and Jiang et al in the same year constructed a lattice-based proxy signature scheme using bonsai trees. The identity-based signature scheme on the 2011 grid is proposed, and then the certificate-free signature and the blind signature scheme on the grid appear successively. Mao Xianping et al used a bonsai tree model in 2014 to construct a grid attribute signature scheme that supports and gate signature policies and satisfies the non-counterfeitable existence of selective access structures and static selective message attacks. In the same year, wang et al propose an attribute signature scheme supporting a threshold policy on a grid that also achieves the existence of non-counterfeitability for selective access structures and static selective message attacks in a standard model with a small integer number of hardness of solving the problem. In 2016, xie and Xiang et al have proposed a grid-based attribute signature scheme, respectively. 2018 Shang Haiting et al propose a lattice-based attribute signcryption scheme that satisfies the selective access structure and the existence of non-counterfeitability of selective message attacks. Most of these signatures rely on small integers in the lattice to solve the difficult problem. None of these signature schemes implement a linear secret sharing (LSSS) access structure.
Disclosure of Invention
The invention aims to: in order to overcome the defects of the prior art, the invention provides an attribute signature system based on a lattice cryptosystem, which can resist quantum attack and realize a linear secret sharing (LSSS) access structure.
The technical scheme is as follows: a lattice based attribute signature system capable of supporting LSSS matrix, which comprises a system initialization module, a private key generation module, a signature module and a signature verification module:
system initialization module (1): the system inputs a security parameter lambda, a private key generation center PKG generates a system public parameter PK and a system master key MK, the public parameter PK is disclosed, and the master key MK is stored by the PKG;
private key generation module (2): the signer inputs public parameters PK, a master key MK and an access structure T, generates a signature private key SK associated with the access structure T, and sends the signature private key to the signer through a secure channel;
signature module (3): inputting public parameters PK, a message space sigma to be signed, a signature key SK, a signer attribute set W and an output attribute set W, wherein the signer of the access structure T signs e of a message M;
signature verification module (4): and inputting the signature e to be verified, the signed message space sigma and the signer attribute set W, judging whether the attribute set W is truly and effectively output the signature of the message M, outputting 1 if yes, and outputting 0 if no.
The system is based on a grid attribute-based signature algorithm of a key policy.
The access structure T adopts a linear secret sharing structure as the access structure.
The specific method for initializing the system initialization module (1) comprises the following steps:
input of security parameter lambda, all attributesSet u= { attr 1 ,...,attr l The total number of attributes in the attribute corpus is l, the message size is k, and the system public parameter PK and the master key MK are generated, which comprises the following specific steps:
(1) For each attribute i in the attribute set U, the TrapGen (q, m) algorithm is first run to generate an approximately random matrix A i ∈Z q n*m Sum lambda q ⊥ (A i ) Full rank short basisWherein->
(2) Selecting an approximately random matrix A 0 ∈Z q n×m ;
(3) For each (a, i) ∈ {0,1} × [ k ]]Randomly selecting a matrix C with uniform distribution i (a) ∈Z q n×m ;
The final ream pk= ({ a) i ∈Z q n×m } i∈[l] ,A 0 ∈Z q n×m ,{C i (a) } (a,i)∈[0,1]×[k] );
The specific method for generating the signature private key SK by the private key generation module (2) comprises the following steps:
the method comprises the following steps of inputting public parameters PK, a master key MK and an access structure T, and generating a corresponding private key for a user:
(1) Linear secret sharing matrix L epsilon Z for converting access structure T into low norm l×(1+θ) The ith row of the matrix corresponds to the ith attribute in the z-attribute set U, where i ε [ l ]],L∈Z l×(1+θ) Column j e [0, θ ]]Numbering starts from 0 to θ, each column being an access structure L ε Z l*(1+θ) Wherein θ.ltoreq.l;
(2) Construction matrix Z 0 =Diag(A i ) i∈l ∈Z q ln×lm From l "submatrices" A of order n x m i (i ε l) is constructed as follows:
obtaining a base
(3) For each j E [ theta ]]Randomly selecting an n-m order matrix V j ∈Z q n×m The method comprises the steps of carrying out a first treatment on the surface of the Constructing a matrix Z 1 ∈Z ln ×(1+θ)m The "submatrices" of order l× (1+θ) are composed as follows:
L=(l i,j ) i∈[l],j∈[1+θ] each row in the secret sharing scheme corresponds to one attribute in U through a mapping function rho in the secret sharing scheme; each attribute number i appears only once in the ith row;
(5)Is lambda q ⊥ (Z 0 ) Is executed by the algorithm ExtendBasis (T Z0 M) to obtain Λ q ⊥ The radical T 'of (M)' M ∈Z (l +1+θ)m×(l+1+θ)m Wherein->
The signature private key is as follows: sk=t M ∈Z (l+1+θ)m×(l+1+θ)m 。
The specific method for generating the signature e in the signature module (3) comprises the following steps:
the attribute set owned by the signer is w= {1, … l' }, message m= (μ) 1 ,...,μ k )∈{0,1} k Signing, wherein at least one subset of the signer attributes satisfies an access matrix l= (L) i,j ) i∈[l],j∈[1+θ] The correct signature can be obtained, and the specific steps are as follows:
(1) Finding out that the access matrix L epsilon Z is satisfied in the attribute set w= {1, … L' } of the signer l*(1+θ) Is set asAt the same time a vector g (1 row +.>Column) satisfies g T ·L=[1,0…0];/>
(2) Construction matrix M' = [ g ] 1 A 1 ||g 2 A 2 ||···g l A l ||A 0 ||0Z 1 ||···0Z θ ]Taking the non-zero block column in M' to obtainThe row and column corresponding lower marks which do not meet the non-zero block column in M' are recorded from T M Delete the corresponding subscript to obtainTo T' M ;
(3) Definition of the definitionThe procedure is followed to obtain->Of (2) are at the radical T' F : structure->Wherein [1 ]]Is m×m order identity matrix, and can be obtained by removing the diagonal blocks with zero in GCalculate T' F =G′T″ M Obtain->Of (2) are at the radical T' F ;
(6) Using the algorithm SampleGaussian (T F Sigma) to obtain signature e Z m′ Where f·e=0 (modq),here the e statistical distribution is close to +.>
The signature finally generated is: e E Z m′ 。
The signature verification module (4) performs signature verification by the following specific method:
If F.e=0 (modq), andthen the signature verification returns correctly to 1, otherwise returns to null.
The correctness of the step (2) in the specific signature verification method proves that: according to the algorithm SampleGaussian (T F Sigma) and ExtendBasis (T) F 'F) it can be seen that if we can prove F'. T F ' 0, f.e=0 (mod q),
the specific proving steps are as follows:
2) Because M.T M =0, so M' ·t M =0, it can be seen that M ". T M =0;
3) Then, it can be seen that
The correctness is verified.
The beneficial effects are that: compared with the prior art, the method for signing on the lattice based on the attribute of the LSSS matrix has the following advantages:
1. the signature module of the invention uses a signature technology based on attributes, and is suitable for the many-to-many access control by using the related attributes of the user as the basis of whether the signature is effective or not;
2. the KP-LABS adopted by the invention refers to a grid attribute signature algorithm (Key-Policy ABS, KP-LABS) based on a Key strategy, wherein a private Key in the algorithm is related to an access structure, a signature is related to a signer attribute set, and the authority control of a data owner on a visitor is easier to realize;
3. the invention adopts a Linear Secret Sharing Structure (LSSS) access structure, can realize the fine-granularity description of the attribute of the visitor and flexibly control the access authority.
Drawings
FIG. 1 is a flow chart of signing based on an attribute signing system on a grid supporting an LSSS matrix provided by the present invention;
fig. 2 is a diagram of a system model in a blockchain EHRs store.
Detailed Description
The technical scheme of the invention is further described below with reference to the accompanying drawings.
Examples:
in a healthcare blockchain, only the data owner (patient) can create and manage his/her own Electronic Health Record (EHRs) data. The data owner uploads EHRs data to the interplanetary file system (IPFS) while broadcasting the IPFS back to the blockchain after its unique cryptographic hash value signature. The invention discloses a lattice based attribute signature system capable of supporting an LSSS matrix, which comprises a system initialization module 1, a private key generation module 2, a signature module 3 and a signature verification module 4; in the system, doctors, researchers, insurance companies and the like are taken as data users (users) and need to verify the authenticity and validity of the data, through the signature scheme of the invention, the users can verify the validity of the data and can not know the authenticity of the data owners, and after verifying that the signature is correct, the users can obtain the file positions stored in the IPFS and can request the IPFS to obtain the corresponding files. In the present system, the data users cannot modify the HERs data on the blockchain and broadcast data related to the EHRs to the blockchain. The invention will now be described in further detail with reference to fig. 1.
Step 1: the system initialization module 1 initializes a private key generation center PKG, and in the scheme, an attribute domain U= { attr 1 ,...,attr l The method comprises the following steps of (1) inputting a security parameter lambda to generate a system public parameter PK and a master key MK, wherein the security parameter lambda is the total number of attributes in the attribute corpus, and the total number of attributes in the attribute corpus is l:
(1) For each attribute i in the attribute set U, the TrapGen (q, m) algorithm is first run to generate an approximately random matrix A i ∈Z q n*m Sum lambda q ⊥ (A i ) Full rank short basisWherein the method comprises the steps of
(2) Selecting an approximately random matrix A 0 ∈Z q n×m 。
(3) For each (a, i) ∈ {0,1} × [ k ]]Randomly selecting a matrix C with uniform distribution i (a) ∈Z q n×m 。
(4) The output system public parameters and the system master key are as follows:
PK=({A i ∈Z q n×m } i∈[l] ,A 0 ∈Z q n×m ,{C i (a) } (a,i)∈[0,1]×[k] )
step 2: the data owner and the user register in a private key generation center PKG, the PKG judges whether the identity of the user is legal, if the identity of the user is legal, a public parameter PK, a master key MK and an access structure T are input, and the private key generation module 2 generates a corresponding private key SK for the data owner and the user and transmits the corresponding private key SK to the data owner and the user through a secure channel, wherein the method comprises the following detailed steps of:
(1) Converting the access structure T into a low norm, preferably a deterministic linear span scheme matrix L E Z l×(1+θ) The ith row of the matrix corresponds to the ith attribute in attribute set U, where i ε l]。L∈Z l×(1+θ) Column j e [0, θ ]]Numbering starts from 0 to θ, each column being an access structure L ε Z l*(1+θ) Wherein θ.ltoreq.l.
(2) Construction matrix Z 0 =Diag(A i ) i∈l ∈Z q ln×lm From l "submatrices" A of order n x m i (i ε l) is constructed as follows:
(3) For each j E [ theta ]]Randomly selecting an n-m order matrix V j ∈Z q n×m . Constructing a matrix Z 1 ∈Z ln ×(1+θ)m By accessing the matrix l= (L) by l× (1+θ) n×m order "submatrices = (L) i,j ) i∈[l],j∈[1+θ] The composition is as follows:
L=(l i,j ) i∈[l],j∈[1+θ] corresponds to one of the attributes in U through a mapping function p in the secret sharing scheme. In this section we assume that for simplicity each attribute (number i) appears only once (line i) such that the mapping function ρ is an identity function.
(5) From step 2- (2)Is lambda q ⊥ (Z 0 ) Is executed by the algorithm ExtendBasis (T Z0 M) to obtain a matrix M epsilon Z ln×(l+1+θ)m Of (2) are at the radical T' M ∈Z (l+1+θ)m×(l+1+θ)m Wherein->
(6) The algorithm randbisis (T' M δ), yielding Λ q ⊥ Base T of (M) M Wherein
The final PKG will sign private key sk=t M ∈Z (l+1+θ)m×(l+1+θ)m And sent to data owners and users through secure channels.
Step 3: the data owner stores the file (EHRs record) in an interstellar file system (IPFS), which returns to the location of the data owner file (corresponding unique cryptographic hash string).
Step 4: the unique encryption hash character string is placed on a transaction list of a blockchain by a data owner, the transaction list is signed by a signature private key distributed by PKG, the signed blockchain transaction list is uploaded to the blockchain, the audit trail of all transactions in the invariable distributed ledger can be ensured by using the blockchain technology, the credibility of EHRs can be ensured, and the detailed steps for generating a signature e in the signature module 3 are as follows:
(1) Finding out that the access matrix L E Z is satisfied in the attribute set w= {1, … L' } of the data owner l*(1+θ) Is set asAt the same time a vector g (1 row +.>Columns), satisfy
(2) Construction matrix M' = [ g ] 1 A 1 ||g 2 A 2 ||···g l A l ||A 0 ||0Z 1 ||···0Z θ ]Taking the non-zero block column in M' to obtainFrom T, the same subscript corresponding to the rows and columns in M' that do not satisfy the non-zero block column M Deleted to obtain T M 。
structure of the device(wherein [1 ]]An m×m order identity matrix), the diagonal block of zero in G is removed to obtain +.>Calculate T' F =G′T″ M Obtain->Of (2) are at the radical T' F 。
(6) Using the algorithm SampleGaussian (T F Sigma) to obtain signature e Z m′ Thus there is F.e=0 (modq), where there is
Finally, the data owner signs the transaction ticket containing the file location on the IPFS and then uploads it to the blockchain.
Step 5: the user wants to obtain the data, firstly verifies the correctness of the signature of the transaction list containing the file position on the IPFS on the blockchain, and judges the validity and validity of the file stored on the IPFS by the data owner according to the correctness of the signature, and the signature verification module 4 performs the following detailed steps:
(1) Construction matrix F "= [ a 1 ||A 2 ||···A |W| ||A 0 ]。
If F.e=0 (modq), andthen the signature verification is correct, i.e. the file stored on the IPFS by the data owner is valid and valid, the user canFor use.
Step 6: the user requests the corresponding file from the IPFS through the file location on the blockchain transaction ticket.
Step 7: the IPFS returns the file for the corresponding location to the user.
Claims (5)
1. A lattice based attribute signature system capable of supporting LSSS matrices, characterized by: the system comprises a system initialization module, a private key generation module, a signature module and a signature verification module:
system initialization module (1): the system inputs a security parameter lambda, a private key generation center PKG generates a system public parameter PK and a system master key MK, the public parameter PK is disclosed, and the master key MK is stored by the PKG;
private key generation module (2): the signer inputs public parameters PK, a master key MK and an access structure T, generates a signature private key SK associated with the access structure T, and sends the signature private key to the signer through a secure channel;
signature module (3): inputting public parameters PK, a message space sigma to be signed, a signature key SK, a signer attribute set W and an output attribute set W, wherein the signer of the access structure T signs e of a message M;
signature verification module (4): inputting a signature e to be verified, a signature message space sigma and a signer attribute set W, judging whether the attribute set W really and effectively outputs the signature of the message M, if so, outputting 1, otherwise, outputting 0;
the specific method for initializing the system initialization module (1) comprises the following steps:
inputting a security parameter lambda, and a property corpus U= { attr 1 ,...,attr l The total number of attributes in the attribute corpus is l, the message size is k, and the system public parameter PK and the master key MK are generated, which comprises the following specific steps:
(11) For each attribute i in the attribute set U, the TrapGen (q, m) algorithm is first run to generate an approximately random matrix A i ∈Z q n*m Sum lambda q ⊥ (A i ) Full rank short basisWherein->
(12) Selecting an approximately random matrix A 0 ∈Z q n×m ;
(13) For each (a, i) ∈ {0,1} × [ k ]]Randomly selecting a matrix C with uniform distribution i (a) ∈Z q n×m ;
The final ream pk= ({ a) i ∈Z q n×m } i∈[l] ,A 0 ∈Z q n×m ,{C i (a) } (a,i)∈[0,1]×[k] );
Let msk= ({ T Ai ∈Z m*m } i∈[l] );
The specific method for generating the signature private key SK by the private key generation module (2) comprises the following steps:
the method comprises the following steps of inputting public parameters PK, a master key MK and an access structure T, and generating a corresponding private key for a user:
(21) Linear secret sharing matrix L epsilon Z for converting access structure T into low norm l×(1+θ) The ith row of the matrix corresponds to the ith attribute in the z-attribute set U, where i ε [ l ]],L∈Z l×(1+θ) Column j e [0, θ ]]Numbering starts from 0 to θ, each column being an access structure L ε Z l*(1+θ) Wherein θ.ltoreq.l;
(22) Construction matrix Z 0 =Diag(A i ) i∈l ∈Z q ln×lm From l "submatrices" A of order n x m i (i ε l) is constructed as follows:
obtaining a base
(23) For each j E [ theta ]]Randomly selecting an n-m order matrix V j ∈Z q n×m The method comprises the steps of carrying out a first treatment on the surface of the Constructing a matrix Z 1 ∈Z ln ×(1+θ)m The "submatrices" of order l× (1+θ) are composed as follows:
L=(l i,j ) i∈[l],j∈[1+θ] each row in the secret sharing scheme corresponds to one attribute in U through a mapping function rho in the secret sharing scheme; each attribute number i appears only once in the ith row;
(25)T Z0 Is lambda q ⊥ (Z 0 ) Is executed by the algorithm ExtendBasis (T Z0 M) to obtain Λ q ⊥ The radical T 'of (M)' M ∈Z (l +1+θ)m×(l+1+θ)m Wherein
The signature private key is as follows: sk=t M ∈Z (l+1+θ)m×(l+1+θ)m 。
2. The lattice based attribute signature system of claim 1, wherein the system supports LSSS matrices: the system is based on a grid attribute-based signature algorithm of a key policy.
3. The lattice based attribute signature system of claim 1, wherein the system supports LSSS matrices: the access structure T adopts a linear secret sharing structure as the access structure.
4. The lattice based attribute signature system of claim 1, wherein the system supports LSSS matrices: the specific method for generating the signature e in the signature module (3) comprises the following steps:
the attribute set owned by the signer is w= {1, … l' }, message m= (μ) 1 ,...,μ k )∈{0,1} k Signing, wherein at least one subset of the signer attributes satisfies an access matrix l= (L) i,j ) i∈[l],j∈[1+θ] The correct signature can be obtained, and the specific steps are as follows:
(31) Finding out that the access matrix L epsilon Z is satisfied in the attribute set w= {1, … L' } of the signer l*(1+θ) Is set asSimultaneously select a 1 row +.>Vector g of column, satisfy g T ·L=[1,0…0];/>
(32) Construction matrix M' = [ g ] 1 A 1 ||g 2 A 2 ||···g l A l ||A 0 ||0Z 1 ||···0Z θ ]Taking the non-zero block column in M' to obtainThe row and column corresponding lower marks which do not meet the non-zero block column in M' are recorded from T M Deleting the corresponding subscript to obtain T M ;
(33) Definition of the definitionThe procedure is followed to obtain->Of (2) are at the radical T' F :
Structure of the deviceWherein [1 ]]Is m×m order identity matrix, and the diagonal block of zero in G is removed to obtain +.>Calculate T' F =G′T″ M Obtain->Of (2) are at the radical T' F ;
5. The system for on-grid based attribute-based signature supporting LSSS matrix according to claim 1, wherein said signature verification module (4) performs signature verification by:
(41) Construction matrix F "= [ a 1 ||A 2 ||···A |W| ||A 0 ]
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911196611.7A CN111030809B (en) | 2019-11-28 | 2019-11-28 | Attribute-based signature system on lattice capable of supporting LSSS matrix |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911196611.7A CN111030809B (en) | 2019-11-28 | 2019-11-28 | Attribute-based signature system on lattice capable of supporting LSSS matrix |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111030809A CN111030809A (en) | 2020-04-17 |
CN111030809B true CN111030809B (en) | 2023-04-21 |
Family
ID=70207035
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911196611.7A Active CN111030809B (en) | 2019-11-28 | 2019-11-28 | Attribute-based signature system on lattice capable of supporting LSSS matrix |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111030809B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112260830B (en) * | 2020-10-21 | 2021-11-19 | 青海交通职业技术学院 | Certificateless threshold signcryption method under secret sharing mechanism |
CN112769571A (en) * | 2020-12-25 | 2021-05-07 | 珠海格力电器股份有限公司 | Constant-length lattice group signature method and device, storage medium and electronic device |
CN112769575B (en) * | 2020-12-28 | 2021-11-26 | 中国科学院信息工程研究所 | Blind signature method based on rank distance coding |
CN113852458A (en) * | 2021-03-25 | 2021-12-28 | 天翼智慧家庭科技有限公司 | Multi-authority attribute-based signature method supporting circuit structure |
CN113271200A (en) * | 2021-05-26 | 2021-08-17 | 陕西理工大学 | Lattice attribute signature method for resisting quantum attack |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141419A (en) * | 2015-07-27 | 2015-12-09 | 北京航空航天大学 | Attribute-based signature method and attribute-based signature system in large attribute universe |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106533699B (en) * | 2017-01-05 | 2019-12-17 | 河南理工大学 | Identity-based blind signature method on lower lattice of standard model |
CN110138543B (en) * | 2019-04-24 | 2022-07-22 | 西安邮电大学 | Blind signcryption method under lattice public key cryptosystem |
-
2019
- 2019-11-28 CN CN201911196611.7A patent/CN111030809B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141419A (en) * | 2015-07-27 | 2015-12-09 | 北京航空航天大学 | Attribute-based signature method and attribute-based signature system in large attribute universe |
Also Published As
Publication number | Publication date |
---|---|
CN111030809A (en) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111030809B (en) | Attribute-based signature system on lattice capable of supporting LSSS matrix | |
Maffei et al. | Privacy and access control for outsourced personal records | |
Liu et al. | Certificateless signcryption scheme in the standard model | |
JP5130318B2 (en) | Certificate-based encryption and public key structure infrastructure | |
Li et al. | Digital provenance: Enabling secure data forensics in cloud computing | |
Sun et al. | Outsourced decentralized multi-authority attribute based signature and its application in IoT | |
WO2005078991A1 (en) | A method of multi- centric identity-based key management | |
Peng et al. | Efficient, dynamic and identity-based remote data integrity checking for multiple replicas | |
Fan et al. | On indistinguishability in remote data integrity checking | |
CN106487786B (en) | Cloud data integrity verification method and system based on biological characteristics | |
KR101404642B1 (en) | System and method for lattice-based certificateless signature | |
Xu et al. | Accountable ring signatures: A smart card approach | |
Ishida et al. | CCA-secure revocable identity-based encryption schemes with decryption key exposure resistance | |
CN109743327B (en) | Certificateless cloud storage based integrity public verification method for shared data | |
Tanwar et al. | Secure key issuing scheme in ID-based cryptography with revocable ID | |
Zhang et al. | Efficient ring signature schemes over NTRU Lattices | |
Sun et al. | Securely outsourcing decentralized multi-authority attribute based signature | |
Zhang et al. | A revocable multi-authority fine-grained access control architecture against ciphertext rollback attack for mobile edge computing | |
Emura et al. | Efficient revocable identity-based encryption with short public parameters | |
Yi et al. | Distributed data possession provable in cloud | |
Lin et al. | F2P‐ABS: A Fast and Secure Attribute‐Based Signature for Mobile Platforms | |
KR20240045231A (en) | Creation of digitally signed shares | |
Lin et al. | A new universal designated verifier transitive signature scheme for big graph data | |
Wang et al. | Preserving identity privacy on multi‐owner cloud data during public verification | |
Kim et al. | A new certificateless signature scheme under enhanced security models |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |