CN113630254B - ECDSA-based generalized assignment verifier signature proving method and system - Google Patents
ECDSA-based generalized assignment verifier signature proving method and system Download PDFInfo
- Publication number
- CN113630254B CN113630254B CN202110983192.2A CN202110983192A CN113630254B CN 113630254 B CN113630254 B CN 113630254B CN 202110983192 A CN202110983192 A CN 202110983192A CN 113630254 B CN113630254 B CN 113630254B
- Authority
- CN
- China
- Prior art keywords
- signature
- conversion
- key
- output
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Power Engineering (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a signature proving method of a general assignment verifier based on ECDSA, which is characterized in that a system is provided, comprising a system manager, a signer, a signature owner and an assignment verifier, and specifically comprises the following steps: step S1, initializing system parameters by a system administrator; step S2, the signer generates a private key and a public key of the user, uses the private key and calculates the signature of the message; step S3, the signature owner obtains the information and the signature from the signer, verifies the validity of the information and the signature, and generates a conversion signature and a conversion secret key; and S4, the signature owner executes IVerf protocol with the appointed verifier by using the conversion signature and the conversion key to finish the certification. The invention not only can meet the security of self-adaptive selective attack non-counterfeitability (UF-CMA) and anti-impersonation attack (R-IM), but also can effectively improve the computing efficiency of UDVSP.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a generalized assignment verifier signature proving method and system based on ECDSA.
Background
The UDVSP is widely used for privacy protection in the fields of medical data, electronic voting, anonymous certificates, electronic revenue summarization, etc., assuming that the signature owner (patient Alice) obtains a new electronic medical record from the signer (doctor D1), alice can let the designated verifier (doctor D2) trust the electronic medical record content without providing an electronic medical record signature, and doctor D2 cannot let others trust the content of this electronic medical record.
Disclosure of Invention
In view of the above, the present invention aims to provide a general-purpose verifier signature verification method based on ECDSA, which solves the problem that the existing UDVSP schemes based on BLS signature and BBS signature involve high-time-consuming calculation of a global hash function of bilinear pair operation, resulting in lower efficiency of these schemes.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a general assignment verifier signature proving method based on ECDSA provides a system comprising a system administrator, a signer, a signature owner and an assignment verifier, which comprises the following steps:
step S1, initializing system parameters by a system administrator;
step S2, the signer generates a private key and a public key of the user, uses the private key and calculates the signature of the message;
step S3, the signature owner obtains the information and the signature from the signer, verifies the validity of the information and the signature, and generates a conversion signature and a conversion secret key;
and S4, the signature owner executes IVerf protocol with the appointed verifier by using the conversion signature and the conversion key to finish the certification.
Further, the step S1 specifically includes: inputting a safety parameter lambda, randomly selecting a large prime number p, and determining a nonsingular elliptic curve E:y 2 =x 3 +ax+b (modp), wherein, );
selecting prime number q-order cyclic group from all points of E and infinity pointsGenerating meta->
Further, the generating the private key and the public key of the user and using the private key is specifically as follows: inputting system parameters pp by KGen algorithm, randomly selectingCalculating p=dg, and outputting the private key sk=d and the public key pk=p of the user. />
Further, the signature of the calculated message adopts a Sign algorithm, which specifically comprises the following steps: the algorithm inputs a system parameter pp, a user private key sk=d and a message m;
randomly selectCalculate k=kp= (x K ,y K ) And r=x K (modq),/> If s+.0, then the message m and signature σ= (r, s) are output.
Further, validity of the verification message and the signature adopts a Verify algorithm, and the algorithm inputs a system parameter pp, a user public key pk=p, a message m and a signature sigma= (r, s) to be verified, ifOutput 0, otherwise calculateAnd r' =x K' (modq). If r' =r, then output 1 indicates that the signature is valid, otherwise output 0 indicates that it is invalid.
Further, the generation of the conversion signature and the conversion key adopts Tran algorithm, the algorithm inputs the system parameter pp, the public key pk=p, the message m and the signature sigma= (r, s), and random selection is performedAnd calculateOutput conversion signature +.>And a conversion key tk= (a, b).
Further, the IVerf protocol is specifically as follows, the signature owner P performs the following interactions with the specified verifier V:
3) P calculation Z R =R 1 -cR,z a =α-c·a(modq),z b =β -c·b (modq), and will (Z R ,z a ,z b ) Sending to V;
Compared with the prior art, the invention has the following beneficial effects:
the invention not only can meet the security of self-adaptive selection attack non-counterfeitability (UF-CMA) and anti-impersonation attack (R-IM), but also avoids the double-linear pair operation and the global hash function calculation with high time consumption, effectively improves the security, reduces the operation time and improves the efficiency.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings and examples.
Referring to fig. 1, the present invention provides a signature verification method for a broad assignment verifier based on ECDSA, and provides a system including a system administrator, a signer, a signature owner and an assignment verifier, which specifically includes the following steps:
step S1, initializing system parameters by a system administrator;
step S2, the signer generates a private key and a public key of the user, uses the private key and calculates the signature of the message;
step S3, the signature owner obtains the information and the signature from the signer, verifies the validity of the information and the signature, and generates a conversion signature and a conversion secret key;
and S4, the signature owner executes IVerf protocol with the appointed verifier by using the conversion signature and the conversion key to finish the certification.
In this embodiment, the symbols and definitions are as follows:
and p: a large prime number;
F P : a finite field containing p elements;
a,b:F p elements of (a) defining F p An elliptic curve E on the upper part;
E(F p ):F p a set of all rational points (including infinity point O) of the upper elliptic curve E;
#E(F p ):E(F p ) The number of upper points, called elliptic curve E (F p ) Is a step of (2);
o: a particular point on the elliptic curve, called the infinity point or zero point;
q: the order of generator G (q is #e (F p ) A prime factor of (2);
In the present embodiment, initialization (Setup): the algorithm inputs the safety parameter lambda, randomly selects a large prime number p, and determines a nonsingular elliptic curve E:y 2 =x 3 +ax+b (modp) (where,) Selecting prime number q-order cyclic group +.>Generating meta->Selecting a secure hash function->Algorithm output system parameters
In this embodiment, the key generation adopts KGen algorithm, inputs system parameter pp, and randomly selectsCalculating p=dg, and outputting the private key sk=d and the public key pk=p of the user.
In this embodiment, a signature of the message is calculated, and a Sign algorithm is adopted, which specifically includes: the algorithm inputs a system parameter pp, a user private key sk=d and a message m;
randomly selectCalculate k=kp= (x K ,y K ) And r=x K (modq),/> If s is not equal to 0, then output message m and signThe name σ= (r, s).
In this embodiment, verification of the validity of the message and signature uses a Verify algorithm, which inputs the system parameters pp, the user public key pk=p, the message m, and the signature to be verified σ= (r, s), ifOutput 0, otherwise calculateAnd r' =x K' (modq). If r' =r, then output 1 indicates that the signature is valid, otherwise output 0 indicates that it is invalid.
In this embodiment, a transformation signature and a transformation key are generated, and a Tran algorithm is used to input a system parameter pp, a public key pk=p, a message m, and a signature σ= (r, s), and randomly selectedAnd calculateOutput conversion signature +.>And a conversion key tk= (a, b).
In this embodiment, the IVerf protocol is specifically as follows, the signature owner P performs the following interactions with the specified verifier V:
3) P calculation Z R =R 1 -cR,z a =α-c·a(modq),z b =β -c·b (modq), and will (Z R ,z a ,z b ) Sending to V;
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the invention in any way, and any person skilled in the art may make modifications or alterations to the disclosed technical content to the equivalent embodiments. However, any simple modification, equivalent variation and variation of the above embodiments according to the technical substance of the present invention still fall within the protection scope of the technical solution of the present invention.
Claims (1)
1. An ECDSA-based generalized specified verifier signature verification method is characterized in that a system is provided, which comprises a system administrator, a signer, a signature owner and a specified verifier, and the method specifically comprises the following steps:
step S1, initializing system parameters by a system administrator;
step S2, the signer generates a private key and a public key of the user, uses the private key and calculates the signature of the message;
step S3, the signature owner obtains the information and the signature from the signer, verifies the validity of the information and the signature, and generates a conversion signature and a conversion secret key;
s4, the signature owner executes IVerf protocol with the appointed verifier by using the conversion signature and the conversion key to finish the certification;
the step S1 specifically comprises the following steps: inputting safety parameter lambda, randomly selectingTaking a large prime number p to determine a nonsingular elliptic curve E:y 2 =x 3 +ax+b (mod p), where a,
selecting prime number q-order cyclic group from all points of E and infinity pointsGenerating meta->
The generation of the private key and the public key of the user and the utilization of the private key are specifically as follows: inputting system parameters pp by KGen algorithm, randomly selectingCalculating p=dg, and outputting a private key sk=d and a public key pk=p of the user;
the signature of the calculated message adopts a Sign algorithm, and specifically comprises the following steps: the algorithm inputs a system parameter pp, a user private key sk=d and a message m;
randomly selectCalculate k=kp= (x K ,y k ) And r=x K (mod q),/> If s+.0, then output message m and signature σ= (r, s);
the validity of the verification message and signature adopts a Verify algorithm, the algorithm inputs the system parameter pp, the user public key pk=p, the message m and the signature to be verified sigma= (r, s), if r,output 0, otherwise calculateAnd r' =x K' (mod q); if r' =r, then output 1 indicates that the signature is valid, otherwise output 0 indicates that it is invalid;
the generation of the conversion signature and the conversion key adopts Tran algorithm, the algorithm inputs the system parameter pp, the public key pk=p, the message m and the signature sigma= (r, s), the random selection of a,and calculate +.>Output conversion signature +.>And a conversion key tk= (a, b);
the IVerf protocol is specifically as follows, the signature owner Q performs the following interactions with the specified verifier V:
1) Q is calculated firstThen randomly selecting alpha, & gt> R,/>Calculation ofFinally, P sends D to V;
3) Q calculation Z R =R 1 -cR,z a =α-c·a(mod q),z b =β -c·b (mod q), and will (Z R ,z a ,z b ) Sending to V;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110983192.2A CN113630254B (en) | 2021-08-25 | 2021-08-25 | ECDSA-based generalized assignment verifier signature proving method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110983192.2A CN113630254B (en) | 2021-08-25 | 2021-08-25 | ECDSA-based generalized assignment verifier signature proving method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113630254A CN113630254A (en) | 2021-11-09 |
CN113630254B true CN113630254B (en) | 2023-05-05 |
Family
ID=78387667
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110983192.2A Active CN113630254B (en) | 2021-08-25 | 2021-08-25 | ECDSA-based generalized assignment verifier signature proving method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113630254B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111800260A (en) * | 2020-06-19 | 2020-10-20 | 深圳证券通信有限公司 | Intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm |
CN113098684A (en) * | 2021-03-26 | 2021-07-09 | 国网河南省电力公司电力科学研究院 | Intelligent power grid-oriented untraceable blind signature method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10608823B2 (en) * | 2016-06-24 | 2020-03-31 | Fujitsu Limited | Cryptographic primitive for user authentication |
-
2021
- 2021-08-25 CN CN202110983192.2A patent/CN113630254B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111800260A (en) * | 2020-06-19 | 2020-10-20 | 深圳证券通信有限公司 | Intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm |
CN113098684A (en) * | 2021-03-26 | 2021-07-09 | 国网河南省电力公司电力科学研究院 | Intelligent power grid-oriented untraceable blind signature method and system |
Non-Patent Citations (3)
Title |
---|
Chao Lin 等.BCPPA: A Blockchain-Based Conditional Privacy-Preserving Authentication Protocol for Vehicular Ad Hoc Networks.《IEEE Transactions on Intelligent Transportation Systems》.2020,全文. * |
刘峰 等.基于哈希证明系统的区块链两方椭圆曲线数字签名算法研究.《信息网络安全》.2021,全文. * |
罗一帆 ; 张大伟 ; 常亮 ; 刘晓东 ; 马儒潇 ; .一种基于组合公钥的密钥派生方案.郑州大学学报(理学版).2018,(第02期),全文. * |
Also Published As
Publication number | Publication date |
---|---|
CN113630254A (en) | 2021-11-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhou et al. | ExpSOS: Secure and verifiable outsourcing of exponentiation operations for mobile cloud computing | |
US7912216B2 (en) | Elliptic curve cryptosystem optimization using two phase key generation | |
KR101107565B1 (en) | Zero-knowledge proof cryptography methods and devices | |
US7000110B1 (en) | One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device | |
Tang et al. | A Robust and Efficient Timestamp-based Remote User Authentication Scheme with Smart Card Lost Attack Resistance. | |
CN112152813B (en) | Certificateless content extraction signcryption method supporting privacy protection | |
CN115174104A (en) | Attribute-based online/offline signature method and system based on secret SM9 | |
CN113708927B (en) | General assignment verifier signature proving system based on SM2 digital signature | |
CN111404685B (en) | Attribute-based signature method and system | |
CN110557260B (en) | SM9 digital signature generation method and device | |
CN113630254B (en) | ECDSA-based generalized assignment verifier signature proving method and system | |
CN110798313A (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
CN113438085B (en) | Efficient attribute-based server auxiliary signature verification method and system | |
CN113792282B (en) | Identity data verification method and device, computer equipment and storage medium | |
CN112906059B (en) | Proxy signature and verification method, device, system and storage medium | |
CN115174102A (en) | Efficient batch verification method and system based on SM2 signature | |
CN115174239B (en) | Traceable and forward secure attribute-based signature system and method with fixed length | |
WO2005096545A1 (en) | Verification of identity based signatures | |
Amounas et al. | Proposed Developments of Blind Signature Scheme Based on ECC | |
CN114172654B (en) | Distributed attribute-based server assisted signature system and method | |
CN111817848B (en) | ECDSA signature method and system for ECC private key segmented storage | |
CN116112183A (en) | Attribute-based signature system and method with fixed length based on outsourcing | |
Acheampong et al. | Authentication Scheme Based on Non-Interactive Zero-Knowledge Proof for Mobile Health | |
Strelkovskaya et al. | TWO-FACTOR AUTHENTICATION PROTOCOL IN ACCESS CONTROL SYSTEMS | |
Zulkepli et al. | A Secure Key Authentication Scheme Based on the Hardness of Solving Elliptic Curve Discrete Logarithm Problem |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |