CN114257378B - Anonymous certificate generation method, system, equipment and readable storage medium - Google Patents

Anonymous certificate generation method, system, equipment and readable storage medium Download PDF

Info

Publication number
CN114257378B
CN114257378B CN202111483160.2A CN202111483160A CN114257378B CN 114257378 B CN114257378 B CN 114257378B CN 202111483160 A CN202111483160 A CN 202111483160A CN 114257378 B CN114257378 B CN 114257378B
Authority
CN
China
Prior art keywords
anonymous
processing module
parameter
signature
examination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111483160.2A
Other languages
Chinese (zh)
Other versions
CN114257378A (en
Inventor
张鼎
姜鹏
陈志明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Citic Bank Corp Ltd
Original Assignee
China Citic Bank Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Citic Bank Corp Ltd filed Critical China Citic Bank Corp Ltd
Priority to CN202111483160.2A priority Critical patent/CN114257378B/en
Publication of CN114257378A publication Critical patent/CN114257378A/en
Application granted granted Critical
Publication of CN114257378B publication Critical patent/CN114257378B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a system, equipment and a storage medium for generating an anonymous certificate, which comprise a first processing module, a second processing module, a third processing module and a fourth processing module, wherein the first processing module acquires real identity information of a client and generates a real-name certificate; in the invention, the third processing module verifies the true identity of the client under the condition that the true identity information of the client is not known, the fourth processing module examines the true identity information of the client, and the third processing module and the fourth processing module detect the true identity information of the client through independent private keys, thereby realizing authority separation in the examination process, solving the security problem caused by single-point attack and greatly improving the security of data.

Description

Anonymous certificate generation method, system, equipment and readable storage medium
Technical Field
The invention relates to the technical field of internet privacy data protection, in particular to a method, a system, equipment and a storage medium for generating an anonymous certificate.
Background
At present, a large number of HMAC operations are required to be performed in the generation of the anonymous certificate of a banking system, so that the calculation efficiency is low, and meanwhile, the identity certificate identification ciphertext of a client and the anonymous certificate index ciphertext are stored in the anonymous certificate, so that the storage space required to be occupied by the anonymous certificate is larger, and the storage of the anonymous certificate is not beneficial to optimization;
In the generation process of the anonymous certificate, the fourth processing module and the third processing module master Pre-k for generating the extension domain and anonymous identity tracking, but the generation stage of the certificate is only finished by the fourth processing module unilaterally and only one party is required to be finished independently in the tracking stage, so that if one party is dishonest or attacked, the anonymous certificate loses the security, and meanwhile, the fourth processing module and the third processing module are partially repeated in function, so that the generation of the anonymous certificate is extremely easy to suffer from single-point attack, and the security is low.
Disclosure of Invention
Aiming at the defect of low security in the prior art, the invention discloses a method, a system, equipment and a storage medium for generating an anonymous certificate, wherein the method realizes complete independent multiple examination in the examination stage of the anonymous certificate, avoids the single point attack problem caused by repeated responsibility, optimizes the data structure in the whole generation process, and can effectively reduce the operation amount of a computer and the storage space occupied by data.
The invention realizes the aim through the following technical scheme:
An anonymous credential generation method comprising the steps of:
Acquiring identity information of a client, and issuing a real-name certificate if the identity information is judged to be true;
Receiving a real-name certificate and generating corresponding anonymous certificate content, and simultaneously, generating first check information and second check information which are mutually separated and respectively and independently checked, wherein the first check information is used for checking true identity, the second check information is used for checking the anonymous certificate, and receiving and outputting the anonymous certificate with the joint signature under the condition that the first check information and the second check information pass the check;
Receiving and verifying the authenticity of the first examination information, and if true, sending second examination parameters for generating second examination information to an upper level according to the first examination information;
Receiving and verifying the authenticity of the second examination information, if true, generating a third examination parameter according to the second examination information, and examining the authenticity; and if the third checking parameter is true, transmitting the anonymous certificate with the joint signature to the upper level.
Preferably, the generation of the first examination information includes the steps of:
Selecting a random number r 1, and calculating a first examination parameter u by combining an elliptic curve algorithm and the random number r 1, wherein the calculation expression of the first examination parameter u is u=g r1 mod n; wherein g is a base point on the elliptic curve, n is a step of the base point of the elliptic curve, and r 1 is a random number;
Encrypting the first examination parameter u through a real-name private key to generate a first signature, and integrating the first examination parameter u and the first signature to generate first examination information;
preferably, the verification of the first examination information includes the steps of:
receiving first checking information and verifying the authenticity of the first signature;
If the first signature is true, a second checking parameter w is calculated by combining a third processing module private key d 1, the first checking parameter u and an elliptic curve algorithm, and the calculation expression of the second checking parameter w is w=u d1 mod n;
and sending the generated second examination parameter w to an upper level for generating second examination information.
AES symmetric encryption is carried out on the first checking parameter u through a third processing module private key d 1, so that an encryption parameter is obtainedAnd will/>Stored in the form of key-value pairs.
Preferably, the generation of the anonymous credential content M comprises the steps of:
setting an anonymous identity parameter AID corresponding to the anonymous certificate, and simultaneously automatically generating an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate;
Selecting a random number p, and calculating a serial number SN according to the random number p, wherein sn=h (APK, p);
And obtaining an anonymous certificate header parameter b and anonymous certificate content M according to the serial number and the real-name certificate, wherein the expression of b is (AID, SN, APK), and the expression of M is (b, h (E)).
Preferably, the generation of the second examination information includes the steps of:
Receiving a second audit parameter w, and carrying out encryption signature on the anonymous certificate content M by using an anonymous private key ASK to generate a second signature;
Integrating the second signature, the second examination parameter w and the random number r 1 to generate second examination information;
Preferably, the generation of the joint signature comprises the steps of:
Receiving second checking information and verifying the authenticity of the second signature;
If the second signature is true, calculating a third checking parameter z by combining a fourth processing module private key d 2, a second checking parameter w and an elliptic curve algorithm, wherein the calculation expression is z=w d2 mod n;
performing inverse operation self-checking on the third checking parameter z, comparing the calculation result with the public key Q, and judging that the third checking parameter is correct if the calculation result is equal, wherein the second checking information is true; wherein the inverse operation expression of the third examination parameter z is The public key Q satisfies the expression q=g d mod n, and d=d 1*d2.
AES symmetric encryption is carried out on the third checking parameter z through a fourth processing module private key d 2, so that an encryption parameter is obtainedAnd will/>Stored in the form of key-value pairs.
Selecting a random number r 2, calculating a joint signature, generating an anonymous certificate with the joint signature, and transmitting the anonymous certificate with the joint signature to an upper level; wherein the expression of the joint signature is:
Preferably, the anonymous credential expression is (M, usigd), and the third and fourth processing module private keys satisfy the following relationship d=d 1*d2, where d is a randomly selected large integer.
In a second aspect, an embodiment of the present application provides an anonymous credential generation system, including:
The first processing module is used for acquiring the identity information of the client, and issuing a real name certificate if the identity information is judged to be true;
The second processing module is used for receiving the real-name certificate and generating corresponding anonymous certificate content, and simultaneously generating first examination information and second examination information which are mutually separated and respectively and independently examined, wherein the first examination information is used for real identity examination, and the second examination information is used for anonymous certificate examination;
Receiving and outputting anonymous credentials with a joint signature if both the first and second audit information pass
The third processing module is used for receiving the first examination information sent by the second processing module, verifying the authenticity of the first examination information, generating second examination parameters according to the first examination information if the first examination information is true, and sending the second examination parameters to the second processing module;
The fourth processing module is used for receiving and verifying the authenticity of the second examination information, if true, generating a third examination parameter according to the second examination information, and examining the authenticity; and if the third checking parameter is true, sending the anonymous certificate with the joint signature to the second processing module.
Preferably, the second processing module includes: a first signature unit and a first random number generation unit;
The first random number generation unit is used for generating and selecting a random number r 1, and calculating a first examination parameter u by combining an elliptic curve algorithm with the selected random number r 1;
The first signature unit is used for encrypting the first examination parameter u through the real-name private key to generate a first signature, and integrating the first examination parameter u and the first signature to generate first examination information.
Preferably, the second processing module further comprises:
the anonymous information generation unit is used for setting an anonymous identity parameter AID corresponding to the anonymous certificate and simultaneously automatically generating an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate;
The serial number and certificate generation unit is used for selecting a random number p and calculating a serial number SN according to the random number p; and obtaining the anonymous certificate header parameter b and anonymous certificate content M according to the serial number and the real name certificate.
Preferably, the second processing module further comprises:
the second signature unit is used for receiving the second checking parameter w, and carrying out encryption signature on the anonymous certificate content M by using an anonymous private key ASK to generate a second signature;
And the data integration unit is used for integrating the second signature, the second examination parameter w and the random number r 1 to generate second examination information.
Preferably, the third processing module includes:
The first verification unit is used for receiving the first checking information and verifying the authenticity of the first signature;
The third signature unit is used for calculating a second checking parameter w by combining the third processing module private key d 1, the first checking parameter u and an elliptic curve algorithm when the first signature is true; the generated second examination parameters w are sent to the upper level for generating second examination information; meanwhile, AES symmetric encryption is carried out on the first checking parameter u through a third processing module private key d 1 to obtain an encryption parameter
A third processing module storage unit for storing the following componentsStored in the form of key-value pairs.
Preferably, the fourth processing module includes:
the third verification unit is used for receiving the second checking information and verifying the authenticity of the second signature;
The fourth signature unit is used for calculating a third checking parameter z by combining the fourth processing module private key d 2, the second checking parameter w and an elliptic curve algorithm if the second signature is true; and performing AES symmetric encryption on the third examination parameter z through the fourth processing module private key d 2 when the third examination parameter is true to obtain an encryption parameter
The self-checking unit is used for carrying out inverse operation self-checking on the third checking parameter z, comparing the calculation result with the public key Q, and judging that the third checking parameter is correct and the second checking information is true if the calculation result is equal;
The anonymous certificate generation unit is used for selecting a random number r 2, calculating a joint signature, generating an anonymous certificate with the joint signature, and transmitting the anonymous certificate with the joint signature to a superior;
A fourth processing module storage unit for storing the following components Stored in the form of key-value pairs.
Preferably, the third processing module private key and the fourth processing module private key satisfy the following relationship d=d1×d2, where d is a randomly selected large integer.
In a third aspect, an embodiment of the present application provides an anonymous credential generating device, including:
A memory for storing a computer program;
and the processor is used for realizing the steps of the anonymous certificate generation method when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the anonymous credential generation method described above.
Compared with the prior art, the invention has the following beneficial effects:
1. The method comprises the steps that after the true identity information of a client is obtained, a corresponding real-name certificate is generated, a second processing module generates a corresponding anonymous certificate through the received real-name certificate, and generates first checking information, wherein the first checking information does not contain relevant content of the anonymous certificate, second checking parameters are generated after the first checking information passes checking, the second processing module generates second checking information according to the second checking parameters, authenticity of the second checking information is checked, and then a joint signature is generated;
Compared with the prior art, the first checking information does not contain any anonymous certificate information, the second checking information does not contain any information about the true identity of the client, so that the third processing module responsible for checking the first checking information verifies the true identity of the client under the condition that the true identity information of the anonymous certificate is not known, the fourth processing module responsible for checking the second checking information checks the anonymous certificate under the condition that the true identity information of the client is not known, and finally the fourth processing module and the third processing module jointly generate a joint signature for the anonymous certificate of the user, and meanwhile, the third processing module and the fourth processing module respectively detect the private keys mastered by the third processing module and the fourth processing module, thereby realizing authority separation in the supervision process, solving the security problem caused by single-point attack and greatly improving the security of data;
Secondly, due to authority separation, the third processing module and the fourth processing module master the respective private keys d 1 and d 2 respectively, and the fourth processing module and the third processing module are respectively responsible for checking within the self authority range, so that natural separation among the checking staff is realized, the overlapping of responsibilities of the checking staff can be avoided, the checking efficiency is improved, meanwhile, information communication among different checking staff caused by the overlapping of responsibilities can be avoided, and the safety of data checking is improved;
Compared with the prior art, the privacy between the two private keys of the third processing module and the fourth processing module is realized without complex zero knowledge proof, the manual separation is realized at the beginning of the setting, meanwhile, on the communication connection, no communication connection is generated between the third processing module and the fourth processing module, and the generated data is transferred through the second processing module, so that the communication isolation between the third processing module and the fourth processing module is realized, the effective segmentation of the private keys is realized through ingenious communication and data setting, the complexity of anonymous certificate generation is reduced, the calculated amount in the anonymous certificate generation process is reduced, and the calculation efficiency is improved.
2. The first examination information comprises the first examination parameter u and the first signature, and only the second examination parameter is required to be returned to the previous stage after the first examination information is qualified;
therefore, in the data exchange process, the structure of the round-trip data is simple, and the size of the data transmitted between different modules can be greatly reduced, so that the transmission efficiency is improved; meanwhile, the data does not contain any related parameters related to the anonymous identity and the related parameters of the private key of the third processing module, so that the risk of revealing the anonymous identity information is eliminated from the source, and the inspection safety is improved.
3. The second checking information comprises a second signature, a second checking parameter w and a random number r 1, wherein the second signature is generated by an anonymous private key of the client, and the second checking parameter and the random number r 1 do not contain any parameter related to the true identity of the client, so that the fourth processing module is isolated from the true identity information of the client, and independent checking of the anonymous information is realized; and the whole second checking information data has a simple structure, can effectively reduce the size of the transmitted data and improve the transmission efficiency.
4. The second examination information comprises the second examination parameters, the third examination parameters are generated by virtue of the second examination parameters, the fourth processing module only receives the second examination parameters, but does not receive the first examination parameters and the third processing module private key, so that the isolation between the fourth processing module and the third processing module private key is realized, meanwhile, the accuracy of an examination result can be ensured when the third examination parameters are subjected to inverse operation because the second examination parameters are generated by the third processing module private key, and meanwhile, the fourth processing module examines the second examination parameters under the condition that the third processing module private key d 1 is not known, and the accuracy is improved.
5. The third processing module private key and the fourth processing module private key meet the following relation, namely d=d 1*d2, wherein d is a large randomly selected integer, the arrangement ensures that the third processing module private key and the fourth processing module private key are mutually separated, mutual independence and privacy of the third processing module private key and the fourth processing module private key are ensured, the third processing module generates a second checking parameter w through the private key in the data generating and transmitting process, the second processing module sends the second checking parameter w to the fourth processing module, and meanwhile, the third checking parameter z is calculated through the private key, so the following relation exists in the inverse operation process: According to the configuration, if the second checking parameter received by the fourth processing module is not generated by the third processing module private key, the final checking result is wrong, so that the fourth processing module can check the third processing module private key without knowing the third processing module private key, the third processing module private key and the fourth processing module private key can be relatively independent, meanwhile, the checking accuracy can be ensured, and the safety of data checking is improved.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a flow chart of the steps of the present invention;
FIG. 3 is a schematic diagram of the structure of the present invention;
FIG. 4 is a schematic diagram of an anonymous credential generation device of the present invention;
Reference numerals: 1. the system comprises a first processing module, 2, a second processing module, 3, a third processing module, 4, a fourth processing module, 21, a first signature unit, 22, a first random number generation unit, 23, an anonymous information generation unit, 24, a serial number generation unit, a certificate generation unit, 25, a second signature unit, 26, a data integration unit, 31, a first verification unit, 32, a third signature unit, 33, a third processing module storage unit, 41, a third verification unit, 42, a fourth signature unit, 43, a self-checking unit, 44, an anonymous certificate generation unit, 45 and a fourth processing module storage unit.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
Embodiment 1
As shown in fig. 1 and 2, the present embodiment provides an anonymous credential generation method, including the steps of:
s1, editing real identity information by a client through a man-machine interaction unit of a second processing module, generating a real-name certificate request by the second processing module according to the real identity information after editing is completed, and sending the real-name certificate request to a first processing module;
Wherein the true identity information expression is: transaction ID, transaction time, user ID, name, role;
S2, after receiving the real-name certificate request, the first processing module performs authenticity verification on the real-name certificate request, if the verification is passed, a corresponding real-name certificate E is generated, the real-name certificate is fed back to the second processing module, and meanwhile the real-name certificate request is stored in a first processing module database; the real name certificate E expression is: transaction ID, transaction time, real name certificate;
s3, after receiving the real-name certificate E, the second processing module sets an anonymous identity parameter AID corresponding to the anonymous certificate through an anonymous information generating unit by a user, and simultaneously automatically generates an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate;
The user selects a random number p generated by a serial number and certificate generation unit, and the serial number and certificate generation unit calculates a serial number SN according to the selected random number p, wherein SN=H (APK, p); generating an anonymous certificate header parameter b by combining the anonymous identity parameter AID, the serial number SN and the anonymous public key APK, wherein the expression is (AID, SN, APK), generating anonymous certificate content M by combining the received real-name certificate E, and the expression of the anonymous certificate content M is (b, h (E)), wherein h (E) represents the hash value of the real-name certificate;
S4, a user selects a random number r 1 generated by the first random number generation unit, and calculates a first check parameter u by combining an elliptic curve algorithm and the random number r 1, wherein the calculation expression of the first check parameter is u=g r1 mod n; wherein g is a base point on the elliptic curve, n is a step of the base point of the elliptic curve, and r 1 is a random number;
The first signature unit encrypts and signs the first examination parameters through a real-name private key to generate a first signature, and then integrates the first signature and the first examination parameters to generate first examination information; and sending the first examination information to a third processing module;
s5, after the third processing module receives the first examination information generated in the step S3.4, the first verification unit verifies the first signature information through the public key, and if the first signature information is judged to be false, all subsequent program procedures are terminated;
If the first signature is judged to be true, the third signature unit calculates a second checking parameter w by combining a third processing module private key d 1, the first checking parameter u and an elliptic curve algorithm, wherein the calculation expression is w=u d1 mod n; and sending the calculated second examination parameters to a second processing module;
Meanwhile, the third signature unit carries out AES symmetric encryption on the second checking parameter w through the third processing module private key d 1, and obtains an encryption parameter And sends it to the third processing module storage unit;
The third processing module memory unit will Saving in the form of key value pairs in a third processing module database;
S6, after the second processing module receives the second checking parameter w, the second signature unit performs signature encryption on the anonymous certificate content generated in the step S3 through an anonymous private key ASK, and generates a second signature;
The data integration unit integrates and packages the generated second signature, the second examination parameter w received from the third processing module and the random number r 1 in the step S4 to generate second examination information, and sends the second examination information to the fourth processing module;
s7, after the fourth processing module receives the second examination information, the third verification unit verifies the authenticity of the second signature through the public key, and if the second signature is judged to be false, all subsequent programs are stopped;
If the judgment result is true, the fourth signature unit calculates a third checking parameter z by combining a fourth processing module private key d 2, a second checking parameter w and an elliptic curve algorithm, wherein the calculation expression is z=w d2 mod n;
Self-checking unit, through inverse operation formula Performing inverse operation self-checking on the third checking parameter z, comparing the calculated result with the public key Q mastered by the fourth processing module, and if the calculated result is equal to the public key Q, successfully comparing the calculated result with the public key Q, wherein the third checking parameter is true;
If the third checking parameter is judged to be true, the fourth signature unit carries out AES symmetric encryption on the third checking parameter z through a fourth processing module private key d 2 to obtain an encryption parameter And sends it to the fourth processing module storage unit;
The fourth processing module memory cell will Stored in the form of key value pairs;
the anonymous certificate generation unit selects a random number r 2, calculates a joint signature through an ECDSA signature algorithm, and simultaneously generates an anonymous certificate with the joint signature by combining the joint signature and sends the anonymous certificate to the second processing module; wherein the expression of the joint signature is: the anonymous credential has an expression of (M, usigd);
The public key Q satisfies the expression q=g d mod n, and d=d 1*d2, where d is a randomly chosen large integer;
if the calculation result is not equal to the public key, the third checking parameter is false, and all subsequent programs are terminated;
s8, the second processing module receives and outputs the anonymous certificate with the joint signature.
It should be noted that, in the above embodiment, the first processing module is a CA end, the second processing module is a client end, the third processing module is a supervisor end, and the fourth processing module is a TCA end, where TCA and supervisor are both served by an authority of CA, the CA is responsible for issuing identity certificates for the supervisor and TCA respectively, and the supervisor, TCA and CA each have an independent database for tracking and storing encrypted data used when anonymous certificates.
Meanwhile, according to actual conditions, each functional unit involved in the method can be combined according to requirements.
Embodiment 2
This embodiment, as a basic embodiment of the present application, as shown in fig. 3, discloses an anonymous credential generation system, specifically including a first processing module 1, a second processing module 2, a third processing module 3, and a fourth processing module 4;
The second processing module 2 comprises a first signature unit 21, a random number generation unit 22, an anonymous information generation unit 23, a serial number and certificate generation unit 24 and a data integration unit 26, wherein the first signature unit 21 is used for generating various signatures of first checking information, the second signature unit 25 is used for generating various signatures in second checking information, meanwhile, according to actual conditions, the first signature unit 21 and the second signature unit 25 can be selectively combined, the first random number generation unit 22 is used for generating a random number and generating first checking parameters, the anonymous information generation unit 23 and the serial number and certificate generation unit 24 are used for generating anonymous certificate content and corresponding anonymous public and private key pairs based on the anonymous information, and meanwhile, the data integration unit 26 is used for integrating various calculated parameters into the first checking information and the second checking information respectively;
The third processing module 3 includes a first verification unit 31, a third signature unit 32, and a third processing module storage unit 33, where the first verification unit 31 receives first examination information from the second processing module, performs true-false authentication on the related information, generates corresponding examination parameters through the second signature unit 32 if the authentication is true, and sends the examination parameters to the next processing unit; meanwhile, the related information is stored through the third processing module storage unit 33;
The fourth processing module 4 includes a third verification unit 41, a fourth signature unit 42, a self-checking unit 43, an anonymous credential generating unit 44, and a fourth processing module storage unit 43, where the third verification unit 41 receives the inspection information from the second processing module 2, performs authenticity identification on the related information, generates a corresponding inspection parameter through the fourth signature unit 42 and then self-checks the authenticity of the related parameter through the self-checking unit 43 if the related information is identified as true, generates a corresponding joint signature and an anonymous credential with the joint signature through the anonymous credential generating unit 44 if the related information is identified as true, and sends the anonymous credential with the joint signature to the second processing module 2; while storing the related information through the fourth process module storage unit 45.
Embodiment 3
Corresponding to the above method embodiments, the present disclosure further provides an anonymous credential generating device, and an anonymous credential generating device described below and an anonymous credential generating method described above may correspondingly refer to each other:
Fig. 4 is a block diagram illustrating an anonymous credential generation device 800, according to an example embodiment. As shown in fig. 3, the anonymous credential generating device 800 may include: a processor 801, a memory 802. The anonymous credential generating device 800 may also include one or more of an input/output (I/O) interface 804, and a communication component 805.
Wherein the processor 801 is configured to control the overall operation of the anonymous credential generating device 800 to perform all or part of the steps of the anonymous credential generating method described above. The memory 802 is used to store various types of data to support operation at the anonymous credential generating device 800, which may include, for example, instructions for any application or method operating on the anonymous credential generating device 800, as well as application-related data, such as contact data, transceived messages, pictures, audio, video, and the like.
The Memory 802 may be implemented by any type or combination of volatile or non-volatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM for short), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM for short), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM for short), programmable Read-Only Memory (Programmable Read-Only Memory, PROM for short), read-Only Memory (ROM for short), magnetic Memory, flash Memory, magnetic disk, or optical disk.
The I/O interface 804 provides an interface between the processor 801 and other interface elements, which may be a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons.
The communication component 805 is configured to perform wired or wireless communication between the anonymous credential generating device 800 and other devices. Wireless communication, such as Wi-Fi, bluetooth, near field communication (Near FieldCommunication, NFC for short), 2G, 3G, or 4G, or a combination of one or more thereof, the corresponding communication component 805 may therefore include: wi-Fi unit, bluetooth unit, NFC unit.
In an exemplary embodiment, the anonymous credential generation device 800 may be implemented by one or more Application Specific Integrated Circuits (ASIC), digital signal processor (DIGITALSIGNAL PROCESSOR DSP), digital signal processing device (DIGITAL SIGNAL Processing Device DSPD), programmable logic device (Programmable Logic Device PLD), field programmable gate array (Field Programmable GATE ARRAY FPGA), controller, microcontroller, microprocessor, or other electronic element for performing one of the anonymous credential generation methods described above.
In another exemplary embodiment, a computer readable storage medium is also provided comprising program instructions which, when executed by a processor, implement the steps of the anonymous credential generation method described above. For example, the computer readable storage medium may be the memory 802 described above including program instructions executable by the processor 801 of the anonymous credential generation device 800 to perform the anonymous credential generation method described above.
Embodiment 4
Corresponding to the above method embodiments, the present disclosure further provides a readable storage medium, where a readable storage medium described below and an anonymous credential generation method described above may be referred to correspondingly with each other.
A readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the anonymous credential generation method of the above-described method embodiments.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, which may store various program codes.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims
Compared with the prior art, firstly, the first checking information does not contain any anonymous certificate information, the second checking information does not contain any information about the true identity of the client, so the third processing module responsible for checking the first checking information verifies the true identity of the client without knowing the true identity of the anonymous certificate, the fourth processing module responsible for checking the second checking information checks the anonymous certificate without knowing the true identity information of the client, and finally the fourth processing module and the third processing module jointly generate a joint signature for the anonymous certificate of the user,
Meanwhile, the third processing module and the fourth processing module respectively detect through the private keys mastered by each, so that authority separation in the supervision process is realized through the arrangement, and the final result can be output through the examination parties of the third processing module and the fourth processing module, so that the security problem caused by single-point attack is solved, and the security of data is greatly improved;
Secondly, due to authority separation, the third processing module and the fourth processing module master the private keys d 1 and d 2 respectively, and the fourth processing module and the third processing module are respectively responsible for examination within the authority range of the third processing module, so that separation among examination personnel is realized, and serial connection among the examination personnel is avoided; meanwhile, the overlapping of responsibilities of examination personnel is effectively avoided, the examination efficiency is improved, the overlapping of a large amount of privacy information caused by repetition of the responsibilities is also avoided, and the independence of grasping data respectively is improved;
Compared with the prior art, the privacy between the two private keys of the third processing module and the fourth processing module is realized without complex zero knowledge proof, the manual separation is realized at the beginning of the design, meanwhile, on the communication connection, no communication connection is generated between the third processing module and the fourth processing module, and the generated data is transferred through the second processing module, so that the communication isolation between the third processing module and the fourth processing module is realized, the effective segmentation of the private keys is realized through ingenious communication and data setting, the complexity of anonymous certificate generation is reduced, the calculated amount in the anonymous certificate generation process is reduced, and the calculation efficiency is improved.

Claims (13)

1.A method of generating an anonymous credential, comprising:
Acquiring identity information of a client, and issuing a real-name certificate if the identity information is judged to be true;
Receiving a real-name certificate and generating corresponding anonymous certificate content, and simultaneously, generating first check information and second check information which are mutually separated and respectively and independently checked, wherein the first check information is used for checking true identity, the second check information is used for checking the anonymous certificate, and receiving and outputting the anonymous certificate with the joint signature under the condition that the first check information and the second check information pass the check;
Receiving and verifying the authenticity of the first examination information, and if true, sending second examination parameters for generating second examination information to an upper level according to the first examination information;
receiving and verifying the authenticity of the second examination information, if true, generating a third examination parameter according to the second examination information, and examining the authenticity; if the third checking parameter is true, sending the anonymous certificate with the joint signature to the upper level;
the generating of the first examination information includes: selecting a random number r 2, and calculating a first checking parameter u by combining an elliptic curve algorithm with the random number r 2; encrypting the first examination parameter u through a real-name private key to generate a first signature, and integrating the first examination parameter u and the first signature to generate first examination information;
The generation of the anonymous credential content includes: setting an anonymous identity parameter AID corresponding to the anonymous certificate, and simultaneously automatically generating an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate; selecting a random number p, and calculating a serial number SN according to the random number p; obtaining an anonymous certificate header parameter b and anonymous certificate content according to the serial number and the real name certificate;
The generating of the second audit information includes: receiving a second audit parameter w, and carrying out encryption signature on the anonymous certificate content by using an anonymous private key ASK to generate a second signature; and integrating the second signature, the second checking parameter w and the random number r1 to generate second checking information.
2. The anonymous credential generation method of claim 1, wherein the verification of the first audit information comprises:
receiving first checking information and verifying the authenticity of the first signature;
if the first signature is true, a second checking parameter w is calculated by combining the third processing module private key d 1, the first checking parameter u and an elliptic curve algorithm;
The generated second examination parameters w are sent to the upper level for generating second examination information;
AES symmetric encryption is carried out on the first checking parameter u through a third processing module private key d 1, so that an encryption parameter is obtained And will/>Stored in the form of key-value pairs.
3. The anonymous credential generation method of claim 2, wherein the generation of the joint signature comprises:
Receiving second checking information and verifying the authenticity of the second signature;
If the second signature is true, a third checking parameter z is calculated by combining the fourth processing module private key d 2, the second checking parameter w and an elliptic curve algorithm; and performing AES symmetric encryption on the third examination parameter z through the fourth processing module private key d 2 when the third examination parameter is true to obtain an encryption parameter
Performing inverse operation self-checking on the third checking parameter z, comparing the calculation result with the public key Q, and judging that the third checking parameter is correct if the calculation result is equal, wherein the second checking information is true;
Selecting a random number r 2, calculating a joint signature, generating an anonymous certificate with the joint signature, and transmitting the anonymous certificate with the joint signature to an upper level;
Will be Stored in the form of key-value pairs.
4. A method of anonymous credential generation as in claim 3, wherein: the third processing module private key and the fourth processing module private key satisfy the following relationship d=d 1*d2, where d is a randomly selected large integer.
5. An anonymous credential generation system, comprising:
the first processing module (1) is used for acquiring the identity information of the client, and issuing a real name certificate if the identity information is judged to be true;
the second processing module (2) receives the real-name certificate and generates corresponding anonymous certificate content, and simultaneously generates first examination information and second examination information which are mutually separated and respectively and independently examined, wherein the first examination information is used for real identity examination, and the second examination information is used for anonymous certificate examination; the generating of the first examination information includes: selecting a random number r 2, and calculating a first checking parameter u by combining an elliptic curve algorithm with the random number r 2; encrypting the first examination parameter u through a real-name private key to generate a first signature, and integrating the first examination parameter u and the first signature to generate first examination information; the generation of the anonymous credential content includes: setting an anonymous identity parameter AID corresponding to the anonymous certificate, and simultaneously automatically generating an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate; selecting a random number p, and calculating a serial number SN according to the random number p; obtaining an anonymous certificate header parameter b and anonymous certificate content according to the serial number and the real name certificate; the generating of the second audit information includes: receiving a second audit parameter w, and carrying out encryption signature on the anonymous certificate content by using an anonymous private key ASK to generate a second signature; integrating the second signature, the second checking parameter w and the random number r1 to generate second checking information;
Receiving and outputting an anonymous credential with a joint signature if both the first audit information and the second audit information pass;
the third processing module (3) is used for receiving the first examination information sent by the second processing module, verifying the authenticity of the first examination information, generating second examination parameters according to the first examination information if the first examination information is true, and sending the second examination parameters to the second processing module;
The fourth processing module (4) is used for receiving and verifying the authenticity of the second examination information, and if true, generating a third examination parameter according to the second examination information and examining the authenticity; and if the third checking parameter is true, sending the anonymous certificate with the joint signature to the second processing module.
6. The anonymous credential generation system of claim 5, wherein the second processing module (2) comprises: a first signature unit (21) and a first random number generation unit (22);
the first random number generation unit (12) is used for generating and selecting a random number r 1, and calculating a first checking parameter u by combining an elliptic curve algorithm and the selected random number r 1;
The first signature unit (21) is used for encrypting the first examination parameter u through a real-name private key to generate a first signature, and integrating the first examination parameter u and the first signature to generate first examination information.
7. The anonymous credential generation system of claim 6, wherein the second processing module (2) further comprises:
An anonymous information generation unit (23) for setting an anonymous identity parameter AID corresponding to the anonymous certificate and simultaneously automatically generating an anonymous public key APK and an anonymous private key ASK corresponding to the anonymous certificate;
A serial number and certificate generation unit (24) for selecting a random number p, and calculating a serial number SN from the random number p, wherein sn=h (APK, p); and obtaining the anonymous certificate header parameter b and anonymous certificate content according to the serial number and the real name certificate.
8. The anonymous credential generation system of claim 7, wherein the second processing module (2) further comprises:
a second signature unit (25) for receiving the second audit parameter w, and cryptographically signing the anonymous credential content with an anonymous private key ASK and generating a second signature;
And the data integration unit (26) is used for integrating the second signature, the second examination parameter w and the random number r 1 to generate second examination information.
9. The anonymous credential generation system of claim 5, wherein the third processing module (3) comprises:
A first verification unit (31) for receiving the first examination information and verifying the authenticity of the first signature;
The third signature unit (32) is used for calculating a second checking parameter w by combining the third processing module private key d 1, the first checking parameter u and an elliptic curve algorithm when the first signature is true; the generated second examination parameters w are sent to the upper level for generating second examination information; meanwhile, AES symmetric encryption is carried out on the first checking parameter u through a third processing module private key d 1 to obtain an encryption parameter
A third processing module storage unit (33) for storing the following componentsStored in the form of key-value pairs.
10. The anonymous credential generation system of claim 9, wherein the fourth processing module (4) comprises:
the third verification unit (41) is used for receiving the second checking information and verifying the authenticity of the second signature at the same time;
The fourth signature unit (42) is used for calculating a third checking parameter z by combining the fourth processing module private key d 2, the second checking parameter w and an elliptic curve algorithm if the second signature is true; and performing AES symmetric encryption on the third examination parameter z through the fourth processing module private key d 2 when the third examination parameter is true to obtain an encryption parameter
The self-checking unit (43) is used for performing inverse operation self-checking on the third checking parameter z, comparing the calculation result with the public key Q, and judging that the third checking parameter is correct if the calculation result is equal, wherein the second checking information is true;
an anonymous certificate generation unit (44) for selecting a random number r 2, calculating a joint signature, generating an anonymous certificate with the joint signature, and transmitting the anonymous certificate with the joint signature to a superior;
A fourth processing module storage unit (45) for storing the following components Stored in the form of key-value pairs.
11. The anonymous credential generation system of claim 10, wherein: the third processing module private key and the fourth processing module private key satisfy the following relationship d=d1×d2, where d is a randomly selected large integer.
12. An anonymous credential generating device, comprising:
A memory for storing a computer program;
a processor for implementing the steps of the anonymous credential generation method as defined in any one of claims 1 to 4 when executing the computer program.
13. A readable storage medium, characterized by: the readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the anonymous credential generation method as defined in any one of claims 1 to 4.
CN202111483160.2A 2021-12-07 2021-12-07 Anonymous certificate generation method, system, equipment and readable storage medium Active CN114257378B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111483160.2A CN114257378B (en) 2021-12-07 2021-12-07 Anonymous certificate generation method, system, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111483160.2A CN114257378B (en) 2021-12-07 2021-12-07 Anonymous certificate generation method, system, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN114257378A CN114257378A (en) 2022-03-29
CN114257378B true CN114257378B (en) 2024-04-30

Family

ID=80791732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111483160.2A Active CN114257378B (en) 2021-12-07 2021-12-07 Anonymous certificate generation method, system, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114257378B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376064A (en) * 2015-11-23 2016-03-02 河海大学 Anonymous message authentication system and message signing method thereof
CN110572268A (en) * 2019-09-12 2019-12-13 腾讯科技(深圳)有限公司 anonymous authentication method and device
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376064A (en) * 2015-11-23 2016-03-02 河海大学 Anonymous message authentication system and message signing method thereof
CN110572268A (en) * 2019-09-12 2019-12-13 腾讯科技(深圳)有限公司 anonymous authentication method and device
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Also Published As

Publication number Publication date
CN114257378A (en) 2022-03-29

Similar Documents

Publication Publication Date Title
EP3685334B1 (en) Improving integrity of communications between blockchain networks and external data sources
US20230231711A1 (en) Blockchain-implemented method and system
TWI707244B (en) Block chain cross-chain authentication method, system, server and readable storage medium
CN111066285B (en) SM2 signature based public key recovery method
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
US10846372B1 (en) Systems and methods for trustless proof of possession and transmission of secured data
US9705683B2 (en) Verifiable implicit certificates
WO2021073953A1 (en) Digital signature generation using a cold wallet
WO2019110399A1 (en) Two-party signature device and method
US20200374138A1 (en) Authentication system and computer readable medium
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
CN109302286B (en) Fido equipment key index generation method
CN111245594B (en) Homomorphic operation-based collaborative signature method and system
CN110572257B (en) Identity-based data source identification method and system
CN116975936A (en) Finance qualification proving method and finance qualification verifying method
CN114257378B (en) Anonymous certificate generation method, system, equipment and readable storage medium
EP3891617A1 (en) Secure consensus over a limited connection
CN111404680B (en) Password management method and device
CN113393241A (en) Editing method and device of block chain account book data
CN113326527A (en) Credible digital signature system and method based on block chain
Mavrogiannopoulos et al. Toward a secure kerberos key exchange with smart cards
CN109784917A (en) Anti- quantum calculation block chain secure transactions system and method based on pool of symmetric keys
WO2023183760A1 (en) Threshold searchable symmetric encryption
WO2023126491A1 (en) Method and system for generating digital signatures using universal composition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant