CN113179153B - User authentication and key agreement method based on certificateless - Google Patents

User authentication and key agreement method based on certificateless Download PDF

Info

Publication number
CN113179153B
CN113179153B CN202110304286.2A CN202110304286A CN113179153B CN 113179153 B CN113179153 B CN 113179153B CN 202110304286 A CN202110304286 A CN 202110304286A CN 113179153 B CN113179153 B CN 113179153B
Authority
CN
China
Prior art keywords
user
key
value
kgc
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110304286.2A
Other languages
Chinese (zh)
Other versions
CN113179153A (en
Inventor
金春花
朱辉辉
单劲松
阚格
吉思维
刘鎏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202110304286.2A priority Critical patent/CN113179153B/en
Publication of CN113179153A publication Critical patent/CN113179153A/en
Application granted granted Critical
Publication of CN113179153B publication Critical patent/CN113179153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of information security, and discloses a certificateless user authentication and key agreement method, which comprises the steps of setting system parameters and initializing a system; at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC based on user identity IDUCommon value yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUPost determination of the complete private key SUFinally according to the complete private key SUAnd a common value yUGenerating a complete public key; verifying the complete public key; given the secret value x of the sender user aAID, IDAPublic value yAAnd a public value y of the recipient user BBAnd generating a ciphertext and finally generating a session key. Compared with the prior art, the invention can realize that the two parties of the user jointly negotiate the safe key in the certificateless environment.

Description

Certificateless user authentication and key agreement method
Technical Field
The invention relates to the technical field of information security, in particular to a certificateless user authentication and key agreement method.
Background
Key agreement is an important link of secure communication, and a shared session key can be established between communication nodes through a key agreement protocol, and the key can be used for ensuring confidentiality and integrity in a communication process. According to the difference of the public key verification mode under the public key cryptosystem, a plurality of identity-based, certificate-based and certificate-free two-party authenticated key agreement protocols are researched at present.
Under a traditional cryptosystem Based on a public key certificate, a public key of a user is authenticated by a certificate authority to issue a certificate, the management process of the public key certificate is complex and extremely costly, and in order to simplify the certificate management process, in 1984, Shamir first proposes an identity-Based cryptosystem [ Shamir A. identity-Based cryptosystems and signature schemes. in: Proc. of the Cryptor' 84.LNCS 196, Berlin: spring-Verlag, 1984.47-53 ]. In the public key cryptosystem based on the identity, a user uses the identity of the user as a public key, such as an identification of a mailbox, a mobile phone number and the like, so that a public key certificate, an authentication process and the like are not required to be obtained. In 2003, AIRiyami et al proposed a first certificateless two-party key agreement protocol [ AI-RIYAMI S, PATERSON K G.Certificateless public key cryptography [ C ]. In: Advances In cryptography-ASIACRYPT 2003.Springer Berlin Heidelberg,2003:452 473 ]. Mandet et al In 2006 indicated that the scheme proposed by AIRiyami et al was not resistant to temporary key-leakage attacks and proposed a new protocol scheme [ MANDT T K, TAN C H. Certificateless authenticated two-party key acquisition protocol [ C ]. In: Advances In Computer Science-ASIAN2006.Springer Berlin Heidelberg,2006: 37-44 ]. 2011 Liuwenhao et al proposed two party protocols based on signatures [ LIU W H, XU C X.two party certificate authority schemes [ J ] Journal of software 2011,22(11): 2843-. In 2017, et al, claimed eCK (a formalized method for designing and analyzing a two-party authenticated key agreement protocol) model, a two-party protocol [ ZHOU Y W, YANG B, ZHANG W Z. an improved two-party authenticated trusted key agreement protocol-col [ J ]. Chinese Journal of computers,2017,40(5):1181-1191 ], but failed to resist temporary key leakage attacks. Wu et al, 2019, presented a two-party protocol [ WU T, JING X J.two-party-authenticated key authentication protocol with enhanced security [ J ]. the journal of China Universities of Posts and decelluminations, 2019,26(1): 12-20 ] under model eCK, but demonstrated that it was not resistant to KCI (Key leak camouflage) attacks by class I adversaries.
The above certificateless based user authentication and key agreement protocols suffer more or less from security problems or computational complexity problems. Therefore, there is a need for a certificateless user authentication and key agreement method that is efficient and secure, and that solves the problems of key escrow and certificate issue difficulties.
Disclosure of Invention
The invention aims to: aiming at the problems in the prior art, the invention provides a certificateless user authentication and key agreement method, which can realize that a user and a user jointly negotiate a safe key in a certificateless environment.
The technical scheme is as follows: the invention provides a certificateless user authentication and key agreement method, which comprises the following steps:
s1: setting system parameters and initializing the system: the system parameters comprise a safety parameter k and an addition group G1Multiplication group G2Prime order P, generator P, bilinear mapping and four hash functions; also includes a master key
Figure GDA0003582014290000021
The corresponding private key, wherein,
Figure GDA0003582014290000022
represents an integer group excluding 0; disclosing each system parameter and keeping a master key s secret;
s2: at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC based on user identity IDUCommon value yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUAnd then according to part of private key DUDetermination of the complete private key SUFinally according to finishFull private key SUAnd a common value yUGenerating a complete public key;
s3: verifying the full public key generated in step S2;
s4: given the secret value x of the sender user aAID, IDAPublic value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure GDA0003582014290000023
After a commitment value r is calculated, a ciphertext is generated through XOR, Hash operation and bilinear pairwise operation;
s5: the user B receives the ciphertext in the step S4 and the identity ID of the user AACommon value yAAnd then calculating a commitment value r, recovering a key through XOR, Hash operation and bilinear pairwise operation according to the ciphertext, determining a verification value according to the recovered key, and if the verification is successful, passing the identity verification of the user A and establishing a session key to form a final session key.
Further, the detailed system parameters in S1 are:
selecting an addition group G from a safety parameter k, KGC1And a multiplicative group G2Two groups have the same order P, P is prime number, and P is addition group G1The generation element(s) of (a),
Figure GDA0003582014290000024
G1×G1→G2four secure hash functions are defined for a bilinear map, each H1:
Figure GDA0003582014290000025
H2:
Figure GDA0003582014290000026
H3:G2→{0,1}nAnd H4:
Figure GDA0003582014290000031
Message with n as identityLength, KGC random selection of master key
Figure GDA0003582014290000032
And calculates the corresponding private key PpubDiscloses system parameters for sP and KGC
Figure GDA0003582014290000033
And keeps secret the master key s; wherein, the first and the second end of the pipe are connected with each other,
Figure GDA0003582014290000034
from G2And (4) generating.
Further, in S2, generating a complete private key at the sending end in the certificateless environment, specifically:
s2.1: given user identity IDURandom selection by the user
Figure GDA0003582014290000035
As its own secret value;
s2.2: the user can obtain the secret value x according to himselfUCalculate the corresponding common value
Figure GDA0003582014290000036
S2.3: user provides KGC with identity IDUAnd a common value yUKGC calculates partial private key
Figure GDA0003582014290000037
And partial private key DUSending the information to the user in a safe mode;
s2.4: the user receives part of private key D provided by KGCUThen, calculate out its own complete private key SU=(xU,DU)。
Further, the step S2 of generating a complete public key at the sending end in the certificateless environment specifically includes:
s2.5: in step S2.4 a complete private key S is givenU=(xU,DU) And a common value yUThen, a number alpha is randomly selected,
Figure GDA0003582014290000038
and calculating rU,rU=gα
S2.6: calculating the Hash value hU,hU=H1(rU,yU,IDU);
S2.8: computing to generate an auxiliary public key verification value TU,TU=(α-xU,hU)DU
S2.9: exporting full public key (y)U,hU,TU)。
Further, the full public key verification in S3 specifically includes the following steps:
s3.1: given a full public key (y)U,hU,TU) The verifier checks yUWhether the order of (c) is p (i.e.y)UNot equal to 1, however
Figure GDA0003582014290000039
);
S3.2: calculate rU
Figure GDA00035820142900000310
S3.3: calculating a verification value h'U=H1(rU,yU,IDU);
S3.4: if and only if h'U=hUAnd if so, receiving the complete public key, successfully verifying the complete public key, and otherwise, returning an error symbol of ^ T.
Further, the specific step of generating the ciphertext in S4 is:
s4.1: secret value x at a given sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K e {0,1}n,
Figure GDA0003582014290000041
And the value of the commitment r is calculated,
Figure GDA0003582014290000042
s4.2: the user a calculates the value of c,
Figure GDA0003582014290000043
wherein
Figure GDA0003582014290000044
Is an XOR operation, H3(r) performing a Hash operation on the commitment r;
s4.3: the user A calculates the verification value H, H ═ H4(r,yA,yB,IDA,IDB,K);
S4.4: the user a calculates the authentication-related parameter value z,
Figure GDA0003582014290000045
s4.5: finally, the ciphertext σ ═ (c, h, z) is generated, where h is the verification value.
Further, the specific step of forming the final session key in S5 is:
s5.1: when user B receives the ciphertext σ ═ (c, h, z) and user a's identity IDAAnd a common value y of the userAThen, user B calculates the commitment r value according to the known information,
Figure GDA0003582014290000046
s5.2: the user B recovers the key K of the key agreement according to the c,
Figure GDA0003582014290000047
s5.2: the user B calculates an authentication value H', H ═ H according to the secret key K4(r,yA,yB,IDA,IDB,K);
S5.3: if H ═ H ', the sender's authentication is passed and the session key establishment H ═ H4(r,yA,yB,IDA,IDBK); otherwise, returning an error symbol T.
Further, the full public key may be issued without authentication.
Has the beneficial effects that: the invention constructs a safe user authentication and key agreement method in a certificateless environment, solves the problems of complex management process and extremely high cost of the traditional public key certificate, is proved to be safe in a random prediction model, has simple operation, is easy to transmit in a communication channel, and is an ideal key agreement method.
Drawings
FIG. 1 is a flowchart illustrating client user authentication and key agreement according to an embodiment of the present invention;
fig. 2 is a flowchart of server-side user authentication and key agreement according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The present invention is described by taking communication between a client and a server as an example, and refer to fig. 1 and fig. 2.
The invention discloses a certificateless user authentication and key agreement method, which mainly comprises the following steps:
an initialization stage: given a safety parameter k, KGC selects an addition group G1And a multiplicative group G2Two groups have the same order P, P being prime and P being additive group to generate G1The generation element(s) of (a),
Figure GDA0003582014290000051
G1×G1→G2for a bilinear mapping, four secure hash functions are defined, each H1:
Figure GDA0003582014290000052
H2:
Figure GDA0003582014290000053
H3:G2→{0,1}nAnd H4:
Figure GDA0003582014290000054
KGC randomly selects master key
Figure GDA0003582014290000055
And calculates the corresponding private key PpubsP. KGC discloses system parameters
Figure GDA0003582014290000056
And keeps the master key s secret. Here, the
Figure GDA0003582014290000057
From G2And (4) generating.
A registration stage: both the client and server sides register in a certificate-less based environment.
For registration of the client:
the client provides the KGC with its own identity IDATo make the key negotiated by both parties time-efficient, the KGC selects an expiration date ED and calculates part of the private key
Figure GDA0003582014290000058
KGC then reconciles a portion of private key DAAnd the expiration date ED is sent to the client in a secure manner. To this end, we can use an offline method or an online Transport Layer Security (TLS) method for delivery.
Client random selection
Figure GDA0003582014290000059
As its own secret value, based on the selected secret value xACalculating corresponding public values
Figure GDA00035820142900000510
After receiving the partial private key provided by KGC, calculating corresponding complete private key SA=(xA,DA);
Calculating the complete private key S at the clientA=(xA,DA) ) and a common value yAThen, the following steps are executed for calculating the complete public key of the client:
the client selects a random number alpha,
Figure GDA00035820142900000511
and calculating rA,rA=gαThen calculate the Hash value hA,hA=H1(rA,yA,IDA) ) and then calculates the auxiliary public key verification value TA,TA=(α-xA,hA)DAFinally, the full public key (y) is outputA,hA,TA) And publishes the full public key and then performs full public key verification.
The full public key verification comprises the following steps:
firstly, the server side carries out identity verification on the client side according to public information, and the identity verification executes the following steps: given a client's full public key (y)A,hA,TA) The verifier checks yAWhether the order of (a) is p (i.e.y)UNot equal to 1, however
Figure GDA00035820142900000512
) Then r is calculatedA
Figure GDA00035820142900000513
Finally, the verification value h 'is calculated'A=H1(rA,yA,IDA). If and only if hA=h'AAnd if so, receiving the identity of the client, successfully verifying the public key, and otherwise, returning an error symbol of reverse sign.
The registration of the server side is the same as that of the client side, and details are not repeated.
When the client and the server want to jointly negotiate the key establishment, the following steps are executed:
the client end firstly selects a random session key K e for {0,1}n,
Figure GDA0003582014290000061
And the value of r is calculated,
Figure GDA0003582014290000062
and then the calculation of c is carried out,
Figure GDA0003582014290000063
wherein
Figure GDA0003582014290000064
Is an XOR operation, H3(r) Hash operation is performed on r, and then verification value H is calculated, H is H4(r,yA,yB,IDA,IDBK, ED), and then the verification-related parameter value z is calculated,
Figure GDA0003582014290000065
and finally generating a ciphertext sigma (c, h, z), wherein h is a verification value.
After receiving the ciphertext sigma (c, h, z) sent by the client, the server executes the following steps:
the server side calculates the r value according to the known information,
Figure GDA0003582014290000066
then, the key K of the key agreement is restored according to the ciphertext c,
Figure GDA0003582014290000067
finally, the verification value H', H ═ H is calculated according to the secret key4(r,yA,yB,IDA,IDBK, ED). If h ═ h', a session key K is established between the client and the server, K being known only to the client and the server, which ensures the confidentiality of the subsequent communication between the client and the server. Otherwise, the server end refuses the key K transmitted by the client end, and the establishment of the negotiation key is unsuccessful.
The symbols used primarily during the practice for this particular example are summarized in table 1 below:
TABLE 1
Figure GDA0003582014290000068
The above embodiments are merely illustrative of the technical concepts and features of the present invention, and the purpose of the embodiments is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (2)

1. A certificateless-based user authentication and key agreement method is characterized by comprising the following steps:
s1: setting system parameters and initializing the system, wherein the detailed system parameters are as follows: selecting an addition group G from a safety parameter k, KGC1And a multiplicative group G2Two groups have the same order P, P is prime number, and P is addition group G1The generation element of (a) is generated,
Figure FDA0003582014280000011
G1×G1→G2for a bilinear mapping, four secure hash functions are defined, each H1:
Figure FDA0003582014280000012
H2:
Figure FDA0003582014280000013
H3:G2→{0,1}nAnd H4:
Figure FDA0003582014280000014
n is the message length of the identity, KGC randomly selects the master key
Figure FDA0003582014280000015
And calculates the corresponding private key PpubsP and KGC disclose system parameters
Figure FDA0003582014280000016
And keeps secret the master key s; wherein, the first and the second end of the pipe are connected with each other,
Figure FDA0003582014280000017
from G2Generating:
s2: at the sending end of the certificateless environment, the user randomly selects the secret value xUAnd determining the corresponding common value yUKGC according to the user identity IDUPublic value yUDetermining a partial private key DUThe sending end receives part of private key D provided by KGCUAnd then according to part of private key DUDetermination of the complete private key SUFinally based on the complete private key SUAnd a common value yUGenerating a complete public key; the specific operation is as follows:
s2.1: given user identity IDURandom selection by the user
Figure FDA0003582014280000018
As its own secret value;
s2.2: the user can obtain the secret value x according to himselfUCalculate the corresponding common value
Figure FDA0003582014280000019
S2.3: user provides KGC with identity IDUAnd a common value yUKGC calculating partial private keys
Figure FDA00035820142800000110
And part of the private key DUSending the information to the user in a safe mode;
s2.4: the user receives part of private key D provided by KGCUThen, calculating out its complete private key SU=(xU,DU);
S2.5: in step S2.4 a full private key S is givenU=(xU,DU) And a common value yUThen, a number alpha is randomly selected,
Figure FDA00035820142800000111
and calculating rU,rU=gα
S2.6: calculating the Hash value hU,hU=H1(rU,yU,IDU);
S2.7: computing to generate an auxiliary public key verification value TU,TU=(α-xU,hU)DU
S2.8: exporting the full public key (y)U,hU,TU);
S3: verifying the full public key generated in step S2, where the full public key verification specifically includes the following steps:
s3.1: given a full public key (y)U,hU,TU) The verifier checks yUWhether the order of (c) is p (i.e.y)UNot equal to 1, however
Figure FDA0003582014280000021
);
S3.2: calculating rU
Figure FDA0003582014280000022
S3.3: calculating a verification value h'U=H1(rU,yU,IDU);
S3.4: if and only if h'U=hUIf so, receiving the complete public key, successfully verifying the complete public key, and otherwise, returning an error symbol of T;
s4: given the secret value x of the sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K epsilon {0,1}n,
Figure FDA0003582014280000023
After a commitment value r is calculated, a ciphertext is generated through an XOR operation, a Hash operation and a bilinear pairing operation; the method specifically comprises the following steps:
s4.1: secret value x at a given sender user aAID, IDACommon value yAAnd a public value y of the recipient user BBThen, user A randomly selects a secret key K epsilon {0,1}n,
Figure FDA0003582014280000024
And a value of the commitment r is calculated,
Figure FDA0003582014280000025
s4.2: the user a calculates the value of c,
Figure FDA0003582014280000026
wherein
Figure FDA0003582014280000027
Is an XOR operation, H3(r) performing a Hash operation on the commitment r;
s4.3: user A calculates a verification value H, H ═ H4(r,yA,yB,IDA,IDB,K);
S4.4: the user a calculates the authentication-related parameter value z,
Figure FDA0003582014280000028
s4.5: finally, generating a ciphertext sigma (c, h, z), wherein h is a verification value;
s5: the user B receives the ciphertext in the step S4 and the identity ID of the user AAPublic value yAThen, calculating a commitment value r, recovering a key through XOR, Hash operation and bilinear pairwise operation according to the ciphertext, determining a verification value according to the recovered key, and if the verification is successful, passing the identity verification of the user A and establishing a session key to form a final session key; the method comprises the following specific steps:
s5.1: when user B receives the ciphertext σ ═ (c, h, z) and user a's identity IDAAnd a common value y of the userAThen, user B calculates the commitment r value according to the known information,
Figure FDA0003582014280000031
s5.2: the user B recovers the key K of the key agreement according to the c,
Figure FDA0003582014280000032
s5.2: the user B calculates an authentication value H ', H ═ H' from the key K4(r,yA,yB,IDA,IDB,K);
S5.3: if H-H ', the sender's authentication is passed and the session key is established H-H4(r,yA,yB,IDA,IDBK); otherwise, returning an error symbol T.
2. The certificateless user authentication and key agreement-based method of claim 1, wherein the full public key is issued without authentication.
CN202110304286.2A 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless Active CN113179153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110304286.2A CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110304286.2A CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Publications (2)

Publication Number Publication Date
CN113179153A CN113179153A (en) 2021-07-27
CN113179153B true CN113179153B (en) 2022-07-15

Family

ID=76922151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110304286.2A Active CN113179153B (en) 2021-03-22 2021-03-22 User authentication and key agreement method based on certificateless

Country Status (1)

Country Link
CN (1) CN113179153B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095163A (en) * 2021-11-18 2022-02-25 河南许继仪表有限公司 Certificateless key agreement method for electricity consumption information acquisition system
CN116599659B (en) * 2023-05-26 2024-01-26 重庆大学 Certificate-free identity authentication and key negotiation method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
WO2016187690A1 (en) * 2015-05-26 2016-12-01 Infosec Global Inc. Key agreement protocol
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN111314076A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Certificateless key agreement method supporting bidirectional authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270249A (en) * 2014-09-23 2015-01-07 电子科技大学 Signcryption method from certificateless environment to identity environment
WO2016187690A1 (en) * 2015-05-26 2016-12-01 Infosec Global Inc. Key agreement protocol
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN111314076A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Certificateless key agreement method supporting bidirectional authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一个高效的无证书两方认证密钥协商协议;裴雨潇等;《信息技术》;20170525(第05期);全文 *

Also Published As

Publication number Publication date
CN113179153A (en) 2021-07-27

Similar Documents

Publication Publication Date Title
CN110505058B (en) Identity authentication method for heterogeneous block chain in cross-chain scene
CN107947913B (en) Anonymous authentication method and system based on identity
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
JP4837729B2 (en) Cryptographic authentication method, computer system and data carrier
US8930704B2 (en) Digital signature method and system
US8464060B2 (en) Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
CN108667626A (en) The two sides cooperation SM2 endorsement methods of safety
CN108667627B (en) SM2 digital signature method based on two-party cooperation
CN105959269A (en) ID-based authenticated dynamic group key agreement method
CN113572603B (en) Heterogeneous user authentication and key negotiation method
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN109639439A (en) A kind of ECDSA digital signature method based on two sides collaboration
CN113179153B (en) User authentication and key agreement method based on certificateless
CN113556237A (en) Threshold signature method, system, device and storage medium based on aggregation of multiple signatures
CN111181718A (en) Anti-quantum computing IKE system based on alliance chain and negotiation communication method
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
Heninger RSA, DH, and DSA in the Wild
CN111245615B (en) Digital signature password reverse firewall method based on identity
Zhou et al. Three-round secret handshakes based on ElGamal and DSA
CN114285546B (en) Heterogeneous signcryption communication method applicable to vehicle-mounted ad hoc network
Wang et al. Perfect ambiguous optimistic fair exchange
Liu et al. pKAS: A Secure Password‐Based Key Agreement Scheme for the Edge Cloud
Cheng et al. Cryptanalysis and improvement of a certificateless encryption scheme in the standard model
CN114285580A (en) Online and offline signcryption method from certificateless to public key infrastructure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20210727

Assignee: Huaian Haiheng Technology Co.,Ltd.

Assignor: HUAIYIN INSTITUTE OF TECHNOLOGY

Contract record no.: X2023980030550

Denomination of invention: A certificateless user authentication and key agreement method

Granted publication date: 20220715

License type: Common License

Record date: 20230106