CN112436942A - Attribute-based/identity-based heterogeneous revocable signcryption method - Google Patents
Attribute-based/identity-based heterogeneous revocable signcryption method Download PDFInfo
- Publication number
- CN112436942A CN112436942A CN202010652215.7A CN202010652215A CN112436942A CN 112436942 A CN112436942 A CN 112436942A CN 202010652215 A CN202010652215 A CN 202010652215A CN 112436942 A CN112436942 A CN 112436942A
- Authority
- CN
- China
- Prior art keywords
- signcryption
- user
- attribute
- identity
- signing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3026—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Pure & Applied Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Physics (AREA)
- Algebra (AREA)
- Mathematical Optimization (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a revocable signcryption method of attribute-based/identity-based isomerism. The method is characterized in that attribute-based encryption is combined in the same algorithm based on identity-based signatures in the construction, so that the problems of huge calculation amount and communication cost required by the traditional 'signature-first-encryption' method are solved, and the construction of a revocation list is introduced, so that the risk of key leakage is solved. When executing signcryption, a signcrypter signs the plain text by using an attribute strategy, a revocation list, a public key and a private key corresponding to the identity of the signcrypter; and the signcryption person carries out signcryption on the signcryption text through the corresponding private key and the public key, when the identity of the signcryption person is not in the revocation list, the signcryption person can recover the plaintext, otherwise, the signcryption person cannot recover the plaintext. The invention can be used in a cloud-based vehicle networking environment, provides confidentiality, integrity, authentication, non-repudiation and access control services for users in the cloud-based vehicle networking environment, and simultaneously supports revocation of the users.
Description
Technical Field
The invention relates to the field of information security and communication, in particular to a revocable signcryption method with attribute-based/identity-based isomerism.
Background
With the wide use of cloud computing technology in the fields of finance, medical treatment, services, daily life and the like, cloud-based information security and privacy protection also become a problem of great concern. In order to ensure confidentiality and access control in cloud-based data sharing, in 2006, Goyal et al proposed attribute-based encryption, whose core idea was to embed attributes and access policies in the ciphertext and key, respectively, and to complete decryption only when the attributes are compatible with the access policies. However, attribute-based encryption cannot realize an authentication function, and in order to ensure confidentiality, access control, and authentication, it is common to encrypt a message using attribute-based encryption and then sign-encrypt a transmitted message. In 1997, Zheng et al proposed the concept of signcryption, whose core idea was to achieve both message confidentiality and authentication in a reasonable step, which solved the huge computation and communication cost problems required by the traditional "signature first and then encryption" method. Since the conventional signcryption scheme is constructed based on PKI or based on identity, the access control function cannot be realized. Thus, attribute-based signcryption has been proposed. However, a signature generated by an attribute-based signcryption scheme can only determine attributes owned by the signer, and key leakage also presents a significant challenge to the signcryption scheme.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an efficient and safe attribute-based/identity-based heterogeneous revocable signcryption scheme, solves the problems of huge calculation amount and communication cost required by the traditional method of signing before encrypting, and simultaneously provides direct revoking of signcryption.
In order to achieve the purpose of the invention, the invention is realized by adopting the following technical scheme:
the method integrates the advantages of attribute-based signcryption and identity-based signcryption, and introduces a revocation list into a signcryption text to complete direct revocation. The signcrypter signs the plaintext by using a private key, a public key and an access strategy of the signcrypter to generate a signed text; and the signcryption person receives the signcryption message and then uses the private key and the public key of the signcryption person to sign and decrypt the signcryption message to recover the message. The invention integrates the advantages of the attribute base signcryption and the identity base signcryption and introduces the revocation list into the attribute base/identity base heterogeneous signcryption scheme, thereby not only saving the calculation and communication cost, but also meeting the properties of confidentiality, non-repudiation, revocable property, access control and the like. The method comprises the following specific steps:
(1) the system establishes a Setup, namely, inputting security parameters and the maximum user revocation number, and running the algorithm by the KGC to generate system public parameters and a system master key;
(2) inputting system public parameters, user identities and attribute sets, and running the algorithm by the KGC to generate a private Key corresponding to the user;
(3) inputting system public parameters, a private key of a signcryption user, an access strategy and plaintext information, operating the algorithm by the signcryption user, generating a signcryption text and uploading the signcryption text to a cloud storage platform;
(4) and inputting the system public parameter, the signed text and the private key of the signing and decrypting user, firstly verifying whether the signing and decrypting is correct or not by the signing and decrypting user in a priori, and then executing the signing and decrypting.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
The method consists of seven algorithms, and the specific construction process is as follows:
(1) the system establishes a Setup, namely inputting a security parameter lambda and a maximum user revocation number d, and constructing two orders with the order of N as p1p2p3Multiplication loop groups G and GTWherein p is1,p2,p3Is three prime numbers and satisfies the condition p1,p2,p3>2160,G1,G2,G3Three subgroups of group G, of respective order p1,p2,p3(ii) a Defining a bilinear map e G → GTIs provided with h1Is G1Is generated by123Is the generation of GElement; randomly selecting a collision-resistant password hash function:whereinIs a positive integer group with the order of N; randomly selecting a commitment agreement picommitGet the corresponding public key CK by (c.setup, Commit, Open) and running c.setup (λ); KGC random selectionComputing And T ═ e (h)1,h123)αAnd using it as the master public key; the KGC secret holds the master private key α, and the publishing system public parameter pp ═ (e, h)1,h123,Πcommit,CK,H,d1,d2,t,t',u,u0,u1,{vi}i∈[0,d],T);
(2) Inputting system public parameter pp and user use identity IDuseAnd attribute collectionThe private key of the user use is generated as follows:
c) Then calculateUsing it as the signing secret key and setting Kuse=(SuseSK, DK) is the user private key;
(3) signcrypt is that the Signcrypt is Alice; the access policy that needs to be satisfied for de-signcryption is (M, π), where M is an n1Line n2Matrix of columns,. pi.is a mapping from row numbers in M to attributes, Mi,jRepresents the jth row and ith column elements of the matrix M; RL ═ ID (ID)1,ID2,…,IDl) Is a revocation list, and l is less than or equal to d; defining a plaintext information m E GT. The specific signing and sealing process is as follows:
(4) De-Signcrypt, after Bob receives Signcrypt, firstly randomly selecting y,and performing a hash operation calculationThe following equation is then verified If not, Bob refuses to unlock the signcryption; otherwise Bob calculates as follows:
b) bob's calculationAnd look for { gammai}i∈ISo thatWherein I ∈ SBob,MiIs the ith column of matrix M;
c) bob's calculation
Claims (3)
1. The attribute-based/identity-based heterogeneous revocable signcryption method is characterized by comprising the following steps:
(1) the signcryption user can simultaneously complete the encryption of the attribute base of the plaintext and the signature of the identity base of the plaintext in the signcryption algorithm; in the decryption algorithm, the signcryption user can complete decryption and verification of the signcryption text at the same time. The problems of huge calculation amount and communication cost required by the traditional method of signing before encrypting are avoided.
(2) The password system cancels by embedding the revocation list in the signed text, thereby realizing the direct cancellation of the user.
(3) The signcryption user signs the message by using a private key, a public key, an access strategy and a revocation list of the signcryption user when signing the message to generate a signcryption text; and after receiving the signed text, the signing and decrypting user decrypts the signed text by using the public key and the private key of the user to recover the message.
2. The method for revocable signcryption based on attribute-based/identity-based heterogeneity, as claimed in claim 1, wherein said method comprises the steps of:
(1) the system establishes a Setup, namely, inputting security parameters and the maximum user revocation number, and running the algorithm by the KGC to generate system public parameters and a system master key;
(2) inputting system public parameters, user identities and attribute sets, and running the algorithm by the KGC to generate a private Key corresponding to the user;
(3) inputting system public parameters, a private key of a signcryption user, an access strategy and plaintext information, operating the algorithm by the signcryption user, generating a signcryption text and uploading the signcryption text to a cloud storage platform;
(4) and inputting the system public parameter, the signed text and the private key of the signing and decrypting user, firstly verifying whether the signing and decrypting is correct or not by the signing and decrypting user in a priori, and then executing the signing and decrypting.
3. The revocable signcryption method of attribute-based/identity-based heterogeneity, as claimed in claim 2, wherein the specific algorithm of the method comprises:
(1) the system establishes a Setup, namely inputting a security parameter lambda and a maximum user revocation number d, and constructing two orders with the order of N as p1p2p3Multiplication loop groups G and GTWherein p is1,p2,p3Is three prime numbers and satisfies the condition p1,p2,p3>2160,G1,G2,G3Three subgroups of group G, of respective order p1,p2,p3(ii) a Defining a bilinear map e G → GTIs provided with h1Is G1Is generated by123Is the generator of G; randomly selecting a collision-resistant password hash function: h:whereinIs a positive integer group with the order of N; randomly selecting a commitment agreement picommitGet the corresponding public key CK by (c.setup, Commit, Open) and running c.setup (λ); KGC random selectionComputing And T ═ e (h)1,h123)αAnd using it as the master public key; the KGC secret holds the master private key α, and the publishing system public parameter pp ═ (e, h)1,h123,Πcommit,CK,H,d1,d2,t,t',u,u0,u1,{vi}i∈[0,d],T);
(2) Inputting system public parameter pp and user use identity IDuseAnd attribute collectionThe private key of the user use is generated as follows:
c) Then calculateUsing it as the signing secret key and setting Kuse=(SuseSK, DK) is the user private key;
(3) signcrypt is that the Signcrypt is Alice; the access policy that needs to be satisfied for de-signcryption is (M, π), where M is an n1Line n2Matrix of columns,. pi.is a mapping from row numbers in M to attributes, Mi,jRepresents the jth row and ith column elements of the matrix M; RL ═ ID (ID)1,ID2,…,IDl) Is a revocation list, and l is less than or equal to d; defining a plaintext information m E GT. The specific signing and sealing process is as follows:
(4) B, after receiving the signcryption, randomly selecting the Designypt from the DesignyptAnd performing a hash operation calculationThe following equation is then verified If not, Bob refuses to unlock the signcryption; otherwise Bob calculates as follows:
b) bob's calculationAnd look for { gammai}i∈ISo thatWherein I ∈ SBob,MiIs the ith column of matrix M;
c) bob's calculation
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010652215.7A CN112436942A (en) | 2020-07-08 | 2020-07-08 | Attribute-based/identity-based heterogeneous revocable signcryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010652215.7A CN112436942A (en) | 2020-07-08 | 2020-07-08 | Attribute-based/identity-based heterogeneous revocable signcryption method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112436942A true CN112436942A (en) | 2021-03-02 |
Family
ID=74689894
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010652215.7A Pending CN112436942A (en) | 2020-07-08 | 2020-07-08 | Attribute-based/identity-based heterogeneous revocable signcryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112436942A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113259093A (en) * | 2021-04-21 | 2021-08-13 | 山东大学 | Hierarchical signature encryption system based on identity-based encryption and construction method |
CN114095160A (en) * | 2021-11-12 | 2022-02-25 | 电子科技大学 | Unlimited revocable attribute-based encryption method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN105049430A (en) * | 2015-06-30 | 2015-11-11 | 河海大学 | Ciphertext-policy attribute-based encryption method having efficient user revocation capability |
CN109286491A (en) * | 2018-10-18 | 2019-01-29 | 上海海事大学 | A kind of key policy attribute base encryption method based on proxy revocation |
-
2020
- 2020-07-08 CN CN202010652215.7A patent/CN112436942A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546161A (en) * | 2010-12-08 | 2012-07-04 | 索尼公司 | Ciphertext policy based revocable attribute-based encryption method and equipment and system utilizing same |
CN105049430A (en) * | 2015-06-30 | 2015-11-11 | 河海大学 | Ciphertext-policy attribute-based encryption method having efficient user revocation capability |
CN109286491A (en) * | 2018-10-18 | 2019-01-29 | 上海海事大学 | A kind of key policy attribute base encryption method based on proxy revocation |
Non-Patent Citations (1)
Title |
---|
俎龙辉: "可撤销的广义身份基密码算法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113259093A (en) * | 2021-04-21 | 2021-08-13 | 山东大学 | Hierarchical signature encryption system based on identity-based encryption and construction method |
CN114095160A (en) * | 2021-11-12 | 2022-02-25 | 电子科技大学 | Unlimited revocable attribute-based encryption method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
CN110011802B (en) | Efficient method and system for cooperatively generating digital signature by two parties of SM9 | |
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
Li et al. | Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks | |
CN104821880B (en) | One kind is without certificate broad sense agent signcryption method | |
CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
US20090097657A1 (en) | Constructive Channel Key | |
CN106127079B (en) | A kind of data sharing method and device | |
CN107566128A (en) | A kind of two side's distribution SM9 digital signature generation methods and system | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
CN112187798B (en) | Bidirectional access control method and system applied to cloud-side data sharing | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN110971411B (en) | SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
CN112436942A (en) | Attribute-based/identity-based heterogeneous revocable signcryption method | |
CN112733179B (en) | Lightweight non-interactive privacy protection data aggregation method | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
CN113268764A (en) | Personal credit data authorization method for mixed chain and threshold proxy re-encryption | |
CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
CN114189338B (en) | SM9 key secure distribution and management system and method based on homomorphic encryption technology | |
CN116318696A (en) | Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties | |
CN114095161A (en) | Identity base pierceable encryption method supporting equality test |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210302 |
|
WD01 | Invention patent application deemed withdrawn after publication |