CN116074016A - Secret key protection method based on threshold mechanism - Google Patents

Secret key protection method based on threshold mechanism Download PDF

Info

Publication number
CN116074016A
CN116074016A CN202211534582.2A CN202211534582A CN116074016A CN 116074016 A CN116074016 A CN 116074016A CN 202211534582 A CN202211534582 A CN 202211534582A CN 116074016 A CN116074016 A CN 116074016A
Authority
CN
China
Prior art keywords
sender
receiver
time
private key
setting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211534582.2A
Other languages
Chinese (zh)
Inventor
陈剑洪
徐豪
简相强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202211534582.2A priority Critical patent/CN116074016A/en
Publication of CN116074016A publication Critical patent/CN116074016A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a secret signing method of a protection key based on a threshold mechanism, which is characterized in that n trusted helpers are arranged, at least k of the n helpers are utilized to update real-time private keys of a sender and a receiver in different time periods, the sender generates a secret signing ciphertext, and the receiver generates a plaintext by using a decryption secret signing algorithm and performs signature verification; the method specifically comprises the following steps: (1) establishing system parameters; (2) private key extraction; (3) Generating real-time helper update information of a sender a and a receiver b in a time slice t; (4) Generating real-time private keys of a sender a and a receiver b in a time slice t; (5) signcryption; (6) decryption of the signcryption. The invention solves the problem of private key protection in an application scene of realizing encryption and signature in one logic step by using a threshold mechanism and key isolation.

Description

Secret key protection method based on threshold mechanism
Technical Field
The invention relates to a secret key protection method, in particular to a secret key protection method based on a threshold mechanism.
Background
Cryptography is the underlying support technology for information security and is also the core for authentication and access control. Confidentiality and authentication are two important security objectives in cryptography. In the public key cryptosystem, the encryption and decryption schemes are two basic schemes, which are used for providing two security targets of confidentiality of a message and authentication of the message respectively. In some applications, such as email, e-commerce, it is desirable to achieve both of these security goals. The system can simultaneously complete the functions of encryption and signature in one logic step, and the calculated amount and the data amount are smaller than the sum of the two. The sender generates a signcrypt ciphertext through signcrypt computation. The receiver generates plaintext by means of a decryption signcryption calculation and verifies the signature.
Document "Identity based signcryption scheme without random oracles. Computer Standards & Interfaces,2009,39 (1): 56-62." proposes an identity-based signcryption method that is provably secure under standard models. The method is suitable for application scenes and the like which use the identity of a user instead of a random number as a public key for signing. The method mainly comprises the following steps: firstly, generating public system parameters and a system master key; second, generating a private key of the sender and a private key of the receiver; thirdly, the sender generates a signature and ciphertext; fourth, the recipient generates the ciphertext using a decryption algorithm and verifies the signature. In this method, encryption and signing are implemented in one logical step, and signcryption reduces the overall amount and communication cost of encrypting and signing a message as compared to conventional "sign-before-encrypt" messages.
The literature "threshold key isolation signature based on identity under standard model" Shanghai university of traffic university report, 2013,47 (8): 7.) proposes a threshold key isolation signature method based on identity that is provably secure under standard model. The method is suitable for application scenes and the like where the private key of the signer needs to be protected. The method mainly comprises the following steps: firstly, generating public system parameters and a system master key; secondly, generating an initial private key of a signer and n helper keys; thirdly, generating real-time private key updating information of the signer; fourth, generating a real-time private key of the signer; fifth, the signer generates a signature; sixth, the verifier verifies the validity of the signature. In the method, a user updates a signature private key at each time segment using at least k of n helper keys, thereby enhancing the system's ability to defend against key leakage.
The document "Identity-Based Key-isolated signature. Information, 2012,23 (1): 27-45." proposes an Identity-Based Key-isolation signcryption method that is provably secure under standard models. The method is suitable for application scenes and the like where private keys of a sender and a receiver need to be protected. The method mainly comprises the following steps: firstly, generating public system parameters and a system master key; second, generating an initial private key and an helper key of the sender and the receiver; thirdly, generating real-time private key updating information of the sender and the receiver; fourth, generating real-time private keys of the sender and the receiver; fifth, the sender generates a signature and ciphertext; sixth, the recipient generates ciphertext and verifies the signature using a decryption algorithm. In the method, the private keys of the sender and the receiver are updated at each time segment, so that the capability of the system for defending the private keys from leakage is enhanced.
However, this approach has some drawbacks: if the application scenario of secret key leakage of the helper cannot be used, secret key updating cannot be performed by using a plurality of the helper, and flexibility is lacking, so that the problem of secret key protection in the application scenario cannot be solved.
Disclosure of Invention
The invention aims to: aiming at the defects existing in the prior art, the invention provides a secret key protection method based on a threshold mechanism, which solves the problem of private key protection in an application scene of realizing encryption and signature in one logic step by using the threshold mechanism and key isolation.
The technical scheme is as follows: the invention discloses a secret signing method for protecting a secret key based on a threshold mechanism, which is characterized in that n trusted helpers are arranged, at least k of the n helpers are utilized to update real-time private keys of a sender and a receiver in different time periods, the sender generates a secret signing text, and the receiver generates a plaintext by using a decryption secret signing algorithm and performs signature verification.
The invention discloses a secret key protection method based on a threshold mechanism, which comprises the following steps:
(1) Establishing system parameters:
let u be a bit string of length nu representing identity, define
Figure BDA0003977122480000021
A set of all sequence numbers such that u is 1; setting a as the identity of a sender; b is set as the identity of the receiver; for a time segment t, use is made of
Figure BDA0003977122480000022
To represent the set of all sequence numbers of 1 in the bit string t; let m be a bit string representing the length of the message in nm; g 1 And G 2 Are all multiplicative groups of order prime number p (determined by the safety factor k), G is G 1 Is a generator of (1); g 2 Is a multiplication loop group with the order of q, and e is G 1 ×G 1 →G 2 Is a bilinear map; z represents an integer set, Z p The expression set {0,1,2,., p-1}, with +.>
Figure BDA00039771224800000210
Representing Z p {0}; let nv be the security parameter and select a hash function H v :{0,1} nm →{0,1} nv The method comprises the steps of carrying out a first treatment on the surface of the Defining a bijective V gamma-G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv Has a subset of p elements; randomly selecting an integer alpha epsilon Z p Randomly select the integer g 2 ∈G 1 Setting g 1 =g α Set y=e (g 1 ,g 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting u' e G 1 When i=1,..nu, u is randomly selected i ∈G 1 Setting nu dimension vector +.>
Figure BDA0003977122480000023
Randomly selecting w' e G 1 When i=1,..nw, w is randomly selected i ∈G 1 Setting nw-dimensional vector +.>
Figure BDA0003977122480000024
Randomly select m' e G 1 When i=1,..nv, m is randomly selected i ∈G 1 Setting nv dimension vector +.>
Figure BDA0003977122480000025
For integer i ε Z p And one is represented by Z p The set S of elements in the set is defined as the Bragg Lang Ri coefficient
Figure BDA0003977122480000026
Setting a master private key msk=α, and setting a system public parameter as (G 1 ,G 2 ,e,V,g 1 ,g 2 ,u′,/>
Figure BDA0003977122480000027
w′/>
Figure BDA00039771224800000211
m′,
Figure BDA0003977122480000029
)。
(2) Private key extraction:
(2.1) random selection
Figure BDA0003977122480000031
Calculate->
Figure BDA0003977122480000032
An initial private key for computing identity u>
Figure BDA0003977122480000033
Figure BDA0003977122480000034
Randomly selecting a k-1 th order polynomial f 1 So that f 1 (0)=α-β u The method comprises the steps of carrying out a first treatment on the surface of the Randomly select->
Figure BDA0003977122480000035
A k-1 degree polynomial f 2 So that f 2 (0)=r u The method comprises the steps of carrying out a first treatment on the surface of the For each 1<i<n, setting the ith helper key to be
Figure BDA0003977122480000036
The n helper keys for user u are { HK u,i } 1≤i≤n
(2.2) sender a's initial private key and n helper keys are respectively
Figure BDA0003977122480000037
Sum { HK a,i } 1≤i≤n
(2.3) the initial private key of receiver b and the n helper keys are respectively
Figure BDA0003977122480000038
Sum { HK b,i } 1≤i≤n
(3) Generating real-time facilitator update information for sender a and receiver b at time slice t:
(3.1) ith helper random selection
Figure BDA0003977122480000039
Setting the ith update information fragment about t to +.>
Figure BDA00039771224800000310
(3.2) similarly, the ith updated information fragment about t of sender a and receiver b is respectively
Figure BDA00039771224800000311
Figure BDA00039771224800000312
(4) Generating real-time private keys of the sender a and the receiver b at the time slice t:
update information fragment set { UI } of given user u at time fragment t u,t,i } i∈S′ Wherein
Figure BDA00039771224800000313
Figure BDA00039771224800000314
Decomposing the temporary private key of user u in time segment t' into +.>
Figure BDA00039771224800000315
To construct a temporary private key d of user u at time segment t u,t User u calculates
Figure BDA00039771224800000316
Wherein the method comprises the steps of
Figure BDA00039771224800000317
Figure BDA00039771224800000318
Figure BDA00039771224800000319
Figure BDA00039771224800000320
Order the
Figure BDA0003977122480000041
Then->
Figure BDA0003977122480000042
Also the temporary private keys of sender a and receiver b at time segment t are respectively
Figure BDA0003977122480000043
Figure BDA0003977122480000044
(5) Signcryption:
for message m, sender a performs signcryption as follows:
sender a breaks his temporary private key down into
Figure BDA0003977122480000045
Randomly select
Figure BDA0003977122480000046
Randomly selecting r.epsilon.0, 1 nv So that a m r E Γ
Order the
Figure BDA0003977122480000047
To make from H v (m) the j-th bit is different from the j-th bit of the set of subscripts j, i.e
Figure BDA0003977122480000048
Calculation of
Figure BDA0003977122480000049
/>
Figure BDA00039771224800000410
Figure BDA00039771224800000411
Figure BDA00039771224800000412
Figure BDA00039771224800000413
Figure BDA00039771224800000414
Figure BDA00039771224800000415
Order the
Figure BDA00039771224800000416
Figure BDA00039771224800000417
Figure BDA00039771224800000418
Sender a outputs a ciphertext
Figure BDA00039771224800000419
Figure BDA00039771224800000420
And sends it to recipient b.
(6) Decryption of the signcryption:
receiver b decomposes the received ciphertext (t, sigma) into (t, (sigma) <1><2><3><4><5><6><7> ) A) is provided; receiver b breaks his temporary private key down into
Figure BDA0003977122480000051
Calculation of
Figure BDA0003977122480000052
Generating
Figure BDA0003977122480000053
Outputting a message m if the following equation holds, otherwise outputting a "decryption signcryption failure"
Figure BDA0003977122480000054
Working principle: the invention generates system parameters through the trusted center, the trusted center generates initial private keys of a sender and a receiver and n helper keys, at least k of the n helper keys are utilized to update the real-time private keys of the sender and the receiver in different time periods, the real-time private keys of the sender and the receiver are generated, the sender generates ciphertext by using a signcryption algorithm, and the receiver generates plaintext by using a decryption algorithm and verifies the signature.
The beneficial effects are that: compared with the prior art, the invention has the following advantages:
(1) Setting n independent and physically safe trusted assistor for the sender and the receiver, wherein at least k assistor are needed to generate an initial private key of the cipher system when the sender and the receiver use the secret value selected by themselves, so that the problem of identity revocation is avoided and the function of resisting key leakage is realized;
(2) The cryptographic system updates the real-time private keys of the sender and the receiver in different time periods by using at least k of the n cooperators, so that on one hand, the capability of the system for defending against key leakage is improved, and on the other hand, random key updating is allowed, and the flexibility is realized;
(3) The sender realizes encryption and signature in one logic step, so that the total amount and communication cost for encrypting and signing the message are reduced.
Drawings
Fig. 1 is a flow chart of a signcryption method of a protection key based on a threshold mechanism of the present invention.
Detailed Description
As shown in fig. 1, the process of the secret signing method of the protection key based on the threshold mechanism of the present invention is that n helper keys are set, at least k of the n helper keys are used to update the real-time private keys of the sender and the receiver in different time periods, the update information of the real-time private key is generated at the start point of each time period and the real-time private key is updated, the real-time private keys of the sender and the receiver are generated, the sender generates ciphertext by using a secret signing algorithm, and the receiver generates plaintext by using a secret signing decrypting algorithm and verifies the signature.
The invention discloses a secret key protection method based on a threshold mechanism, which comprises the following steps:
(1) Establishing system parameters:
let u be a bit string of length nu representing identity, define
Figure BDA0003977122480000055
A set of all sequence numbers such that u is 1; setting a as the identity of a sender; b is set as the identity of the receiver; for a time segment t, use is made of
Figure BDA0003977122480000061
To represent the set of all sequence numbers of 1 in the bit string t; let m be a bit string representing the length of the message in nm; g 1 And G 2 Are all multiplicative groups of order prime number p (determined by the safety factor k), G is G 1 Is a generator of (1); g 2 Is a multiplication loop group with the order of q, and e is G 1 ×G 1 →G 2 Is a bilinear map; z represents an integer set, Z p The expression set {0,1,2,., p-1}, with +.>
Figure BDA0003977122480000062
Representing Z p {0}; let nv be the security parameter and select a hash function H v :{0,1} nm →{0,1} nv The method comprises the steps of carrying out a first treatment on the surface of the Defining a bijective V gamma-G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv Has a subset of p elements; randomly selecting an integer alpha epsilon Z p Randomly select the integer g 2 ∈G 1 Setting g 1 =g α Set y=e (g 1 ,g 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting u' e G 1 When i=1,..nu, followingMachine selection u i ∈G 1 Setting nu dimension vector +.>
Figure BDA0003977122480000063
Randomly selecting w' e G 1 When i=1,..nw, w is randomly selected i ∈G 1 Setting nw-dimensional vector +.>
Figure BDA0003977122480000064
Randomly select m' e G 1 When i=1,..nv, m is randomly selected i ∈G 1 Setting nv dimension vector +.>
Figure BDA0003977122480000065
For integer i ε Z p And one is represented by Z p The set S of elements in the set is defined as the Bragg Lang Ri coefficient
Figure BDA0003977122480000066
Setting a master private key msk=α, and setting a system public parameter as (G 1 ,G 2 ,e,V,g 1 ,g 2 ,u′,/>
Figure BDA0003977122480000067
w′,/>
Figure BDA00039771224800000622
m′,/>
Figure BDA0003977122480000069
)。
(2) Private key extraction:
(2.1) random selection
Figure BDA00039771224800000610
Calculate->
Figure BDA00039771224800000611
An initial private key for computing identity u>
Figure BDA00039771224800000612
Figure BDA00039771224800000613
Randomly selecting a k-1 th order polynomial f 1 So that f 1 (0)=α-β u The method comprises the steps of carrying out a first treatment on the surface of the Randomly select->
Figure BDA00039771224800000614
A k-1 degree polynomial f 2 So that f 2 (0)=r u The method comprises the steps of carrying out a first treatment on the surface of the For each 1<i<n, the i-th helper key is set to +.>
Figure BDA00039771224800000615
The n helper keys for user u are { HK u,i } 1≤i≤n
(2.2) sender a's initial private key and n helper keys are respectively
Figure BDA00039771224800000616
Sum { HK a,i } 1≤i≤n
(2.3) the initial private key of receiver b and the n helper keys are respectively
Figure BDA00039771224800000617
Sum { HK b,i } 1≤i≤n
(3) Generating real-time facilitator update information for sender a and receiver b at time slice t:
(3.1) ith helper random selection
Figure BDA00039771224800000618
Setting the ith updated information fragment about t as
Figure BDA00039771224800000619
(3.2) similarly, the ith updated information fragment about t of sender a and receiver b is respectively
Figure BDA00039771224800000620
Figure BDA00039771224800000621
(4) Generating real-time private keys of the sender a and the receiver b at the time slice t:
update information fragment set { UI } of given user u at time fragment t u,t,i } i∈S′ Wherein
Figure BDA0003977122480000071
Figure BDA0003977122480000072
Decomposing the temporary private key of user u in time segment t' into +.>
Figure BDA0003977122480000073
To construct a temporary private key d of user u at time segment t u,t User u calculates
Figure BDA0003977122480000074
Wherein the method comprises the steps of
Figure BDA0003977122480000075
Figure BDA0003977122480000076
Figure BDA0003977122480000077
Figure BDA0003977122480000078
Order the
Figure BDA0003977122480000079
Then->
Figure BDA00039771224800000710
Likewise, the temporary private keys of sender a and receiver b at time segment t are respectively
Figure BDA00039771224800000711
Figure BDA00039771224800000712
/>
(5) Signcryption:
for message m, sender a performs signcryption as follows:
sender a breaks his temporary private key down into
Figure BDA00039771224800000713
Randomly select
Figure BDA00039771224800000714
Randomly selecting r.epsilon.0, 1 nv So that a m r E Γ
Order the
Figure BDA00039771224800000715
To make from H v (m) the j-th bit is different from the j-th bit of the set of subscripts j, i.e
Figure BDA00039771224800000716
Calculation of
Figure BDA00039771224800000717
Figure BDA00039771224800000718
Figure BDA00039771224800000719
Figure BDA00039771224800000720
Figure BDA00039771224800000721
Figure BDA0003977122480000081
Figure BDA0003977122480000082
Order the
Figure BDA0003977122480000083
Figure BDA0003977122480000084
Figure BDA0003977122480000085
Sender a outputs a ciphertext
Figure BDA0003977122480000086
Figure BDA0003977122480000087
And sends it to recipient b.
(6) Decryption of the signcryption:
receiver b receives ciphertext (t, sigma)) Is decomposed into (t, (sigma) <1><2><3><4><5><6><7> )). Receiver b breaks his temporary private key down into
Figure BDA0003977122480000088
Calculation of
Figure BDA0003977122480000089
Generating
Figure BDA00039771224800000810
Outputting a message m if the following equation holds, otherwise outputting a "decryption signcryption failure"
Figure BDA00039771224800000811
/>

Claims (5)

1. A secret signature method for protecting a secret key based on a threshold mechanism is characterized in that: the method comprises the steps of setting n trusted helpers, updating real-time private keys of a sender and a receiver in different time periods by using at least k of the n helpers, generating a signcrypt ciphertext by the sender, generating a plaintext by using a decryption algorithm by the receiver, and performing signature verification.
2. The method of claim 1, wherein the method is characterized by: the method comprises the following steps:
(1) Establishing system parameters:
let u be a bit string of length nu representing identity, define
Figure FDA0003977122470000011
A set of all sequence numbers such that u is 1; setting a as the identity of a sender; b is set as the identity of the receiver; for a time sliceSegment t, use of
Figure FDA0003977122470000012
To represent the set of all sequence numbers of 1 in the bit string t; let m be a bit string representing the length of the message in nm; g 1 And G 2 Are all multiplicative groups of order prime number p, G is G 1 Is a generator of (1); g 2 Is a multiplication loop group with the order of q, and e is G 1 ×G 1 →G 2 Is a bilinear map; z represents an integer set, Z p The expression set {0,1,2,., p-1}, with +.>
Figure FDA0003977122470000013
Representing Z p {0}; let nv be the security parameter and select a hash function H v :{0,1} nm →{0,1} nv The method comprises the steps of carrying out a first treatment on the surface of the Defining a bijective V gamma-G 2 Here V -1 Representing its inverse mapping, Γ is {0,1} nu+nm+nv Has a subset of p elements; randomly selecting an integer alpha epsilon Z p Randomly select the integer g 2 ∈G 1 Setting g 1 =g α Set y=e (g 1 ,g 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Randomly selecting u' e G 1 When i=1,..nu, u is randomly selected i ∈G 1 Setting nu dimension vector +.>
Figure FDA0003977122470000014
Randomly selecting w' e G 1 When i=1,..nw, w is randomly selected i ∈G 1 Setting nw-dimensional vector +.>
Figure FDA0003977122470000015
Randomly select m' e G 1 When i=1,..nv, m is randomly selected i ∈G 1 Setting nv dimension vector +.>
Figure FDA0003977122470000016
For integer i ε Z p And one is represented by Z p The set S of elements of which, defined the Bragg Lang Ri coefficient as +.>
Figure FDA0003977122470000017
Setting a main private key msk=alpha and setting a system public parameter as +.>
Figure FDA0003977122470000018
(2) Private key extraction:
(2.1) random selection
Figure FDA0003977122470000019
Calculate->
Figure FDA00039771224700000110
An initial private key for computing identity u>
Figure FDA00039771224700000111
Figure FDA00039771224700000112
(2.2) sender a's initial private key and n helper keys are
Figure FDA00039771224700000113
Sum { HK a,i } 1≤i≤n
(2.3) initial private Key of receiver b and n helper keys are
Figure FDA00039771224700000114
Sum { HK b,i } 1≤i≤n
(3) Generating real-time facilitator update information for sender a and receiver b at time slice t:
(3.1) ith helper random selection
Figure FDA00039771224700000115
Will be related to tIs set to the i-th update information fragment of
Figure FDA00039771224700000116
(3.2) similarly, the ith update information fragment about t of sender a and receiver b is
Figure FDA0003977122470000021
Figure FDA0003977122470000022
(4) Generating real-time private keys of the sender a and the receiver b at the time slice t:
update information fragment set { UI } of given user u at time fragment t u,t,i } i∈S′ Wherein
Figure FDA0003977122470000023
Figure FDA0003977122470000024
Decomposing the temporary private key of user u in time segment t' into +.>
Figure FDA0003977122470000025
To construct a temporary private key d of user u at time segment t u,t User u calculates
Figure FDA0003977122470000026
Wherein the method comprises the steps of
Figure FDA0003977122470000027
Figure FDA0003977122470000028
Figure FDA0003977122470000029
Figure FDA00039771224700000210
Order the
Figure FDA00039771224700000211
Then->
Figure FDA00039771224700000212
Likewise, sender a's temporary private key d at time segment t a,t The method comprises the following steps:
Figure FDA00039771224700000213
temporary private key d of receiver b at time segment t b,t Is that
Figure FDA00039771224700000214
(5) Signcryption:
for message m, sender a performs signcryption as follows:
sender a breaks down the temporary private key into
Figure FDA00039771224700000215
Randomly select
Figure FDA00039771224700000216
Randomly selecting r.epsilon.0, 1 nv So that a m r E Γ
Order the
Figure FDA00039771224700000217
To make from H v (m) the j-th bit is different from the j-th bit of the set of subscripts j, i.e
Figure FDA00039771224700000218
Calculation of
Figure FDA00039771224700000219
Figure FDA00039771224700000220
Figure FDA00039771224700000221
Figure FDA0003977122470000031
Figure FDA0003977122470000032
Figure FDA0003977122470000033
Figure FDA0003977122470000034
Order the
Figure FDA0003977122470000035
/>
Figure FDA0003977122470000036
Figure FDA0003977122470000037
Sender a outputs a ciphertext
Figure FDA0003977122470000038
Figure FDA0003977122470000039
And sends it to recipient b
(6) Decryption of the signcryption:
receiver b decomposes the received ciphertext (t, sigma) into (t, (sigma) 1 >,σ 2 >,σ 3 >,σ 4 >,σ 5 >,σ< 6 >,σ 7 >) A) is provided; receiver b breaks down the temporary private key into
Figure FDA00039771224700000310
Calculation of
Figure FDA00039771224700000311
Generating
Figure FDA00039771224700000312
Outputting a message m if the following equation holds, otherwise outputting a "decryption signcryption failure"
Figure FDA00039771224700000313
3. The method of claim 1, wherein the method is characterized by: the prime number p in step (1) is determined by the safety factor k.
4. The method of claim 1, wherein the method is characterized by: in the step (2.1), randomly selecting
Figure FDA00039771224700000314
Calculate->
Figure FDA00039771224700000315
An initial private key for computing identity u>
Figure FDA00039771224700000316
Figure FDA00039771224700000317
Randomly selecting a k-1 th order polynomial f 1 So that f 1 (0)=α-β u The method comprises the steps of carrying out a first treatment on the surface of the Randomly select->
Figure FDA00039771224700000318
Polynomial f of degree k-1 2 So that f 2 (0)=r u The method comprises the steps of carrying out a first treatment on the surface of the For each 1<i<n, the i-th helper key is set to +.>
Figure FDA00039771224700000319
The n helper keys for user u are { HK u,i } 1≤i≤n
5. The method of claim 1, wherein the method is characterized by: in step (3), the real-time facilitator of the time slice t of the sender a and the receiver b updates the information to the time slice of the user ut update information fragment set { UI } u,t,i } i∈S′ Wherein
Figure FDA0003977122470000041
/>
CN202211534582.2A 2022-12-02 2022-12-02 Secret key protection method based on threshold mechanism Pending CN116074016A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211534582.2A CN116074016A (en) 2022-12-02 2022-12-02 Secret key protection method based on threshold mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211534582.2A CN116074016A (en) 2022-12-02 2022-12-02 Secret key protection method based on threshold mechanism

Publications (1)

Publication Number Publication Date
CN116074016A true CN116074016A (en) 2023-05-05

Family

ID=86177794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211534582.2A Pending CN116074016A (en) 2022-12-02 2022-12-02 Secret key protection method based on threshold mechanism

Country Status (1)

Country Link
CN (1) CN116074016A (en)

Similar Documents

Publication Publication Date Title
JP4712017B2 (en) Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher
CN103414569B (en) A kind of method of the public key cryptography setting up attack resistance
CN107707358B (en) EC-KCDSA digital signature generation method and system
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
JP4405810B2 (en) Encryption and signature scheme based on hierarchical identity
KR100930577B1 (en) Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher
CN107911209B (en) Method for establishing security public key password for resisting quantum computing attack
CN107733648A (en) The RSA digital signature generation method and system of a kind of identity-based
CN114095181B (en) Threshold ring signature method and system based on cryptographic algorithm
CN110851845A (en) Light-weight single-user multi-data all-homomorphic data packaging method
CN110855425A (en) Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium
WO2012147001A1 (en) Data encryption
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN105393488B (en) The method for establishing the public key cryptography of resisting quantum computation attack
US20050240762A1 (en) Cryptographic method and apparatus
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
US6931126B1 (en) Non malleable encryption method and apparatus using key-encryption keys and digital signature
CN103684764B (en) A kind of efficient public key encryption with forward secrecy
Grewal ElGamal: public-key cryptosystem
CN116074016A (en) Secret key protection method based on threshold mechanism
CN112511311A (en) Encryption threshold signature method based on confusion technology
JP2004246350A (en) Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method
CN115296792A (en) Identity-based signcryption method for protecting secret key
CN113347009B (en) Certificateless threshold signcryption method based on elliptic curve cryptosystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination