CN115174053B - Signature generation method and device for repudiation ring authentication based on SM9 algorithm - Google Patents

Signature generation method and device for repudiation ring authentication based on SM9 algorithm Download PDF

Info

Publication number
CN115174053B
CN115174053B CN202210719537.8A CN202210719537A CN115174053B CN 115174053 B CN115174053 B CN 115174053B CN 202210719537 A CN202210719537 A CN 202210719537A CN 115174053 B CN115174053 B CN 115174053B
Authority
CN
China
Prior art keywords
user
signature
hash value
verification
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210719537.8A
Other languages
Chinese (zh)
Other versions
CN115174053A (en
Inventor
包子健
何德彪
宗欣
彭聪
王婧
罗敏
黄欣沂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202210719537.8A priority Critical patent/CN115174053B/en
Publication of CN115174053A publication Critical patent/CN115174053A/en
Application granted granted Critical
Publication of CN115174053B publication Critical patent/CN115174053B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a signature generation method and a signature generation device for repudiation ring authentication based on SM9 algorithm, wherein the method comprises the steps of key generation, signature generation and signature verification, which allows a signer to construct a ring composed of a plurality of members, so that a single verifier V is sure that the ring member authenticates a message m, and does not disclose which member map has the advantages of perfect function and the like, and repudiation can be provided on the basis of ensuring the conventional ring signature function, thereby improving the safety.

Description

Signature generation method and device for repudiation ring authentication based on SM9 algorithm
Technical Field
The invention relates to the technical field of information security, in particular to a signature generation method and device for repudiation ring authentication based on SM9 algorithm.
Background
Digital signatures are one of the important parts in cryptography, and are a piece of digital string that cannot be forged by others only the sender of the information, and are a valid proof of the authenticity of the information sent by the sender of the information. A set of digital signatures, typically defining two complementary operations, one for signing and one for verification, has important applications in network security, including identity authentication, data integrity, non-repudiation, and anonymity.
The authentication concealment of the traditional digital signature generation method is insufficient, so that the overall security is not high.
Disclosure of Invention
The invention provides a signature generation method and device for repudiation ring authentication based on an SM9 algorithm, which are used for solving or at least partially solving the technical problem of low safety in the prior art.
In order to solve the technical problem, a first aspect of the present invention provides a method for generating a repudiatable ring authentication based on SM9 algorithm, including:
the key generation step comprises the following steps:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2, …, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
signature step, user A i To be signedThe message m is signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list->
Calculation G T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]P 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1, …, n,1, …, i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,…,R n );
Wherein,representing the identity of the 1 st user and the nth user, G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 The j+1th hash value, h, calculated for the signature generation stage j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
a signature verification step, in which the user B verifies the received repudiatable ring authentication σ', comprising:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,…,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)R is as follows i ′∈G 1 All are true for a given user identity ID B Message m ' and element K ' output a second hash value z ', ->
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop n times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the received repudiatable ring authentication sigma' is a legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k ' the kth promise value obtained in the verification stage, R i 'ith promise value obtained in verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 N+1th hash value calculated for the verification stage.
Based on the same inventive concept, a second aspect of the present invention provides a generating device of a repudiation ring authentication based on SM9 algorithm, including:
a key generation module, configured to perform a key generation step, including:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2, …, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
a signature generation module for executing a signature step, user A i Signing the message m to be signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list->
Calculation G T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]P 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1, …, n,1, …, i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,…,R n );
Wherein,representing the identity of the 1 st user and the nth user, G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 The j+1th hash value, h, calculated for the signature generation stage j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
the verification module is configured to perform a signature verification step, where the user B verifies the received repudiatable ring authentication σ', and includes:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,…,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)R is as follows i ′∈G 1 All are true for a given user identity ID B Message m 'and element K' output the second hash value +.>
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop n times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the ring authentication sigma can be denied as legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k ' the kth promise value obtained in the verification stage, R i 'ith promise value obtained in verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 The n+1th hash value calculated in the verification stage.
Based on the same inventive concept, a third aspect of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed, implements the method of the first aspect.
Based on the same inventive concept, a fourth aspect of the present invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the method according to the first aspect when executing said program.
Compared with the prior art, the invention has the following advantages and beneficial technical effects:
the invention provides a generating method of repudiation ring authentication based on SM9 algorithm, comprising the following steps: the key generation, signature generation and signature verification steps allow the signer to build a ring of multiple members, convincing a single verifier V that the ring member is authenticating the message m without revealing which member is. The invention has the advantages of perfect functions, and the like, and can provide repudiation on the basis of ensuring the conventional ring signature function, thereby improving the safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is an overall framework diagram of a generating method of a repudiation ring authentication based on an SM9 algorithm according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for generating a repudiation ring authentication based on an SM9 algorithm according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a computer readable storage medium according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer device according to an embodiment of the present invention;
Detailed Description
The invention provides a denial-of-loop authentication generation method and device based on SM9 algorithm, which allows a signer to construct a loop composed of a plurality of members, so that a single verifier V is sure that the loop member authenticates a message m without revealing which member, thereby ensuring the denial of the signature, and further improving the security and the effect of the signature.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The embodiment of the invention provides a generating method of repudiation ring authentication based on SM9 algorithm, comprising the following steps:
the key generation step comprises the following steps:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2, …, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
signature step, user A i Signing the message m to be signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list-> (A represents a generic term for signature users, A) i Representing the ith signed user, since the ring signature would use the public keys of n users, A is employed 1 Representing the first signed user, A i Representing the ith signed user, A n Representing the nth signing user, the true signer is A i )
Calculation G T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]p 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1, …, n,1, …, i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,…,R n );
Wherein,representing the identity of the 1 st user and the nth user, G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 Generating for signatureJ+1th hash value calculated in stages, h j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
in the step of signature generation, a loop operation is involved, and h is recorded 1 =h n+1 From u j 、h j Can calculate w j+1 、h j+1 From this, it can be seen that when j is equal to n, h can be calculated n+1 The loop execution needs to be from 1 to n, thus let h 1 =h n+1 Then pass through h 1 And u 1 To generate subsequent w 2 And h 2
A signature verification step, in which the user B verifies the received repudiatable ring authentication σ', comprising:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,…,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)R is as follows i ′∈G 1 All are true for a given user identity ID B Message m ' and element K ' output a second hash value z ', ->
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop n times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the ring authentication sigma can be denied as legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k 'the k' th promise value obtained in the verification stage, R i 'obtain the ith promise value for verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 The n+1th hash value calculated in the verification stage.
Specifically, the SM9 identification password algorithm is an identification password standard (standard table number: GM/T0044-2016 SM9 identification password algorithm) issued by the State password administration at 28 of 3.year 2016. The identification cipher algorithm based on bilinear pair can use the user's identity to generate the public and private key pair of the user, and is mainly used for digital signature, data encryption, key exchange, identity authentication and the like. The SM9 standard meets the application requirements of an electronic authentication service system and the like, and fills the blank of a domestic identification password system.
In order to ensure the universality, the parameter selection of the invention is consistent with the standard parameter of the SM9 signature algorithm. Specific symbols are described as follows:
q: a large prime number.
An integer set consisting of 1,2, …, q-1.
G 1 ,G 2 : the addition loop group with order q.
G T : the multiplication loop group with the order q.
P 1 ,P 2 : respectively group G 1 And G 2 Is a generator of (1).
g u : multiplication group G T The u power of the element g.
[k] And P is a k times point of a point P on the elliptic curve, and k is a positive integer.
e: from G 1 ×G 2 To G T Is a bilinear pair mapping of (1).
H 1 (·),H 2 (. Cndot.): the cryptographic functions derived from the cryptographic hash function are all
d: a system master private key held by KGC secrets.
P pub : the system main public key disclosed by KGC has a calculation formula of P pub =[d]P。
A list of public keys.
User A i Is a distinguishable identification of (c).
ID B : a discernable identity of user B.
User A i Is a private key of (a).
User B's private key.
m: a message to be signed.
σ=(K,h 1 ,R 1 ,R 2 ,…,R n ): the ring authentication value may be denied.
mod q-modulo q operation. For example, 23mod 7≡2.
x||y: x and y, where x and y may be a bit string or a byte string.
Denial of ring authentication allows a single signer to build a ring as a whole to authenticate a message, convincing a single verifier V that a ring member is authenticating message m without revealing which ring member is. Furthermore, the verifier V cannot convince that any third party message m is indeed authenticated. This is achieved by proving that the verifier V can itself generate a forged signature.
Referring to fig. 1, an overall framework diagram of a method for generating a repudiation ring authentication based on an SM9 algorithm according to an embodiment of the present invention is provided.
The invention provides a repudiation ring authentication generation method based on SM9 algorithm, which allows a signer to construct a ring composed of a plurality of members, so that a single verifier V is sure that the ring member authenticates a message m without revealing which ring member. Referring to fig. 2, a flowchart of a specific implementation of the method for generating the repudiation ring authentication based on the SM9 algorithm is shown.
User A i A repudiatable ring authentication message is generated for verification by user B. The scheme comprises 4 stages: system initialization, key generation, authentication, verification.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the method of the invention allows a signer to construct a ring composed of a plurality of members, so that a single verifier V is sure that the ring member authenticates a message m without revealing which ring member, and has the advantages of high safety, good concealment, quick execution efficiency and the like.
Example two
Based on the same inventive concept, the present embodiment provides a generating device of repudiation ring authentication based on SM9 algorithm, including:
a key generation module, configured to perform a key generation step, including:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2, …, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
a signature generation module for executing a signature step, user A i Signing the message m to be signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list->
Calculation G T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]P 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1, …, n,1, …, i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,…,R n );
Wherein,representing the identity of the 1 st user and the nth user, G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 The j+1th hash value, h, calculated for the signature generation stage j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
the verification module is configured to perform a signature verification step, where the user B verifies the received repudiatable ring authentication σ', and includes:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,…,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)Verify R i ′∈G 1 All are true for a given userPart ID B Message m 'and element K' output the second hash value +.>
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop L times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the ring authentication sigma can be denied as legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k ' the kth promise value obtained in the verification stage, R i 'ith promise value obtained in verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 The n+1th hash value calculated in the verification stage.
Since the device described in the second embodiment of the present invention is a device used for implementing the method for generating the repudiation loop authentication based on the SM9 algorithm in the first embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can know the specific structure and the deformation of the device, and therefore, the description thereof is omitted herein. All devices used in the method of the first embodiment of the present invention are within the scope of the present invention.
Example III
As shown in fig. 3, based on the same inventive concept, the present invention also provides a computer-readable storage medium 300, on which a computer program 311 is stored, which program when executed implements the method as described in embodiment one.
Since the computer readable storage medium described in the third embodiment of the present invention is a computer readable storage medium used for implementing the method for generating the disclaimer ring authentication based on the SM9 algorithm in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the modification of the computer readable storage medium based on the method described in the first embodiment of the present invention, and therefore, the description thereof is omitted here. All computer readable storage media used in the method according to the first embodiment of the present invention are included in the scope of protection.
Example IV
Based on the same inventive concept, the present application further provides a computer device, as shown in fig. 4, including a memory 401, a processor 402, and a computer program 403 stored in the memory and capable of running on the processor, where the processor 402 implements the method in the first embodiment when executing the program.
Because the computer device described in the fourth embodiment of the present invention is a computer device used for implementing the method for generating the repudiation loop authentication based on the SM9 algorithm in the first embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the deformation of the computer device, and therefore, the description thereof is omitted herein. All computer devices used in the method of the first embodiment of the present invention are within the scope of the present invention.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims and the equivalents thereof, the present invention is also intended to include such modifications and variations.

Claims (4)

1. A method for generating a repudiation ring authentication based on SM9 algorithm, comprising:
the key generation step comprises the following steps:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2,, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
signature step, user A i Signing the message m to be signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list->
Calculation G T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]P 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1,.. i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,...,R n );
Wherein,identity tag representing 1 st user and nth userKnowledge of G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 The j+1th hash value, h, calculated for the signature generation stage j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
a signature verification step, in which the user B verifies the received repudiatable ring authentication σ', comprising:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,...,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)R is as follows i ′∈G 1 All are true for a given user identity ID B Message m ' and element K ' output a second hash value z ', ->
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop n times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the received repudiatable ring authentication sigma' is a legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k ' the kth promise value obtained in the verification stage, R i 'ith promise value obtained in verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 N+1th hash value calculated for the verification stage.
2. A generating device of repudiation ring authentication based on SM9 algorithm, comprising:
a key generation module, configured to perform a key generation step, including:
key generation center generates random numbersAs a master private key and computes a master public key P pub ,P pub =[d]P 2
User A i Representation ofThe corresponding private key is +.>
User B represents ID B The corresponding private key is
Where d represents the system master private key, P, that is held in secret by the key generation center 1 Is group G 1 G, G 1 Representing an additive cyclic group of order q, q being a large prime number,represents a set of integers consisting of 1,2,, q-1, H 1 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.> For user A i Is the identity of the mobile terminal;
a signature generation module for executing a signature step, user A i Signing the message m to be signed, comprising:
user A i Randomly selecting the identities of n-1 users and adding the identity of the user to the identities of the n-1 usersComposition list->
Calculation ofG T Element g=e (P 1 ,P pub ) Randomly selectAnd calculates r= [ R ]]P 1
Given user identity ID B M and a random element K E G 1 Outputting the first hash value
Calculating w i+1 =e(R,P pub ) And
for j=i+1,.. i-1, user a i Randomly selectCalculating R j =[r j ]P 1 Calculation ofRecord h 1 =h n+1
Calculate l=r-h i mod q,
Output atRepudiation loop authentication σ= (K, h) on message m 1 ,R 1 ,R 2 ,...,R n );
Wherein,representing the identity of the 1 st user and the nth user, G T Multiplication loop group with order q, e represents slave G 1 ×G 2 To G T Is a bilinear mapping of R is a random number, R is a commitment value, ID B For the identity of user B, H 2 (. Cndot.) represents the cryptographic function derived from the cryptographic hash function, as +.>w i+1 Is G T Element h of (a) i+1 Is based on w i+1 J is a marker of the loop, and represents the number of loops, r j Is a random number, R j Representation and r j Corresponding promise, u j Is G T Element w of (a) j+1 Intermediate variable for calculating hash for signature generation phase, h j+1 The j+1th hash value, h, calculated for the signature generation stage j The j-th hash value, h, calculated for the signature generation stage 1 1 st hash value, h, calculated for signature generation phase n+1 N+1th hash value calculated for the signature generation stage;
the verification module is configured to perform a signature verification step, where the user B verifies the received repudiatable ring authentication σ', and includes:
calculation G T Element g=e (P 1 ,P pub );
Resolving sigma 'to obtain (K', h) 1 ′,R 1 ′,R 2 ′,...,R n ') and verifyFor all i=1, 2, once again, n, verify R i ′∈G 1 Whether or not to establish;
when (when)R is as follows i ′∈G 1 All are true for a given user identity ID B Message m 'and element K' output the second hash value +.>
A loop step is performed, letting k=1, and the following steps (1) - (3) are performed in a loop n times:
(1) Calculation of
(2) Calculation of
(3) The value of k is increased by 1;
when the loop execution step is finished, judging h' 1 =h′ n+1 If so, the ring authentication sigma can be denied as legal signature; otherwise, the signature is invalid;
wherein P is 2 Is group G 2 R is a generator of (1) k ' the kth promise value obtained in the verification stage, R i 'ith promise value obtained in verification stage, u' k Is G T Element w of (a) k+1 ' is an intermediate variable for the verification phase to calculate the hash, h k+1 'k+1 hash values calculated for the verification phase, h' 1 1 st hash value calculated for verification phase, h' n+1 The n+1th hash value calculated in the verification stage.
3. A computer readable storage medium, on which a computer program is stored, which program, when being executed by a processor, implements the method according to claim 1.
4. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of claim 1 when executing the program.
CN202210719537.8A 2022-06-23 2022-06-23 Signature generation method and device for repudiation ring authentication based on SM9 algorithm Active CN115174053B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210719537.8A CN115174053B (en) 2022-06-23 2022-06-23 Signature generation method and device for repudiation ring authentication based on SM9 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210719537.8A CN115174053B (en) 2022-06-23 2022-06-23 Signature generation method and device for repudiation ring authentication based on SM9 algorithm

Publications (2)

Publication Number Publication Date
CN115174053A CN115174053A (en) 2022-10-11
CN115174053B true CN115174053B (en) 2024-04-12

Family

ID=83486359

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210719537.8A Active CN115174053B (en) 2022-06-23 2022-06-23 Signature generation method and device for repudiation ring authentication based on SM9 algorithm

Country Status (1)

Country Link
CN (1) CN115174053B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN110880977A (en) * 2019-11-26 2020-03-13 武汉大学 Safe and efficient SM9 ring signature generation and verification method
CN110912708A (en) * 2019-11-26 2020-03-24 武汉大学 Ring signature generation method based on SM9 digital signature algorithm
CN113612615A (en) * 2021-07-23 2021-11-05 重庆邮电大学 Auditable privacy protection authentication method based on SM9 cryptographic algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN110880977A (en) * 2019-11-26 2020-03-13 武汉大学 Safe and efficient SM9 ring signature generation and verification method
CN110912708A (en) * 2019-11-26 2020-03-24 武汉大学 Ring signature generation method based on SM9 digital signature algorithm
CN113612615A (en) * 2021-07-23 2021-11-05 重庆邮电大学 Auditable privacy protection authentication method based on SM9 cryptographic algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Secure Threshold Ring Signature Based on SM9;Shuanggen Liu Et.AL;IEEE Access;20210705;第9卷;95507 - 95516 *
基于SM9标识密码算法的环签名方案;彭聪;《密码学报》;20210815;第8卷(第04期);724-734 *

Also Published As

Publication number Publication date
CN115174053A (en) 2022-10-11

Similar Documents

Publication Publication Date Title
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107248909B (en) Certificateless secure signature method based on SM2 algorithm
US9071442B2 (en) Signcryption method and device and corresponding signcryption verification method and device
US7533270B2 (en) Signature schemes using bilinear mappings
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN106899413B (en) Digital signature verification method and system
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
CN113032844B (en) Signature method, signature verification method and signature verification device for elliptic curve
CN112532394A (en) Block chain anti-signature traceable certificateless blind signature generation method
CN113452529A (en) Adapter signature generation method based on SM2 algorithm
Ki et al. Constructing Strong Identity‐Based Designated Verifier Signatures with Self‐Unverifiability
CN111130758A (en) Lightweight anonymous authentication method suitable for resource-constrained equipment
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
CN112989436B (en) Multi-signature method based on block chain platform
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN115174037B (en) Construction method and device of chameleon hash function based on SM9 signature
CN115174053B (en) Signature generation method and device for repudiation ring authentication based on SM9 algorithm
Wang et al. Perfect ambiguous optimistic fair exchange
CN115174055B (en) Certificate signature generation method and device based on SM9 signature
CN115174052B (en) Adapter signature generation method and device based on SM9 signature
CN115174054B (en) Certificate-free signature generation method and device based on SM9 signature
KR100525124B1 (en) Method for Verifying Digitally Signed Documents
CN115473635B (en) SM2 two-party adapter signature generation method and device for preventing malicious enemy
CN115174101B (en) SM2 algorithm-based repudiation ring signature generation method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant