CN112491556A - Block chain agent blind signature generation method - Google Patents
Block chain agent blind signature generation method Download PDFInfo
- Publication number
- CN112491556A CN112491556A CN202011342702.XA CN202011342702A CN112491556A CN 112491556 A CN112491556 A CN 112491556A CN 202011342702 A CN202011342702 A CN 202011342702A CN 112491556 A CN112491556 A CN 112491556A
- Authority
- CN
- China
- Prior art keywords
- signature
- signer
- message
- user
- proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain agent blind signature generation method, and belongs to the technical field of information security. The method comprises the steps of firstly, generating system parameters of a whole agent blind signature scheme through a system initialization algorithm; then, the user generates a public and private key pair by himself, and obtains the public and private key pair of the original signer and the public and private key pair of the proxy signer; the original signer authorizes the proxy signer, after the authorization is successful, the user blinds the message through the blinding factor and sends the message to the proxy signer, the proxy signer signs the blinded message through the signature private key and sends the blinded message to the user, the user blindly obtains the signature of the message for the blinded signature, and the verifier can recover the message and verify the signature when verifying the signature. The invention uses blind factors to destroy the linear relation between the final signature message and the intermediate value in the signature process, thereby ensuring the blindness and the untraceability of the blind signature scheme of the invention.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a block chain agent blind signature generation method.
Background
With the continuous development of network technology, digital signatures are widely used. The digital signature can verify the integrity and authenticity of data sources and information and the non-repudiation of the signature, can solve the problems of counterfeiting, repudiation, impersonation, falsification and the like in a network, and is an electronic signature technology which is most commonly applied, has the most mature technology and has the strongest operability at present. However, in some specific scenarios such as electronic election, when the original signer cannot sign, the original signer needs to authorize the agent to sign, and the owner of the message does not want the agent to know the specific content of the message, and the signer only wants to let others know that the original signer signs the message. With the promotion of the requirement of protecting privacy, the proxy blind signature scheme comes into play.
The blockchain is a distributed shared account book and a database, and has the characteristics of decentralization, non-tampering, traceability, collective maintenance, public transparency and the like, and the characteristics ensure the integrity and transparency of the blockchain. Based on these characteristics, the blockchain has a rich application scenario. However, in some specific blockchain application scenarios, such as decentralized electronic election, anonymity needs to be guaranteed, and meanwhile, when the user cannot operate, the user needs to be successfully authorized to operate the application by the agent, so as to ensure the normal operation of the application. However, such a method is still lacking in the prior art.
Disclosure of Invention
In view of this, the present invention provides a block chain proxy blind signature generation method, which can authorize an original signer to sign when the original signer cannot sign, and simultaneously ensure that the proxy signer does not know the content of the signature.
In order to achieve the purpose, the invention adopts the technical scheme that:
a blind signature generation method for a blockchain agent comprises the following steps:
s1, system initialization:
(101) the certificate authority selects a group of additive cycles of order prime qAnd multiplication loop groupWherein the elementsIs an additive cyclic groupGenerating element, element ofIs an additive cyclic groupGenerator of (2), bilinear pair
Wherein the content of the first and second substances,{0,1}*is a character string with any length consisting of 0 and 1,denotes a length l consisting of 0, 11The character string of (a) is,denotes a length l consisting of 0, 12The character string of (1);
(103) key generation center public system parameters:
s2, key generation:
the user randomly selects a numberAnd set as its own private key, the public key is Qu=suP2Then the original signer's public-private key pair is(s)o,Qo) The public and private key pair of the proxy signer is(s)p,Qp);
S3, authorization:
computing an authorization Q for a proxy signer by an original signerw:
Qw=(so+H1(Mw,IDp,Qp))-1P1,
Wherein M iswAs an authorization book, IDpIs the identity information of the proxy signer;
s4, authorization verification and proxy blind signature key generation:
proxy signer verification equation e (P)1,P2)=e(Qw,H1(Mw,,IDp,Qp)P2+Qo(ii) a If the equation is true, the authorization is accepted and D is calculatedop=spQw;
S5, agent blind signature generation:
v′=α-1(v+β)
and sending v' to the proxy signer; wherein m is the message to be signed, | | | represents the concatenation of character strings,representing an exclusive or operation;
(503) after the proxy signer receives v ', S ═ (r + v') D is calculatedopAnd sending S' to the user;
(504) after receiving S ', the user calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M) of the message M to be signedw);
S6, signature verification:
verifier computation
And
judgment equationIf yes, the verification is passed; otherwise, the verification is not passed; wherein the content of the first and second substances,representing the left end l of the extraction string u1The value of the individual bits is then,indicating the right end l of the extraction string u2A value of one bit.
The invention adopts the technical scheme to obtain the beneficial effects that:
1. most of the prior proxy blind signatures with message recovery do not have the untraceability of signatures, and a proxy signer can determine the user information of the signature through the intermediate value transmitted in the signature process, namely the proxy signer can determine which signature is signed by retaining the data. The invention can complete the successful authorization of the original signer to the proxy signer, simultaneously uses the blind factor to blindly the original message and destroys the linear relation between the signature and the intermediate value, so that the user can obtain the correct signature, the verifier can recover the original message and successfully verify the signature, but the proxy signer can not know the original message, thereby ensuring the blindness and the irretrievable traceability of the method.
2. The invention introduces the agent blind signature in the block chain application system to realize authorization and confusion service, thereby not only providing an audit certificate for improper behaviors, but also ensuring that the original message is invisible to an agent, thereby ensuring the legal anonymity of users.
In summary, the invention is a proxy blind signature generation method with message recovery suitable for block chain application, which uses a blind factor to destroy the linear relation between the final signature message and the intermediate value in the signature process, thereby ensuring the blindness and untraceability of the blind signature scheme of the invention.
Drawings
Fig. 1 is a schematic diagram of a signature flow of a proxy blind signature generation method in an embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail with reference to the accompanying drawings and the detailed description.
As shown in fig. 1, a block chain proxy blind signature generation method is implemented by an original signer OrignalSigner, a proxy signer ProxySigner and a User, in a signature process, the original signer OrignalSigner firstly authorizes the proxy signer ProxySigner, after the authorization is successful, the User blindly changes a message, the proxy signer ProxySigner signs the blinded message, then the User outputs a signature, and finally a verifier can recover the original message while verifying whether the signature is correct. Which comprises the following steps:
initializing a system:
this step is performed by the certificate authority CA, mainly to generate system parameters for the whole proxy blind signature scheme. The concrete mode is as follows:
CA selects addition cycles of order prime qAnd multiplication loop groupWherein the elementsIs an additive cyclic groupGenerating element, element ofIs an additive cyclic groupThe generator of (1). Bilinear pairings
Key generation center KGC discloses system parameters:
and (3) key generation:
the step is executed by a User, and is used for generating a private and public key pair of the User. The concrete mode is as follows:
the user randomly selects a numberAnd set as its own private key, the public key is Qu=suP2. The original signer's public-private key pair is(s)o,Qo) The public and private key pair of the proxy signer is(s)p,Qp)。
Authorization:
this step is performed by the original Signer for generating an authorization Q to the proxy Signer ProxySignerw. The concrete mode is as follows:
original Signer original Signal computation Qw=(so+H1(Mw,IDp,Qp))-1P1Wherein M iswCorresponding to the authorization book.
Authorization verification and proxy blind signature key generation:
this step is performed by the proxy signer ProxySigner for verifying the authorization QwAnd if the verification is passed, the authorization is accepted. The concrete mode is as follows:
proxy signer ProxySigner verification equation
e(P1,P2)=e(Qw,H1(Mw,,IDp,Qp)P2+Qo. If the equation is true, the authorization is accepted.
Proxy signer ProxySigner computation Dop=spQw
Agent blind signature generation:
this step is essentially the generation of a signature (S, v, M) of the message M to be signedw). In the process of generating the signature, the User uses blinding the message M by using a blinding factor, and then the proxy signer ProxySigner signs the blinded message and the signature (S, v, M) of the Userw). The concrete mode is as follows:
v′=α-1(v+β)
and sends v' to the proxy signer ProxySigner;
after v ' is received by the proxy signer ProxySigner, S ' ═ D (r + v ') is calculatedopAnd sending S' to a User;
after receiving S ', the User calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M)w)。
Signature verification:
this step is mainly used for the Verifier to verify the message M signature (S, v, M)w) The validity of (2). The concrete mode is as follows:
verifier calculation
And
The method is executed by an original signer, an agent signer and a user together, in the signing process, the original signer firstly authorizes the agent signer, after the authorization is successful, the user blinds the message, the agent signer signs the blinded message, then the user outputs the signature, and finally a verifier can recover the original message while verifying whether the signature is correct.
The invention can complete the successful authorization of the original signer to the proxy signer, simultaneously uses the blind factor to blindly the original message and destroys the linear relation between the signature and the intermediate value, so that the user can obtain the correct signature, the verifier can recover the original message and successfully verify the signature, but the proxy signer can not know the original message, thereby ensuring the blindness and the irretrievable traceability of the scheme of the invention.
Claims (1)
1. A blind signature generation method for a blockchain agent is characterized by comprising the following steps:
s1, system initialization:
(101) the certificate authority selects a group of additive cycles of order prime q And multiplication loop groupWherein the elementsIs an additive cyclic groupGenerating element, element ofIs an additive cyclic groupGenerator of (2), bilinear pair
(102) Given a security parameter k, the certificate authority selects four hash functions Wherein the content of the first and second substances,{0,1}*is a character string with any length consisting of 0 and 1,denotes a length l consisting of 0, 11The character string of (a) is,denotes a length l consisting of 0, 12The character string of (1);
(103) key generation center public system parameters:
s2, key generation:
the user randomly selects a numberAnd set as its own private key, the public key is Qu=suP2Then the original signer's public-private key pair is(s)o,Qo) The public and private key pair of the proxy signer is(s)p,Qp);
S3, authorization:
computing an authorization Q for a proxy signer by an original signerw:
Qw=(so+H1(Mw,IDp,Qp))-1P1,
Wherein M iswAs an authorization book, IDpIs the identity information of the proxy signer;
s4, authorization verification and proxy blind signature key generation:
proxy signer verification equation e (P)1,P2)=e(Qw,H1(Mw,,IDp,Qp)P2+Qo(ii) a If the equation is true, the authorization is accepted and D is calculatedop=spQw;
S5, agent blind signature generation:
v′=α-1(v+β)
and sending v' to the proxy signer; wherein m is the message to be signed, | | | represents the concatenation of character strings,representing an exclusive or operation;
(503) after the proxy signer receives v ', S ═ (r + v') D is calculatedopAnd sending S' to the user;
(504) after receiving S ', the user calculates the signature value S ═ α S' + β P1And outputs the signature (S, v, M) of the message M to be signedw);
S6, signature verification:
verifier computation
And
judgment equationIf yes, the verification is passed; otherwise, the verification is not passed; wherein the content of the first and second substances,representing the left end l of the extraction string u1The value of the individual bits is then,indicating the right end l of the extraction string u2A value of one bit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011342702.XA CN112491556B (en) | 2020-11-26 | 2020-11-26 | Block chain agent blind signature generation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011342702.XA CN112491556B (en) | 2020-11-26 | 2020-11-26 | Block chain agent blind signature generation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112491556A true CN112491556A (en) | 2021-03-12 |
CN112491556B CN112491556B (en) | 2022-05-06 |
Family
ID=74934553
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011342702.XA Active CN112491556B (en) | 2020-11-26 | 2020-11-26 | Block chain agent blind signature generation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112491556B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113098684A (en) * | 2021-03-26 | 2021-07-09 | 国网河南省电力公司电力科学研究院 | Intelligent power grid-oriented untraceable blind signature method and system |
CN114389808A (en) * | 2022-01-26 | 2022-04-22 | 南京邮电大学 | Open ID protocol design method based on SM9 blind signature |
CN115348033A (en) * | 2022-08-12 | 2022-11-15 | 四川启睿克科技有限公司 | Short identity-based designated verifier proxy signature method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333453A (en) * | 2014-10-20 | 2015-02-04 | 西安电子科技大学 | Partially blind signature method based on identity |
CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
CN106899412A (en) * | 2017-03-30 | 2017-06-27 | 北京链银博科技有限责任公司 | A kind of block chain method for secret protection, apparatus and system |
CN109359483A (en) * | 2018-10-19 | 2019-02-19 | 东北大学秦皇岛分校 | A kind of privacy of user anonymity guard method based on block chain |
-
2020
- 2020-11-26 CN CN202011342702.XA patent/CN112491556B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333453A (en) * | 2014-10-20 | 2015-02-04 | 西安电子科技大学 | Partially blind signature method based on identity |
CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
CN106899412A (en) * | 2017-03-30 | 2017-06-27 | 北京链银博科技有限责任公司 | A kind of block chain method for secret protection, apparatus and system |
CN109359483A (en) * | 2018-10-19 | 2019-02-19 | 东北大学秦皇岛分校 | A kind of privacy of user anonymity guard method based on block chain |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113098684A (en) * | 2021-03-26 | 2021-07-09 | 国网河南省电力公司电力科学研究院 | Intelligent power grid-oriented untraceable blind signature method and system |
CN114389808A (en) * | 2022-01-26 | 2022-04-22 | 南京邮电大学 | Open ID protocol design method based on SM9 blind signature |
CN114389808B (en) * | 2022-01-26 | 2023-07-21 | 南京邮电大学 | OpenID protocol design method based on SM9 blind signature |
CN115348033A (en) * | 2022-08-12 | 2022-11-15 | 四川启睿克科技有限公司 | Short identity-based designated verifier proxy signature method |
Also Published As
Publication number | Publication date |
---|---|
CN112491556B (en) | 2022-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112491556B (en) | Block chain agent blind signature generation method | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
JP5468157B2 (en) | Method and apparatus for generating verifiable public key | |
CN111342973B (en) | Safe bidirectional heterogeneous digital signature method between PKI and IBC | |
CN102387019B (en) | Certificateless partially blind signature method | |
CN111010272B (en) | Identification private key generation and digital signature method, system and device | |
CN112532394B (en) | Block chain anti-signature traceable certificateless blind signature generation method | |
CN111654366B (en) | Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC | |
CN108268779B (en) | Processing method and system for carrying out short ciphertext signature on invoice | |
JPH08328471A (en) | Restoration-type electronic signature method and addition- type electronic signature method as well as authentication exchange method | |
CN113032844B (en) | Signature method, signature verification method and signature verification device for elliptic curve | |
CN109064170B (en) | Group signature method without trusted center | |
CN112511314B (en) | Recoverable message blind signature generation method based on identity | |
CN108847933B (en) | SM9 cryptographic algorithm-based identification issuing method | |
CN111147240B (en) | Privacy protection method and system with traceability | |
CN111917550A (en) | Certificateless cluster signature bilinear-free authentication method and system | |
CN108667619B (en) | White box implementation method and device for SM9 digital signature | |
CN115174102A (en) | Efficient batch verification method and system based on SM2 signature | |
CN113849861A (en) | Proxy digital signature method based on elliptic curve | |
CN111064581B (en) | Privacy protection method and system with connection capability | |
CN116389011A (en) | Blind signature method and system based on identity key isolation | |
KR20010017358A (en) | Method for making the fair blind signatures | |
CN115834096A (en) | Method for realizing block chain election based on verifiable random function | |
CN115361120A (en) | Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling | |
CN115567217A (en) | SM2 signature-based certificate signature generation method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |