CN113972987A - Identity-based multiple signature method based on sub-grouping - Google Patents
Identity-based multiple signature method based on sub-grouping Download PDFInfo
- Publication number
- CN113972987A CN113972987A CN202111261478.6A CN202111261478A CN113972987A CN 113972987 A CN113972987 A CN 113972987A CN 202111261478 A CN202111261478 A CN 202111261478A CN 113972987 A CN113972987 A CN 113972987A
- Authority
- CN
- China
- Prior art keywords
- group
- signature
- sub
- signatures
- members
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an identity-based multi-signature method based on sub-groups, which comprises the following steps that firstly, a group administrator uses a group private key to generate a member private key corresponding to the identity generation for group members in a signer group, and calculates a group public key containing a group label; secondly, after the signature sub-group is selected, the members contained in the sub-group represent the whole group to sign the same message; and after all members in the sub-group complete the signature, sending the member signature to a group manager, and after verifying the correctness of the received signature, the group manager determines whether to aggregate the signatures into multiple signatures, if the signatures of all the members are legal, the multiple signatures are aggregated, otherwise, the signatures fail. After the multiple signatures are generated, any entity can verify the validity of the multiple signatures. The invention can simplify the authentication process in the multiple signature aggregation process, improve the robustness of the multiple signatures in the application countermeasure scene of the consensus mechanism, and enhance the safety in practical application.
Description
Technical Field
The invention provides an identity-based multiple signature method based on sub-grouping, belonging to the field of information security.
Background
With the rapid development of computer information technology, electronic commerce and block chaining are continuously applied deeply, and digital signatures are widely used in the application scenarios of electronic wallets and consensus mechanisms. In the related fields such as block chains, the construction efficiency of the secure electronic account book, the verification efficiency of the signature and economic benefits are related, and meanwhile, a centralized anonymous consensus mechanism also provides a requirement for resisting the signature problem of malicious forged messages. To ensure the security of electronic transactions, improved multiple digital signatures play an increasingly important role in signing entity verification, transaction integrity, etc.
However, in practical applications, the scheme implemented based on the public key infrastructure needs to spend additional resources for certificate management, for example, setting a public certificate server to issue a revocation certificate is relatively complicated and tedious in application, and introducing the identity-based signature to construct the multiple signature scheme will reduce the related storage space and improve the verification efficiency. Meanwhile, in the conventional multiple signature scheme, entities which participate in the signature by default are honest, so that the validity of the signature is difficult to guarantee in the application scene of resisting the fake signature in the conventional scheme in practical situations. To enhance the robustness of multiple signatures, the scheme should add a step of verifying the signing entity before generating the aggregated signature.
Aiming at the problems, in order to enhance the efficiency of electronic transaction and guarantee the safety of electronic assets, the multiple digital signatures are combined with identity digital signatures to simplify the entity authentication process, random signature sub-groups are selected to represent the whole group to generate multiple signatures, the verification before signature aggregation is increased, and the robustness of the multiple signatures is improved.
Disclosure of Invention
The purpose of the invention is as follows: in order to solve the problem that the traditional scheme is difficult to ensure the required security in the antagonistic application scene and simplify the identity authentication process of signature group members, the invention provides an identity-based multi-signature method based on sub-grouping, and the security and the authentication efficiency are improved.
The technical scheme is as follows: in order to achieve the purpose, the invention adopts the technical scheme that:
a method of identity based multiple signatures based on sub-packets, as shown in fig. 1, comprising the steps of:
step 1: initializing system parameters, and generating a master public and private key pair by a group manager;
step 2: the group members send the identities to a group manager, and the group manager sequentially generates private keys for the group members;
and step 3: the group administrator calculates a group label according to a group member public key set, and the group member public key set and the group label are combined to form a group public key;
and 4, step 4: the group administrator selects the signature sub-group and discloses the sub-group set, and the members in the sub-group respectively generate signatures and send the signatures to the group administrator;
and 5: the group administrator verifies that the signature sent by the key member of the sub-group in the step 4 is received, and if the signature is illegal, the group administrator returns to the step 3;
step 6: if all the signatures received by the group administrator in the step 5 are legal, the group administrator aggregates the member signatures into multiple signatures;
and 7: any entity inside or outside the group verifies the correctness of the multiple signatures.
Further, step 1 specifically comprises:
step 1.1, set G1For addition cycles of order prime q, G2Is a group of multiplication cycles of order prime q. Giving a safety parameter n, and setting Gen as a parameter generation algorithm; generation of (q, G, G) by Gen (n)1,G2) Wherein (G)1,G2) Is a bilinear group pair of prime order q, and the bilinear mapping is e: g1×G1→G2Denotes from G1To G2G is G1The 4 secure hash functions are: h1:{0,1}*→G1,H3:{0,1}*→G1,Wherein ZqRepresents the set 0, 1, 2.. q-1}, andrepresents the set {1, 2.. q-1}, H1:{0,1}*→G1Denotes a term belonging to {0, 1}*Values within the range are through H1Then obtain a group G1Values within the range, system parameters are disclosed for all group members;
step 1.2, the group administrator randomly selects oneAnAs the main private key, and calculating the main public key y ═ gx。
Further, step 2 specifically comprises:
step 2.1, each group member will have its own identity IDiSending the data to a PKG (public Key group) of a group administrator;
step 2.2, the group administrator PKG calculates pki=H1(IDi) The hash value of d is calculatedIDi=pki xAnd returning to the corresponding group member.
Further, step 3 specifically comprises:
step 3.1 group administrators create set IDsGAdding the identities of all group members to the set and maintaining an ID associated with the identity setGCorresponding public key list
Step 3.2 group administrators set public key IDsGHash processing is carried out to obtain gtag ═ H4(IDG) Gtag is the hash value obtained by calculation, and becomes the identification tag of the group;
step 3.3, the public key set is combined with the group tag gtag, and the group public key gpk ═ g, ID is obtainedG) The group public key is public to the group members.
Further, step 4 specifically includes:
step 4.1, before signing the message m, the group administrator determines a member subset J, which contains the identity ID of the member participating in the signature of the whole group, and the information of the J is disclosed in the group;
step 4.2, the members of the ID in the subset J respectively sign the message m, and respectively select random numbers
Step 4.3, the members participating in the signature hash the gtag and m to obtain H3(gtag, m), second calculationAndwhere gtag is the group tag value, m is the message to be signed, rjIs a random number selected by each member, dIDjIs a private key of each member, G is a group G1A generator of (2);
step 4.4, the signature generated by each group member participating in the signature consists of 2 parts, i.e. the signature value Generating a signature SjThe members of the later group will sign SjAnd sending the data to a PKG (public key gateway).
Further, step 5 specifically comprises:
step 5.1, the group administrator verifies the received member signature, and hash processing is carried out on the gtag and the m to obtain H3(gtag, m), and then 3 bilinear pairingse(y,pkj) Anda value of (1), whereinAndis a member signature SjY is the public key of the group administrator (J ∈ (0, 1, 2 … n), n is the number of members in J);
step 5.2, comparisonAndwhether the values of the two are equal or not, if so, the member signature SjThe signature is a valid signature, otherwise, the signature is an illegal signature;
and 5.3, when the illegal member signature appears, returning to the step 3.1, and re-determining the signature sub-packet.
Further, step 6 specifically includes:
step 6.1, if all member signature verifications are valid signatures, the group administrator PKG aggregates the received member signatures;
step 6.2, for (ID)j,J,IDG) Performing hash processing to obtain a hash value aj=H2(IDj,J,IDG) (J ∈ (0, 1, 2 … n), n is the number of members in J);
step 6.4, the aggregated multiple signature consists of 2 parts, i.e., (σ ═ σ)1,σ2)。
Further, step 7 specifically comprises:
step 7.1, when verifying the correctness of the multiple signatures, firstly checking the (ID)j,J,IDG) Performing hash processing to obtain a hash value aj=H3(IDj,J,IDG) (J ∈ (0, 1, 2 … n), n is the number of members in J), and then the aggregate public key is calculated
Step 7.2, hash processing is carried out on the gtag and the m to obtain H3(gtag, m), and then 3 bilinear pairings e (g, σ) are computed1) E (y, apk) and e (σ)2,H3(gtag, m)),wherein sigma1And σ2Is a component of the multiple signature σ, y is the public key of the group administrator;
step 7.3, compare e (g, σ)1) And e (y, apk). e (σ)2,H3(gtag, m)) and if they are equal, the multiple signature σ becomes (σ ═ σ)1,σ2) The signature is a valid signature, otherwise, the signature is an illegal signature.
Has the advantages that: the invention provides the identity-based multi-signature method based on the sub-groups, the adopted multi-digital signature is the identity digital signature combined with the simplified entity authentication process, the random signature sub-groups are selected to represent the whole group to generate the multi-signature and the verification before signature aggregation is increased, so that the robustness of the multi-signature is improved, the efficiency of electronic transaction is enhanced, and the safety of electronic assets is guaranteed.
Drawings
FIG. 1 is a schematic diagram of the algorithm flow of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples, but the present invention is not limited thereto.
The identity-based multiple signature method based on the sub-grouping provided by the invention comprises the following three stages: a key preparation phase, a signature generation phase and a signature verification phase. The present embodiment includes three entities, a group administrator, a group member, and a verifier.
A group administrator: setting system parameters; generating a private key for group members, calculating a group label and a group public key, determining a member subset generating multiple signatures each time, verifying member signatures after the group members participating in the signatures finish signing, and aggregating the member signatures into multiple signatures if all the signatures are legal.
Group members: respective signatures; ID of public keyiAnd sending the private key to a group administrator to obtain respective private keys, judging whether to participate in the signature according to a sub-grouping set determined by the group administrator, and if so, generating the signature by using the private key and sending the signature to the group administrator.
And (3) verifier: verifying the signature; the verifier can be any entity inside or outside the group, and after the aggregation public key apk is calculated, the verifier can calculate a related bilinear pairing value to verify the validity of the multiple signatures.
A multiple signature method based on sub-groups for identity base, G1Is an addition cycle group with a prime number q of order and a generator G ∈ G1,G2Is a group of multiplication cycles of order prime q. Setting a security parameter n as | q |, and mapping bilinearity as e: g1×G1→G2Denotes from G1To G2To (3) is performed. Let H1And H3Is two will {0, 1}*Mapping to G1Of a cryptographic hash function, H2And H4Is two will {0, 1}*Mapping toThe disclosed system parameter set is Params ═ q, G1,G2,e,H1,H2,H3,H4}. Let group member set U ═ { U ═ U1,u2...unN is the number of group members, n is more than or equal to 2, and the corresponding identity list is IDG={ID1,ID2...IDnAnd maintained by the group administrator. In order to sign the message m ═ {0, 1 }jointly*Comprising the following stages:
(1) a key preparation stage:
manager selectionAs the main private key of the system, calculating the corresponding main public key y ═ gx。
② group members IDiSent to the manager, the group manager calculates pki=H1(IDi) The hash value of d is calculatedIDi=pki xAnd sequentially generating private keys for the group members and sending the private keys to all the group members.
Third, the group manager calculates and lists ID of the current group membershipGThe corresponding group tag gtag ═ H4(IDG) The group public key gpk ═ to (gtag,IDG) Wherein the hash algorithm H4The SHA-256 algorithm is used.
(2) A signature generation stage:
(r) to sign a signed message m-0, 1 on behalf of the whole group*The group administrator first determines the sub-groups participating in this signature using a pseudo-random algorithm. In the present embodiment, the sub-group size is set toI.e. member subset J comprisesIdentity ID of individual group membersiAnd randomly selecting the group members participating in the signature each time, and disclosing the information of the member subset J in the group.
And secondly, after receiving the member subset J, the group members judge whether to participate in the signature. The participators firstly calculate the hash value H respectively3(gtag, m), second calculationAndwhere gtag is the group tag value, m is the message to be signed,is a random number selected by each member, dIDjIs a private key of each member, G is a group G1The generator of (1). After the signature is generated, the group members respectively sign the signature And sending to the group administrator.
③ before aggregating member signatures, the signatures need to be verified. The aggregated signature does not involve secret parameters and can be performed by any group member in the group, in this embodiment, the selectionAggregated by the group administrator. The group administrator first calculates H3(gtag, m), followed by a signature S for eachjCalculate 3 bilinear pairings separatelye(y,pkj) Andvalue of (2), comparisonAnd e (y, pk)j)·Whether the values of the two are equal or not, if so, the member signature SjThe signature is a valid signature, otherwise, the signature is an illegal signature. If the illegal signature appears, the aggregation process is exited, and the cluster administrator re-determines the signature sub-packet.
If all the received signatures are legal, the group administrator aggregates the member signatures into multiple signatures. First, a hash value a is calculatedj=H2(IDj,J,IDG) Second calculation ofAndthe final multiple signature σ ═ is obtained (σ ═1,σ2)。
(3) And (3) signature verification stage:
the public parameter Params, group membership list ID, is obtained in the acquisition of the groupGAnd the signature member subset J, any entity can verify the correctness of the multiple signatures σ. The verifier first calculates H3(gtag, m), and then a is calculatedj=H3(IDj,J,IDG) (J ∈ (0, 1, 2 … n), n is the number of members in J), and the aggregation public key is obtained The value of (c). Finally, 3 bilinear pairings e (g, sigma) are calculated1) E (y, apk) and e (σ)2,H3(gtag, m)) value, where σ1And σ2Is a component of the multiple signature σ and y is the public key of the group administrator. Finally, e (g, σ) is compared1) And e (y, apk). e (σ)2,H3(gtag, m)) and if they are equal, the multiple signature σ becomes (σ ═ σ)1,σ2) The signature is a valid signature, otherwise, the signature is an illegal signature.
Security analysis
Theorem 1 (correctness) this identity based multiple signature method based on sub-packets is correct.
And (3) proving that: if the multiple signatures are calculated according to the signature algorithm, the following two equations must be satisfied:
1) with the group fixed and the group tag gtag, each group member u that participates in the signatureiSignature on message mSatisfying the verification equation:
2) multiple signature σ ═ s (σ)1,σ2) Satisfying the verification equation:
theorem 2 (non-forgeability) under the random prediction model, if there is an attackerForging a multiple signature with a non-negligible probability can result in a solution to the CDH problemAn example.
And (3) proving that:is an algorithm of an attacker with the help of,so as to makeAs an alternative to the algorithm of the sub-routine,is a challenge to CDH problems. H1,H2,H3,H4Is a random word prediction machine, and the word prediction machine,given (G)1,G2,q,g,gα,gβ) Wherein Are all cyclic groups of the order of a prime number q,challengerThe goal of (1) is to run the algorithm using the extended fork lemmaSolving the CDH problem, i.e. calculating gαβ。
Will useAlgorithm B as subroutine, set y to gαAs the challenge master public key, α is the system master private key. B isSetting challenge identity ID*While B needs to answerThe signature and the Hash query of, specifying a challenge identity, ID*The corresponding public key obtained in the challenge is called the challenge public key pk★. Selecting a system parameter Params ═ G1,G2,e,q,g,y,H1,H2,H3,H4Sending system parameters toDefinition of the following B answerRules of the query:
② answer H1: b maintains a listIs initially as Inquiring the Hash value corresponding to z ifOutputting c as a reply; otherwise, firstly determining the random value x is in the range of {0, 1}, and then selecting the random numberIf x is 0, let h be gcIf x is equal to 1, leth=gβcEach answer is updated
Answer Extract query:when inquiring the private key corresponding to y, calling H first1Preview machine viewing(z, c, x, h) in (1). If x is 0, i.e. h is gcReturning to dID=ycAs a private key; if x is 1, h is gαcReturning to the position of T.
Answer H2: b maintains a listIs initially as Inquiring the hash value corresponding to z for the ith time, ifOutputting c as a reply; otherwise, it is decided how to respond according to the content of zIf z is (ID, J, ID)G) And ID★E.g. J, when ID is equal to ID★Hour, answer H2(ID,J,IDG)=ci(ii) a Otherwise answer H2(IDj,J,IDG)=djWhereinIf not, selecting random numberAs an answer. Updating lists after each answer
Answer H3: b maintains a listIs initially as Inquiring the hash value corresponding to z ifOutputting h as a response; otherwise, selecting random numberCalculating H ═ gλAs a response; also, the list is updated after each answer
Sixth answer H4: b maintains a listIs initially as Inquiring the hash value corresponding to z ifOutputting h as a response; otherwise, selecting random numberAs a response; also, the list is updated after each answer
Seventhly, answer Sign (·, sk)★,pk★V.: when A inquires the signature corresponding to z, H is called first3Preview machine viewing(z, λ, h) in (1). If it isReturn to(ii) a Otherwise, it is decided how to respond according to the content of zIf z is (ID, gtag, m) and ID★E.g. J, when ID is equal to ID★Returning to the T part in the meantime; otherwise look up the listObtaining a public key h corresponding to the ID, and selecting a random numberReturning U ═ yδ,V=yβI.e. S ═ U, V as signature, and then (g) is calculatedβ-h)-δAs H, letAnd add (z, λ, H) to the listIn (1).
Finally, the counterfeiterA signer set J ═ { ID } containing n group members is returned1,ID2...IDn}, group membership set IDGAnd corresponding public key setForged signature σ★And corresponding message m★And group public key gpk ═ gtag★,IDG). CounterfeiterCannot be directly interrogated (m)★,gtag★) And a forged signature (J, σ)★) Can be verified as valid.
Specify if listMiddle challenge identity ID*The corresponding algorithm B is terminated when x is 0. Since x is randomly chosen, the probability that B does not terminate is 1/2. Let k be pk★In thatSubscript of (1), i.e. pk★=pkk;jfIs H2(ID*,J,IDG) Subscripts in f, i.e.aj=H2(IDj,J,IDG). Thus, the final B output is denoted ({ j })f},{(σ★,IDG,J,apk,{aj}j∈J) }), the probability of successful output of B is e/2.
ChallengerRunning algorithmTo solve the CDH problem according to the generalized bifurcation theoremAlgorithm setting and operationThe output result of (a) is ({ j)f{ out }, { out' }). Two runs before and afterThe random vectors f and f' used are different but still satisfyOut in the output result is (σ, ID)G,J,apk,{aj}j∈J) And out ═ σ', IDG′,J′,apk′,{a′j}j∈J′). Specifically, σ ═ (σ)1,σ2) And σ ═ (σ)1′,σ2′)。
Two runs before and afterIs arranged to divergeAndnamely ak≠a′k. While the signer group is fixed, i.e. IDG=IDG'and J ═ J'. Thus removing akAll other J e J satisfy aj=a′jAccording toCan obtain the product
AlgorithmThe output signatures σ and σ' are both legitimate signatures, so the following verification equation holds:
e(g,σ1)=e(y,apk)·e(σ2,H3(gtag,m))
e(g,σ1′)=e(y,apk′)·e(σ2′,H3(gtag,m))
according to the property of symmetric bilinear mapping, there are:
Finally, the challengerThe solution to the CDH difficult problem can be successfully calculated from this, namely:
while the CDH problem is difficult in polynomial time, contradicts reasoning results, so the falsehood assumed in the proofAbsent, this sub-packet based identity based multiple signature approach is not forgeable.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (8)
1. An identity-based multiple signature method based on sub-packets is characterized in that: the method comprises the following steps:
step 1: initializing system parameters, and generating a master public and private key pair by a group manager;
step 2: the group members send the identities to a group manager, and the group manager sequentially generates private keys for the group members;
and step 3: the group administrator calculates a group label according to a group member public key set, and the group member public key set and the group label are combined to form a group public key;
and 4, step 4: the group administrator selects the signature sub-group and discloses the sub-group set, and the members in the sub-group respectively generate signatures and send the signatures to the group administrator;
and 5: the group administrator verifies that the signature sent by the key member of the sub-group in the step 4 is received, and if the signature is illegal, the group administrator returns to the step 3;
step 6: if all the signatures received by the group administrator in the step 5 are legal, the group administrator aggregates the member signatures into multiple signatures;
and 7: any entity inside or outside the group verifies the correctness of the multiple signatures.
2. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 1 specifically comprises:
step 1.1, set G1For addition cycles of order prime q, G2A multiplication loop group of order prime q; giving a safety parameter n, and setting Gen as a parameter generation algorithm; generation of (q, G, G) by Gen (n)1,G2) Wherein (G)1,G2) Is a bilinear group pair of prime order q, and the bilinear mapping is e: g1×G1→G2Denotes from G1To G2G is G1The 4 secure hash functions are: h1:{0,1}*→G1,H3:{0,1}*→G1,Wherein ZqRepresents the set 0, 1, 2.. q-1}, andrepresents the set {1, 2.. q-1}, H1:{0,1}*→G1Denotes a term belonging to {0, 1}*Values within the range are through H1Then obtain a group G1Values within the range, system parameters are disclosed for all group members;
3. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 2 specifically comprises:
step 2.1, each group member will have its own identity IDiSending the data to a PKG (public Key group) of a group administrator;
step 2.2, the group administrator PKG calculates pki=H1(IDi) The hash value of d is calculatedIDi=pki xAnd returning to the corresponding group member.
4. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 3 specifically comprises:
step 3.1 group administrators create set IDsGAdding the identities of all group members to the set and maintaining an ID associated with the identity setGCorresponding public key list
Step 3.2 group administrators set public key IDsGHash processing is carried outObtaining gtag ═ H4(IDG) Gtag is the hash value obtained by calculation, and becomes the identification tag of the group;
step 3.3, combining the identity set with the group tag gtag to obtain the group public key gpk ═ gtag, IDG) The group public key is public to the group members.
5. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 4 specifically comprises:
step 4.1, before signing the message m, the group administrator determines a member subset J, which contains the identity ID of the member participating in the signature of the whole group, and the information of the J is disclosed in the group;
step 4.2, the members of the ID in the subset J respectively sign the message m, and respectively select random numbers
Step 4.3, the members participating in the signature hash the gtag and m to obtain H3(gtag, m), second calculationAndwhere gtag is the group tag value, m is the message to be signed, rjIs a random number selected by each member, dIDjIs a private key of each member, G is a group G1A generator of (2);
6. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 5 specifically comprises:
step 5.1, the group administrator verifies the received member signature, and hash processing is carried out on the gtag and the m to obtain H3(gtag, m), and then 3 bilinear pairingsAnda value of (1), whereinAndis a member signature SjY is the public key of the group administrator (J ∈ (0, 1, 2 … n), n is the number of members in J);
step 5.2, comparisonAndwhether the values of the two are equal or not, if so, the member signature SjThe signature is a valid signature, otherwise, the signature is an illegal signature;
and 5.3, when the illegal member signature appears, returning to the step 3.1, and re-determining the signature sub-packet.
7. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 6 specifically comprises:
step 6.1, if all member signature verifications are valid signatures, the group administrator PKG aggregates the received member signatures;
step 6.2, for (ID)j,J,IDG) Performing hash processing to obtain a hash value aj=H2(IDj,J,IDG) (J ∈ (0, 1, 2 … n), n is the number of members in J);
step 6.4, the aggregated multiple signature consists of 2 parts, i.e., (σ ═ σ)1,σ2)。
8. The identity-based multiple signature method based on sub-packets as claimed in claim 1, wherein step 7 specifically comprises:
step 7.1, when verifying the correctness of the multiple signatures, firstly checking the (ID)j,J,IDG) Performing hash processing to obtain a hash value aj=H2(IDj,J,IDG) (J ∈ (0, 1, 2 … n), n is the number of members in J), and then the aggregate public key is calculated
Step 7.2, hash processing is carried out on the gtag and the m to obtain H3(gtag, m), and then 3 bilinear pairings e (g, σ) are computed1) E (y, apk) and e (σ)2,H3(gtag, m)) value, where σ1And σ2Is a component of the multiple signature σ, y is the public key of the group administrator;
step 7.3, compare e (g, σ)1) And e (y, apk). e (σ)2,H3(gtag, m)) and if they are equal, the multiple signature σ becomes (σ ═ σ)1,σ2) The signature is a valid signature, otherwise, the signature is an illegal signature.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111261478.6A CN113972987B (en) | 2021-10-28 | 2021-10-28 | Identity-based multi-signature method based on sub-packets |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111261478.6A CN113972987B (en) | 2021-10-28 | 2021-10-28 | Identity-based multi-signature method based on sub-packets |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113972987A true CN113972987A (en) | 2022-01-25 |
CN113972987B CN113972987B (en) | 2023-07-18 |
Family
ID=79588736
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111261478.6A Active CN113972987B (en) | 2021-10-28 | 2021-10-28 | Identity-based multi-signature method based on sub-packets |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113972987B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003090429A1 (en) * | 2002-04-15 | 2003-10-30 | Docomo Communications Laboratories Usa, Inc. | Signature schemes using bilinear mappings |
CN101800641A (en) * | 2009-12-29 | 2010-08-11 | 河南城建学院 | Group signature method suitable for large groups |
CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
-
2021
- 2021-10-28 CN CN202111261478.6A patent/CN113972987B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003090429A1 (en) * | 2002-04-15 | 2003-10-30 | Docomo Communications Laboratories Usa, Inc. | Signature schemes using bilinear mappings |
CN101800641A (en) * | 2009-12-29 | 2010-08-11 | 河南城建学院 | Group signature method suitable for large groups |
CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
Non-Patent Citations (1)
Title |
---|
YU H, ET AL.: "Certificateless broadcast multisignature scheme based on MPKC", IEEE * |
Also Published As
Publication number | Publication date |
---|---|
CN113972987B (en) | 2023-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xiao et al. | Secure and efficient multi-signature schemes for fabric: An enterprise blockchain platform | |
Chow et al. | Server-aided signatures verification secure against collusion attack | |
Lin et al. | Ppchain: A privacy-preserving permissioned blockchain architecture for cryptocurrency and other regulated applications | |
Gu et al. | Efficient traceable ring signature scheme without pairings. | |
Zhou et al. | A lightweight cryptographic protocol with certificateless signature for the Internet of Things | |
WO2021150238A1 (en) | Remote attestation | |
Han et al. | A certificateless verifiable strong designated verifier signature scheme | |
CN115442057A (en) | Randomizable blind signature method and system with strong unlinkability | |
CN111245615B (en) | Digital signature password reverse firewall method based on identity | |
Li et al. | A forward-secure certificate-based signature scheme | |
CN112434281A (en) | Multi-factor identity authentication method oriented to alliance chain | |
Wang et al. | A novel blockchain identity authentication scheme implemented in fog computing | |
Tso | A new way to generate a ring: Universal ring signature | |
CN115174037B (en) | Construction method and device of chameleon hash function based on SM9 signature | |
Xie et al. | A new lattice-based blind ring signature for completely anonymous blockchain transaction systems | |
Tian et al. | A systematic method to design strong designated verifier signature without random oracles | |
Yang et al. | Top-level secure certificateless signature against malicious-but-passive KGC | |
Dodis et al. | Time capsule signature | |
Goodell et al. | Thring signatures and their applications to spender-ambiguous digital currencies | |
Yang et al. | Cryptanalysis of a transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments | |
CN113507366B (en) | Grid-based searchable log blind signature scheme | |
Cheng et al. | Cryptanalysis and improvement of a certificateless partially blind signature | |
CN113972987B (en) | Identity-based multi-signature method based on sub-packets | |
Gong et al. | Constructing strong designated verifier signatures from key encapsulation mechanisms | |
Wang et al. | Designated confirmer signatures with unified verification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |