CN111092725B - Certificateless signature method suitable for Internet of things - Google Patents

Certificateless signature method suitable for Internet of things Download PDF

Info

Publication number
CN111092725B
CN111092725B CN201911377444.6A CN201911377444A CN111092725B CN 111092725 B CN111092725 B CN 111092725B CN 201911377444 A CN201911377444 A CN 201911377444A CN 111092725 B CN111092725 B CN 111092725B
Authority
CN
China
Prior art keywords
bits
signature
key
length
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911377444.6A
Other languages
Chinese (zh)
Other versions
CN111092725A (en
Inventor
杜红珍
赵天绪
刘淳安
张姗姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baoji University of Arts and Sciences
Original Assignee
Baoji University of Arts and Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baoji University of Arts and Sciences filed Critical Baoji University of Arts and Sciences
Priority to CN201911377444.6A priority Critical patent/CN111092725B/en
Publication of CN111092725A publication Critical patent/CN111092725A/en
Application granted granted Critical
Publication of CN111092725B publication Critical patent/CN111092725B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a certificateless signature method suitable for the Internet of things, which comprises the following steps: the method comprises the steps of system initialization, partial private key analysis, secret value and public key establishment, signature generation and signature verification. Aiming at the problem of privacy security authentication existing in the Internet of things, the invention constructs a safe and efficient certificateless signature scheme based on an elliptic curve cryptosystem, eliminates the problems of complicated certificate management and key escrow, and can resist the counterfeiting attack of two types of super adversaries in a certificateless public key cryptosystem. Compared with the existing certificateless signature scheme, the scheme constructed by the invention has better performance, is the optimal combination of high safety and high efficiency, is more suitable for various application environments of the Internet of things with limited resources, and provides a first safety barrier for the integrity of the transmission data of the Internet of things and the identity authentication of the user.

Description

Certificateless signature method suitable for Internet of things
Technical Field
The invention belongs to the field of network space security disciplines, and particularly relates to an Internet of things, cryptography, certificateless public key cryptography and a signature method.
Background
With the rapid popularization of the internet of things in various fields, the safety of the internet of things is concerned widely. The safety certification is the basis for the development of the technology of the internet of things. The certificateless signature is a digital signature under a certificateless public key cryptosystem, solves the problem of key escrow existing in the identity-based digital signature, avoids the problem of complicated public key certificate management, and is one of practical methods for providing data integrity and identity authentication for the Internet of things. At present, many certificateless signature schemes have been proposed, but few of them are secure certificateless signature schemes suitable for the application environment of the internet of things.
The first certificateless signature schemes were designed by a1-Riyami and Paterson, and then many certificateless signature schemes were proposed, such as those of Yum, gorntla, Yap, Park, Choi, Tso, zhangfeng, etc., which are all constructed based on bilinear pairs, which are computationally expensive, resulting in inefficient implementation of these schemes. Therefore, there is a great deal of interest in designing certificateless signature schemes without bilinear pairings. Hodgko et al proposed the first certificateless signature scheme without bilinear pairings. But this solution is not resistant to forgery attacks by Strong adversaries of the second kind. Zhang et al constructed an RSA-based certificateless signature scheme, but the scheme was still inefficient to implement and is not suitable for the resource-constrained environment of the Internet of things. Yeh, Wang, Gong, Jia, etc. have designed certificateless signature schemes using elliptic curve cryptosystem, respectively, but the security of these schemes is questioned. At present, a certificateless signature scheme which is suitable for the environment of the Internet of things and can resist Super adversary attacks does not exist.
Based on the method, the invention provides a method for providing security authentication for multiple application environments of the Internet of things, namely a safe and efficient certificateless signature scheme.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a certificateless signature method suitable for the Internet of things.
The technical scheme for solving the technical problems comprises the following steps:
A. system initialization
(A1) Determination of finite Zr
Zr∈{0,1,2,...,r-1}
Wherein r is a large prime number, and the length of r is 160-256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(mod r),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0,
p belongs to E and is a point on an elliptic curve, P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with one bit, the discrete logarithm problem on G is difficult to solve, and l is a positive integer with the length of 160-256 bits;
(A3) generating a random number x
The key generation center selects a random number x belonging to {1, 2, …, q-1}, wherein x is a system master key;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
Figure GDA0002416650460000021
Figure GDA0002416650460000022
Figure GDA0002416650460000023
wherein {0, 1}*Is a 0, 1 bit string composed of 0 and 1 and having a non-fixed length,
Figure GDA0002416650460000024
H1is that
Figure GDA0002416650460000025
The representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithm
Figure GDA0002416650460000031
The above elements; h2Is that
Figure GDA0002416650460000032
The representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithm
Figure GDA0002416650460000033
The above elements. H3Is that
Figure GDA0002416650460000034
Indicating that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs, and one
Figure GDA0002416650460000035
The elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure GDA0002416650460000036
The above elements;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
B. Analyzing partial private key, inputting system parameter Params and ID of sensor node SN, wherein the ID belongs to {0, 1}*
(B1) Selecting a random number alpha
α∈{1,2,…,q-1}
Wherein q is the order of the elliptic curve group G;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
(B5) Determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDIs sent to transmitThe sensor node SN receives part of the private key DIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PPubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number is randomly selected by sensor node SN with ID
Figure GDA0002416650460000041
As its own secret value;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1, 2, …, q-1 };
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is equal to {0, 1}*Is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
(D5) Determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair of the sensor node SN (m,σ) and public key PKIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
In the system initialization step A, the large prime number r takes the values of 160 bits, 200 bits and 256 bits; in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D, the length value of the order q of the elliptic curve group is 160 bits, 200 bits and 256 bits.
Compared with the prior art, the invention has the following advantages:
the invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using a time-consuming bilinear pairing and a MapToPoint hash function, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Drawings
Fig. 1 is a flow chart of one embodiment 1 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and examples, but the present invention is not limited to these examples.
Example 1
The certificateless signature method suitable for the Internet of things comprises the following steps (as shown in figure 1) by taking the length value of a large prime number r as 256 bits and the length value of an order q of an elliptic curve group as 256 bits:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,...,r-1}
Wherein r is a large prime number, and the length of r is 256 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(mod r),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0;
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 256 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1, 2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
Figure GDA0002416650460000061
Figure GDA0002416650460000069
Figure GDA0002416650460000062
wherein {0, 1}*Is a 0, 1 bit string composed of 0 and 1 and having a non-fixed length,
Figure GDA0002416650460000063
H1is that
Figure GDA0002416650460000064
The representation is that 0 and 1 which are formed into a non-fixed-length 0 and 1 bit string and three elements on G are connected from left to right and then transformed into the data by a hash algorithm
Figure GDA0002416650460000065
The above elements; h2Is that
Figure GDA0002416650460000066
The representation is that 0 and 1 are formed into a non-fixed 0 and 1 bit string, an element on G, a non-fixed 0 and 1 bit string and three elements on G are connected from left to right and then transformed into a hash algorithm
Figure GDA0002416650460000067
The above elements. H3Is that
Figure GDA0002416650460000068
Indicating that the length of a string of 0 and 1 bits is not fixed, the element on one G, the length of a string of 0 and 1 bits is not fixed, the elements on two Gs, and one
Figure GDA0002416650460000071
The elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure GDA0002416650460000072
The above elements; q takes 256 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 256 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by a key generation center;
(B1) selecting a random number alpha
α∈{1,2,…,q-1}
Wherein the length of q is 256 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
In the formula, the length q is 256 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to a sensor node SN, and receiving part of private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number is randomly selected by sensor node SN with ID
Figure GDA0002416650460000081
As its own secret value; in the formula, the length q is 256 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1, 2, …, q-1 }; in the formula, the length q is 256 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
In the formula, the length q is 256 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) (E1) the recipient obtains the message-signature pair (m, σ) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
The invention provides an efficient certificateless signature method based on an elliptic curve cryptosystem and an application environment of the Internet of things, the certificateless signature method is high in safety, can resist counterfeiting attacks of two types of super adversaries existing in a certificateless public key cryptosystem, avoids using a time-consuming bilinear pairing and a MapToPoint hash function, is better in performance than the existing certificateless signature scheme, is more suitable for various application environments of the Internet of things with limited resources, provides necessary safety guarantee for privacy authentication of the Internet of things, and can promote rapid and healthy development of the Internet of things and the certificateless public key cryptosystem.
Example 2
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,...,r-1}
Wherein r is a large prime number, and the length of r is 160 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(mod r),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 160 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1, 2, …, q-1}, wherein x is a system master key; wherein q takes 160 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
Figure GDA0002416650460000101
Figure GDA0002416650460000102
Figure GDA0002416650460000103
in the formula, q takes 160 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 160 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by a key generation center;
(B1) selecting a random number alpha
α∈{1,2,…,q-1}
Wherein the length of q is 160 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
In the formula, the length q is 160 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to a sensor node SN, and receiving part of private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number is randomly selected by sensor node SN with ID
Figure GDA0002416650460000111
As its own secret value; in the formula, the length q is 160 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1, 2, …, q-1 }; in the formula, the length q is 160 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
In the formula, the length q is 160 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.
Example 3
The certificateless signature method suitable for the Internet of things comprises the following steps of:
A. the system is initialized, the key generation center generates system public parameters Params and a system master key x, and a certificateless public key cryptosystem suitable for the environment of the Internet of things is established.
(A1) Determination of finite Zr
Zr∈{0,1,2,...,r-1}
Wherein r is a large prime number, and the length of r is 200 bits;
(A2) inputting a security parameter l, selecting an elliptic curve y on a limited domain Zr by a key generation center:
y2=x3+αx+β(mod r),
α∈Zr,β∈Zr,(4α3+27β2)mod r≠0,
p ∈ y is a point on the elliptic curve, and P is used as a generator to generate an elliptic curve group G with the order of q, wherein q is a prime number with the length of 200 bits, and the discrete logarithm problem on G is difficult to solve.
(A3) Generating a random number x
The key generation center selects a random number x belonging to {1, 2, …, q-1}, wherein x is a system master key; wherein q takes 256 bits;
(A4) computing system public key Ppub
Ppub=xP
(A5) Three secure cryptographic hash functions are selected:
Figure GDA0002416650460000131
Figure GDA0002416650460000132
Figure GDA0002416650460000133
in the formula, q takes 200 bits;
(A6) key generation center publishing system parameters Params
Params:{l,y,G,q,P,Ppub,H1,H2,H3}
In the formula, the length q is 200 bits;
B. analyzing a part of private keys, inputting system parameters Params and the ID of the sensor node SN, and calculating the part of private keys of the sensor node by a key generation center;
(B1) selecting a random number alpha
α∈{1,2,…,q-1}
Wherein the length q is 200 bits;
(B2) determining partial private key partial data y of sensor node SNID
yID=αP
Wherein P e y is a point on the elliptic curve;
(B3) calculating a hash value h1
h1=H1(ID,yID,P,Ppub)
(B4) Calculating partial private key partial data d of sensor node SNID
dID=α+h1x(mod q)
In the formula, the length q is 200 bits;
(B5) determining partial private key D of sensor node SNID
DID=(yID,dID)
(B6) The key generation center uses a part of the private key D through a secure channelIDSending the private key to a sensor node SN, and receiving part of private key D by the sensor node SNIDThereafter, the user verifies whether d is satisfiedIDP=yID+h1PpubIf yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) Random number is randomly selected by sensor node SN with ID
Figure GDA0002416650460000141
As its own secret value; in the formula, the length q is 200 bits;
(C2) calculating partial public key gID
gID=vIDP
(C3) Computing the public key PK of the sensor node SNID
PKID=(gID,yID)
D. Generating signatures
(D1) Selecting a random number k belonging to {1, 2, …, q-1 }; in the formula, the length q is 200 bits;
(D2) computing a partial signature delta
δ=kP
(D3) Calculating a hash value h2、h3
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
Wherein m is a message to be signed;
(D4) calculating a partial signature z
z=k-1(h2vID+h3dID)mod q
In the formula, the length q is 200 bits;
(D5) determining a user signature σ
σ=(δ,z)
(D6) Sending the message-signature pair (m, σ) to the verifier over the public channel;
E. verifying signatures
(E1) The receiver obtains the message-signature pair (m, sigma) and the public key PK of the sensor node SNIDThen, the hash value h is calculated1、h2、h3
h1=H1(ID,yID,P,Ppub),
h2=H2(m,δ,ID,PKID,Ppub)
h3=H3(m,δ,ID,PKID,h2)
(E2) Check equation z δ h2gID+h3(yID+h1Ppub) Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature pair (m, sigma) is accepted, otherwise, the signature verification fails, indicating that the signature is invalid.

Claims (2)

1. A certificateless signature method suitable for the Internet of things is characterized by comprising the following steps:
A. system initialization
(A1) Determining a finite fieldZr
Zr∈{0, 1, 2,…, r-1}
WhereinrIs a large number of prime numbers,rthe length value of (A) is 160-256 bits;
(A2) entering security parameterslThe key generation center selects one in a limited domainZrElliptic curve ofy
Figure DEST_PATH_IMAGE001
,
Figure 148968DEST_PATH_IMAGE002
Figure DEST_PATH_IMAGE003
Figure 228919DEST_PATH_IMAGE004
Is a point on an elliptic curve, andPgenerating an order of generation for the generatorqElliptic curve groupGWhereinqIs onelThe prime number of a bit is the number of bits,Gthe discrete logarithm problem above is difficult to solve,lthe length of the positive integer is 160-256 bits;
(A3) generating random numbers
Figure DEST_PATH_IMAGE005
Selecting random number by key generation center
Figure 113699DEST_PATH_IMAGE006
Figure 177470DEST_PATH_IMAGE005
Is a system master key;
(A4) computing system public key
Figure DEST_PATH_IMAGE007
(A5) Three secure cryptographic hash functions are selected:
Figure DEST_PATH_IMAGE009
Figure DEST_PATH_IMAGE011
Figure DEST_PATH_IMAGE013
wherein
Figure DEST_PATH_IMAGE015
Is a 0, 1 bit string composed of 0 and 1 and having a non-fixed length,
Figure DEST_PATH_IMAGE017
Figure DEST_PATH_IMAGE019
H 1is that
Figure DEST_PATH_IMAGE021
The data represents a 0, 1 bit string composed of 0 and 1 and having a non-fixed length, and three bitsGThe elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure 593014DEST_PATH_IMAGE017
The above elements;H 2is that
Figure DEST_PATH_IMAGE023
The term "0" and "1" respectively means a string of bits of which the length is not fixed, consisting of 0 and 1GUpper element, length-unfixed 0, 1-bit string and threeGThe elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure 527472DEST_PATH_IMAGE017
The above elements;H 3is that
Figure DEST_PATH_IMAGE025
Represents that the length of a string of 0, 1 bits, one, which is not fixedGUpper element, non-fixed length 0, 1 bit string, twoGElement of (1) and
Figure 350197DEST_PATH_IMAGE017
the elements on the upper part are connected from left to right and then transformed into the elements by a hash algorithm
Figure 838947DEST_PATH_IMAGE017
The above elements;
(A6) key generation center publishing system parametersParams
Params:
Figure DEST_PATH_IMAGE027
B. Partial private key analysis and input of system parametersParamsAnd a sensor nodeSNOfID,
Figure DEST_PATH_IMAGE029
(B1) Selecting random numbers
Figure DEST_PATH_IMAGE031
Figure DEST_PATH_IMAGE033
Wherein the content of the first and second substances,qthe order of elliptic curve group G;
(B2) determining sensor nodesSNPartial private key partial data of
Figure DEST_PATH_IMAGE035
Figure DEST_PATH_IMAGE037
Wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE039
is a point on the elliptic curve;
(B3) computing hash values
Figure DEST_PATH_IMAGE041
Figure DEST_PATH_IMAGE043
(B4) Computing sensor nodesSNPartial private key partial data of
Figure DEST_PATH_IMAGE045
Figure DEST_PATH_IMAGE047
(B5) Determining sensor nodesSNPart of the private key ofD ID
D ID =(y ID , d ID )
(B6) The key generation center uses part of private key through secure channelD ID Send to the sensor nodeSNNode of sensorSNReceiving part of the private keyD ID Thereafter, the user verifies whether or not the satisfaction is satisfied
Figure DEST_PATH_IMAGE049
If yes, accepting the part of the private key, otherwise, requiring the key generation center to resend the data;
C. establishing secret values and public keys
(C1) ID-based sensor nodeSNRandomly selecting random numbers
Figure DEST_PATH_IMAGE051
As its own secret value;
(C2) computing partial public keys
Figure DEST_PATH_IMAGE053
Figure DEST_PATH_IMAGE055
(C3) Computing sensor nodesSNOf (2) a public keyPK ID
Figure DEST_PATH_IMAGE057
D. Generating signatures
(D1) Selecting random numbers
Figure DEST_PATH_IMAGE059
(D2) Computing partial signatures
Figure DEST_PATH_IMAGE061
Figure DEST_PATH_IMAGE063
(D3) Computing hash values
Figure DEST_PATH_IMAGE065
Figure DEST_PATH_IMAGE067
Figure DEST_PATH_IMAGE069
Figure DEST_PATH_IMAGE071
Wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE073
is a message to be signed;
(D4) computing partial signatures
Figure DEST_PATH_IMAGE075
Figure DEST_PATH_IMAGE077
(D5) Determining user signatures
Figure DEST_PATH_IMAGE079
Figure DEST_PATH_IMAGE081
(D6) Signing messagesTo (a)m,
Figure DEST_PATH_IMAGE083
) Sending the information to a verifier through an open channel;
E. verifying signatures
(E1) Receiver acquisition sensor nodeSN Message-signature pair of (a) <m,
Figure 995866DEST_PATH_IMAGE084
) And public key
Figure 253672DEST_PATH_IMAGE086
Thereafter, a hash value is calculated
Figure 480254DEST_PATH_IMAGE088
Figure 253038DEST_PATH_IMAGE065
Figure 262582DEST_PATH_IMAGE090
Figure 935746DEST_PATH_IMAGE092
Figure 67650DEST_PATH_IMAGE094
Figure DEST_PATH_IMAGE096
(E2) Checking equation
Figure 62151DEST_PATH_IMAGE098
Whether the result is true or not;
if the equation is true, the signature verification is successful and the message-signature is acceptedTo (a)m,
Figure 937703DEST_PATH_IMAGE083
) Otherwise, the signature verification fails, which indicates that the signature is invalid.
2. The certificateless signing method for internet of things of claim 1, wherein: the large prime number r in the system initialization step A takes the values of 160 bits, 200 bits and 256 bits; the order of the elliptic curve group in the system initialization step A, the partial private key analysis step B, the key generation step C and the user signature step D qThe length of (b) is 160 bits, 200 bits, 256 bits.
CN201911377444.6A 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things Active CN111092725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911377444.6A CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911377444.6A CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Publications (2)

Publication Number Publication Date
CN111092725A CN111092725A (en) 2020-05-01
CN111092725B true CN111092725B (en) 2021-12-10

Family

ID=70398287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911377444.6A Active CN111092725B (en) 2019-12-27 2019-12-27 Certificateless signature method suitable for Internet of things

Country Status (1)

Country Link
CN (1) CN111092725B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092725B (en) * 2019-12-27 2021-12-10 宝鸡文理学院 Certificateless signature method suitable for Internet of things
CN112055333B (en) * 2020-10-21 2021-09-07 西南交通大学 LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature
CN113221130A (en) * 2021-01-28 2021-08-06 武汉大学 Certificateless online and offline signature method and medium for food safety Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401531A (en) * 2019-07-31 2019-11-01 国网电子商务有限公司 A kind of collaboration signature and decryption system based on SM9 algorithm
CN111092725A (en) * 2019-12-27 2020-05-01 宝鸡文理学院 Certificateless signature method suitable for Internet of things

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401531A (en) * 2019-07-31 2019-11-01 国网电子商务有限公司 A kind of collaboration signature and decryption system based on SM9 algorithm
CN111092725A (en) * 2019-12-27 2020-05-01 宝鸡文理学院 Certificateless signature method suitable for Internet of things

Also Published As

Publication number Publication date
CN111092725A (en) 2020-05-01

Similar Documents

Publication Publication Date Title
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
Hu et al. Key replacement attack against a generic construction of certificateless signature
JP4809598B2 (en) Use of isojani in the design of cryptographic systems
EP3681093B1 (en) Secure implicit certificate chaining
CN102387019B (en) Certificateless partially blind signature method
CN111092725B (en) Certificateless signature method suitable for Internet of things
US20040123110A1 (en) Apparatus and method for ID-based ring structure by using bilinear pairings
WO2012170131A1 (en) Digital signatures with implicit certificate chains
WO2006077700A1 (en) Group signature system
CN110086599B (en) Hash calculation method and signcryption method based on homomorphic chameleon Hash function
He et al. An efficient certificateless designated verifier signature scheme.
Yeo et al. Comments on" analysis and improvement of a secure and efficient handover authentication based on bilinear pairing functions"
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
Islam et al. An improved ID-based client authentication with key agreement scheme on ECC for mobile client-server environments
Noh et al. Strong designated verifier signature scheme from lattices in the standard model
Sarier A new biometric identity based encryption scheme secure against DoS attacks
Xiong Toward certificateless signcryption scheme without random oracles
Yang et al. Threshold proxy re-signature schemes in the standard model
Yang et al. Certificateless universal designated verifier signature schemes
Wei et al. Forward-secure threshold attribute-based signature scheme
CN115580408A (en) SM 9-based certificateless signature generation method and system
Lin et al. F2p-abs: A fast and secure attribute-based signature for mobile platforms
Datta et al. Efficient attribute-based signatures for unbounded arithmetic branching programs
Zhang et al. Provably secure and subliminal-free variant of schnorr signature
Bohli et al. On subliminal channels in deterministic signature schemes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant