CN113849861A - Proxy digital signature method based on elliptic curve - Google Patents

Abstract

The invention discloses an elliptic curve-based proxy digital signature method, which comprises the following specific steps: s1: initializing the process; s2: a delegation process; s3: a generation process of the proxy key; s4: a verification process of the proxy key; in the proxy signature scheme of the present invention, proxy signatures

Private key k containing B_BAnyone else does not know the private key k_BSo neither can masquerade as B, nor can B repudiate his signature; authorization parameter s_A≡e₁k_A+k₁(modn) includes the original signer's private key k_AOnly B authorized by a can generate a valid proxy signature. The method is suitable for temporary and short-term proxy authorization(ii) a The method is suitable for different conditions of the verifiers each time; the verification procedure is simple; other people in the method cannot impersonate, and different roles in the scheme cannot impersonate mutually.

Description

Proxy digital signature method based on elliptic curve

Technical Field

The invention relates to the field of proxy signatures, in particular to a proxy digital signature method based on an elliptic curve.

Background

Under the era background of the rapid development of the internet, the social informatization degree is increasingly high. The communication among people is more and more internationalized, and the human really enters the 'information age'. Information on the internet is chaotic and complicated, potential risk factors such as counterfeiting or tampering exist, and the electronic signature system is paid more attention to and perfected, so that the information security on the internet is maintained. The proxy signature is a special digital signature, and in the special digital signature system, two main bodies are required: original signers and proxy signers. The original signer passes the information to a third party (proxy signer) which creates a proxy signature based on various public parameters including its private key, the original signer's public key and randomly selected parameters.

Proxy signatures require three parties to participate; the private key of the original signer A is k_AThe public key is P_A＝k_AP; the proxy signer is B, the private key is k_BThe public key is P_B＝k_BP; c denotes a proxy signature verifier. The overall process of the document "elliptic curve-based proxy signature scheme" is summarized below:

1. initializing the process;

(1) let E be set up in a finite field F_qThe above elliptic curve, P belongs to E and the order of the point P is n;

(2) a randomly selects a positive integer k_A，0＜k_AN as private key; public key is P_A＝k_AP；

(3) Disclosing coefficient parameters { E, n, P_A}。

2. A delegation process; a, carrying out the following operations:

(1) randomly selecting a positive integer k₀，0＜k₀< n, calculate Q₀＝k₀P＝(x₀，y₀)，x₀，y₀∈F_q；

(2) Calculating r₀≡x₀ mod n，σ≡k_A+r₀k₀ mod n；

(3) A will be σ and Q₀Respectively communicated to B privately and publicly.

B is receiving sigma and Q₀Thereafter, the validity of the delegation information is verified. Verifying sigma P ═ P_A+r₀Q₀Wherein Q is₀＝(x₀，y₀)，r₀≡x₀mod n. If the equation holds, then σ and Q₀May act as a proxy signing key pair.

3. A generation process of the proxy signature; b, carrying out the following steps:

(1) randomly selecting a positive integer k, wherein k is more than 0 and less than n, and calculating kP (x, y) and r ≡ x mod n;

(2) calculating s ≡ k^-1(m+rσ)mod n；

(3) Will { m, r, s, Q₀It is sent to C.

4. A verification process of the proxy signature; c, verification:

(1) calculating c ≡ s^-1 mod n，u₁≡mc mod n，u₂≡rc mod n；

(2) Calculating u₁P+u₂(P_A+r₀Q₀)＝P′＝(x′，y′)；

(3) This proxy signature is valid if x' ≡ rc mod n.

In the scheme, anyone can not obtain the private key of the original signer A, and the private key can be ensured according to the elliptic curve discrete logarithm problem; in this scenario original signer a can revoke the signature authority of proxy signer B by declaring Q0 invalid; but s ≡ k generated during generation of the proxy signature^-1The private key of the proxy signer B is not contained in the (m + r sigma) mod n, and the signature can be denied by the B, so that the signature cannot be denied; therefore, the elliptic curve based proxy digital signature method is provided.

Disclosure of Invention

The present invention is directed to provide a proxy digital signature method based on elliptic curve to solve the problems of the background art mentioned above.

In order to achieve the purpose, the invention provides the following technical scheme: a proxy digital signature method based on elliptic curve includes the following steps:

s1: initializing the process;

s11: let E be set up in a finite field F_qThe above elliptic curve, P belongs to E and the order of the point P is n;

s12: a randomly selects a positive integer k_A，0＜k_AN as private key; public key is P_A＝k_AP；

S13: b randomly selecting positive integer k_B，0＜k_BN as private key; public key is P_B＝k_BP；

S14: disclosing coefficient parameters { E, n, P_A，P_B}；

S2: a delegation process; a pair of request information m_AThe following operations were carried out:

s21: a randomly selects k₁，0＜k₁< n, calculate Y_A＝k₁P＝(x_A，y_A)；

S22: calculating r_A≡x_Amod n、e₁＝h(m_A,r_A)、s_A≡e₁k_A+k₁(mod n)；

S23: will (m)_A,Y_A,s_A) To B, (Y)_A，s_A) Is to A to m_AA signature of the authorization information of (2); b accept (m)_A,Y_A,s_A) Then, first calculate r_A≡x_A mod n、e₁＝h(m_A,r_A) (ii) a Then verifying s_AP＝P_Ae₁+Y_AIf yes, the authorization is established;

s3: a generation process of the proxy signature; b pair of signature information m_BThe following operations were carried out:

s31: computing

S32: randomly selecting a positive integer k₂，0＜k₂< n, calculate Y_B＝k₂P_B＝(x_B，y_B)；

S33: calculating r_B＝x_B mod n、e₂＝h(m_B,r_B)、s≡xe₂+k₂(mod n)；

S34: will (m)_A,m_B,Y_A,Y_BS) to C;

s4: a verification process of the proxy signature; c, verification:

s41: calculating r_A≡x_A mod n，r_B≡x_B mod n，e₁＝h(m_A,r_A),e₂＝h(m_B,r_B)；

S42: verification of xP_B＝Y_B+e₂(Y_A+e₁P_A) (ii) a If the equation is true, then the proxy signature generated by B is valid, and if the equation is false, then it is invalid.

As a preferred embodiment of the present invention, a represents an original signer; the B represents a proxy signer; the C represents a proxy signature verifier.

The invention has the beneficial effects that:

1. suitable for temporary, short-term proxy authorization;

2. the method is suitable for different conditions of the verifiers each time;

3. the verification procedure is simple;

4. other people in the method cannot impersonate, and different roles in the scheme cannot impersonate mutually.

Drawings

FIG. 1 is a flow chart of the present invention.

Detailed Description

The following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the invention more readily understood by those skilled in the art, and thus will more clearly and distinctly define the scope of the invention.

Example (b): referring to fig. 1, the present invention provides a technical solution: a proxy digital signature method based on elliptic curve includes the following steps:

s1: initializing the process; a represents the original signer; b represents a proxy signer; c represents a proxy signature verifier;

s11: let E be set up in a finite field F_qThe above elliptic curve, P belongs to E and the order of the point P is n;

s12: a randomly selects a positive integer k_A，0＜k_AN as private key; public key is P_A＝k_AP；

S13: b randomly selecting positive integer k_B，0＜k_BN as private key; public key is P_B＝k_BP；

S14: disclosing coefficient parameters { E, n, P_A，P_B}；

S2: a delegation process; a pair of request information m_AThe following operations were carried out:

s21: a randomly selects k₁，0＜k₁< n, calculate Y_A＝k₁P＝(x_A，y_A)；

S22: calculating r_A≡x_A mod n、e₁＝h(m_A,r_A)、s_A≡e₁k_A+k₁(mod n)；

S23: will (m)_A,Y_A,s_A) To B, (Y)_A，s_A) Is to A to m_AA signature of the authorization information of (2); b accept (m)_A,Y_A,s_A) Then, first calculate r_A≡x_A mod n、e₁＝h(m_A,r_A) (ii) a Then verifying s_AP＝P_Ae₁+Y_AIf yes, the authorization is established;

s3: a generation process of the proxy signature; b pair of signature information m_BThe following operations were carried out:

s31: computing

S32: randomly selecting a positive integer k₂，0＜k₂< n, calculate Y_B＝k₂P_B＝(x_B，y_B)；

S33: calculating r_B≡x_Bmod n、e₂＝h(m_B,r_B)、s≡xe₂+k₂(mod n)；

S34: will (m)_A,m_B,Y_A,Y_BS) to C;

s4: a verification process of the proxy signature; c, verification:

s41: calculating r_A≡x_A mod n，r_B≡x_B mod n，e₁＝h(m_A,r_A),e₂＝h(m_B,r_B)；

S42: validation of sP_B＝Y_B+e₂(Y_A+e₁P_A) (ii) a If the equation is true, then the proxy signature generated by B is valid, and if the equation is false, then it is invalid.

The verification method comprises the following steps: a digital signature method based on elliptic curve proxy can prove the correctness thereof, and comprises the following steps:

it is known that: s_A≡e₁k_A+k₁(mod n)，

P_B＝k_BP，Y_B＝k₂P_B，s≡xe₂+k₂(mod n)；

The above process logically demonstrates the feasibility of the signature scheme, as well as non-repudiation, etc.

Unforgeability of the original signature. In the above proxy authorization process, (m)_A,m_B,Y_A，Y_BS) is actually the original signerAnd proxy signature_A，m_BAnd is not forgeable. From sP_B＝Y_B+e₂(Y_A+e₁P_A) It can be shown that this signature is a valid proxy signature for B that has seen a grant. From the proxy signature, C utilizes the public keys of A and B and the authentication equation sP_B＝Y_B+e₂(Y_A+e₁P_A) To determine if the signature is a proxy signature generated by B-proxy a; on the other hand, in the document m_ACan specify the authorization range, the expiration date, etc., and is based on (m)_A,Y_A,s_A) The private key of A cannot be calculated, so secret transmission is not needed, and the use cost is reduced.

The impossibility of a proxy signature; in the proxy signature scheme of the invention, the proxy signature private key

Private key k containing B_BAnyone else does not know the private key k_BSo neither can masquerade as B, nor can B repudiate his signature; authorization parameter s_A≡e₁k_A+k₁(mod n) includes the original signer's private key k_AOnly B authorized by a can generate a valid proxy signature.

In the method described in the background art, the generation process and the verification process of the proxy signature have an inversion operation once respectively, and are respectively s ≡ k^-1(m + r σ) mod n and c ≡ s^-1modn, the inverse operation in the improved signature method only occurs once in the generation process of the proxy signature

The inversion operation is the most complex operation in cryptography, and the operation process is very inefficient. The improved scheme reduces one inversion operation and improves the operation efficiency of the method; in the original method such as Q₀＝k₀P has 7 times of power operation, such as Y in the improved method_A＝k₁The power of P is calculated 8 times. In the original method such as r₀≡x₀modulo multiplication of modn 9 times, improved methods such as r_A≡x_Amod n has 6 modular multiplication operations; in general, the improved scheme has greatly improved operation efficiency. The specific cases are as follows:

TABLE 1 comparison of original and modified protocols

The above examples only show some embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.

Claims (2)

1. A proxy digital signature method based on elliptic curve is characterized in that: the method comprises the following specific steps:

s1: initializing the process;

s11: let E be set up in a finite field F_qThe above elliptic curve, P belongs to E and the order of the point P is n;

s12: a randomly selects a positive integer k_A，0＜k_AN as private key; public key is P_A＝k_AP；

S13: b randomly selecting positive integer k_B，0＜k_BN as private key; public key is P_B＝k_BP；

S14: disclosing coefficient parameters { E, n, P_A，P_B}；

S2: a delegation process; a pair of request information m_AThe following operations were carried out:

s21: a randomly selects k₁，0＜k₁< n, calculate Y_A＝k₁P＝(x_A，y_A)；

S22: calculating r_A≡x_Amod n、e₁＝h(m_A，r_A)、s_A≡e₁k_A+k₁(mod n)；

S23: will (m)_A，Y_A，s_A) To B, (Y)_A，s_A) Is A pair of authorization information m_AThe signature of (2); b accept (m)_A，Y_A，s_A) Then, first calculate r_A≡x_A mod n、e₁＝h(m_A，r_A) (ii) a Then verifying s_AP＝P_Ae₁+Y_AIf yes, the authorization is established;

s3: a generation process of the proxy signature; b pair of signature information m_BThe following operations were carried out:

s31: computing

S32: randomly selecting a positive integer k₂，0＜k₂< n, calculate Y_B＝k₂P_B＝(x_B，y_B)；

S33: calculating r_B≡x_B mod n、e₂＝h(m_B，r_B)、s≡xe₂+k₂(mod n)；

S34: will (m)_A，m_B，Y_A，Y_BS) to C;

s4: a verification process of the proxy signature; c, verification:

s41: calculating r_A≡x_A mod n，r_B≡x_B mod n，e₁＝h(m_A，r_A)，e₂＝h(m_B，r_B)；

S42: validation of sP_B＝Y_B+e₂(Y_A+e₁P_A) (ii) a If the equation is true, then the proxy signature generated by B is valid, and if the equation is false, then it is invalid.

2. The elliptic curve-based proxy digital signature method as claimed in claim 1, wherein: the A represents an original signer; the B represents a proxy signer; the C represents a proxy signature verifier.

Images