CN113438085A - Efficient attribute-based server assisted signature verification method and system - Google Patents

Efficient attribute-based server assisted signature verification method and system Download PDF

Info

Publication number
CN113438085A
CN113438085A CN202110702089.6A CN202110702089A CN113438085A CN 113438085 A CN113438085 A CN 113438085A CN 202110702089 A CN202110702089 A CN 202110702089A CN 113438085 A CN113438085 A CN 113438085A
Authority
CN
China
Prior art keywords
signature
verification
attribute
key
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110702089.6A
Other languages
Chinese (zh)
Other versions
CN113438085B (en
Inventor
李继国
陈宇
张亦辰
康曌哲
章如愿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN202110702089.6A priority Critical patent/CN113438085B/en
Publication of CN113438085A publication Critical patent/CN113438085A/en
Application granted granted Critical
Publication of CN113438085B publication Critical patent/CN113438085B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a signature verification method and a signature verification system assisted by a high-efficiency attribute base server, wherein the system comprises the following steps: the attribute authorization terminal is used for generating a system master key and public parameters; the system is also used for generating a private key and an access strategy verification public key according to the system master key, the public parameters and the signature end attributes; the server verifies the public key according to the public parameters, converts the signature and calculates an intermediate signature; the signature end is used for calculating a signature according to the private key, the public parameters, the access strategy and the message; the verification end is used for converting the key, the message and the signature according to the public parameters, and calculating a conversion signature and an intermediate signature; and the system is also used for verifying the validity of the signature according to the public parameters, the intermediate signature, the access strategy and the conversion key. The invention effectively improves the access control and anonymous authentication efficiency of the resource-limited equipment on the premise of ensuring the reliability.

Description

Efficient attribute-based server assisted signature verification method and system
Technical Field
The invention relates to the technical field of use safety of resource-constrained equipment, in particular to a method and a system for verifying an auxiliary signature of an efficient attribute base server.
Background
The attribute-based signature is a new cryptology primitive, namely a valid signature can be generated only when the attribute of a user meets an access policy, and the identity information of the user cannot be leaked by the signature. However, there are some attribute-based signatures based on threshold policy, and the signature algorithm is limited by the threshold, and the threshold access policy does not perform precise access control on the attributes of the user. In addition, since a certain number of pairing operations are required in the verification stage, the computation overhead of the verification algorithm is increased, and a heavy computation burden is imposed on the verifier. Compared with exponential operation, pairing operation is long in time consumption, so that the conventional ABS scheme is not suitable for equipment with limited resources, such as RFID (radio frequency identification devices), smart cards and the like.
Disclosure of Invention
In view of the above, the present invention provides an efficient attribute-based server-assisted signature verification method and system, in which a server assists a user to perform a large amount of computation overhead in a signature and verification algorithm, and the proposed scheme provides anonymity and non-forgeability. Furthermore, the proposed method reduces the computational overhead for the signer and verifier.
In order to achieve the purpose, the invention adopts the following technical scheme:
a signature method of an efficient attribute-based server assisted verification signature system comprises the following steps:
step S1: the attribute authorization end inputs a security parameter lambda and outputs a system master key MK and a public parameter params;
step S2: the attribute authorization end inputs MK, a public parameter params and a signature end attribute omega to generate a verification public key gpk and a private key skω
Step S3: signature end input private key skωThe public parameter params, the access policy Γ, the message M, the output signature δ;
step S4: the verification end inputs the public parameter params, the conversion key tk, the message M, the signature delta and outputs the conversion signature
Figure RE-GDA0003168374450000021
Step S5: the server inputs the public parameter params and converts the signature
Figure RE-GDA0003168374450000022
Verifying the public key gpk and outputting an intermediate signature
Figure RE-GDA0003168374450000023
Step S6: the verification end inputs the public parameter params and the intermediate signature
Figure RE-GDA0003168374450000024
Access policy Γ, transform key tk, output 1 if the signature is valid, otherwise output 0.
Further, the step S1 specifically includes the following steps:
step S11: g1And G2For multiplications of order p, G is G1The generator of (1). The attribute authorization terminal randomly selects one a to be in the range of ZpCalculate g1=gaWherein Z isp={0,1,2,…,p-1};
Step S12: random selection g of attribute authorization terminal2,u′,u1,…,un∈G1And calculating Z ═ e (g)1,g2) Where the master key MK ═ a. The published parameters are: params ═ G (p, G)1,G2,e,g,g1,g2,u′,u1,…,un,Z);
Further, the step S2 specifically includes the following steps:
step S21: attribute authority random selection
Figure RE-GDA0003168374450000025
Calculating a2=a-a1(ii) a Then randomly selecting r ∈ ZpIs calculated to obtain
Figure RE-GDA0003168374450000026
Wherein
Figure RE-GDA0003168374450000027
Step S22: for each i e omega, the attribute authority randomly selects ri∈Zpi∈ZpCalculating
Figure RE-GDA0003168374450000028
The private key of the user is skω=(di,{di0,di1}i∈ω);
Step S23: to generate a verification public key gpk on the attribute tree Γ, the attribute authority selects a dx=kx-1 order polynomial qx(. wherein k) isxIs a threshold value, qroot(·)=a1Is the value of the root node, with the other nodes set to qx(0)=qparent(x)(index (x)). Verification public key for attribute tree Γ if polynomial is computed
Figure RE-GDA0003168374450000029
Wherein i att (x), x is a leaf node;
further, the step S3 specifically includes the following steps:
step S31: the user has a private key sk on the attribute omegaωTo generate a message M ═ {0,1}nThe user randomly selects s ∈ ZpCalculating
Figure RE-GDA0003168374450000031
Definition of
Figure RE-GDA0003168374450000032
For attributes in the attribute tree, with respect to arbitrary
Figure RE-GDA0003168374450000033
User randomly selects r'i∈ZpCalculating
Figure RE-GDA0003168374450000034
Step S32: user output signature δ ═ δ (δ)0,δ′0,{δi0i1}i∈ω);
Further, in step S4, the calculating of the user signature specifically includes the following steps:
step S41: after the verification end receives the signature delta, selecting t e to Z randomlypAs a transformation key tk, a transformation signature is calculated
Figure RE-GDA0003168374450000035
Step S42: the verification end sends a conversion signature
Figure RE-GDA0003168374450000036
And sending the data to a server side.
Further, the step S5 specifically includes the following steps:
step S51: attribute authority end defines a recursion algorithm
Figure RE-GDA0003168374450000037
To verify the signature, where x is a node on the tree. Let i att (x), if x represents a leaf node, the server side obtains the conversion signature from the verification side
Figure RE-GDA0003168374450000038
Computing
Figure RE-GDA0003168374450000039
Step S52: if it is not
Figure RE-GDA00031683744500000310
Then the server side calculates
Figure RE-GDA00031683744500000311
Step S53: if it is not
Figure RE-GDA00031683744500000312
Server-side computing
Figure RE-GDA00031683744500000313
Step S54: if x is a non-leaf node, the algorithm
Figure RE-GDA0003168374450000041
Is performed as follows. Is calculated as z for all related nodes
Figure RE-GDA0003168374450000042
Where all nodes z are children of node x. Order SxIs represented by having an arbitrary kxA set of child nodes z. Let i ═ index (z) be the index of node z, S'x={index(z):z∈Sx}. Server side calculates:
Figure RE-GDA0003168374450000043
server-side computing
Figure RE-GDA0003168374450000044
Wherein T isrootIs the value of the recursive algorithm of the root node. Then output
Figure RE-GDA0003168374450000045
Server side sends intermediate signature
Figure RE-GDA0003168374450000046
To the verification end.
Step S55: the server signs the intermediate signature
Figure RE-GDA0003168374450000047
And sending the data to a verification end.
Step S6: the verification end inputs the public parameter params and the intermediate signature
Figure RE-GDA0003168374450000048
Access policy Γ, transform key tk, output 1 if the signature is valid, otherwise output 0.
Further, the step S6 specifically includes the following steps:
step S61: the verification end obtains the intermediate signature from the server end
Figure RE-GDA0003168374450000049
And calculate
Figure RE-GDA00031683744500000410
Step S62: verification end verification equation
Figure RE-GDA00031683744500000411
Whether or not this is true. If it is not
Figure RE-GDA00031683744500000412
The signature is valid. Otherwise, the verifying end refuses the signature.
An efficient attribute-based server-assisted verification signature system, comprising:
the attribute authorization terminal is used for generating a system master key MK and a public parameter params; and the system is also used for generating a verification public key gpk and a private key sk according to the system master key MK, the public parameter params, the access strategy gamma and the signature end attribute omegaω
A signature end for signing according to the private key skωThe public parameter params, the access policy Γ, the message M, compute the signature δ;
a server for verifying the public key gpk and transforming the signature according to the public parameter params
Figure RE-GDA0003168374450000051
Computing intermediate signatures
Figure RE-GDA0003168374450000052
A verification end for calculating a conversion signature according to the public parameter params, the conversion key tk, the message M and the signature delta
Figure RE-GDA0003168374450000053
And intermediate signatures
Figure RE-GDA0003168374450000054
Also for intermediate signatures based on the public parameter params
Figure RE-GDA0003168374450000055
And accessing the strategy gamma, converting the key tk and verifying the validity of the signature.
Compared with the prior art, the invention has the following beneficial effects:
the invention is designed based on the attribute-based signature, the private key of the user is associated with a group of attributes, the access strategy is embedded in the signature, and if the attributes meet the access strategy, the user can generate an effective signature. The verifier is confident that a particular signature is created by a set of possible users whose attributes match the access policy, so that no information on the identity of the signer is revealed. Therefore, the method and the system have strong practicability and wide application prospect in data authentication and privacy protection access control.
Drawings
FIG. 1 is a schematic block diagram of a system in one embodiment of the invention;
FIG. 2 is a diagram of an attribute tree in an embodiment of the invention.
Detailed Description
The invention is further explained below with reference to the drawings and the embodiments.
Referring to fig. 1, the present invention provides an efficient attribute-based server assisted signature verification system, which includes:
attribute authority end for generating system master keyMK and the published parameter params; and is also used for generating a verification public key gpk and a private key sk according to the system master key MK, the public parameter params and the signature end attribute omegaωWherein the verification public key gpk is generated with respect to a specific attribute tree Γ, the attribute tree being represented as an access policy;
a signature end for signing according to the private key skωThe public parameter params, the access policy Γ, the message M, compute the signature δ;
a server for verifying the public key gpk and transforming the signature according to the public parameter params
Figure RE-GDA0003168374450000056
Computing intermediate signatures
Figure RE-GDA0003168374450000057
A verification end for calculating a conversion signature according to the public parameter params, the conversion key tk, the message M and the signature delta
Figure RE-GDA0003168374450000061
And intermediate signatures
Figure RE-GDA0003168374450000062
Also for intermediate signatures based on the public parameter params
Figure RE-GDA0003168374450000063
And accessing the strategy gamma, converting the key tk and verifying the validity of the signature.
Referring to fig. 2, in the present implementation, the attribute tree: an attribute tree Γ is set as an access policy, where each non-leaf node is represented by a number of children and a threshold value. numxExpressed as the number of child nodes, kxRepresents a threshold value, where 0 < kx≤numx. Each node represents a threshold value for an attribute, where the threshold value is represented as an AND gate (k)x=numx) And or gate (k)x1). Each child node from 1 to numxAnd performing marking indexing. Function index (x) responds to the value associated with node x, where the index value is distributed only to attributesOn a node of the tree. Function parent (x) represents the parent index value of node x. Each leaf node of the tree is represented as an attribute and the threshold value is defined as kxThe function att (x) denotes the index of the leaf node x, 1.
The embodiment also provides an efficient attribute-based server assisted signature verification method, which comprises the following steps:
step S1: the attribute authority inputs the security parameter lambda and outputs the system master key MK and the public parameter params.
In this embodiment, the step S1 specifically includes the following steps:
step S11: g1And G2For multiplications of order p, G is G1The generator of (1). The attribute authorization terminal randomly selects one a to be in the range of ZpCalculate g1=gaWherein Z isp={0,1,2,…,p-1};
Step S12: random selection g of attribute authorization terminal2,u′,u1,…,un∈G1And calculating Z ═ e (g)1,g2) Where the master key MK ═ a. The published parameters are: params ═ G (p, G)1,G2,e,g,g1,g2,u′,u1,…,un,Z);
Step S2: the attribute authorization end inputs MK, a public parameter params, an access strategy gamma and a signature end attribute omega to generate a verification public key gpk and a private key skω
In this embodiment, the attribute authority generates the private key sk of the user using a set of attribute setsωAnd verifying the public key gpk, specifically comprising the steps of:
step S21: random selection of attribute authority
Figure RE-GDA0003168374450000064
Calculating a2=a-a1(ii) a Then randomly selecting r ∈ ZpIs calculated to obtain
Figure RE-GDA0003168374450000065
Wherein
Figure RE-GDA0003168374450000066
Step S22: for each i e omega, the attribute authority randomly selects ri∈Zpi∈ZpComputing
Figure RE-GDA0003168374450000071
The private key of the user is skω=(di,{di0,di1}ω);
Step S23: to generate a verification public key gpk for a particular attribute tree Γ, the authority selects a dx=kx-1 order polynomial qx(. wherein k) isxIs a threshold value, qroot(·)=a1Is the value of the root node, with the other nodes set to qx(0)=qparent(x)(index (x)). Verification public key for attribute tree Γ if polynomial is computed
Figure RE-GDA0003168374450000072
Wherein i att (x), x is a leaf node;
step S3: signature end input private key skωThe public parameter params, the access policy Γ, the message M, the output signature δ.
In this embodiment, the signing side uses the private key skωAnd generating a signature δ of the message M by using the attribute set ω, specifically including the following steps:
step S31: the signature end possesses a private key sk related to the attribute omegaωTo generate a message M ═ {0,1}nThe signature end randomly selects s to be ZpCalculating
Figure RE-GDA0003168374450000073
Definition of
Figure RE-GDA0003168374450000074
For attributes associated with the attribute tree, with respect to any
Figure RE-GDA0003168374450000075
Signature end followsMachine is selected to'i∈ZpCalculating
Figure RE-GDA0003168374450000076
Step S32: signature end output signature delta ═ delta0,δ′0,{δi0i1}i∈ω);
Step S4: the verification end inputs the public parameter params, the conversion key tk, the message M, the signature delta and outputs the conversion signature
Figure RE-GDA0003168374450000077
In this embodiment, the step S4 specifically includes the following steps:
step S41: after the verification end receives the signature delta, selecting t e to Z randomlypAs a transformation key tk, a transformation signature is calculated
Figure RE-GDA0003168374450000078
Step S42: the verification end sends a conversion signature
Figure RE-GDA0003168374450000079
To the server.
Step S5: the server inputs the public parameter params and converts the signature
Figure RE-GDA00031683744500000710
Outputting an intermediate signature
Figure RE-GDA00031683744500000711
In this embodiment, the step S5 specifically includes the following steps:
step S51: attribute authority end defines a recursion algorithm
Figure RE-GDA0003168374450000081
To verify the signature, where x is a node on the tree, let i att (x), if x represents a leaf node, the server side obtains the conversion signature from the verification side
Figure RE-GDA0003168374450000082
Computing
Figure RE-GDA0003168374450000083
Step S52: if it is not
Figure RE-GDA0003168374450000084
Then the server side calculates
Figure RE-GDA0003168374450000085
Step S53: if it is not
Figure RE-GDA0003168374450000086
Server-side computing
Figure RE-GDA0003168374450000087
Step S54: if x is a non-leaf node, the algorithm
Figure RE-GDA0003168374450000088
Is performed as follows. Is calculated as z for all related nodes
Figure RE-GDA0003168374450000089
Where all nodes z are children of node x. Order SxIs represented by having an arbitrary kxA set of child nodes z. Let i ═ index (z) be the index of node z, S'x={index(z):z∈Sx}. And (3) server side calculation:
Figure RE-GDA00031683744500000810
server-side computing
Figure RE-GDA0003168374450000091
Wherein T isrootIs the value of the recursive algorithm of the root node. Then output
Figure RE-GDA0003168374450000092
Server side sends intermediate signature
Figure RE-GDA0003168374450000093
To the verification end.
Step S55: the server signs the intermediate signature
Figure RE-GDA0003168374450000094
And sending the data to a verification end.
Step S6: the verifier inputs the public parameter params, the intermediate signature
Figure RE-GDA0003168374450000095
Access policy Γ, transform key tk, output 1 if the signature is valid, otherwise output 0.
Step S61: the verifying terminal obtains the intermediate signature from the server
Figure RE-GDA0003168374450000096
And calculate
Figure RE-GDA0003168374450000097
Step S62: verification end verification equation
Figure RE-GDA0003168374450000098
Whether or not this is true. If it is not
Figure RE-GDA0003168374450000099
The signature is valid. Otherwise, the verifying end refuses the signature.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is directed to preferred embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.

Claims (8)

1. An efficient attribute-based server assisted signature verification method is characterized by comprising the following steps:
step S1: the attribute authorization end inputs a security parameter lambda and outputs a system master key MK and a public parameter params;
step S2: the attribute authorization end inputs MK, a public parameter params, an access strategy gamma and a signature end attribute omega to generate a verification public key gpk and a private key skω
Step S3: signature end input private key skωThe public parameter params, the access policy Γ, the message M, the output signature σ;
step S4: the verification end inputs the public parameter params, the conversion key tk, the message M, the signature delta and outputs the conversion signature
Figure FDA0003130486500000011
Step S5: the server inputs the public parameter params and converts the signature
Figure FDA0003130486500000012
Verifying the public key gpk and outputting an intermediate signature
Figure FDA0003130486500000013
Step S6: the verification end inputs the public parameter params and the intermediate signature
Figure FDA0003130486500000014
Access policy Γ, transform key tk, output 1 if the signature is valid, otherwise output 0.
2. The method for signature verification assisted by an efficient attribute-based server according to claim 1, wherein the step S1 specifically comprises the following steps:
step S11: is provided withG1And G2For multiplications of order p, G is G1The attribute authorization end randomly selects an a E to ZpCalculate g1=gaWherein Z isp={0,1,2,…,p-1};
Step S12: random selection g of attribute authorization terminal2,u',u1,…,un∈G1And calculating Z ═ e (g)1,g2) Where the master key MK ═ a, the public parameters are: params ═ G (p, G)1,G2,e,g,g1,g2,u',u1,…,un,Z)。
3. The method for signature verification assisted by an efficient attribute-based server according to claim 1, wherein the step S2 specifically comprises the following steps:
step S21: random selection of attribute authority
Figure FDA0003130486500000015
Calculating a2=a-a1(ii) a Then randomly selecting r ∈ ZpIs calculated to obtain
Figure FDA0003130486500000016
Wherein
Figure FDA0003130486500000017
Step S22: for each i e omega, the attribute authority randomly selects ri∈Zp,βi∈ZpCalculating
Figure FDA0003130486500000021
The private key of the user is skω=(di,{di0,di1}i∈ω);
Step S23: the attribute authorization terminal selects one dx=kx-1 order polynomial qx(. wherein k) isxIs a threshold value, qroot(·)=a1Is the value of the root node, other nodes are setIs set to qx(0)=qparent(x)(index (x)); verification public key for attribute tree Γ if polynomial is computed
Figure FDA0003130486500000022
Where i att (x), x is a leaf node.
4. The method for signature verification assisted by an efficient attribute-based server according to claim 1, wherein in the step S3, the calculation of the user signature specifically comprises the following steps:
step S31: the user has a private key sk about the attribute omega of the signing sideωTo generate a message M ═ {0,1}nThe user randomly selects s ∈ ZpCalculating
Figure FDA0003130486500000023
δ'0=gsDefinition of
Figure FDA0003130486500000024
For attributes associated with the attribute tree, with respect to any
Figure FDA0003130486500000025
User random selection ri'∈ZpCalculating
Figure FDA0003130486500000026
Step S32: user output signature δ ═ δ (δ)0,δ'0,{δi0i1}i∈ω)。
5. The method for signature verification assisted by an efficient attribute-based server according to claim 1, wherein the step S4 specifically comprises the following steps:
step S41: after the verification end receives the signature delta, selecting t e to Z randomlypAs a transformation key tk, a transformation signature is calculated
Figure FDA0003130486500000027
Step S42: the verification end sends a conversion signature
Figure FDA0003130486500000028
And sending the data to a server side.
6. The method for signature verification assisted by an efficient attribute-based server according to claim 1, wherein the step S5 specifically comprises the following steps:
step S51: attribute authority end defines a recursion algorithm
Figure FDA0003130486500000031
To verify the signature, where x is a node on the tree, let i att (x), if x represents a leaf node, the server side obtains the conversion signature from the verification side
Figure FDA0003130486500000032
Computing
Figure FDA0003130486500000033
Step S52: if it is not
Figure FDA0003130486500000034
Then the server side calculates
Figure FDA0003130486500000035
Step S53: if it is not
Figure FDA0003130486500000036
Server-side computing
Figure FDA0003130486500000037
Step S54: if x is a non-leaf node, the algorithm
Figure FDA0003130486500000038
Is performed as follows; is calculated as z for all related nodes
Figure FDA0003130486500000039
Wherein all nodes z are children of node x; order SxIs represented by having an arbitrary kxA set of child nodes z. Let i ═ index (z) be the index of node z, S'x={index(z):z∈Sx}. Server side calculates:
Figure FDA00031304865000000310
server-side computing
Figure FDA0003130486500000041
Wherein T isrootIs the value of the recursive algorithm of the root node. Then output
Figure FDA0003130486500000042
Server side sends intermediate signature
Figure FDA0003130486500000043
To the verification end.
7. The system for signature verification assisted by an efficient attribute-based server as claimed in claim 1, wherein the step S6 specifically comprises the following steps:
step S61: the verification end obtains the intermediate signature from the server end
Figure FDA0003130486500000044
And calculate
Figure FDA0003130486500000045
Step S62: verification end verification equation
Figure FDA0003130486500000046
Whether or not this is true. If it is not
Figure FDA0003130486500000047
And if the signature is valid, the verification end refuses the signature.
8. An efficient attribute-based server-assisted verification signature system, comprising:
the attribute authorization terminal is used for generating a system master key MK and a public parameter params; and is also used for generating a verification public key gpk and a private key sk according to the system master key MK, the public parameter params and the signature end attribute omegaωWherein the verification public key gpk is generated based on a specific attribute tree, which is expressed as an access policy Γ;
a signature end for signing according to the private key skωThe public parameter params, the access policy Γ, the message M, compute the signature δ;
a server for verifying the public key gpk and transforming the signature according to the public parameter params
Figure FDA0003130486500000048
Computing intermediate signatures
Figure FDA0003130486500000049
A verification end for calculating a conversion signature according to the public parameter params, the conversion key tk, the message M and the signature delta
Figure FDA00031304865000000410
And intermediate signatures
Figure FDA00031304865000000411
Also for intermediate signatures based on the public parameter params
Figure FDA00031304865000000412
And accessing the strategy gamma, converting the key tk and verifying the validity of the signature.
CN202110702089.6A 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system Active CN113438085B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110702089.6A CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110702089.6A CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Publications (2)

Publication Number Publication Date
CN113438085A true CN113438085A (en) 2021-09-24
CN113438085B CN113438085B (en) 2023-05-19

Family

ID=77753780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110702089.6A Active CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Country Status (1)

Country Link
CN (1) CN113438085B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174239A (en) * 2022-07-14 2022-10-11 福建师范大学 Traceable and forward-safe attribute-based signature system and method with fixed length

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more
WO2019214942A1 (en) * 2018-05-10 2019-11-14 Telecom Italia S.P.A. Protecting signaling messages in hop-by-hop network communication link
CN111404685A (en) * 2020-04-17 2020-07-10 山东确信信息产业股份有限公司 Attribute-based signature method and system
JP2020149003A (en) * 2019-03-15 2020-09-17 三菱電機株式会社 Signing device, verification device, method for signing, method for verification, signing program, and verification program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019214942A1 (en) * 2018-05-10 2019-11-14 Telecom Italia S.P.A. Protecting signaling messages in hop-by-hop network communication link
JP2020149003A (en) * 2019-03-15 2020-09-17 三菱電機株式会社 Signing device, verification device, method for signing, method for verification, signing program, and verification program
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more
CN111404685A (en) * 2020-04-17 2020-07-10 山东确信信息产业股份有限公司 Attribute-based signature method and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HUI CUI: "Server-Aided Attribute-Based Signature With Revocation for Resource-Constrained Industrial-Internet-of-Things Devices", 《IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS》 *
SANA BELGUITH 等: "Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds", 《JOURNAL OF PARALLEL AND DISTRIBUTED COMPUTING》 *
张亦辰 等: "高效的属性基远程证明方案(英文)", 《INFORMATION SECURITY》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174239A (en) * 2022-07-14 2022-10-11 福建师范大学 Traceable and forward-safe attribute-based signature system and method with fixed length
CN115174239B (en) * 2022-07-14 2023-05-05 福建师范大学 Traceable and forward secure attribute-based signature system and method with fixed length

Also Published As

Publication number Publication date
CN113438085B (en) 2023-05-19

Similar Documents

Publication Publication Date Title
Chase et al. Algebraic MACs and keyed-verification anonymous credentials
CN107948143B (en) Identity-based privacy protection integrity detection method and system in cloud storage
Ni et al. On the security of an efficient dynamic auditing protocol in cloud storage
CN110113156B (en) Traceable hierarchical multi-authorization ciphertext policy attribute-based authentication method
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
WO2014068427A1 (en) Reissue of cryptographic credentials
CN113536378A (en) Traceable attribute-based cleanable signature method and system
CN115174104A (en) Attribute-based online/offline signature method and system based on secret SM9
CN113438085B (en) Efficient attribute-based server auxiliary signature verification method and system
CN113919008A (en) Traceable attribute-based signature method and system with fixed signature length
CN111404685B (en) Attribute-based signature method and system
CN113630254B (en) ECDSA-based generalized assignment verifier signature proving method and system
CN115174037B (en) Construction method and device of chameleon hash function based on SM9 signature
CN116318736A (en) Two-level threshold signature method and device for hierarchical management
CN107947944B (en) Incremental signature method based on lattice
CN113708927B (en) General assignment verifier signature proving system based on SM2 digital signature
Tian et al. Publicly-verifiable proofs of storage based on the discrete logarithm problem
US20050018852A1 (en) Cryptographic keys using random numbers instead of random primes
CN115174239B (en) Traceable and forward secure attribute-based signature system and method with fixed length
Ren et al. Analysis of delegable and proxy provable data possession for cloud storage
Tsai et al. A Secure Group Signature Scheme.
CN111711524A (en) Certificate-based lightweight outsourcing data auditing method
CN114172654B (en) Distributed attribute-based server assisted signature system and method
CN114189340B (en) Attribute-based signature method based on prime order group
CN113761592B (en) Fuzzy identity-based data integrity detection method in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant