CN117034357A - Aggregation signature method for data compliance audit - Google Patents
Aggregation signature method for data compliance audit Download PDFInfo
- Publication number
- CN117034357A CN117034357A CN202310676702.0A CN202310676702A CN117034357A CN 117034357 A CN117034357 A CN 117034357A CN 202310676702 A CN202310676702 A CN 202310676702A CN 117034357 A CN117034357 A CN 117034357A
- Authority
- CN
- China
- Prior art keywords
- auditor
- audit
- signature
- data
- document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 82
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000002776 aggregation Effects 0.000 title description 5
- 238000004220 aggregation Methods 0.000 title description 5
- 239000000725 suspension Substances 0.000 claims abstract description 13
- 230000004931 aggregating effect Effects 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 claims description 43
- 238000004364 calculation method Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 17
- 239000013598 vector Substances 0.000 claims description 14
- 102100030762 Apolipoprotein L1 Human genes 0.000 claims description 12
- 101100237637 Bos taurus APOL gene Proteins 0.000 claims description 12
- 101100323521 Homo sapiens APOL1 gene Proteins 0.000 claims description 12
- 239000003643 water by type Substances 0.000 claims description 8
- 239000007788 liquid Substances 0.000 claims description 7
- 239000011159 matrix material Substances 0.000 claims description 6
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 230000000379 polymerizing effect Effects 0.000 claims description 3
- 230000009466 transformation Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an aggregate signature method for data compliance audit, which comprises the following steps: step 1, initializing a system; step 2, generating a key of a trusted third party; step 3, generating a secret key of the submitter; step 4, generating a secret key of the auditor; step 5, generating a certificate of the auditor; step 6, submitting a document stage by a presenter; step 7, a signature stage of an auditor; step 8, aggregating and signing the phase of the auditor; step 9, a compliance auditing suspension stage; step 10, storing the document. The method protects personal information leakage of auditors by hiding attribute values in the audit strategy; the signature of a single auditor is aggregated by means of the aggregated signature, the effective storage rate of the auditing flow document is improved, the implementation is simple, the practicability is high, and the method is suitable for safety application of auditing the same data document by multiple auditors under an exact access strategy in a data compliance auditing flow.
Description
Technical Field
The invention relates to the technical field of data security, in particular to an aggregation signature method for data compliance auditing.
Background
Data compliance auditing: data compliance auditing refers to the auditing and assessment of data held, processed or transmitted by an organization or individual to ensure compliance with applicable legal regulations, industry standards, and internal policy requirements. This process involves auditing practices in data collection, storage, use, sharing, and destruction to identify potential compliance risks and violations, and to propose improved suggestions and solutions to ensure the legitimacy, security, and confidentiality of the data. Compliance audits aim to protect personal privacy, adhere to data protection laws, prevent data leakage and abuse, and establish sustainable compliance management measures.
Aggregate signature: aggregate signatures are a cryptographic technique that can combine multiple signatures into a single signature. Unlike a traditional single signature, an aggregate signature can represent multiple signers, while providing a more efficient and compact signature verification method.
When the data is checked for compliance, the aggregate signature can be used for verifying whether the data is tampered in the transmission or storage process, the auditor can sign the data and aggregate the signatures into a single signature, and the auditor can verify the integrity of the data by utilizing the aggregate signature in the checking flow, so that the data is ensured not to be modified without authorization. In a specific data auditing process, the same auditor can audit the data document submitted by a certain submitter for multiple times, the same auditor can sign the same nuclear power emergency data document for multiple times, the problem that the auditing process document is low in effective storage is caused, and the storage problem can be effectively reduced by aggregating the multiple signatures.
Disclosure of Invention
Aiming at the aim that in a data compliance auditing scene, when an auditor carries out auditing access, an auditing strategy is disclosed, an attacker can easily omit obtaining personal information of the auditor through the disclosed auditing strategy, so that partial content of a data document is inferred, partial important data leakage can be possibly caused, and privacy protection is required for the personal information of the auditor; and the problems of multiple interaction revisions and complex logic exist in the auditing process, the same auditor can audit the same data document for multiple times, and the auditing signature and auditing opinion in the auditing process document can be excessive, so that the auditor signature and auditing opinion in the auditing process document can be repeatedly stored, and the effective storage rate of the auditing process document is low, thereby providing an aggregate signature method for data compliance auditing. The method protects personal information leakage of auditors by hiding attribute values in the audit strategy; the signature of a single auditor is aggregated by means of the aggregated signature, the effective storage rate of the auditing flow document is improved, the implementation is simple, the practicability is high, and the method is suitable for safety application of auditing the same data document by multiple auditors under an exact access strategy in a data compliance auditing flow.
The technical scheme for realizing the aim of the invention is as follows:
an aggregate signature method for data compliance audit comprises the following steps:
step 1, initializing a system: generating system public parameters according to the input safety parameters;
step 2, key generation of a trusted third party: key generation center generates public key PK TA And private key SK TA And PK is combined with TA Sending the generated secret key to a auditor secret key generation center;
step 3, generating a secret key of a submitter: key generation center generates public key PK submit And private key SK submit ;
Step 4, secret key generation of auditors: key generation center generates public key PK audit And private key SK audit ;
Step 5, certificate generation of auditors: certificate generation center generates certificate cre= { K, CL, { K aduit(i) }};
Step 6, submitting a document stage by a presenter: the presenter performs signature operation on the submitted nuclear power emergency data document to prevent the data from being maliciously tampered by other presenters;
step 7, signature stage of auditor: the system conceals the auditing strategy, judges whether the auditor accords with the auditing access strategy, and joins the auditor group after the auditing access strategy accords with the auditing access strategy; the first auditor receiving the data document verifies the correctness of the signature of the submitter by using a verification equation, and then the first auditor performs data compliance audit, and the step 9 is executed if the data compliance audit is not passed; after signature operation is carried out, the document is sent to the next auditor, the next auditor verifies the correctness of the aggregate signature of the last auditor by using a verification equation, then compliance audit is carried out on the data document to be audited, the audit is passed, the step 8 is executed, and the step 9 is executed without passing the audit;
step 8, an aggregate signature stage of auditors: if the document passes the data compliance audit, the auditor aggregates the signature and the signature of the last auditor;
step 9, a compliance verification suspension stage: if the document does not pass the data compliance audit, the auditor suspends the audit flow, carries out the operation of suspending audit signature, and returns the data document and audit opinion which do not pass the audit to the data document submitter;
step 10, storing a document: and the auditor group stores the data document passing the compliance audit and the audit flow document into a high-security database.
The system initialization in the step 1 comprises the following steps:
1.1 Inputting a security parameter lambda, the trusted third party randomly selects p.apprxeq.poly (1) λ ) Then outputs phi by using the complex order bilinear parameter generator, wherein phi comprisesP, q, r in the generator are three different large primes, G T Is a subgroup of multiplication cycles of order N, G p ,G q ,G r Is a subgroup of G, < >>Representing a bilinear map;
1.2 Selecting and generating 3 hash functions, H 1 :G 1 ->Z n ,H 2 :{0,1} * ->Z n ,H 3 :{0,1} * ->G T ,H 4 :{0,1} * ->G, wherein {0,1} * For binary code sets of arbitrary length, Z n Is an integer cyclic group;
1.3 Randomly selecting t for all auditor attribute values participating in a process att(i,j) ∈Z n Wherein i represents the attribute name, j represents the attribute value under the i attribute name, and B is randomly selected i(j) ∈G q Calculation ofEach attribute value corresponds to a B i(j) Finally, a set of global attribute names is obtained
1.4 Generating common parameters
The key generation of the trusted third party in the step 2 comprises the following steps:
2.1 A trusted third party key generation center selects two random numbers alpha, mu epsilon Z n Private key SK as a trusted third party TA = (α, μ) and then calculateLet->Calculate->Let->Finally calculate->Finally, Y' is used as public key PK of trusted third party TA = (Y, Y'), and public key PK TA Disclosed are methods and apparatus for controlling the flow of liquid.
The key generation of the submitter in the step 3 comprises the following steps:
3.1 Random selection of c, d e Z by key generation center n Private key SK as submitter submit = (c, d) and then calculateLet->Recalculate cdY 'let Z' = cdY ', eventually take Z, Z' as the public key PK of the submitter submit = (Z, Z') and public key PK submit Disclosure of;
the key generation of the auditor in the step 4 comprises the following steps:
4.1 Random selection of a, b e Z by key generation center n Private key SK as auditor audit = (a, b), then calculateLet->Recalculate abY 'with X' = abY ', eventually taking X, X' as the public key PK of the auditor audit = (X, X') and public key PK audit Disclosed are methods and apparatus for controlling the flow of liquid.
The certificate generation of the auditor in the step 5 comprises the following steps:
5.1 Certificate generation center randomly selects t e Z n Calculation of
5.2 Certificate generation centerRandomly select P ε G r Calculation of
5.3 A certificate generation center generates a unique certificate set for each auditor, and randomly selects R i ∈G r To generate a certificate sets i Representing the value to which the auditor attribute value is mapped into the integer group;
5.4 Certificate generation center generates cre= { K, CL, { K aduit(i) }}。
The submitting document stage of the presenter in the step 6 comprises the following steps of;
6.1 Randomly choosing r e Z by submitter p Nuclear power emergency data m epsilon {0,1} * Private key SK audit The system parameter params is used as input;
6.2 Submitter calculates signature sigma submit =(σ s1 ,σ s2 ) Wherein:
σ s1 =r,σ s2 =H 4 (m,r) cd ;
6.3 Submitter will sign (sigma) submit M) and the data document are sent to the first auditor of the auditing group.
The signature stage of the auditor in the step 7 comprises the following steps:
7.1 Hiding access strategy of auditor, i.e. APOL, and attribute value H in APOL i(j) Hidden conversion toAnd the converted access strategy of the auditor is disclosed;
7.2 The first auditor in the auditing process needs to verify the signature operation, and verifies:
e(σ s2 ,g)=e(H 4 (m,r),Z′);
7.3 After the equation verification is passed, the auditor performs compliance data audit;
7.4 After the verification is passed, signature operation is carried out, then the signature and the data are sent to the next verifier, and if the verification is not passed, a compliance verification suspension stage is executed;
7.5 If it is other auditor, the following operations are executed;
7.6 Auditor calculationWherein is sigma i∈l λ i ω i =s,{λ i -a valid analysis of secret s;
7.7 Auditor calculation
7.8 Verifying and calculating the aggregate signature of the reviewer i-1 by the reviewer i):
if the formula (1) is established, performing the next verification calculation;
7.9 Verification calculation by auditor i
If the formula (2) is established, the aggregate signature is correct, the following operation is executed, otherwise, the aggregate signature is refused, the data compliance auditing operation is stopped, and a compliance auditing suspension stage is entered;
7.10 Using a Lewko-Waters algorithm to generate a map P (i) of the attributes in the APOL, the Lewko-Waters algorithm being a representation of the Boolean expression of the APOL converted into a form of a matrix M;
7.11 Random selection of y by auditor 2 ,y 3 ,...,y l ∈Z n ,s aduit Is the secret parameter that the reviewer wants to share, where s aduit ∈Z n L is the number of attributes in the auditor access policy, and the auditor gets the vector v=(s) aduit ,y 2 ,y 3 ,...,y l );
7.12 I=1, 2, 3.., attribute values in the i region, and λ using the i-th row calculation of the auditor to obtain vector v and M of the auditor access policy transformation i Finally get lambda 1 ,λ 2 ,...,λ l ;
7.13 Random selection of r by auditor 1 ,r 2 ,...,r x ∈Z n Where x.epsilon.1..i.,. Randomly selecting Z for each attribute value 0,x ∈G q Z is selected randomly for the attribute names corresponding to the attribute value sets 1,x ∈G q ;
7.14 Auditor calculates attribute code { { { C i,x },D i,x }, whereinWherein H is i(j) The jth attribute value, C, representing the ith attribute name for each attribute value i,x An attribute code corresponding to the x-th attribute value corresponding to the i-th attribute name, D i,x The attribute code corresponding to the ith attribute name;
7.15 Reviewers view whether the document to be reviewed is compliant with the data and give comments M aduit And calculate C 1 =g p s And performs the following operations;
7.16 Randomly selecting U, U epsilon Z by auditors p Delta is calculated =u| PK audit ||PK TA ||m||M id ,Wherein m is the data document to be audited;
7.17 Auditor calculationWhere h=ab.
The aggregate signature stage of the auditor in the step 8 comprises the following steps:
8.1 Initializing signature generation (1) for a first auditor G ,1 G ,1 G ,1 G ) In (1) G ,1 G ,1 G ,1 G ) Aggregating the signatures on the basis of the aggregate signatures of the ith-1 th auditor if the ith auditor is the same (delta) aduit(i-1) ,δ a ,δ b ,δ c ) Polymerizing on the basis;
8.2 Randomly selecting r, x epsilon Z by auditors n Calculate delta b ′=δ b +rg,δ c ′=δ c +xg;
8.3 Auditor calculates delta a ′=xδ b ′+rδ c +SK audit-i,1 SK audit,2 H 2 (δ aduit-i ||m)g;
8.4 Final auditor gets the aggregate signature (delta) aduit(i) ,δ a ,δ b ,δ c )。
The compliance verification suspension stage in step 9 includes the following steps:
9.1 Randomly selecting a c E {0,1} by the auditor, and calculating the signature sigma of the auditor with respect to the data document m Wherein sigma m =(δ aduit(i) ,σ 1 ,σ 2 )=(δ aduit(i) ,c,H 3 (δ aduit(i) ,c) ab );
9.2 Submitter verification):
if the formula (3) is true, continuing to verify:
e(σ 2 ,g p )=e(H 3 (δ aduit(i) ,σ 1 ),X) (4)
if the formula (4) is satisfied, the audit interrupt signature is correct, otherwise, the audit interrupt signature is refused.
Based on the complexity of CDH difficult problems, the access control strategy and the linear secret sharing technology provide a method of the technical scheme, and the method of the technical scheme conceals the access strategy of the auditor and increases the privacy of personal information of the auditor. Meanwhile, a plurality of signatures of the same data document are aggregated, so that the length of the signatures is reduced to a certain extent, the length of the aggregated signatures is independent of the number of auditors, and the storage space of the audit flow document is saved. In conclusion, the technical scheme is simple to implement and high in practicability, and is suitable for safety application of auditing the same data documents by multiple auditors under an exact access strategy in a data compliance auditing process.
The method is based on technologies such as linear secret sharing, aggregation signature and the like, can solve the problems of low effective storage rate and personal information leakage in the auditing process, provides technical guarantee for personal information protection in the data compliance auditing process, realizes the aggregation signature with complex interaction logic in the data compliance auditing, reduces partial redundancy of auditing flow documents, effectively reduces storage load, and improves the reliability and safety of the data compliance auditing.
Drawings
FIG. 1 is a schematic diagram of an embodiment;
fig. 2 is a flow chart of an embodiment.
Detailed Description
The invention will now be described in further detail with reference to the drawings and specific examples, which are not intended to limit the invention thereto.
Examples:
mathematical theory applied to this example:
cdh difficult problem:
the CDH has the difficult problems that a cyclic multiplication group G with the order of n is selected under the safety parameter lambda, and a, b epsilon Z is randomly selected n Will (g) a ,g,g b ) As input, then output DH gn (g a ,g b )=g ab If algorithm A is present, the computational advantage is Pr [ A (g a ,g,g b )=g ab ]And ∈is not less than, and the CDH difficulty problem is solved.
Lewko-Waters algorithm
The Lewko-Waters algorithm is a general algorithm that converts the Boolean formula into an equivalent LSSS matrix. The algorithm treats the boolean formula as an access number, where the internal nodes are AND OR gates AND the leaf nodes represent the corresponding attributes. First the root node of the access number is de-marked with vector (1), i.e. a vector of length 1. The vector of its child nodes is then de-labeled with the vector of the parent node in the top-to-bottom direction. And a global variable count is maintained and initialized to 1.
Vector labels for child nodes are scored as two cases:
when the parent of the marked node is an OR gate marked by a vector v, then this example also marks its child node with v (and keeps the value of counter unchanged).
When the parent node of the marked node is an AND gate marked by a vector v, the end of v is filled with 0, so that the length of v becomes counter, AND if v=counter, the end is not complemented with 0. The left child node of the parent node is labeled with (0,..0) | -1, with the number of 0 being counter. The right child node of the parent node is marked with v 1, and after marking of the left and right child nodes is completed, the value of counter is added with 1.
When the whole access tree is marked, the vectors of the marked leaf nodes form rows of the matrix, which are then assembled into an access matrix.
Referring to fig. 1 and 2, an aggregate signature method for data compliance auditing includes the following steps:
step 1, initializing a system: generating system public parameters according to the input safety parameters;
step 2, key generation of a trusted third party: trusted third party key generation center generates public key PK TA And private key SK TA And PK is combined with TA Sending the generated secret key to a auditor secret key generation center;
step 3, generating a secret key of a submitter: key generation center generates public key PK submi And private key SK submit ;
Step 4, secret key generation of auditors: key generation center generates public key PK audit And private key SK audit ;
Step 5, certificate generation of auditors: certificate generation center generates certificate cre= { K, CL, { K aduit(i) }};
Step 6, submitting a document stage by a presenter: the submitter performs signature operation on the submitted data document to prevent the data from being maliciously tampered by other submitters;
step 7, signature stage of auditor: the system conceals the auditing strategy, judges whether the auditor accords with the auditing access strategy, and joins the auditor group after the auditing access strategy accords with the auditing access strategy; the first auditor receiving the data document verifies the correctness of the signature of the submitter by using a verification equation, and then the first auditor performs data compliance audit, and the step 9 is executed if the data compliance audit is not passed; after signature operation is carried out, the document is sent to the next auditor, the next auditor verifies the correctness of the aggregate signature of the last auditor by using a verification equation, then compliance audit is carried out on the data document to be audited, the audit is passed, the step 8 is executed, and the step 9 is executed without passing the audit;
step 8, an aggregate signature stage of auditors: if the document passes the data compliance audit, the auditor aggregates the signature and the signature of the last auditor;
step 9, a compliance verification suspension stage: if the document does not pass the data compliance audit, the auditor suspends the audit flow, carries out the operation of suspending audit signature, and returns the data document and audit opinion which do not pass the audit to the data document submitter;
step 10, storing a document: and the auditor group stores the data document passing the compliance audit and the audit flow document into a high-security database.
The system initialization in the step 1 comprises the following steps:
1.1 Inputting a security parameter lambda, the trusted third party randomly selects p.apprxeq.poly (1) λ ) Then outputs phi by using the complex order bilinear parameter generator, wherein phi comprisesP, q, r in the generator are three different large primes, G T Is a stepIs a subgroup of multiplication cycles of N, G p ,G q ,G r Is a subgroup of G, < >>Representing a bilinear map;
1.2 Selecting and generating 3 hash functions, H 1 :G 1 ->Z n ,H 2 :{0,1} * ->Z n ,H 3 :{0,1} * ->G T ,H 4 :{0,1} * ->G, wherein {0,1} * For binary code sets of arbitrary length, Z n Is an integer cyclic group;
1.3 Randomly selecting t for all auditor attribute values participating in a process att(i,j) ∈Z n Wherein i represents the attribute name, j represents the attribute value under the i attribute name, and B is randomly selected i(j) ∈G q Calculation ofEach attribute value corresponds to a B i(j) Finally, a set of global attribute names is obtained
1.4 Generating common parametersThe key generation of the trusted third party in the step 2 comprises the following steps:
2.1 A trusted third party key generation center selects two random numbers alpha, mu epsilon Z n Private key SK as a trusted third party TA = (α, μ) and then calculateLet->Calculate->Let->Finally calculate->Finally, Y' is used as public key PK of trusted third party TA = (Y, Y'), and public key PK TA Disclosed are methods and apparatus for controlling the flow of liquid.
The key generation of the submitter in the step 3 comprises the following steps:
3.1 Random selection of c, d e Z by key generation center n Private key SK as submitter submit = (c, d) and then calculateLet->Recalculate cdY 'let Z' = cdY ', eventually take Z, Z' as the public key PK of the submitter submit = (Z, Z') and public key PK submit Disclosure of;
the key generation of the auditor in the step 4 comprises the following steps:
4.1 Random selection of a, b e Z by key generation center n Private key SK as auditor audit = (a, b), then calculateLet->Recalculate abY 'with X' = abY ', eventually taking X, X' as the public key PK of the auditor audit = (X, X') and public key PK audit Disclosed are methods and apparatus for controlling the flow of liquid.
The certificate generation of the auditor in the step 5 comprises the following steps:
5.1 Certificate generation center randomly selects t e Z n Calculation of
5.2 Certificate generation center randomly selects P ε G r Calculation of
5.3 A certificate generation center generates a unique certificate set for each auditor, and randomly selects R i ∈G r To generate a certificate sets i Representing the value to which the auditor attribute value is mapped into the integer group;
5.4 Certificate generation center generates cre= { K, CL, { K aduit(i) }}。
The submitting document stage of the presenter in the step 6 comprises the following steps of;
6.1 Randomly choosing r e Z by submitter p Data m epsilon {0,1} * Private key SK audit The system parameter params is used as input;
6.2 Submitter calculates signature sigma submit =(σ s1 ,σ s2 ) Wherein:
σ s1 =r,σ s2 =H 4 (m,r) cd ;
6.3 Submitter will sign (sigma) submit M) and the data document are sent to the first auditor of the auditing group.
The signature stage of the auditor in the step 7 comprises the following steps:
7.1 Hiding access strategy of auditor, i.e. APOL, and attribute value H in APOL i(j) Hidden conversion toAnd the converted access strategy of the auditor is disclosed;
7.2 The first auditor in the auditing process needs to verify the signature operation, and verifies:
e(σ s2 ,g)=e(H 4 (m,r),Z′);
7.3 After the equation verification is passed, the auditor performs compliance data auditing because:
e(σ s2 ,g)=e(H 4 (m,r) cd ,g)=e(H 4 (m,r),g cd )=e(H 4 (m,r),Z′);
7.4 After the verification is passed, signature operation is carried out, then the signature and the data are sent to the next verifier, and if the verification is not passed, a compliance verification suspension stage is executed;
7.5 If it is other auditor, the following operations are executed;
7.6 Auditor calculationWherein is sigma i∈l λ i ω i =s,{λ i -a valid analysis of secret s;
7.7 Auditor calculation
7.8 Verifying and calculating the aggregate signature of the reviewer i-1 by the reviewer i):
if the formula (1) is established, performing the next verification calculation;
7.9 Verification calculation by auditor i
If the formula (2) is satisfied, the aggregate signature is correct, and the following operation is executed, otherwise, the aggregate signature is refused, the data compliance auditing operation is stopped, and the compliance auditing suspension stage is entered because:
7.10 Using a Lewko-Waters algorithm to generate a map P (i) of the attributes in the APOL, the Lewko-Waters algorithm being a representation of the Boolean expression of the APOL converted into a form of a matrix M;
7.11 Random selection of y by auditor 2 ,y 3 ,...,y l ∈Z n ,s aduit Is the secret parameter that the reviewer wants to share, where s aduit ∈Z n L is the number of attributes in the auditor access policy, and the auditor gets the vector v=(s) aduit ,y 2 ,y 3 ,...,y l );
7.12 I=1, 2, 3.., attribute values in the i region, and λ using the i-th row calculation of the auditor to obtain vector v and M of the auditor access policy transformation i Finally get lambda 1 ,λ 2 ,...,λ l ;
7.13 Random selection of r by auditor 1 ,r 2 ,...,r x ∈Z n Where x.epsilon.1..i.,. Randomly selecting Z for each attribute value 0,x ∈G q Z is selected randomly for the attribute names corresponding to the attribute value sets 1,x ∈G q ;
7.14 Auditor calculates attribute code { { { C i,x },D i,x }, whereinWherein H is i(j) The jth attribute value, C, representing the ith attribute name for each attribute value i,x An attribute code corresponding to the x-th attribute value corresponding to the i-th attribute name, D i,x The attribute code corresponding to the ith attribute name; 7.15 Reviewers view whether the document to be reviewed is compliant with the data and give comments M aduit And calculate C 1 =g p s And performs the following operations;
7.16 Randomly selecting U, U epsilon Z by auditors p Delta is calculated =u| PK audit ||PK TA ||m||M id ,Wherein m is the data document to be audited;
7.17 Auditor calculationWhere h=ab.
The aggregate signature stage of the auditor in the step 8 comprises the following steps:
8.1 Initializing signature generation (1) for a first auditor G ,1 G ,1 G ,1 G ) In (1) G ,1 G ,1 G ,1 G ) Aggregating the signatures on the basis of the aggregate signatures of the ith-1 th auditor if the ith auditor is the same (delta) aduit(i-1) ,δ a ,δ b ,δ c ) Polymerizing on the basis;
8.2 Randomly selecting r, x epsilon Z by auditors n Calculate delta b ′=δ b +rg,δ c ′=δ c +xg;
8.3 Auditor calculates delta a ′=xδ b ′+rδ c +SK audit,1 SK audit,2 H 2 (δ aduit-i ||m)g;
8.4 Final auditor gets the aggregate signature (delta) aduit(i) ,δ a ,δ b ,δ c )。
The compliance verification suspension stage in step 9 includes the following steps:
9.1 Randomly selecting a c E {0,1} by the auditor, and calculating the signature sigma of the auditor with respect to the data document m Wherein sigma m =(δ aduit(i) ,σ 1 ,σ 2 )=(δ aduit(i) ,c,H 3 (δ aduit(i) ,c) ab );
9.2 Submitter verification):
if the formula (3) is true, continuing to verify:
e(σ 2 ,g p )=e(H 3 (δ aduit(i) ,σ 1 ),X) (4)
if equation (4) holds, the audit interrupt signature is correct, otherwise the audit interrupt signature is rejected because:
e(σ 2 ,g p )=e(H 3 (δ aduit(i) ,c) ab ,g p )=e(H 3 (δ aduit(i) ,c),g p ab )=e(H 3 (δ aduit(i) ,σ 1 ),X)。
Claims (10)
1. an aggregate signature method for data compliance auditing is characterized by comprising the following steps:
step 1, initializing a system: generating system public parameters according to the input safety parameters;
step 2, key generation of a trusted third party: key generation center generates public key PK TA And private key SK TA And PK is combined with TA Sending the generated secret key to a auditor secret key generation center;
step 3, generating a secret key of a submitter: key generation center generates public key PK submit And private key SK submit ;
Step 4, secret key generation of auditors: key generation center generates public key PK audit And private key SK audit ;
Step 5, certificate generation of auditors: certificate generation center generates certificate cre= { K, CL, { K aduit(i) }};
Step 6, submitting a document stage by a presenter: the submitter performs signature operation on the submitted data document to prevent the data from being maliciously tampered by other submitters;
step 7, signature stage of auditor: the system conceals the auditing strategy, judges whether the auditor accords with the auditing access strategy, and joins the auditor group after the auditing access strategy accords with the auditing access strategy; the first auditor receiving the data document verifies the correctness of the signature of the submitter by using a verification equation, and then the first auditor performs data compliance audit, and the step 9 is executed if the data compliance audit is not passed; after signature operation is carried out, the document is sent to the next auditor, the next auditor verifies the correctness of the aggregate signature of the last auditor by using a verification equation, then compliance audit is carried out on the data document to be audited, the audit is passed, the step 8 is executed, and the step 9 is executed without passing the audit;
step 8, an aggregate signature stage of auditors: if the document passes the data compliance audit, the auditor aggregates the signature and the signature of the last auditor;
step 9, a compliance verification suspension stage: if the document does not pass the data compliance audit, the auditor suspends the audit flow, carries out the operation of suspending audit signature, and returns the data document and audit opinion which do not pass the audit to the data document submitter;
step 10, storing a document: and the auditor group stores the data document passing the compliance audit and the audit flow document into a high-security database.
2. The aggregate signature method for data compliance verification of claim 1, wherein the system initialization in step 1 comprises the steps of:
1.1 Inputting a security parameter lambda, the trusted third party randomly selects p.apprxeq.poly (1) λ ) Reusing the resultant order bilinear parameter generator to output phi, wherein phi comprisesP, q, r in the generator are three different large primes, G T Is a subgroup of multiplication cycles of order N, G p ,G q ,G r Is a subgroup of G, < >>Representing a bilinear map;
1.2 Selection of a particular selectionGenerating 3 hash functions H 1 :G 1 ->Z n ,H 2 :{0,1} * ->Z n ,H 3 :{0,1} * ->G T ,H 4 :{0,1} * ->G, wherein {0,1} * For binary code sets of arbitrary length, Z n Is an integer cyclic group;
1.3 Randomly selecting t for all auditor attribute values participating in a process att(i,j) ∈Z n Wherein i represents the attribute name, j represents the attribute value under the i attribute name, and B is randomly selected i(j) ∈G q Calculation ofEach attribute value corresponds to a B i(j) Finally, a set of global attribute names is obtained
1.4 Generating common parameters
3. The aggregate signature method for data compliance verification of claim 1, wherein the key generation of the trusted third party in step 2 comprises the steps of:
2.1 A trusted third party key generation center selects two random numbers alpha, mu epsilon Z n Private key SK as a trusted third party TA = (α, μ) and then calculateLet->Calculate->Let->Finally calculate->Finally, Y' is used as public key PK of trusted third party TA = (Y, Y'), and public key PK TA Disclosed are methods and apparatus for controlling the flow of liquid.
4. The aggregate signature method for data compliance verification of claim 1, wherein the generating of the key of the presenter in step 3 comprises the steps of:
3.1 Random selection of c, d e Z by key generation center n Private key SK as submitter submit = (c, d) and then calculateLet->Recalculate cdY 'let Z' = cdY ', eventually take Z, Z' as the public key PK of the submitter submit = (Z, Z') and public key PK submit Disclosed are methods and apparatus for controlling the flow of liquid.
5. The aggregate signature method for data compliance verification of claim 1, wherein the key generation of the auditor in step 4 comprises the steps of:
4.1 Random selection of a, b e Z by key generation center n Private key SK as auditor audit = (a, b), then calculateLet->Recalculate abY 'with X' = abY ', eventually taking X, X' as the public key PK of the auditor audit = (X, X') and public key PK audit Disclosed are methods and apparatus for controlling the flow of liquid.
6. The aggregate signature method for data compliance verification of claim 1, wherein the step 5 of generating the certificate of the auditor comprises the steps of:
5.1 Certificate generation center randomly selects t e Z n Calculation of
5.2 Certificate generation center randomly selects P ε G r Calculation of
5.3 A certificate generation center generates a unique certificate set for each auditor, and randomly selects R i ∈G r To generate a certificate sets i Representing the value to which the auditor attribute value is mapped into the integer group;
5.4 Certificate generation center generates cre= { K, CL, { K aduit(i) }}。
7. The aggregate signature method for data compliance verification of claim 1, wherein the submitting document submitting stage of step 6 comprises the steps of:
6.1 Randomly choosing r e Z by submitter p Nuclear power emergency data m epsilon {0,1} * Private key SK audit The system parameter params is used as input;
6.2 Submitter calculates signature sigma submit =(σ s1 ,σ s2 ) Wherein:
σ s1 =r,σ s2 =H 4 (m,r) cd ;
6.3 Submitter will sign (sigma) submut M) and the nuclear power emergency data document are sent to a first auditor of the auditing group.
8. The aggregate signature method for data compliance verification of claim 1, wherein the signature phase of the auditor in step 7 comprises the steps of:
7.1 Hiding access strategy of auditor, i.e. APOL, and attribute value H in APOL i(j) Hidden conversion toAnd the converted access strategy of the auditor is disclosed;
7.2 The first auditor in the auditing process needs to verify the signature operation, and verifies:
e(σ s2 ,g)=e(H 4 (m,r),Z′);
7.3 After the equation verification is passed, the auditor performs compliance data audit;
7.4 After the verification is passed, signature operation is carried out, then the signature and the data are sent to the next verifier, and if the verification is not passed, a compliance verification suspension stage is executed;
7.5 If it is other auditor, the following operations are executed;
7.6 Auditor calculationWherein is sigma i∈l λ i ω i =s,{λ i -a valid analysis of secret s;
7.7 Auditor calculation
7.8 Verifying and calculating the aggregate signature of the reviewer i-1 by the reviewer i):
if the formula (1) is established, performing the next verification calculation;
7.9 Verification calculation by auditor i
If the formula (2) is established, the aggregate signature is correct, the following operation is executed, otherwise, the aggregate signature is refused, the data compliance auditing operation is stopped, and a compliance auditing suspension stage is entered;
7.10 Using a Lewko-Waters algorithm to generate a map P (i) of the attributes in the APOL, the Lewko-Waters algorithm being a representation of the Boolean expression of the APOL converted into a form of a matrix M;
7.11 Random selection of y by auditor 2 ,y 3 ,...,y l ∈Z n ,s aduit Is the secret parameter that the reviewer wants to share, where s aduit ∈Z n L is the number of attributes in the auditor access policy, and the auditor gets the vector v=(s) aduit ,y 2 ,y 3 ,...,y l );
7.12 I=1, 2, 3.., attribute values in the i region, and λ using the i-th row calculation of the auditor to obtain vector v and M of the auditor access policy transformation i Finally get lambda 1 ,λ 2 ,...,λ l ;
7.13 Random selection of r by auditor 1 ,r 2 ,...,r x ∈Z n Where x.epsilon.1..i.,. Randomly selecting Z for each attribute value 0,x ∈G q Z is selected randomly for the attribute names corresponding to the attribute value sets 1,x ∈G q ;
7.14 Auditor calculates attribute code { { { C i,x },D i,x }, whereinH i(j) The jth attribute value, C, representing the ith attribute name for each attribute value i,x An attribute code corresponding to the x-th attribute value corresponding to the i-th attribute name, D i,x The attribute code corresponding to the ith attribute name;
7.15 Reviewers view whether the document to be reviewed is compliant with the data and give comments M aduit And calculate C 1 =g p s And performs the following operations;
7.16 Randomly selecting U, U epsilon Z by auditors p Delta is calculated =u| PK audit ||PK TA ||m||M id ,Wherein m is the data document to be audited;
7.17 Auditor calculationWhere h=ab.
9. The aggregate signature method for data compliance verification of claim 1, wherein the aggregate signature phase of the auditor in step 8 comprises the steps of:
8.1 Initializing signature generation (1) for a first auditor G ,1 G ,1 G ,1 G ) In (1) G ,1 G ,1 G ,1 G ) Aggregating the signatures on the basis of the aggregate signatures of the ith-1 th auditor if the ith auditor is the same (delta) aduit(i-1) ,δ a ,δ b ,δ c ) Polymerizing on the basis;
8.2 Randomly selecting r, x epsilon Z by auditors n Calculate delta' b =δ b +rg,δ′ c =δ c +xg;
8.3 Auditor calculates delta' a =xδ′ b +rδ c +SK audit,1 SK audit-i,2 H 2 (δ aduit-i ||m)g;
8.4 Final auditor gets the aggregate signature (delta) aduit(i) ,δ a ,δ b ,δ c )。
10. The aggregate signature method for data compliance verification of claim 1, wherein the compliance verification suspension phase of step 9 comprises the steps of:
9.1 Auditor withThe machine selects a c E {0,1}, and calculates the signature sigma of the auditor with respect to the data document m ,
Wherein sigma m =(δ aduit(i) ,σ 1 ,σ 2 )=(δ aduit(i) ,c,H 3 (δ aduit(i) ,c) ab );
9.2 Submitter verification):
if the formula (3) is true, continuing to verify:
e(σ 2 ,g p )=e(H 3 (δ aduit(i) ,σ 1 ),X) (4)
if the formula (4) is satisfied, the audit interrupt signature is correct, otherwise, the audit interrupt signature is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310676702.0A CN117034357A (en) | 2023-06-08 | 2023-06-08 | Aggregation signature method for data compliance audit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310676702.0A CN117034357A (en) | 2023-06-08 | 2023-06-08 | Aggregation signature method for data compliance audit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117034357A true CN117034357A (en) | 2023-11-10 |
Family
ID=88628692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310676702.0A Pending CN117034357A (en) | 2023-06-08 | 2023-06-08 | Aggregation signature method for data compliance audit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117034357A (en) |
-
2023
- 2023-06-08 CN CN202310676702.0A patent/CN117034357A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109074434A (en) | Method and system for verifying ownership of digital assets using distributed hash tables and point-to-point distributed ledgers | |
| CN110113156B (en) | Traceable hierarchical multi-authorization ciphertext policy attribute-based authentication method | |
| Yuen | PAChain: private, authenticated & auditable consortium blockchain and its implementation | |
| EP3864794B1 (en) | Linking transactions | |
| Gunasinghe et al. | PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets. | |
| Lee et al. | Sims: Self sovereign identity management system with preserving privacy in blockchain | |
| Kim et al. | Simulation-extractable zk-SNARK with a single verification | |
| He et al. | An enhanced traceable CP-ABE scheme against various types of privilege leakage in cloud storage | |
| Iavich et al. | Improved Post-quantum Merkle Algorithm Based on Threads | |
| Sivasundari et al. | RETRACTED ARTICLE: Hybrid aggregated signcryption scheme using multi-constraints differential evolution algorithm for security | |
| Zhang et al. | Enforcing input correctness via certification in garbled circuit evaluation | |
| JP2022527358A (en) | Computer-implemented methods and systems for knowledge proof in blockchain transactions | |
| CN111431715A (en) | Policy control signature method supporting privacy protection | |
| Wang et al. | A novel blockchain identity authentication scheme implemented in fog computing | |
| JP2004228958A (en) | Signature method and signature program | |
| CN117034357A (en) | Aggregation signature method for data compliance audit | |
| Abhilash et al. | Efficient group signature scheme using lattices | |
| JP5227816B2 (en) | Anonymous signature generation device, anonymous signature verification device, anonymous signature tracking determination device, anonymous signature system with tracking function, method and program thereof | |
| CN108667619A (en) | A kind of the whitepack implementation method and device of SM9 digital signature | |
| Kang et al. | CRFs for digital signature and NIZK proof system in web services | |
| Rondelet | A note on anonymous credentials using BLS signatures | |
| Huang et al. | Dynamic Group Signature Scheme on Lattice with Verifier-local Revocation | |
| Nandi et al. | Predicate signatures from pair encodings via dual system proof technique | |
| Xie et al. | Non-interactive zero-knowledge proof scheme from RLWE-based key exchange | |
| CN115473632B (en) | Improved multi-layer linkable ring signature generation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |