CN115499224B - Anonymous subscription method based on broadcast encryption - Google Patents
Anonymous subscription method based on broadcast encryption Download PDFInfo
- Publication number
- CN115499224B CN115499224B CN202211147014.7A CN202211147014A CN115499224B CN 115499224 B CN115499224 B CN 115499224B CN 202211147014 A CN202211147014 A CN 202211147014A CN 115499224 B CN115499224 B CN 115499224B
- Authority
- CN
- China
- Prior art keywords
- user
- server
- session
- key
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 8
- 125000004122 cyclic group Chemical group 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an anonymous subscription method based on broadcast encryption, wherein a system parameter setting module generates system public parameters and a system main private key and shares the system public parameters to other modules. The user registration module generates a user private key. The user login module realizes session connection between the authorized user and the server. The user log-out module is used for realizing that the authorized user disconnects the session with the server. A user login step: the user sends login information to the server, the server generates encryption information and signs the encryption information, the user verifies the signature, after verification, the encryption information is decrypted and calculated, a session key is calculated, the user sends the decryption information to the server, the server verifies the decryption information, and after verification, the server calculates the session key and performs session connection with the user. Compared with the prior art, the invention can realize the subscription function and simultaneously ensure the anonymity between users.
Description
Technical Field
The invention belongs to the field of information security, and relates to an anonymous subscription method based on broadcast encryption, which mainly comprises the step of encrypting and hiding user information in the broadcast encryption process so as to realize anonymity among users.
Background
In the Internet age, a subscription mode is widely applied, and a user in the subscription mode obtains the authority for accessing specific resources by paying a certain fee. However, in the conventional subscription mode, the user can know the existence of other subscription users, so that a certain potential safety hazard exists.
In 1984, shamir first proposed an identity-based encryption concept, and an identity-based encryption system uses personal information of a user as a public key of the user, such as a phone number, an identification card number, a mailbox address, etc., so as to avoid distribution and management of a large number of public key certificates.
He et al propose an identity-based anonymous broadcast encryption scheme at 2016. The scheme solves the anonymity problem between users. When the server generates the ciphertext, the user information is hidden by hiding the user set identity information, and the ciphertext hiding the user information is sent to the user, so that anonymity between the users is realized.
In the conventional subscription scheme based on broadcast encryption, anonymity between users cannot be realized, users can know existence of other subscription users when decrypting messages, and information of subscription services of the users is disclosed to all users, so that privacy of the users cannot be guaranteed. In real life, however, the user does not want to know when subscribing to some services, and in this case, the conventional subscription scheme based on broadcast encryption cannot meet the needs of the user.
Disclosure of Invention
The invention aims to: aiming at the technical problems, the invention provides an anonymous subscription method based on broadcast encryption, which realizes anonymity among users under a subscription mode through an anonymous broadcast encryption scheme based on identity, and ensures that user subscription information is not known by other users.
The technical scheme is as follows: the invention provides an anonymous subscription method based on broadcast encryption, which comprises the following steps:
step 1: setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk;
step 2: generating a user private key according to a system main public key PK and a main private key MSK
Step 3: the user logs in the server through a user private key;
Step 4: the server and the user terminate the session via session identification C 0.
Further, the specific method of the step 1 is as follows:
step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T and bilinear mapping e: G×G→C T, set Respectively representing subgroups with the middle order of P 1、P2、P3 in the cyclic group G;
step 1.2: the security parameters k and the number of recipients m are entered, g, h, u 1,u2, …, System master public key pk= { g, h, u 1,u2,…,um,v=e(g,g)α, PK }, system master private key msk= { α, sk }.
Further, the specific method of the step2 is as follows:
step 2.1: selecting a user set S epsilon { ID 1,ID2,…,IDs }, S is less than or equal to m, randomly selecting r i∈ZN,ZN as an integer set, 1≤i≤s;
Step 2.2: calculating a user private key for each user
Further, the specific method of the step 3 is as follows:
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
Step 3.2: random selection of server The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ′,T=e(g,g)y, M represents a login password selected by the server, calculates signature sigma for < R, C 0,C1,C2, T > and sends < R, C 0,C1,C2, sigma > to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m holds, and if so, the server calculates the session key K S=Ry and K S=KC,C0 is defined as the session identity, the user and the server successfully establish the connection.
Further, the specific method in the step 4 is as follows:
Step 4.1: the server calculates signature eta for the session identifications C 0 and sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
The invention adopts the technical scheme and has the following beneficial effects: based on the existing broadcast encryption scheme based on identity anonymity, the method utilizes the anonymity of the scheme and the subscription mode to combine, and realizes the anonymity between users under the normal subscription function.
Drawings
FIG. 1 is a diagram of an anonymous subscription process based on broadcast encryption;
FIG. 2 is a system initialization flow diagram;
FIG. 3 is a flow chart of user private key generation;
FIG. 4 is a user login flow chart;
fig. 5 is a flowchart of a user log-out.
Detailed Description
The application is further illustrated below in conjunction with specific embodiments, it being understood that these embodiments are merely illustrative of the application and not limiting the scope of the application, and that modifications, equivalent to the application, will fall within the scope of the application as defined in the appended claims, after reading the application.
Theoretical description of the invention:
1. bilinear pair (Bilinear Pairing)
Given G, G T is two cyclic groups of order n=p 1P2P3, defined bilinear map e: gxg→g T, and has the following properties:
(1) Bilinear: any G, h E G, a, b E Z N,c(ga,gb)=e(g,h)ab are all true.
(2) Non-degradability: g ε G exists such that e (G, h) has an order of N in G T.
(3) Calculability: for any G, h ε G, e (G, h) is computable.
2. Dual system encryption technology
In the dual-system encryption technology, the ciphertext and the secret key are in two forms, wherein the ciphertext is a normal ciphertext and a half-function ciphertext respectively, and the secret key is a normal secret key and a half-function secret key. The normal key may decrypt the normal ciphertext and the half function ciphertext, and the half function key may not decrypt the half function ciphertext. The security certification of the dual system encryption scheme is demonstrated by a plurality of indistinguishable games.
The invention discloses an anonymous subscription method based on broadcast encryption, which comprises the following steps:
Step 1: the method comprises the steps of setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk, wherein the specific steps are as shown in FIG. 2:
Step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T and bilinear mapping e: g is G-G T, set Respectively represent subgroups with medium-order P 1、P2、P3 of the cyclic group G
Step 1.2: the security parameters k and the number of recipients m are entered, g, h, u 1,u2, …,System master public key pk= { g, h, u 1,u2,…,um,v=e(g,g)α, PK }, system master private key msk= { α, sk }.
Step 2: generating a user private key according to a system main public key PK and a main private key MSKAs shown in fig. 3:
step 2.1: selecting a user set S epsilon { ID 1,ID2,…,IDs }, S is less than or equal to m, randomly selecting r i∈ZN, 1≤i≤s;
Step 2.2: calculating a user private key for each user
Step 3: the user logs in the server through the user private key, as shown in fig. 4:
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
Step 3.2: random selection of server The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ′,T=e(g,g)y, M represents the login password selected by the server, calculates signature sigma for < R, C 0,C1,C2, T > and sends < R, C 0,C1,C2, sigma > to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m holds, and if so, the server calculates the session key K S=Ry and K S=KC,C0 is defined as the session identity, the user and the server successfully establish the connection.
Step 4: the server and the user terminate the session through the session identifier C 0, as shown in fig. 5 specifically:
step 4.1: the server calculates signature eta for the C 0 and the sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
The foregoing embodiments are merely illustrative of the technical concept and features of the present invention, and are intended to enable those skilled in the art to understand the present invention and to implement the same, not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be included in the scope of the present invention.
Claims (2)
1. An anonymous subscription method based on broadcast encryption is characterized by comprising the following steps:
step 1: setting a system main public key PK and a main private key MSK, and setting a signature public key PK and a signature private key sk;
Step 1.1: three different prime numbers P 1、P2、P3,N=P1P2P3, N-order cyclic groups G and G T are selected, and bilinear mapping e is set up from G×G to G T Respectively representing subgroups with the middle order of P 1、P2、P3 in the cyclic group G;
Step 1.2: inputting a security parameter k and the number m of receivers, randomly selecting g, h, u 1,u2,···,um∈Gp1, a system main public key PK= { g, h, u 1,u2,···,um,v=e(g,g)α, PK }, and a system main private key MSK= { alpha, sk };
Step 2: generating a user private key d IDi={d0,d1 according to the system main public key PK and the main private key MSK;
Step 2.1: selecting a user set S epsilon { ID 1,ID2,···,IDs }, S is less than or equal to m, randomly selecting R i∈ZN,ZN as an integer set, and R i、Ri'∈Gp3, wherein i is more than or equal to 1 and less than or equal to S;
step 2.2: calculating a user private key for each user
Step 3: the user logs in the server through a user private key;
step 3.1: user random selection Calculating R, r=e (g, g) x, and sending R to the server;
step 3.2: the server randomly selects b, Z、/>The calculation of C 0、C1、C2、T,C0=vk M is carried out,C 2=gkZ',T=e(g,g)y, M represents a login password selected by the server, and for < R, C 0,C1,C2, T > calculation signature σ, R, C 0,C1,C2 and sigma > are sent to the user;
Step 3.3: signature verification is performed using the public signature key pk, and if the verification is true, the decryption value P and the session key K C are calculated, K C=Tx, sending P to the server;
Step 3.4: the server verifies whether the equation p=m is true, if so, the server calculates a session key K S=Ry, and K S=KC,C0 is defined as a session identifier, and the user and the server successfully establish a connection;
Step 4: the server and the user terminate the session via session identification C 0.
2. The anonymous subscription method based on broadcast encryption according to claim 1, wherein the specific method of step 4 is as follows:
Step 4.1: the server calculates signature eta for the session identifications C 0 and sk and sends eta to the user;
Step 4.2: the user verifies if the signature η is true and if so, the C 0 session is aborted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211147014.7A CN115499224B (en) | 2022-09-20 | 2022-09-20 | Anonymous subscription method based on broadcast encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211147014.7A CN115499224B (en) | 2022-09-20 | 2022-09-20 | Anonymous subscription method based on broadcast encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115499224A CN115499224A (en) | 2022-12-20 |
CN115499224B true CN115499224B (en) | 2024-06-21 |
Family
ID=84470281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211147014.7A Active CN115499224B (en) | 2022-09-20 | 2022-09-20 | Anonymous subscription method based on broadcast encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115499224B (en) |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106341232B (en) * | 2016-09-18 | 2019-04-09 | 中国科学院软件研究所 | A kind of anonymous entity discrimination method based on password |
US11251954B2 (en) * | 2017-05-10 | 2022-02-15 | B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University | Method and system for performing broadcast encryption with revocation capability |
CN111586064A (en) * | 2020-05-11 | 2020-08-25 | 福建师范大学 | Anonymous identity-based broadcast encryption method and system |
-
2022
- 2022-09-20 CN CN202211147014.7A patent/CN115499224B/en active Active
Non-Patent Citations (2)
Title |
---|
Anonymous Certificate-Based Broadcast Encryption With Personalized Messages;Liqing Chen;Jiguo Li;Yichen Zhang;《IEEE》;20201231;第66卷(第4期);第1-8页 * |
标准模型下高效的基于身份匿名广播加密方案;明洋;原红平;孙变;乔正阳;;计算机应用;20161010(第10期);第1-5页 * |
Also Published As
Publication number | Publication date |
---|---|
CN115499224A (en) | 2022-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109040045B (en) | Cloud storage access control method based on ciphertext policy attribute-based encryption | |
CN106027241B (en) | A kind of method of the asymmetric group key agreement of elasticity | |
Li et al. | Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks | |
US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN111385306B (en) | Anonymous authentication method and system based on anti-tampering device in smart power grid | |
CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
CN105049207B (en) | A kind of broadcast encryption scheme with customized information of identity-based | |
CN109257173A (en) | Asymmetric group key agreement method based on authority information exchange | |
CN107566128A (en) | A kind of two side's distribution SM9 digital signature generation methods and system | |
US20100098253A1 (en) | Broadcast Identity-Based Encryption | |
CN107947913A (en) | The anonymous authentication method and system of a kind of identity-based | |
US20110194698A1 (en) | Key Sharing System | |
CN104393996B (en) | A kind of label decryption method and system based on no certificate | |
CN108234445B (en) | Cloud establishment and data security transmission method for privacy protection in vehicle-mounted cloud | |
CN105376213A (en) | Identity-based broadcast encryption scheme | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN105763528B (en) | The encryption device of diversity person's anonymity under a kind of mixed mechanism | |
CN105743641B (en) | It is a kind of can explicit authentication public key multi-receiver label decryption method | |
CN101465725A (en) | Key distribution method for public key system based on identification | |
CN108551435A (en) | A kind of Verifiable Encryptosystem group signature method with anonymity | |
CN108833373A (en) | The instant messaging and anonymous access method of facing relation secret protection social networks | |
CN103312506A (en) | Multi-receiver sign-cryption method for receivers with anonymous identities | |
CN108011885A (en) | A kind of E-mail encryption method and system based on group cipher system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |