CN113179153A - User authentication and key agreement method based on certificateless - Google Patents

User authentication and key agreement method based on certificateless Download PDF

Info

Publication number
CN113179153A
CN113179153A CN202110304286.2A CN202110304286A CN113179153A CN 113179153 A CN113179153 A CN 113179153A CN 202110304286 A CN202110304286 A CN 202110304286A CN 113179153 A CN113179153 A CN 113179153A
Authority
CN
China
Prior art keywords
key
user
value
certificateless
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110304286.2A
Other languages
Chinese (zh)
Other versions
CN113179153B (en
Inventor
金春花
朱辉辉
单劲松
阚格
吉思维
刘鎏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202110304286.2A priority Critical patent/CN113179153B/en
Publication of CN113179153A publication Critical patent/CN113179153A/en
Application granted granted Critical
Publication of CN113179153B publication Critical patent/CN113179153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention relates to the technical field of information security, and discloses a certificateless user authentication and key agreement method, which comprises the steps of setting system parameters and initializing a system; at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC according to the user identity IDUCommon value yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUPost determination of the complete private key SUFinally according to the complete private key SUAnd a common value yUGenerating a complete public key; verifying the complete public key; given the secret value x of the sender user aAID, IDA' HegongCommon value of yAAnd a public value y of the recipient user BBAnd generating a ciphertext and finally generating a session key. Compared with the prior art, the invention can realize that the two parties of the user jointly negotiate the safe key in the certificateless environment.

Description

User authentication and key agreement method based on certificateless
Technical Field
The invention relates to the technical field of information security, in particular to a certificateless user authentication and key agreement method.
Background
Key agreement is an important link of secure communication, and a shared session key can be established between communication nodes through a key agreement protocol, and the key can be used for ensuring confidentiality and integrity in a communication process. According to the difference of the public key verification mode under the public key cryptosystem, a plurality of identity-based, certificate-based and certificate-free two-party authenticated key agreement protocols are researched at present.
Under the traditional cryptosystem Based on public key certificates, the public key of a user is authenticated by issuing a certificate by a certificate authority, the management process of the public key certificate is complex and extremely expensive, and in order to simplify the certificate management process, in 1984, an identity-Based cryptosystem is firstly proposed by Shamir [ Shamir A.Identitybased-Based cryptosystems and signatures schemes. in: Proc.of the Crypto' 84.LNCS 196, Berlin: spring-Verlag, 1984.47-53 ]. In the public key cryptosystem based on the identity, a user uses the identity of the user as a public key, such as an identification of a mailbox, a mobile phone number and the like, so that a public key certificate, an authentication process and the like are not required to be obtained. In 2003, AIRiyami et al proposed a first certificateless two-party key agreement protocol [ AI-RIYAMI S, PATERSON K G.Certificateless public key cryptography [ C ]. In: Advances In cryptography-ASIACRYPT 2003.Springer Berlin Heidelberg,2003:452 473 ]. Mandet et al, 2006, indicated that the scheme proposed by AIRiyami et al was not resistant to temporary key-leakage attacks and proposed a new protocol scheme [ MANDT T K, TAN C H. theoretical authenticated two-party key acquisition protocol [ C ]. In: Advances In Computer Science-ASIAN2006.Springer Berlin Heidelberg,2006: 37-44 ]. 2011 Liuwenhao et al proposed two party protocols based on signatures [ LIU W H, XU C X.two party certificate authority schemes [ J ] Journal of software 2011,22(11): 2843-. In 2017, et al, claimed that eCK (a formalized method for designing and analyzing a two-party authenticated key agreement protocol) is a two-party protocol under the model of ZHOU Y W, YANG B, ZHANG W Z.An improved two-party authenticated key aggregation protocol [ J ]. Chinese Journal of computers,2017,40(5):1181-1191 ], but the protocol fails to resist temporary key leakage attacks. Wu et al, 2019, proposed a two-party protocol [ WU T, JING X J.two-party authenticated key authentication protocol with enhanced security [ J ]. the journal of China Universities of Posts and telematics, 2019,26(1): 12-20 ] under the model eCK, but demonstrated that it was not resistant to KCI (key leakage camouflage) attacks by class I adversaries.
The above certificateless based user authentication and key agreement protocols suffer more or less from security problems or computational complexity problems. Therefore, there is a need for a certificateless user authentication and key agreement method that is efficient and secure, and that solves the problems of key escrow and certificate issue difficulties.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems in the prior art, the invention provides a certificateless user authentication and key agreement method, which can realize that a user and a user jointly negotiate a safe key in a certificateless environment.
The technical scheme is as follows: the invention provides a certificateless user authentication and key agreement method, which comprises the following steps:
s1: setting system parameters and initializing the system: the system parameters comprise a safety parameter k and an addition group G1Multiplication group G2Prime order P, generator P, bilinear mapping and four hash functions; also includes a master key
Figure BDA0002987477520000021
The corresponding private key, wherein,
Figure BDA0002987477520000022
represents an integer group excluding 0; disclosing each system parameter and keeping a master key s secret;
s2: at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC according to the user identity IDUCommon value yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUAnd then according to part of private key DUDetermination of the complete private key SUFinally according to the complete private key SUAnd a common value yUGenerating a complete public key;
s3: verifying the full public key generated in step S2;
s4: given the secret value x of the sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure BDA0002987477520000023
After a commitment value r is calculated, a ciphertext is generated through XOR, Hash operation and bilinear pairwise operation;
s5: the user B receives the ciphertext in the step S4 and the identity ID of the user AACommon value yAAnd then calculating a commitment value r, recovering a key through XOR, Hash operation and bilinear pairwise operation according to the ciphertext, determining a verification value according to the recovered key, and if the verification is successful, passing the identity verification of the user A and establishing a session key to form a final session key.
Further, the detailed system parameters in S1 are:
selecting an addition group G from a safety parameter k, KGC1And a multiplicative group G2Two groups have the same order P, P is prime number, and P is addition group G1The generation element of (a) is generated,
Figure BDA0002987477520000024
for a bilinear mapping, four secure hash functions are defined, one for each
Figure BDA0002987477520000025
H3:G2→{0,1}nAnd
Figure BDA0002987477520000026
Figure BDA0002987477520000031
n is the message length of the identity, and KGC randomly selects a master key
Figure BDA0002987477520000032
And calculates the corresponding private key PpubDiscloses system parameters for sP and KGC
Figure BDA0002987477520000033
And the master key s is kept secret; wherein the content of the first and second substances,
Figure BDA0002987477520000034
from G2And (4) generating.
Further, in S2, generating a complete private key at the sending end in the certificateless environment, specifically:
s2.1: given user identity IDURandom selection by the user
Figure BDA0002987477520000035
As its own secret value;
s2.2: the user can obtain the secret value x according to the userUCalculating corresponding common values
Figure BDA0002987477520000036
S2.3: user providing body to KGCShare IDUAnd a common value yUKGC calculates partial private key
Figure BDA0002987477520000037
And part of the private key DUSending to the user in a secure manner;
s2.4: the user receives part of private key D provided by KGCUThen, calculate out its own complete private key SU=(xU,DU)。
Further, in S2, generating a complete public key at the sending end in the certificateless environment, specifically:
s2.5: in step S2.4 a complete private key S is givenU=(xU,DU) And a common value yUThen, a number alpha is randomly selected,
Figure BDA0002987477520000038
and calculating rU,rU=gα
S2.6: calculating the Hash value hU,hU=H1(rU,yU,IDU);
S2.8: computing to generate an auxiliary public key verification value TU,TU=(α-xU,hU)DU
S2.9: exporting the full public key (y)U,hU,TU)。
Further, the verification of the full public key in S3 specifically includes the following steps:
s3.1: given a full public key (y)U,hU,TU) The verifier checks yUWhether the order of (a) is p (i.e.y)UNot equal to 1, however
Figure BDA0002987477520000039
);
S3.2: calculate rU
Figure BDA00029874775200000310
S3.3: computingVerification value h'U=H1(rU,yU,IDU);
S3.4: if and only if h'U=hUAnd if so, receiving the complete public key, successfully verifying the complete public key, and otherwise, returning an error symbol of ^ T.
Further, the specific step of generating the ciphertext in S4 is:
s4.1: secret value x at a given sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure BDA0002987477520000041
And the value of the commitment r is calculated,
Figure BDA0002987477520000042
s4.2: the user a calculates the value of c,
Figure BDA0002987477520000043
wherein
Figure BDA0002987477520000044
Is an XOR operation, H3(r) performing a Hash operation on the commitment r;
s4.3: the user A calculates the verification value H, H ═ H4(r,yA,yB,IDA,IDB,K);
S4.4: the user a calculates the authentication-related parameter value z,
Figure BDA0002987477520000045
s4.5: and finally generating a ciphertext sigma (c, h, z), wherein h is a verification value.
Further, the specific steps of forming the final session key in S5 are as follows:
s5.1: when user B receives the cipher text sigma ═ c, h, z and user A's IDAAnd a common value y of the userAThereafter, user B calculates the commitment from the known informationThe value of r is the sum of the values of,
Figure BDA0002987477520000046
s5.2: the user B recovers the key K of the key agreement according to the c,
Figure BDA0002987477520000047
s5.2: the user B calculates an authentication value H', H ═ H according to the secret key K4(r,yA,yB,IDA,IDB,K);
S5.3: if H ═ H ', the sender's authentication is passed and the session key establishment H ═ H4(r,yA,yB,IDA,IDBK); otherwise, returning an error symbol T.
Further, the full public key may be issued without authentication.
Has the advantages that: the invention constructs a safe user authentication and key agreement method in a certificateless environment, solves the problems of complex management process and extremely high cost of the traditional public key certificate, is proved to be safe in a random prediction model, has simple operation, is easy to transmit in a communication channel, and is an ideal key agreement method.
Drawings
FIG. 1 is a flowchart illustrating client user authentication and key agreement according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a server-side user authentication and key agreement procedure according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The present invention is described by taking the communication between the client and the server as an example, and refer to fig. 1 and fig. 2.
The invention discloses a certificateless user authentication and key agreement method, which mainly comprises the following steps:
an initialization stage: given a safety parameter k, KGC selects an addition group G1And a multiplicative group G2Two groups have the same order P, P being prime and P being additive group to generate G1The generation element of (a) is generated,
Figure BDA0002987477520000051
for a bilinear mapping, four secure hash functions are defined, one for each
Figure BDA0002987477520000052
H3:G2→{0,1}nAnd
Figure BDA0002987477520000053
KGC randomly selects master key
Figure BDA0002987477520000054
And calculates the corresponding private key PpubsP. KGC discloses system parameters
Figure BDA0002987477520000055
And keeps the master key s secret. Here, the
Figure BDA0002987477520000056
From G2And (4) generating.
A registration stage: both the client and server sides register in a certificate-less based environment.
For registration of the client:
the client provides the KGC with the identity ID of the clientATo make the key negotiated by both parties time-efficient, the KGC selects an expiration date ED and calculates part of the private key
Figure BDA0002987477520000057
KGC then reconciles a portion of private key DAAnd the expiration date ED is sent to the client in a secure manner. To this end, we can use an offline method or an online Transport Layer Security (TLS) method for delivery.
Client random selection
Figure BDA0002987477520000058
As its own secret value, based on the selected secret value xACalculating corresponding public values
Figure BDA0002987477520000059
After receiving the partial private key provided by KGC, calculating corresponding complete private key SA=(xA,DA);
Calculating the complete private key S at the clientA=(xA,DA) ) and a common value yAThen, the following steps are executed for calculating the complete public key of the client:
the client selects a random number alpha,
Figure BDA00029874775200000510
and calculating rA,rA=gαThen calculate the Hash value hA,hA=H1(rA,yA,IDA) ) and then calculates the auxiliary public key verification value TA,TA=(α-xA,hA)DAFinally, the complete public key (y) is outputA,hA,TA) And publishes the full public key and then performs full public key verification.
The full public key verification comprises the following steps:
firstly, the server side carries out identity authentication on the client side according to public information, and the identity authentication executes the following steps: given a client's full public key (y)A,hA,TA) The verifier checks yAWhether the order of (a) is p (i.e.y)UNot equal to 1, however
Figure BDA00029874775200000511
) Then r is calculatedA
Figure BDA00029874775200000512
Finally, the verification value h 'is calculated'A=H1(rA,yA,IDA). If and only if hA=h'AAnd if so, receiving the identity of the client, successfully verifying the public key, and otherwise, returning an error symbol of reverse sign.
The registration of the server side is the same as that of the client side, and details are not repeated.
When the client and the server want to jointly negotiate the key establishment, the following steps are executed:
the client end firstly selects a random session key K e for {0,1}n,
Figure BDA0002987477520000061
And the value of r is calculated,
Figure BDA0002987477520000062
and then the calculation of c is carried out,
Figure BDA0002987477520000063
wherein
Figure BDA0002987477520000064
Is an XOR operation, H3(r) Hash operation is carried out on r, and then verification value H is calculated, wherein H is H4(r,yA,yB,IDA,IDBK, ED), and then the verification-related parameter value z is calculated,
Figure BDA0002987477520000065
and finally generating a ciphertext sigma (c, h, z), wherein h is a verification value.
After receiving the ciphertext sigma (c, h, z) sent by the client, the server executes the following steps:
the server side calculates the r value according to the known information,
Figure BDA0002987477520000066
then, the key K of the key agreement is restored according to the ciphertext c,
Figure BDA0002987477520000067
finally, the verification value H', H ═ H is calculated according to the secret key4(r,yA,yB,IDA,IDBK, ED). If h ═ h', a session key K is established between the client and the server, K being known only to the client and the server, which ensures the confidentiality of the subsequent communication between the client and the server. Otherwise, the server end refuses the key K transmitted by the client end, and the establishment of the negotiation key is unsuccessful.
The symbols used primarily during the practice for this particular example are summarized in table 1 below:
TABLE 1
Figure BDA0002987477520000068
The above embodiments are merely illustrative of the technical concepts and features of the present invention, and the purpose of the embodiments is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (8)

1. A certificateless-based user authentication and key agreement method is characterized by comprising the following steps:
s1: setting system parameters and initializing the system: the system parameters comprise a safety parameter k and an addition group G1Multiplication group G2Prime order P, generator P, bilinear mapping and four hash functions; also includes a master key
Figure FDA0002987477510000011
The corresponding private key, wherein,
Figure FDA0002987477510000012
represents an integer group excluding 0; disclosing each system parameter and keeping a master key s secret;
s2: at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC according to the user identity IDU' HegongCommon value of yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUAnd then according to part of private key DUDetermination of the complete private key SUFinally according to the complete private key SUAnd a common value yUGenerating a complete public key;
s3: verifying the full public key generated in step S2;
s4: given the secret value x of the sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure FDA0002987477510000013
After a commitment value r is calculated, a ciphertext is generated through XOR, Hash operation and bilinear pairwise operation;
s5: the user B receives the ciphertext in the step S4 and the identity ID of the user AACommon value yAAnd then calculating a commitment value r, recovering a key through XOR, Hash operation and bilinear pairwise operation according to the ciphertext, determining a verification value according to the recovered key, and if the verification is successful, passing the identity verification of the user A and establishing a session key to form a final session key.
2. The certificateless user authentication and key agreement-based method according to claim 1, wherein the detailed system parameters in S1 are:
selecting an addition group G from a safety parameter k, KGC1And a multiplicative group G2Two groups have the same order P, P is prime number, and P is addition group G1The generation element of (a) is generated,
Figure FDA0002987477510000014
G1×G1→G2for a bilinear mapping, four secure hash functions are defined, each H1:
Figure FDA0002987477510000015
H2:
Figure FDA0002987477510000016
H3:G2→{0,1}nAnd H4:
Figure FDA0002987477510000017
n is the message length of the identity, and KGC randomly selects a master key
Figure FDA0002987477510000018
And calculates the corresponding private key PpubDiscloses system parameters for sP and KGC
Figure FDA0002987477510000021
And the master key s is kept secret; wherein the content of the first and second substances,
Figure FDA0002987477510000022
from G2And (4) generating.
3. The certificateless user authentication and key agreement method according to claim 1, wherein the generating of the complete private key at the sender in the certificateless environment in S2 is specifically performed as:
s2.1: given user identity IDURandom selection by the user
Figure FDA0002987477510000023
As its own secret value;
s2.2: the user can obtain the secret value x according to the userUCalculating corresponding common values
Figure FDA0002987477510000024
S2.3: user provides KGC with identity IDUAnd a common value yUKGC calculates partial private key
Figure FDA0002987477510000025
And part of the private key DUSending to the user in a secure manner;
s2.4: the user receives part of private key D provided by KGCUThen, calculate out its own complete private key SU=(xU,DU)。
4. The certificateless user authentication and key agreement method according to claim 3, wherein the generating of the full public key at the sender in the certificateless environment in S2 is specifically performed as:
s2.5: in step S2.4 a complete private key S is givenU=(xU,DU) And a common value yUThen, a number alpha is randomly selected,
Figure FDA0002987477510000026
and calculating rU,rU=gα
S2.6: calculating the Hash value hU,hU=H1(rU,yU,IDU);
S2.8: computing to generate an auxiliary public key verification value TU,TU=(α-xU,hU)DU
S2.9: exporting the full public key (y)U,hU,TU)。
5. The certificateless user authentication and key agreement method according to claim 1, wherein the full public key verification in S3 specifically comprises the steps of:
s3.1: given a full public key (y)U,hU,TU) The verifier checks yUWhether the order of (a) is p (i.e.y)UNot equal to 1, however
Figure FDA0002987477510000027
);
S3.2: calculate rU
Figure FDA0002987477510000028
S3.3: calculating a verification value h'U=H1(rU,yU,IDU);
S3.4: if and only if h'U=hUAnd if so, receiving the complete public key, successfully verifying the complete public key, and otherwise, returning an error symbol of ^ T.
6. The certificateless user authentication and key agreement method according to claim 1, wherein the specific steps of generating the ciphertext in S4 are:
s4.1: secret value x at a given sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure FDA0002987477510000031
And the value of the commitment r is calculated,
Figure FDA0002987477510000032
s4.2: the user a calculates the value of c,
Figure FDA0002987477510000033
wherein
Figure FDA0002987477510000034
Is an XOR operation, H3(r) performing a Hash operation on the commitment r;
s4.3: the user A calculates the verification value H, H ═ H4(r,yA,yB,IDA,IDB,K);
S4.4: the user a calculates the authentication-related parameter value z,
Figure FDA0002987477510000035
s4.5: and finally generating a ciphertext sigma (c, h, z), wherein h is a verification value.
7. The certificateless user authentication and key agreement method according to claim 6, wherein the specific steps of forming the final session key in S5 are as follows:
s5.1: when user B receives the cipher text sigma ═ c, h, z and user A's IDAAnd a common value y of the userAThen, user B calculates the commitment r value according to the known information,
Figure FDA0002987477510000036
s5.2: the user B recovers the key K of the key agreement according to the c,
Figure FDA0002987477510000037
s5.2: the user B calculates an authentication value H', H ═ H according to the secret key K4(r,yA,yB,IDA,IDB,K);
S5.3: if H ═ H ', the sender's authentication is passed and the session key establishment H ═ H4(r,yA,yB,IDA,IDBK); otherwise, returning an error symbol T.
8. The certificateless user authentication and key agreement-based method according to any of claims 1 to 7, wherein the full public key is issued without authentication.
CN202110304286.2A 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless Active CN113179153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110304286.2A CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110304286.2A CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Publications (2)

Publication Number Publication Date
CN113179153A true CN113179153A (en) 2021-07-27
CN113179153B CN113179153B (en) 2022-07-15

Family

ID=76922151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110304286.2A Active CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Country Status (1)

Country Link
CN (1) CN113179153B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095163A (en) * 2021-11-18 2022-02-25 河南许继仪表有限公司 Certificateless key agreement method for electricity consumption information acquisition system
CN116599659A (en) * 2023-05-26 2023-08-15 重庆大学 Certificate-free identity authentication and key negotiation method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
WO2016187690A1 (en) * 2015-05-26 2016-12-01 Infosec Global Inc. Key agreement protocol
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN111314076A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Certificateless key agreement method supporting bidirectional authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
WO2016187690A1 (en) * 2015-05-26 2016-12-01 Infosec Global Inc. Key agreement protocol
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN111314076A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Certificateless key agreement method supporting bidirectional authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
裴雨潇等: "一个高效的无证书两方认证密钥协商协议", 《信息技术》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095163A (en) * 2021-11-18 2022-02-25 河南许继仪表有限公司 Certificateless key agreement method for electricity consumption information acquisition system
CN116599659A (en) * 2023-05-26 2023-08-15 重庆大学 Certificate-free identity authentication and key negotiation method and system
CN116599659B (en) * 2023-05-26 2024-01-26 重庆大学 Certificate-free identity authentication and key negotiation method and system

Also Published As

Publication number Publication date
CN113179153B (en) 2022-07-15

Similar Documents

Publication Publication Date Title
US8930704B2 (en) Digital signature method and system
CN107947913B (en) Anonymous authentication method and system based on identity
CN108667626A (en) The two sides cooperation SM2 endorsement methods of safety
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
US8464060B2 (en) Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
JP4837729B2 (en) Cryptographic authentication method, computer system and data carrier
CN108667627B (en) SM2 digital signature method based on two-party cooperation
CN105959269A (en) ID-based authenticated dynamic group key agreement method
Miao et al. On security of a certificateless signcryption scheme
CN107579819A (en) A kind of SM9 digital signature generation method and system
CN113572603B (en) Heterogeneous user authentication and key negotiation method
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN109639439A (en) A kind of ECDSA digital signature method based on two sides collaboration
CN113179153B (en) User authentication and key agreement method based on certificateless
CN103988466A (en) Group encryption methods and devices
CN111181718A (en) Anti-quantum computing IKE system based on alliance chain and negotiation communication method
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
Hwang et al. Confidential deniable authentication using promised signcryption
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN114285546B (en) Heterogeneous signcryption communication method applicable to vehicle-mounted ad hoc network
Chung et al. Ring signature scheme for ECC-based anonymous signcryption
CN109412815B (en) Method and system for realizing cross-domain secure communication
Wu et al. A publicly verifiable PCAE scheme for confidential applications with proxy delegation
Reddi et al. Identity-based signcryption groupkey agreement protocol using bilinear pairing
Ki et al. Privacy-enhanced deniable authentication e-mail service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20210727

Assignee: Huaian Haiheng Technology Co.,Ltd.

Assignor: HUAIYIN INSTITUTE OF TECHNOLOGY

Contract record no.: X2023980030550

Denomination of invention: A certificateless user authentication and key agreement method

Granted publication date: 20220715

License type: Common License

Record date: 20230106