CN115499224B - Anonymous subscription method based on broadcast encryption - Google Patents

Anonymous subscription method based on broadcast encryption Download PDF

Info

Publication number
CN115499224B
CN115499224B CN202211147014.7A CN202211147014A CN115499224B CN 115499224 B CN115499224 B CN 115499224B CN 202211147014 A CN202211147014 A CN 202211147014A CN 115499224 B CN115499224 B CN 115499224B
Authority
CN
China
Prior art keywords
user
server
session
key
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211147014.7A
Other languages
Chinese (zh)
Other versions
CN115499224A (en
Inventor
陈礼青
陈剑雄
陈晓兵
黎嘉怡
郭瑶
张萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202211147014.7A priority Critical patent/CN115499224B/en
Publication of CN115499224A publication Critical patent/CN115499224A/en
Application granted granted Critical
Publication of CN115499224B publication Critical patent/CN115499224B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an anonymous subscription method based on broadcast encryption, wherein a system parameter setting module generates system public parameters and a system main private key and shares the system public parameters to other modules. The user registration module generates a user private key. The user login module realizes session connection between the authorized user and the server. The user log-out module is used for realizing that the authorized user disconnects the session with the server. A user login step: the user sends login information to the server, the server generates encryption information and signs the encryption information, the user verifies the signature, after verification, the encryption information is decrypted and calculated, a session key is calculated, the user sends the decryption information to the server, the server verifies the decryption information, and after verification, the server calculates the session key and performs session connection with the user. Compared with the prior art, the invention can realize the subscription function and simultaneously ensure the anonymity between users.

Description

Anonymous subscription method based on broadcast encryption
Technical Field
The invention belongs to the field of information security, and relates to an anonymous subscription method based on broadcast encryption, which mainly comprises the step of encrypting and hiding user information in the broadcast encryption process so as to realize anonymity among users.
Background
In the Internet age, a subscription mode is widely applied, and a user in the subscription mode obtains the authority for accessing specific resources by paying a certain fee. However, in the conventional subscription mode, the user can know the existence of other subscription users, so that a certain potential safety hazard exists.
In 1984, shamir first proposed an identity-based encryption concept, and an identity-based encryption system uses personal information of a user as a public key of the user, such as a phone number, an identification card number, a mailbox address, etc., so as to avoid distribution and management of a large number of public key certificates.
He et al propose an identity-based anonymous broadcast encryption scheme at 2016. The scheme solves the anonymity problem between users. When the server generates the ciphertext, the user information is hidden by hiding the user set identity information, and the ciphertext hiding the user information is sent to the user, so that anonymity between the users is realized.
In the conventional subscription scheme based on broadcast encryption, anonymity between users cannot be realized, users can know existence of other subscription users when decrypting messages, and information of subscription services of the users is disclosed to all users, so that privacy of the users cannot be guaranteed. In real life, however, the user does not want to know when subscribing to some services, and in this case, the conventional subscription scheme based on broadcast encryption cannot meet the needs of the user.
Disclosure of Invention
The invention aims to: aiming at the technical problems, the invention provides an anonymous subscription method based on broadcast encryption, which realizes anonymity among users under a subscription mode through an anonymous broadcast encryption scheme based on identity, and ensures that user subscription information is not known by other users.
The technical scheme is as follows: the invention provides an anonymous subscription method based on broadcast encryption, which comprises the following steps:
step 1: setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk;
step 2: generating a user private key according to a system main public key PK and a main private key MSK
Step 3: the user logs in the server through a user private key;
Step 4: the server and the user terminate the session via session identification C 0.
Further, the specific method of the step 1 is as follows:
step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T and bilinear mapping e: G×G→C T, set Respectively representing subgroups with the middle order of P 1、P2、P3 in the cyclic group G;
step 1.2: the security parameters k and the number of recipients m are entered, g, h, u 1,u2, …, System master public key pk= { g, h, u 1,u2,…,um,v=e(g,g)α, PK }, system master private key msk= { α, sk }.
Further, the specific method of the step2 is as follows:
step 2.1: selecting a user set S epsilon { ID 1,ID2,…,IDs }, S is less than or equal to m, randomly selecting r i∈ZN,ZN as an integer set, 1≤i≤s;
Step 2.2: calculating a user private key for each user
Further, the specific method of the step 3 is as follows:
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
Step 3.2: random selection of server The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ′,T=e(g,g)y, M represents a login password selected by the server, calculates signature sigma for < R, C 0,C1,C2, T > and sends < R, C 0,C1,C2, sigma > to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m holds, and if so, the server calculates the session key K S=Ry and K S=KC,C0 is defined as the session identity, the user and the server successfully establish the connection.
Further, the specific method in the step 4 is as follows:
Step 4.1: the server calculates signature eta for the session identifications C 0 and sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
The invention adopts the technical scheme and has the following beneficial effects: based on the existing broadcast encryption scheme based on identity anonymity, the method utilizes the anonymity of the scheme and the subscription mode to combine, and realizes the anonymity between users under the normal subscription function.
Drawings
FIG. 1 is a diagram of an anonymous subscription process based on broadcast encryption;
FIG. 2 is a system initialization flow diagram;
FIG. 3 is a flow chart of user private key generation;
FIG. 4 is a user login flow chart;
fig. 5 is a flowchart of a user log-out.
Detailed Description
The application is further illustrated below in conjunction with specific embodiments, it being understood that these embodiments are merely illustrative of the application and not limiting the scope of the application, and that modifications, equivalent to the application, will fall within the scope of the application as defined in the appended claims, after reading the application.
Theoretical description of the invention:
1. bilinear pair (Bilinear Pairing)
Given G, G T is two cyclic groups of order n=p 1P2P3, defined bilinear map e: gxg→g T, and has the following properties:
(1) Bilinear: any G, h E G, a, b E Z N,c(ga,gb)=e(g,h)ab are all true.
(2) Non-degradability: g ε G exists such that e (G, h) has an order of N in G T.
(3) Calculability: for any G, h ε G, e (G, h) is computable.
2. Dual system encryption technology
In the dual-system encryption technology, the ciphertext and the secret key are in two forms, wherein the ciphertext is a normal ciphertext and a half-function ciphertext respectively, and the secret key is a normal secret key and a half-function secret key. The normal key may decrypt the normal ciphertext and the half function ciphertext, and the half function key may not decrypt the half function ciphertext. The security certification of the dual system encryption scheme is demonstrated by a plurality of indistinguishable games.
The invention discloses an anonymous subscription method based on broadcast encryption, which comprises the following steps:
Step 1: the method comprises the steps of setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk, wherein the specific steps are as shown in FIG. 2:
Step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T and bilinear mapping e: g is G-G T, set Respectively represent subgroups with medium-order P 1、P2、P3 of the cyclic group G
Step 1.2: the security parameters k and the number of recipients m are entered, g, h, u 1,u2, …,System master public key pk= { g, h, u 1,u2,…,um,v=e(g,g)α, PK }, system master private key msk= { α, sk }.
Step 2: generating a user private key according to a system main public key PK and a main private key MSKAs shown in fig. 3:
step 2.1: selecting a user set S epsilon { ID 1,ID2,…,IDs }, S is less than or equal to m, randomly selecting r i∈ZN, 1≤i≤s;
Step 2.2: calculating a user private key for each user
Step 3: the user logs in the server through the user private key, as shown in fig. 4:
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
Step 3.2: random selection of server The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ′,T=e(g,g)y, M represents the login password selected by the server, calculates signature sigma for < R, C 0,C1,C2, T > and sends < R, C 0,C1,C2, sigma > to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m holds, and if so, the server calculates the session key K S=Ry and K S=KC,C0 is defined as the session identity, the user and the server successfully establish the connection.
Step 4: the server and the user terminate the session through the session identifier C 0, as shown in fig. 5 specifically:
step 4.1: the server calculates signature eta for the C 0 and the sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
The foregoing embodiments are merely illustrative of the technical concept and features of the present invention, and are intended to enable those skilled in the art to understand the present invention and to implement the same, not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be included in the scope of the present invention.

Claims (2)

1. An anonymous subscription method based on broadcast encryption is characterized by comprising the following steps:
step 1: setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk;
Step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T are selected, and bilinear mapping e is set up from G×G to G T Respectively representing subgroups with the middle order of P 1、P2、P3 in the cyclic group G;
Step 1.2: inputting a security parameter k and the number m of receivers, randomly selecting g, h, u 1,u2,···,um∈Gp1, a system main public key PK= { g, h, u 1,u2,···,um,v=e(g,g)α, PK }, and a system main private key MSK= { alpha, sk };
Step 2: generating a user private key d IDi={d0,d1 according to the system main public key PK and the main private key MSK;
Step 2.1: selecting a user set S epsilon { ID 1,ID2,···,IDs }, S is less than or equal to m, randomly selecting R i∈ZN,ZN as an integer set, and R i、Ri'∈Gp3, wherein i is more than or equal to 1 and less than or equal to S;
step 2.2: calculating a user private key for each user
Step 3: the user logs in the server through a user private key;
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
step 3.2: the server randomly selects b, Z、/>The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ',T=e(g,g)y, M represents a login password selected by the server, and for < R, C 0,C1,C2, T > calculation signature σ, R, C 0,C1,C2 and sigma > are sent to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m is true, if so, the server calculates a session key K S=Ry, and K S=KC,C0 is defined as a session identifier, and the user and the server successfully establish a connection;
Step 4: the server and the user terminate the session via session identification C 0.
2. The anonymous subscription method based on broadcast encryption according to claim 1, wherein the specific method of step 4 is as follows:
Step 4.1: the server calculates signature eta for the session identifications C 0 and sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
CN202211147014.7A 2022-09-20 2022-09-20 Anonymous subscription method based on broadcast encryption Active CN115499224B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211147014.7A CN115499224B (en) 2022-09-20 2022-09-20 Anonymous subscription method based on broadcast encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211147014.7A CN115499224B (en) 2022-09-20 2022-09-20 Anonymous subscription method based on broadcast encryption

Publications (2)

Publication Number Publication Date
CN115499224A CN115499224A (en) 2022-12-20
CN115499224B true CN115499224B (en) 2024-06-21

Family

ID=84470281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211147014.7A Active CN115499224B (en) 2022-09-20 2022-09-20 Anonymous subscription method based on broadcast encryption

Country Status (1)

Country Link
CN (1) CN115499224B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341232B (en) * 2016-09-18 2019-04-09 中国科学院软件研究所 A kind of anonymous entity discrimination method based on password
US11251954B2 (en) * 2017-05-10 2022-02-15 B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University Method and system for performing broadcast encryption with revocation capability
CN111586064A (en) * 2020-05-11 2020-08-25 福建师范大学 Anonymous identity-based broadcast encryption method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Anonymous Certificate-Based Broadcast Encryption With Personalized Messages;Liqing Chen;Jiguo Li;Yichen Zhang;《IEEE》;20201231;第66卷(第4期);第1-8页 *
标准模型下高效的基于身份匿名广播加密方案;明洋;原红平;孙变;乔正阳;;计算机应用;20161010(第10期);第1-5页 *

Also Published As

Publication number Publication date
CN115499224A (en) 2022-12-20

Similar Documents

Publication Publication Date Title
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
CN106027241B (en) A kind of method of the asymmetric group key agreement of elasticity
Li et al. Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN111385306B (en) Anonymous authentication method and system based on anti-tampering device in smart power grid
CN107124268A (en) A kind of privacy set common factor computational methods for resisting malicious attack
CN105049207B (en) A kind of broadcast encryption scheme with customized information of identity-based
CN109257173A (en) Asymmetric group key agreement method based on authority information exchange
CN107566128A (en) A kind of two side&#39;s distribution SM9 digital signature generation methods and system
US20100098253A1 (en) Broadcast Identity-Based Encryption
CN107947913A (en) The anonymous authentication method and system of a kind of identity-based
US20110194698A1 (en) Key Sharing System
CN104393996B (en) A kind of label decryption method and system based on no certificate
CN108234445B (en) Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud
CN105376213A (en) Identity-based broadcast encryption scheme
CN104767611B (en) It is a kind of from PKIX environment to the label decryption method without certificate environment
CN105763528B (en) The encryption device of diversity person&#39;s anonymity under a kind of mixed mechanism
CN105743641B (en) It is a kind of can explicit authentication public key multi-receiver label decryption method
CN101465725A (en) Key distribution method for public key system based on identification
CN108551435A (en) A kind of Verifiable Encryptosystem group signature method with anonymity
CN108833373A (en) The instant messaging and anonymous access method of facing relation secret protection social networks
CN103312506A (en) Multi-receiver sign-cryption method for receivers with anonymous identities
CN108011885A (en) A kind of E-mail encryption method and system based on group cipher system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant