KR101162707B1 - Method of trapdoor sanitizable signature based on an ordinary digital signature - Google Patents

Abstract

PURPOSE: A method of TSS(Trapdoor Sanitizable Signature) based on an ordinary digital signature algorithm is provided to improve an calculation speed at each algorithm by performing the same calculation as that in the signature formation and verification of the ordinary digital signature algorithm. CONSTITUTION: A TSS(Trapdoor Sanitizable Signature) system(100) is composed of an trusted organization(110), a signer(120), an editor(130), and a verifier(140). The trusted organization plays the same role as an institute issuing an official authentication certificate in a PKI(Public Key Infrastructure) environment. The TSS system sets up the system, generates a key, creates a signature, produces a trapdoor, performs editing, and executes a signature verification algorithm. The trusted organization sets up the system and executes key generation algorithms. The signer creates a signature and executes trapdoor generation algorithms. An editor executes an editing algorithm. The verifier executes a signature verification algorithm.

Description

{Method of Trapdoor sanitizable signature based on an ordinary digital signature}

The present invention relates to an electronic signature method, and more particularly, to a trapdoor based editable electronic signature method.

Dae Hyun Yum, Jae Woo Seo, and Pil Joong Lee: Trapdoor Sanitizable Signatures Made Easy. In: J. Zhou and M. Yung (Eds.): ACNS 2010, LNCS 6123, pp. 53-68, 2010. Springer-Verlag Berlin Heidelberg 2010 is a paper corresponding to the present invention, the entire contents of which are incorporated into the present invention.

Message origin authentication refers to verifying that the origin of a message or data is indeed the origin of the claim and can be provided by digital signature. A digital signature is an electronic form of information attached or logically attached to an electronic document that identifies the signer and indicates that the signer has signed the document. In an ordinary digital signature system, it is impossible to forge a source because it is not possible to generate a new digital signature for any message.

Digital signatures have been widely used in a variety of fields for the purpose of providing source certification, but there are cases where some of the signed documents need to be edited, depending on the application. For example, if a government discloses confidential documents or accesses personal medical data, it is necessary to delete and disclose information that violates personal privacy, and the routing protocol also requires some modifications to the signed data as needed. . In the above cases, we can consider the method of regenerating the signature for the edited document, but this method is not efficient because the signer is only available online and always requires cooperation with the signer.

The sanitizable signature system is a signature system developed in consideration of the above case. In the editable digital signature system, the editor can perform limited editing on a signed electronic document by delegating editing authority to a sanitizer whose signer is a third party at the time of generation of the digital signature. That is, an editor authorized by the signature authority may arbitrarily edit some messages designated by the signer in the signed electronic document without generating a separate communication with the signer, and generate a new electronic signature for the edited electronic document. However, since the editor is determined when the digital signature is generated, it is impossible to delegate the editing authority to others later.

The Trapdoor Sanitizable Signature (TSS) system allows the signer to grant editing rights to any user through the delivery of the trapdoor. Enable you to play a role. In other words, if the signer generates a signature and subsequently delivers the trapdoor to any user A, the user A becomes an editor and can arbitrarily edit the message specified by the signer. Therefore, in a trapdoor based editable digital signature system, the signer can arbitrarily select an editor even after the signature is generated.

Unlike editable digital signatures, a trapdoor-based editable digital signature (TSS) system does not require the signer to determine the editor at the time of signature creation, and provides the trapdoor at any time to delegate authority as an editor. It is possible to have several editors. The TSS system can be used more flexibly than the editable digital signature system, and can be efficiently applied in an environment where a large number of unspecified editors are needed. The TSS system was first proposed at ACNS 2008 by Carnard et al. And while the editable digital signature system is designed using the chameleon hash function, the TSS system is designed using the identity-based chameleon hash function. The identity-based chameleon hash function generates a hash value by using any non-redundant identity (ID, for example, identity string) as a public key, such as an email address and a uniform resource locator (URL), and generates a hash value. The user with the key can find the input with the same output in the hash function. The trapdoor-based editable signature algorithm proposed by Canard et al. Hashes each part of the document using the public key of the identity-based chameleon hash function and uses the private key as a trapdoor. Because identity-based chameleon hash functions are computed by operations with high computational complexity, such as power exponentials, they reduce the efficiency of signature algorithms when generating signatures, and they also increase implementation complexity because chameleon hash functions must be implemented separately. Identity-based chameleon hash functions are known to require more computation than general digital signature algorithms such as RSA.

{1} "Tag Authentication Method Using Digital Signature", Publication No. 2010-0031346 (published March 22, 2010) {2} "A computer-readable recording medium recording an electronic signature storage device, a method and a program for executing the method", Korean Patent Publication No. 2009-0016886 (published February 18, 2009)

[1] Sebastien Canard, Fabien Laguillaumie, and Michel Milhau: Trapdoor Sanitizable Signatures and their Application to Content Protection. In: S.M. Bellovin et al. (Eds.): ACNS 2008, LNCS 5037, pp. 258.276, 2008. Springer-Verlag Berlin Heidelberg (2008).

An object of the present invention is to provide a trapdoor-based editable digital signature algorithm design method using only a general digital signature algorithm.

The present invention provides a trapdoor based editable digital signature method using a general digital signature, which includes a system setup step, a key generation step, a signature generation step, a trapdoor generation step, an editing step, and a signature verification step. In the trapdoor based editable digital signature method using a general digital signature, to perform a trapdoor based editable digital signature (TSS),

A system setting step performed by a trusted authority for generating system parameters including security parameters and a general digital signature algorithm;

A key generation step performed by the trusted authority, generating a signature key and a verification key of the TSS from the security parameters in the system parameters;

A signature generation step performed by the signer, generating a digital signature of the TSS from the message, the editable index set, and the signature key of the TSS;

A trapdoor generation step performed by the signer, generating a trapdoor from the message, the digital signature of the TSS, the verification key of the TSS, and the editable index set;

An editing step performed by an editor for generating a digital signature of the TSS corresponding to the edited message from the message, the digital signature of the TSS, the verification key of the TSS, the trapdoor, the editable index set, and the edited message; And

And verifying the validity of the digital signature from the message, the digital signature of the TSS, the verification key of the TSS, and the editable index.

를 입력받는 단계; 보안 파라미터에 따라 일반 전자서명 알고리즘

을 선택하는 단계; 및 보안 파라미터와 일반 전자서명 알고리즘을 시스템 파라미터

로서 출력하는 단계를 포함한다.The system configuration step is a security parameter

Receiving an input; General digital signature algorithm based on security parameters

Selecting a; And security parameters and general digital signature algorithm system parameters.

And outputting as.

)와 검증키(

)를 생성하는 단계; 및 일반 전자서명의 서명키와 검증키를 TSS의 서명키(

) 및 TSS의 검증키(

)로서 출력하는 단계를 포함한다.The key generation step may include receiving a system parameter; The signature key of the general digital signature based on the key generation algorithm ( K ) specified by the system parameter (

) And validation key (

Generating c); And the signature key and verification key of the general digital signature.

) And the TSS verification key (

And outputting).

), 편집 가능 인덱스 집합(

), 및 TSS의 서명키를 입력받는 단계; 시스템 파라미터에 의해 지정된 일반 전자서명의 키 생성 알고리즘에 기초하여 임시 서명키(

) 및 임시 검증키(

)를 생성하는 단계; 메시지와 편집 가능 인덱스 집합을 이용하여 임시 검증키와 부메시지들의 연접으로 이루어진 인코딩된 메시지(

)를 생성하는 단계; 시스템 파라미터에 의해 지정된 일반 서명 생성 알고리즘에 기초하여 인코딩된 메시지 및 TSS의 서명키로부터 인코딩된 메시지에 대한 전자서명(

) 및 편집 가능 인덱스에 대응하는 부메시지를 위한 전자서명(

)을 생성하는 단계; 및 임시 검증키, 인코딩된 메시지에 대한 전자서명, 및 편집 가능 인덱스에 대응하는 부메시지를 위한 전자서명을 포함하는 TSS의 전자서명(

)을 출력하는 단계를 포함한다.The signature generation step consists of a message (

), Set of editable indexes (

), And receiving a signature key of the TSS; Based on the key generation algorithm of the general digital signature specified by the system parameters,

) And temporary verification key (

Generating c); An encoded message consisting of a concatenation of temporary verification keys and sub-messages using a message and a set of editable indexes.

Generating c); Digital signatures for encoded messages based on the generic signature generation algorithm specified by the system parameters,

) And digital signatures for sub-messages corresponding to the editable index (

Generating c); And a digital signature of the TSS including a temporary verification key, an electronic signature for the encoded message, and a digital signature for a submessage corresponding to the editable index.

Outputting a).

를 다음의 수학식The step of generating the encoded message is a message

To the following equation

를 생성하는 단계를 포함하며, 여기서,

는 메시지 m을 구성하는 i번째 부메시지,

은 편집 가능 인덱스 집합, i는 편집 가능 인덱스, *은 스페이스홀더(space holder)용 특수문자,

는 인코딩된 메시지

를 구성하는 i번째 부메시지,

는 임시 검증키이다.Messages encoded using

Generating a step wherein:

Is the i-th submessage composing message m,

Is a set of editable indexes, i is an editable index, * is a special character for the space holder,

Is an encoded message

I-th sub-message consisting of

Is a temporary verification key.

The signature generation step further includes storing a key list of temporary signature key and temporary verification key pairs for all editable indexes of the editable index set.

)로서 출력하는 단계를 포함한다.The trapdoor generation step may include receiving a message, an electronic signature of the TSS, a signature key of the TSS, and an editable index set; Based on the signature verification algorithm of the TSS, the message, the TSS digital signature, the TSS signature key, and the editable index set are used to determine whether the TSS digital signature is a legitimate digital signature for the message and whether a temporary verification key exists in the key list. Confirming; And a temporary signature key corresponding to the temporary verification key present in the key list when the electronic signature of the TSS is a valid digital signature for the message and the temporary verification key exists in the key list.

And outputting).

)와 편집된 부메시지(

)가 동일하지 않은 경우에 해당하는 인덱스가 편집 가능 인덱스 집합에 포함되는지를 확인하는 단계; 부메시지와 편집된 부메시지가 동일하지 않을 경우에 해당하는 인덱스가 편집 가능 인덱스 집합에 포함될 경우, TSS의 전자서명에 포함된 임시 검증키를 이용하여 임시 서명키가 정당한 임시 서명키인지를 확인하는 단계; 및 임시 서명키가 정당한 임시 서명키인 경우, 메시지, 편집 가능 인덱스 집합, 및 트랩도어를 사용하여 편집된 메시지에 대응하는 TSS의 전자서명(

)을 생성하는 단계를 포함한다.The editing step includes receiving a message, an electronic signature of the TSS, a verification key of the TSS, a trapdoor, an editable index set, and an edited message; Based on the signature verification algorithm of the TSS, the message, the TSS digital signature, the TSS verification key, and the editable index set are used to determine whether the TSS digital signature is a valid digital signature for the message and whether a temporary verification key exists in the key list. Confirming; If the TSS's digital signature is a legitimate digital signature for the message and a temporary verification key exists in the key list, the submessage (

) And the edited submessage (

Checking whether the index corresponding to the case where the) is not the same is included in the editable index set; When the corresponding index is included in the editable index set when the submessage and the edited submessage are not identical, the temporary verification key included in the TSS's digital signature is used to check whether the temporary signature key is a legitimate temporary signature key. step; And if the temporary signing key is a legitimate temporary signing key, the TSS's digital signature corresponding to the message, the editable index set, and the message edited using the trapdoor.

)).

The signature verification step may include receiving a message, a digital signature of the TSS, a verification key of the TSS, and an editable index set; Determining, for all editable indices of the editable index set, whether an electronic signature for a submessage corresponding to the editable index exists; And if there is an electronic signature for the sub-message corresponding to the editable index, the electronic signature for the encoded message and the electronic signature for the sub-messages corresponding to the editable indexes, based on the verification algorithm of the general electronic signature. Generating a signal (b) to confirm whether all are legitimate.

The general digital signature algorithm described in the present invention refers to a public key-based digital signature algorithm that is impossible to falsify the digital signature other than the signer who knows the signature key and that anyone can verify the digital signature using the verification key. For example, the RSA digital signature, the DSA, and the like correspond to the general digital signature algorithm.

In the present invention, a method for generating a digital signature by a signer, an editor arbitrarily selected by a signer, editing an original document and an attached electronic signature by using a general digital signature algorithm, and verifying the digital signature by using a general digital signature algorithm in implementing the TSS. Is provided.

According to the present invention, since the identity-based chameleon hash function used to implement the conventional TSS algorithm is not used, the amount of computation required in the steps of signature generation, signature editing, and signature verification is reduced, and even in a public key infrastructure (PKI) environment. Easy to implement

In addition, the present invention is an improvement of the TSS digital signature system proposed for the first time in ACNS 2008 by Carnard et al., The method proposed in the present invention can be implemented by a general digital signature algorithm such as RSA, DSA. Existing method proposed by Carnard et al. Uses an identity-based chameleon hash function, which has high implementation complexity and consumes a large amount of computation for signature generation, editing, and verification. However, the proposed method of the present invention provides signature generation, The computation speed in each algorithm is improved by performing the same computation as the computation required for verification.

1 illustrates an example in which algorithms of trapdoor-based editable digital signatures are applied according to a trust authority, a signer, an editor, and a verifier.
2 illustrates an embodiment of a system configuration algorithm among trapdoor based editable digital signatures.
3 illustrates an embodiment of a key generation algorithm among trapdoor based editable digital signatures.
4 illustrates an embodiment of a signature generation algorithm among trapdoor based editable digital signatures.
5 illustrates an embodiment of a trapdoor generation algorithm among trapdoor based editable digital signatures.
6 illustrates an embodiment of an editing algorithm among trapdoor based editable digital signatures.
7 illustrates an embodiment of a signature verification algorithm in a trapdoor based editable digital signature.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In describing the present invention, if it is determined that the detailed description of the related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. The following terms are defined in consideration of the functions of the present invention, and may be changed according to the intentions or customs of the user, the operator, and the like. Therefore, the definition should be based on the contents throughout this specification.

, 서명 생성

, 서명 검증

의 3개의 알고리즘으로 구성된다.Conventional digital signature method generates key

, Signature generation

Signature verification

It consists of three algorithms.

, 보안 파라미터(security parameter)

을 입력으로 받아서, 서명키

와 검증키

를 생성한다; -

, Security parameter

Input as a signature key

And validation keys

Produces;

, 임의의 길이를 가지는 메시지

과 서명키

를 입력으로 받아서, 전자서명

을 생성한다. 에러가 발생할 경우에는

을 출력한다.-

A message of arbitrary length

And signing key

As input, digital signature

. If an error occurs

Outputs

, 주어진 전자서명에 대한 메시지

, 전자서명

, 검증키

를 입력으로 받아서, 전자서명이 정당할 경우에는

을 출력하고 전자서명이 정당하지 않은 경우

을 출력한다. -

, Message for a given digital signature

, Digital signature

, Validation key

If the digital signature is valid,

If the digital signature is not valid

Outputs

는 항상 1을 출력해야 한다.The signature verification algorithm when a valid signer who knows the signature key in the general digital signature method (or algorithm) described above generates the digital signature.

Should always output 1.

, 키 생성

, 서명 생성

, 트랩도어 생성

, 편집

, 서명 검증

의 6개의 알고리즘으로 구성된다. 이 TSS 시스템에서 사용되는 메시지

은 임의의 길이를 가지는

개의 블록

로 구성되며,

은 편집자가 전자서명이 된 메시지에서 편집 가능한 블록들의 인덱스를 모아놓은 집합을 나타낸다. 즉, 편집자는 원본 메시지

에서

에 포함되는 인덱스의 블록만을 편집할 수 있다.Existing TSS system set up system

, Key generation

, Signature generation

, Create trapdoor

, edit

Signature verification

It consists of six algorithms. Message used by this TSS system

Has arbitrary length

Blocks

Lt; / RTI >

Represents a collection of indexes of editable blocks in an editor's digitally signed message. In other words, the editor is the original message

in

Only blocks of indexes included in can be edited.

, 보안 파라미터

을 입력으로 받아서, TSS 시스템에서 필요한 시스템 공개 파라미터

을 생성한다.-

, Security parameters

Is taken as an input, and the system open parameters required by the TSS system

.

, 시스템 공개 파라미터

을 입력으로 받아서 서명키

와 검증키

를 생성한다.-

, System disclosure parameters

Accepts as input the signing key

And validation keys

.

, 메시지

, 서명키

, 편집 가능 인덱스 집합

을 입력으로 받아서, 전자서명

를 출력한다. 에러가 발생할 경우에는

을 출력한다.-

, message

, Signing key

, Editable index set

Takes as input, digital signature

. If an error occurs

Outputs

, 메시지

, 전자서명

, 서명키

, 편집 가능 인덱스 집합

을 입력으로 받아서 트랩도어

를 출력한다.-

, message

, Digital signature

, Signing key

, Editable index set

Trap door as input

.

, 메시지

, 전자서명

, 검증키

, 트랩도어

, 편집 가능 인덱스 집합

, 편집된 메시지

을 입력으로 받아서

에 대한 새로운 전자서명을 출력한다. 에러가 발생할 경우에는

을 출력한다.-

, message

, Digital signature

, Validation key

, Trapdoor

, Editable index set

, Edited message

Takes as input

Print a new digital signature for. If an error occurs

Outputs

, 메시지

, 전자서명

, 검증키

, 편집 가능 인덱스 집합

을 입력으로 받아서, 전자서명이 정당할 경우에는

을 출력하고 전자서명이 정당하지 않은 경우

을 출력한다. -

, message

, Digital signature

, Validation key

, Editable index set

If the digital signature is valid,

If the digital signature is not valid

Outputs

는 항상 1을 출력해야 한다.Signature verification algorithm when a valid signer who knows a signature key in the existing TSS algorithm generates an electronic signature

Should always output 1.

을 알고 있는 정당한 편집자에 의해 원본 메시지

혹은 편집된 메시지

이

으로 편집되었을 경우, 서명 검증 알고리즘

는 편집된 메시지

과 전자서명

에 대해 항상 1을 출력해야 한다.And trapdoor

Text message by a legitimate editor who knows

Or edited message

this

Signature verification algorithm when edited with

Edited message

And digital signatures

You should always output 1 for.

Based on the knowledge of the general digital signature algorithm and the TSS algorithm described so far, an embodiment of the present invention using the general digital signature in the existing TSS algorithm will be described.

과 검증키

는 공개적으로 접근 가능한 것이라 가정한다.A TSS system 100 of a preferred exemplary embodiment of the present invention is shown in FIG. The TSS system 100 is composed of a trust authority 110, a signer 120, an editor 130, and a verifier 140. Trust authority 110 plays the same role as a certificate authority (certificate authority) in the PKI environment, the editor 130 refers to all subjects received the trapdoor from the signer. The verifier 140 means all objects accessible to the verification key. Since the TSS system is a public key based algorithm, anyone can obtain a verification key as needed. System parameters of the TSS system in describing the present invention

And validation keys

Is assumed to be publicly accessible.

The TSS system 100 shown in FIG. 1 includes a system setup 200, a key generation 300, a signature generation 400, a trapdoor generation 500, and an editing 600 which will be described below with reference to FIGS. 2 through 7. It is implemented to execute six algorithms of signature verification 700. In the exemplary TSS system 100, the trust authority 110 performs the system setup 200 and key generation 300 algorithms, and the signer 120 performs the signature generation 400 and trapdoor generation 500 algorithms. do. The editor 130 performs the edit 600 algorithm, and the verifier performs the signature verification 700 algorithm.

을 생성하는 시스템 설정(200) 알고리즘의 일 실시예를 기술한다.System parameters with reference to FIG. 2

One embodiment of a system configuration 200 algorithm for generating a system is described.

를 입력받는다. 이때 보안 파라미터는 일반 전자서명의 알고리즘의 안전도를 결정하는데 사용된다.Step 210: The system setting algorithm is a security parameter

Get input. In this case, the security parameters are used to determine the security of the general digital signature algorithm.

에 따라 트랩도어 기반 편집 가능 전자 서명에서 사용될 일반 전자서명 알고리즘

를 선택한다.Step 220: The system setting algorithm is a security parameter

Digital signature algorithm to be used in trapdoor based editable digital signatures

.

와 일반 전자서명 알고리즘

를 시스템 파라미터(

)로 설정한다.Step 230: The system setting algorithm is a security parameter

And general digital signature algorithm

To the system parameters (

Set to).

을 입력받는 동작을 수행한다. 트랩도어 기반 편집 가능 시스템(100)을 구성하는 모든 구성 요소들 이를테면 편집자, 검증자 등은

에 공개적으로 접근하는 것이 가능하다.Trust authority 110 determines the security parameters to be used in step 210.

Performs an operation of receiving input. All the components that make up the trapdoor based editable system 100 such as editors, verifiers, etc.

It is possible to access publicly.

와 검증키

를 생성하는 키 생성(300) 알고리즘의 일 실시예를 기술한다.The signing key of the signer 120 while referring to FIG.

And validation keys

One embodiment of a key generation 300 algorithm for generating a.

를 입력받는다. Step 310: The key generation algorithm is a system parameter from the system setting algorithm of FIG.

Get input.

로부터 일반 전자서명의 서명키

와 검증키

를 생성한다.Step 320: Key generation algorithm of general digital signature system

Signature key of general digital signature from

And validation keys

.

와 검증키

를 TTS 시스템의 서명키

와 검증키

로 사용한다.Step 330: Signature key of the general digital signature generated by step 320

And validation keys

Signing key of the TTS system

And validation keys

Used as.

는 서명자(120)만이 알고 있으며, 검증키

는 누구나 공개적으로 접근이 가능하다.Where the signing key

Only the signer 120 knows the verification key.

Anyone can access publicly.

과 편집 가능 인덱스 집합

, 서명키

로부터 TSS 전자서명

을 생성하는 서명 생성 알고리즘(400)의 일 실시예를 기술한다.Message while referring to Figure 4

And editable index set

, Signing key

TSS eSignature from

One embodiment of a signature generation algorithm 400 for generating A.

과 메시지

에서 편집을 허용하는 인덱스 번호들의 집합

, 서명키

를 입력받는다.Step 410: The signature generation algorithm 400 sends a message to sign from the signing user.

And messages

Set of index numbers to allow editing in

, Signing key

Get input.

에 명시된 키 생성 알고리즘

로부터 서명키

와 검증키

을 생성한다.Step 420: System Parameters

Key generation algorithm specified in

Signature key from

And validation keys

.

와 검증키

을 TSS의 임시 서명키

와 임시 검증키

로 할당한다.And the generated signature key

And validation keys

TSS temporary signing key

And temporary verification keys

To be assigned.

과 편집 가능 인덱스 집합

으로부터

을 인코딩한다. 아래 수식에서 "*"은 널 문자열(null string) 혹은 특수 기호를 나타낸다.Step 430: Message

And editable index set

From

Encode. In the formula below, "*" represents a null string or special symbol.

에 인코딩

와

를 입력으로 넣고

를 생성한다(

). 그리고, 임시 서명키

를 이용하여 편집이 허용된 모든 블록

에 대한

를 생성한다.Step 440:

Encode to

Wow

Into the input

Creates (

). And the temporary signing key

Blocks allowed to edit using

For

.

, 인코딩

에 대한 서명

, 블록

에 대한 서명

를 TSS의 전자서명

로 출력한다.Step 450: temporary verification key

, Encoding

Signature for

, block

Signature for

TSS Digital Signature

Will output

는 리스트를 만들어 저장한다. 리스트에 저장된 키 쌍에서 임시 서명키

는 이후 트랩도어로서 사용되며,

는 해당 메시지

에 대한 트랩도어

를 검색하기 위한 인덱스로 사용된다.At this point, the temporary key pair

Creates a list and saves it. Temporary signing key from key pair stored in list

Is then used as a trapdoor,

Is that message

Trapdoor for

Used as an index to search for.

과 TSS의 전자서명

, 서명키

, 편집 가능 인덱스 집합

으로부터 트랩도어

을 생성하는 일 실시예를 기술한다.5, the trapdoor generation algorithm 500 according to the present invention is a message.

And TSS digital signature

, Signing key

, Editable index set

From Trapdoor

Describes one embodiment of generating a.

과 TSS의 전자서명

, 서명키

, 편집 가능 인덱스 집합

을 입력받는다.Step 510: The trapdoor generation algorithm 500 sends a message from the signing user.

And TSS digital signature

, Signing key

, Editable index set

Get input.

가 정당한 서명인지를 확인하기 위해서 TSS의 서명 검증 알고리즘(700)을 수행한다.Step 520: Digital Signature of TSS

The signature verification algorithm 700 of the TSS is performed to verify that is a valid signature.

일 경우,

(에러)를 출력하고 알고리즘을 종료한다(540).

일 경우에는 LIST에서

와 쌍을 이루는

를 찾아서 트랩도어로 출력한다.Step 530: In Step 520

If it is,

(Error) is output and the algorithm ends (540).

In the LIST

Paired with

Find and print it to the trapdoor.

과 TSS의 전자서명

, 검증키

, 트랩도어

, 편집 가능 인덱스 집합

, 편집된 메시지

으로부터

에 해당하는 TSS 전자서명

을 생성하는 일 실시예를 기술한다.Referring to Fig. 6, the editing algorithm 600 sends a message according to the present invention.

And TSS digital signature

, Validation key

, Trapdoor

, Editable index set

, Edited message

From

TSS digital signature

Describes one embodiment of generating a.

과 TSS의 전자서명

, 검증키

, 트랩도어

, 편집 가능 인덱스 집합

, 편집된 메시지

을 입력받는다.Step 610: Editing algorithm 600 sends a message from editor 130

And TSS digital signature

, Validation key

, Trapdoor

, Editable index set

, Edited message

Get input.

가 정당한 서명인지를 확인하기 위해서 TSS의 서명 검증(700) 알고리즘을 수행한다.Step 620: Digital Signature of TSS

The signature verification 700 algorithm of the TSS is performed to verify that is a valid signature.

인지를 판단한다.

일 경우, 단계 680으로 이동하여 (에러)를 출력하고 알고리즘을 종료한다.

일 경우에는 다음 단계 640으로 이동한다. Step 630:

Determine the cognition.

If yes, go to Step 680 Print an (error) and exit the algorithm.

If yes, go to step 640.

인

에 대해서

인지를 확인한다. 이 조건을 만족하지 않는다면, 단계 680으로 이동하여

(에러)를 출력하고 알고리즘을 종료한다. 조건을 만족할 경우에는 다음 단계 650으로 이동한다.Step 640:

sign

about

Check if it is. If this condition is not met, go to step 680

Print an (error) and exit the algorithm. If the condition is met, go to step 650.

가 정당한 임시 서명키인지를 확인한다. 임시 서명키의 정당성은 전자서명

에 포함된 임시 검증키

를 이용하여 확인하는 것이 가능하며, 시스템 구현자에 따라 다양한 방법으로 구현이 가능하기 때문에 본 발명에서는 자세한 방법을 기술하지 않는다.

가

에 대한 정당한 임시 서명키가 아닐 경우, 단계 680으로 이동하여

(에러)를 출력하고 알고리즘을 종료한다. 그리고 정당한 임시 서명키일 경우에는 다음 단계 660으로 이동한다.Step 650:

Is a valid temporary signing key. The justification of the temporary signature key is digital signature

Temporary verification key included in

It is possible to check using, and since the present invention can be implemented in various ways according to the system implementer does not describe the detailed method in the present invention.

end

If it is not a valid temporary signing key for, go to step 680

Print an (error) and exit the algorithm. If it is a valid temporary signing key, go to step 660.

를 이용하여 편집된 블록

에 대한 전자서명

를 생성한다.Step 660: Temporary Signing Key

Block edited using

ESignature for

.

에서 편집되지 않은 블록

에 대해서는 이전 전자서명

를

로 할당한다.Original message

Unedited blocks in

Former Electronic Signature

To

To be assigned.

, 인코딩

에 대한 서명

, 블록

에 대한 서명

를 TSS의 새로운 전자서명

로 출력한다.Step 670: Temporary Validation Key

, Encoding

Signature for

, block

Signature for

TSS's New Digital Signature

Will output

(혹은

)과 TSS의 전자서명

(혹은

), 검증키

, 편집 가능 인덱스 집합

으로부터 전자서명

의 정당성을 확인하는 일 실시예를 기술한다.Referring to Figure 7, the signature verification algorithm 700 according to the present invention is a message

(or

) And TSS's digital signature

(or

), Validation key

, Editable index set

Digital signature from

An embodiment for checking the justification of the present invention will be described.

(혹은

)과 TSS의

(혹은

), 검증키

, 편집 가능 인덱스 집합

을 입력받는다.Step 710: The signature verification algorithm 700 sends a message from the verifier 140.

(or

) And TSS

(or

), Validation key

, Editable index set

Get input.

에 대해서

가 존재하는지를 확인한다. 조건을 만족하지 않는다면, 단계 750으로 이동하여

(에러)를 출력하고 알고리즘을 종료한다. 조건을 만족할 경우에는 다음 단계 730으로 이동한다.Step 720: all

about

Check to see if it exists. If the condition is not met, go to step 750

Print an (error) and exit the algorithm. If the condition is met, go to step 730.

를 이용하여 인코딩

에 대한 전자서명

를 검증하기 위해

을 계산하고, 임시 검증키

를 이용하여

인

에 대한 전자서명

를 검증하기 위해

를 계산한다.Step 730: Validation Key

Encoding using

ESignature for

To verify

, The temporary verification key

Using

sign

ESignature for

To verify

.

으로부터

를 계산하고 출력한다.Step 740: Calculated in Step 730

From

Calculate and print

이면

이 되고, 이는 모든 전자서명

는 정당하다는 것을 의미한다. 그리고

일 경우에는 적어도 1개 이상의 서명이 위조되었음을 의미한다.all

If

, Which is all electronic signatures

Means justified. And

In one case it means that at least one signature has been forged.

Claims (8)

General signatures for performing trapdoor based editable digital signatures (TSS) including system setup steps, key generation steps, signature generation steps, trapdoor generation steps, editing steps, and signature verification steps. In the trapdoor based editable digital signature method,
A system setting step performed by a trusted authority for generating system parameters including security parameters and a general digital signature algorithm;
A key generation step performed by the trusted authority, generating a signature key and a verification key of the TSS from the security parameters in the system parameters;
A signature generation step performed by the signer, generating a digital signature of the TSS from the message, the editable index set, and the signature key of the TSS;
A trapdoor generation step performed by the signer, generating a trapdoor from the message, the digital signature of the TSS, the verification key of the TSS, and the editable index set;
An editing step performed by an editor for generating a digital signature of the TSS corresponding to the edited message from the message, the digital signature of the TSS, the verification key of the TSS, the trapdoor, the editable index set, and the edited message; And
Trapdoor based editing using a generic digital signature, comprising a signature verification step performed by the verifier to verify the validity of the digital signature from the message, the TSS digital signature, the TSS verification key, and the editable index set. Possible digital signature methods. The method of claim 1, wherein the system setting step comprises:
Receiving a security parameter;
Selecting a general digital signature algorithm according to the security parameter; And
A trapdoor based editable digital signature method using a general digital signature, comprising outputting security parameters and a general digital signature algorithm as system parameters. The method of claim 1, wherein the key generation step,
Receiving a system parameter;
Generating a signature key and a verification key based on a key generation algorithm of the general digital signature specified by the system parameter; And
And displaying the signature key and the verification key of the general digital signature as the signature key of the TSS and the verification key of the TSS. The method of claim 1, wherein the signature generation step comprises:
Receiving a message, an editable index set, and a signature key of the TSS;
Generating a temporary signature key and a temporary verification key based on a key generation algorithm of a general digital signature specified by a system parameter;
Generating an encoded message consisting of a concatenation of a temporary verification key and sub-messages using the message and the editable index set;
Generating an electronic signature for the sub-message corresponding to the electronic signature and the editable index for the encoded message from the encoded message and the signature key of the TSS based on the generic signature generation algorithm specified by the system parameter; And
Outputting a digital signature of the TSS including a temporary verification key, an electronic signature for the encoded message, and an electronic signature for a sub-message corresponding to the editable index. Based editable digital signature method. The method of claim 4, wherein generating the encoded message comprises:
message

To the following equation

Messages encoded using

Generating a;
here,

Is the i-th submessage composing message m,

Is a set of editable indexes, i is an editable index, * is a special character for the space holder,

Is an encoded message

I-th sub-message consisting of

The trapdoor based editable digital signature method using a general digital signature, characterized in that the temporary verification key. The method of claim 4, wherein the signature generation step,
Storing a list of keys of the temporary signature key and temporary verification key pairs for all elements i of the editable index set,
The trap door generation step,
Receiving a message, an electronic signature of the TSS, a signature key of the TSS, and an editable index set;
Based on the signature verification algorithm of the TSS, the message, the TSS digital signature, the TSS signature key, and the editable index set are used to determine whether the TSS digital signature is a legitimate digital signature for the message and whether a temporary verification key exists in the key list. Confirming; And
If the digital signature of the TSS is a valid digital signature for a message and a temporary verification key exists in the key list, outputting a temporary signature key corresponding to the temporary verification key present in the key list as a trapdoor. A trapdoor based editable digital signature method using a general digital signature. The method of claim 1, wherein the editing step,
Receiving a message, an electronic signature of the TSS, a verification key of the TSS, a trapdoor, an editable index set, and an edited message;
Based on the signature verification algorithm of the TSS, the message, the TSS digital signature, the TSS verification key, and the editable index set are used to determine whether the TSS digital signature is a valid digital signature for the message and whether a temporary verification key exists in the key list. Confirming;
If the digital signature of the TSS is a legitimate digital signature for a message and a temporary verification key exists in the key list, check that the corresponding index is included in the editable index set when the submessage and the edited submessage are not identical. Making;
When the index corresponding to the case where the submessage and the edited submessage are not identical are included in the editable index set, the temporary verification key included in the TSS's digital signature is used to check whether the temporary signature key is a valid temporary signature key. Making; And
If the temporary signing key is a legitimate temporary signing key, generating a digital signature of the TSS corresponding to the edited message using the message, the set of editable indexes, and the trapdoor. Trapdoor based editable digital signature method. The method of claim 1, wherein the signature verification step comprises:
Receiving a message, an electronic signature of the TSS, a verification key of the TSS, and an editable index set;
Determining, for all editable indexes of the editable index set, whether an editable digital signature exists for the submessage corresponding to the editable index; And
If there is an editable digital signature for the sub-message corresponding to the editable index, the digital signature for the encoded message and the digital signature for the sub-messages corresponding to the editable indexes, based on the validation algorithm of the general digital signature. A trapdoor based editable digital signature method using a general digital signature, comprising: generating a signal capable of confirming whether the data is valid.

Images