WO2018045647A1 - 一种多变量公钥的签名系统和方法 - Google Patents
一种多变量公钥的签名系统和方法 Download PDFInfo
- Publication number
- WO2018045647A1 WO2018045647A1 PCT/CN2016/108691 CN2016108691W WO2018045647A1 WO 2018045647 A1 WO2018045647 A1 WO 2018045647A1 CN 2016108691 W CN2016108691 W CN 2016108691W WO 2018045647 A1 WO2018045647 A1 WO 2018045647A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- matrix
- signature
- public key
- component
- processor
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3026—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3093—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Definitions
- the present invention relates to the field of information security, and in particular to a signature system and method for a multivariate public key.
- MPKC's signature scheme plays an important role in post-quantum cryptography because the MPKC signature scheme is a signature scheme that can resist quantum attacks. UOV and Rainbow are good examples.
- the existing MPKC signature scheme also has its limitations: the signature speed is not fast, and the private key storage is large. The reason why the signature speed is not fast is that in the process of generating the signature, the signature scheme of MPKC needs to perform a large number of matrix multiplication operations on the finite field, and also performs matrix inversion on the finite field; the reason for the large amount of private key storage is MPKC's signature scheme needs to store parameters for all variables involved. Then it will be a problem in actual production applications.
- the first object of the present invention is to overcome the shortcomings and shortcomings of the prior art, and to provide a multi-variable public key signature system, which can speed up the multi-variable public key signature in the case of ensuring that the signature is unforgeable and secure. At the same time reduce the amount of private key storage.
- a second object of the present invention is to provide a method for signing a multivariate public key implemented by the above signature system.
- a first object of the present invention is achieved by the following technical solution: a signature system for a multivariate public key, comprising: a first processor, a first linear affine transform component, a trapdoor component, and a second linearity Affine conversion component;
- the first processor is configured to receive a message to be signed and send the received message to be signed to a first linear affine transformation component, configured to generate a random number and send the generated random number to the trapdoor component;
- the first linear affine transformation component is configured to perform affine transformation calculation on the received message to be signed, and then send the affine transformation calculation result to the trapdoor component;
- the trapdoor component is configured to generate a multivariate polynomial equation group according to the private key parameter, and substitute the received random number and the affine transformation result into the multivariate polynomial equation group for solving, and transmit the obtained solution to the first a two-linear affine transformation component;
- the second linear affine transform component is configured to perform affine transformation calculation on the solution sent by the trapdoor component to obtain a signature.
- the first processor package is a first scheduler, a first memory, and a random number generator;
- the first scheduler is connected to the selection switch for identifying an open state signal and a closed state signal received by the first processor, and controlling an operating state of the first processor by the selection switch; for storing in the first processor
- the data in the schedule is dispatched to the first linear affine transform component, the trapdoor component, and the second linear affine transform component; for transmitting the signature to other users;
- a first memory for storing data in the first processor; for storing a signature
- a random number generator for randomly generating random numbers.
- the trapdoor component comprises a matrix rotator, a matrix operator, a polynomial and matrix converter, and a polynomial operator;
- a matrix operator for generating a matrix; for performing basic operations and transformations on the matrix;
- a polynomial and matrix converter for converting a matrix into a polynomial; for converting a polynomial into a matrix;
- a polynomial operator for finding the inverse of a polynomial in a finite field; for performing a basic operation on a polynomial;
- Matrix rotator for rotating the matrix.
- the second object of the present invention is achieved by the following technical solution: a multivariate public key signature method implemented by a signature system based on the above multivariate public key, and the steps are as follows:
- the first processor receives the message to be signed, and then sends the message to be signed to the first linear affine transform component.
- the first linear affine transform component performs affine transformation calculation on the received message to be signed, and then sends the affine transformation result to the trapdoor component; and the first processor randomly generates a set of random numbers to send to the trap.
- Door component performs affine transformation calculation on the received message to be signed, and then sends the affine transformation result to the trapdoor component; and the first processor randomly generates a set of random numbers to send to the trap.
- the trapdoor component generates a multivariate polynomial equation group according to the private key parameter, and then substitutes the received random number and affine transformation result into the multivariate polynomial equation group to solve the problem, and finally transmits the obtained solution to the second linear affine. Transformation component
- the second linear affine transform component After receiving the solution sent by the trapdoor component, the second linear affine transform component performs affine transformation calculation to obtain a signature.
- step S1 the specific steps of the system initialization in the step S1 are as follows:
- step S3 the first linear affine transform component receives the message to be signed, according to the coefficient matrix Perform affine transformation on the message to be signed, and get:
- the first processor randomly generates a set of random numbers in the step S3 And sent to the trapdoor component;
- step S4 the trapdoor component generates a multivariate polynomial equation group according to the private key parameter, and substitutes the received random number and the affine transformation result into the multivariate polynomial equation group to solve the specific process.
- the trapdoor component calls the parameters B 1 , D 1 , r, and uses the matrix operator to calculate the intermediate value matrix.
- l 1,0 to l 1, r-1 is an element in the matrix l 1 of the intermediate value;
- the trapdoor component calls the parameters B r+1 , D r+1 , s, and uses the matrix operator to calculate the intermediate value matrix.
- l 2,0 to l 2, s-1 are elements in matrix l 2 ;
- the trapdoor component calls the private key parameters A i , C i , E i , s, m, and uses the matrix operator to calculate the intermediate value.
- a second linear step S5 the affine transformation means after receiving the transmission member trapdoors Solution V 3
- the coefficient matrix Affine transformation is performed on the solution sent by the trapdoor component to obtain:
- the signature sig is sent to the first memory for storage.
- the message obtained in step S5 and corresponding to the signature is input to the signature verification system, and the signature verification system includes a second processor and a public key conversion component;
- the second processor is configured to receive a public key, a signature, and a signature corresponding to the signature, and send the public key and the signature to the public key transformation component; and receive the operation result returned by the public key transformation component, and the operation result is obtained Compare with the message. If the result of the operation is equal to the message, the verification result of the signature is passed.
- the public key is generated by a private key generated by a randomly generated private key and a randomly generated private key;
- the public key transforming component is configured to perform the operation on the received signature and the public key, and then return the operation result to the second processor.
- the second processor includes a second scheduler and a second memory
- the second scheduler is connected to the selection switch for identifying the open state signal and the closed state signal received by the second processor, and controlling the working state of the second processor by the selection switch; for storing in the first processor
- the data in the schedule is dispatched to the public key transform component; used to send the signature verification result to other users;
- the second memory is configured to store a message corresponding to the signature and the signature; and is configured to store an operation result returned by the public key transformation unit.
- step S1 further includes the following steps: performing rotation on the randomly generated private key parameter, and then generating a public key parameter according to the randomly generated private key parameter and the private key parameter obtained after the rotation, and generating the public key The key parameters are published;
- the signature verification method implemented by the signature verification system is as follows:
- the second processor receives the public key, the signature, and the signature corresponding message, and sends the public key and the signature to the public key transformation component.
- the public key transform unit performs the operation on the received signature and the public key, and then returns the operation result to the second processor.
- the second processor After receiving the operation result sent by the public key conversion unit, the second processor compares the operation result with the message. If the operation result is equal to the message, the verification result of the signature is verification.
- step S1 the step of generating the public key in the step S1 is specifically as follows:
- step S1-4 in accordance with step S1-4 obtained dimension v ⁇ v matrix A 1, A 1 calculated transposed matrix obtained
- the matrix A i is the matrix A r+j of the s group dimension h ⁇ h randomly generated in step S1-4;
- step S1-4 a matrix B 1 having a dimension of v ⁇ r is obtained:
- B 1 [b 1 , b 2 , . . . , b r ]; wherein b 1 to b r are elements in the matrix B 1 ;
- the dimension is h ⁇ s matrix B r+1 :
- B r+1 [b' 1 ,b' 2 ,...,b' s ]; wherein b' 1 to b' s are elements in the matrix B r+1 ;
- step S1-4 a matrix D 1 having a dimension of r ⁇ 1 is obtained, and a transpose of D 1 is obtained to obtain a matrix.
- the resulting first step S1-4 dimension s ⁇ 1 matrix D r + 1, D r + is calculated to obtain a transposed matrix
- Lc is a random value
- P 1 to P m are elements of the public key P;
- the signature sig [x' 1 , x' 2 , . . . , x′ n ] is verified.
- the signature system of the present invention is composed of a first processor, a first linear affine transformation component, a trapdoor component, and a second linear affine transformation component, generates a random number by the first processor, and receives by the first processor
- the message to be signed is sent to the first linear affine transformation component, and the first linear affine transformation component affine-transforms the received message to be signed and sends it to the trapdoor component, and the trapdoor component generates more according to the private key parameter.
- Variable polynomial equations, and the received random number and affine transformation results are substituted into the multivariate polynomial equations for solution, and the second linear affine transformation component performs affine transformation transformation on the solution obtained by the trapdoor component to obtain the signature.
- the invention speeds up the multi-variable public key signature speed while reducing the storage capacity of the private key while ensuring that the signature is unforgeable.
- the rotation method is used in the signature process of the signature system of the present invention, and some parameters of the private key are cyclically generated, and the original security of the MPKC is not destroyed.
- the use of trapdoor components in obtaining multivariate polynomial equations Represents the coefficient of the system of equations, although the value of the coefficient is affected by these three values, but the last value is a certain value, and the eigenvalue of the coefficient matrix cannot be 0; It is constant for the equation, so the equations of the multivariate polynomial generated by the trapdoor component must have solutions.
- the signature method used in the present invention speeds up the generation of signatures.
- the rotation In the place where the rotation is performed, compared with the prior art, the rotation only needs to perform a simple n-1 vector exchange, and the prior art practice is to perform matrix multiplication on the finite field, and the phase difference speed is obvious, in particular,
- the formula Processing In the present invention, the seed vector is first obtained, and then converted into a polynomial inversion and then rotated to generate W j , and the general technical practice is to first find combined to Inverting again, according to the characteristics of the rotation, the inverse of the matrix of one rotation is also rotated, and then the process of inverting the matrix is replaced by the inverse g of the polynomial f on the expansion domain, so that the total generation of W j is finally generated.
- the time complexity is O(n(log n) 2 ), whereas the time complexity in the prior art is O(n 3 ).
- the method used in the present invention reduces the storage size of the private key.
- the present invention needs to have a randomly generated private key parameter.
- the invention only needs to store m group private key parameters C, E, two sets of private key parameters B, D, s+1 group private key parameter A and coefficient matrix
- the storage space of the private key is greatly reduced.
- the multivariate public key used in the present invention is generated by the private key and the private key generated by the rotation. Although the partial coefficient composition of the public key is rotated, the central mapping F is not rotated in general, and is subjected to linear affine. The overall public key is more reflective of the nature of the rotation, so its security is guaranteed.
- FIG. 1 is a block diagram showing the structure of a signature system of a multivariate public key in the present invention.
- FIG. 2 is a block diagram showing the structure of a signature verification system in the present invention.
- This embodiment discloses a signature system of a multivariate public key, as shown in FIG. 1, including a first processor, a first linear affine transform component, a trapdoor component, and a second linear affine transform component;
- the first processor is configured to receive a message to be signed and send the received message to be signed to a first linear affine transformation component, configured to generate a random number and send the generated random number to the trapdoor component;
- the first linear affine transformation component is configured to perform affine transformation calculation on the received message to be signed, and then send the affine transformation calculation result to the trapdoor component;
- the trapdoor component is configured to generate a multivariate polynomial equation group according to the private key parameter, and substitute the received random number and the affine transformation result into the multivariate polynomial equation group for solving, and transmit the obtained solution to the first a two-linear affine transformation component; wherein the private key comprises a randomly generated private key and a private key obtained by randomly generating a private key;
- the second linear affine transform component is configured to perform affine transformation calculation on the solution sent by the trapdoor component to obtain a signature.
- the first processor of the embodiment packs a first scheduler, a first memory, and a random number generator;
- a first scheduler connection selection switch for identifying an open state signal and a closed state signal received by the first processor, controlling an operating state of the first processor by the selection switch; for storing in the first processor Data is dispatched to the first linear affine transform component, the trapdoor component, and the second linear affine transform component; for transmitting the signature to other users;
- a first memory for storing data in the first processor; for storing a signature
- a random number generator for randomly generating random numbers.
- the trapdoor component of the present embodiment includes a matrix rotator, a matrix operator, a polynomial and matrix converter, and a polynomial operator;
- a matrix operator for generating a matrix; for performing basic operations and transformations on the matrix;
- a polynomial and matrix converter for converting a matrix into a polynomial; for converting a polynomial into a matrix;
- a polynomial operator for finding the inverse of a polynomial in a finite field; for performing a basic operation on a polynomial;
- Matrix rotator for rotating the matrix.
- a multi-variable public key signature method implemented by the signature system of the multivariate public key is also disclosed. The steps are as follows:
- System initialization randomly generating a private key parameter, and storing the private key parameter in the first processor, and then rotating the randomly generated private key parameter according to the randomly generated private key parameter and the private key obtained after the rotation
- the parameter generates a public key parameter.
- the private key parameters randomly generated during the initialization process are stored in the first processor, and the generated public key parameters are published.
- step S1-4 in accordance with step S1-4 obtained dimension v ⁇ v matrix A 1, A 1 calculated transposed matrix obtained
- the matrix A i is the matrix A r+j of the s group dimension h ⁇ h randomly generated in step S1-4;
- step S1-4 a matrix B 1 having a dimension of v ⁇ r is obtained:
- B 1 [b 1 , b 2 , . . . , b r ]; wherein b 1 to b r are elements in the matrix B 1 ;
- the dimension is h ⁇ s matrix B r+1 :
- B r+1 [b' 1 ,b' 2 ,...,b' s ]; wherein b' 1 to b' s are elements in the matrix B r+1 ;
- step S1-4 a matrix D 1 having a dimension of r ⁇ 1 is obtained, and a transpose of D 1 is obtained to obtain a matrix.
- the resulting first step S1-4 dimension s ⁇ 1 matrix D r + 1, D r + is calculated to obtain a transposed matrix
- Lc is a random value
- the parameters v, r, s, h, n generated in step S1-2 and the coefficient matrix generated in step S1-3 with And each private key parameter generated in step S1-4 is stored in the first memory of the first processor.
- the public key P generated in step S1-6 is published.
- the first processor by using the first scheduler, schedules the parameters v, r, s, h, n generated in step S1-2 and the private key parameters generated in step S1-4 into the trapdoor component.
- the first processor receives the message to be signed, and then sends the message to be signed to the first linear affine transform component.
- the first linear affine transform component performs affine transformation calculation on the received message to be signed, and then sends the affine transformation result to the trapdoor component; and randomly generates a set of random numbers in the first processor. Send to the trap door component.
- the trapdoor component generates a multivariate polynomial equation group according to the private key parameter, and then substitutes the received random number and affine transformation result into the multivariate polynomial equation group to solve the problem, and finally transmits the obtained solution to the second linear affine. Transform the parts; the specific process is as follows:
- the trapdoor component calls the parameters B 1 , D 1 , r, and uses the matrix operator to calculate the intermediate value matrix.
- l 1,0 to l 1, r-1 is an element in the matrix l 1 of the intermediate value;
- the trapdoor component calls the parameters B r+1 , D r+1 , s, and uses the matrix operator to calculate the intermediate value matrix.
- l 2,0 to l 2, s-1 are elements in matrix l 2 ;
- the trapdoor component calls the private key parameters A i , C i , E i , s, m, and uses the matrix operator to calculate the intermediate value.
- the matrix V 3 is the solution obtained by the trap component.
- the second linear affine transform component After receiving the solution sent by the trapdoor component, the second linear affine transform component performs affine transformation calculation to obtain a signature. Specifically, after the second linear affine transform component receives the solution V 3 sent by the trapdoor component, according to the coefficient matrix Affine transformation is performed on the solution sent by the trapdoor component to obtain:
- the signature sig is sent to the first memory for storage.
- the signature verification system of the embodiment includes a second processor and Public key transformation component.
- a second processor configured to receive a message corresponding to the public key, the signature, and the signature, and send the public key and the signature to the public key transformation component; and receive the operation result returned by the public key transformation component, and perform the operation result and the message Comparing, if the result of the operation and the message are equal, the verification result of the signature is verified;
- the public key is generated by a private key generated by a randomly generated private key and a randomly generated private key.
- the public key conversion unit is configured to perform the operation on the received signature and the public key, and then return the operation result to the second processor.
- the second processor includes a second scheduler and a second memory
- a second scheduler connection selection switch for identifying an open state signal and a closed state signal received by the second processor, controlling an operating state of the second processor by the selection switch; for storing in the first processor Data scheduling to a public key transformation component; for transmitting signature verification results to other users;
- the second memory is configured to store a message corresponding to the signature and the signature; and is configured to store an operation result returned by the public key transformation unit.
- the signature verification process is implemented by the above signature verification system, as follows:
- the second processor receives the signature corresponding to the public key, the message, and the message, and sends the public key and the signature to the public key transformation component.
- the public key transform component performs the operation on the received signature and the public key, and then returns the operation result to the second processor.
- the specific process of the signature and the public key in this step is as follows:
- the second processor After receiving the operation result sent by the public key conversion unit, the second processor compares the operation result with the message. If the operation result is equal to the message, the verification result of the signature is verification. details as follows:
- the selection switch connected to the second scheduler of the second processor of the signature verification system and the selection switch connected to the first scheduler of the first processor in the signature system are the same, and the selection switch is controlled by the selection switch.
- the working state of a processor and a second processor when the switch is turned on, the signature system In this case, the signature corresponding to the message is generated through steps S2 to S5.
- the signature verification system works. At this time, the signature of the message generated in step S5 is verified by steps S6 to S8.
- the finite field is GF p ; where the addition and multiplication defined on the domain are integer additions and mod 31 after multiplication.
- Randomly generating a reversible coefficient matrix in step S1-3 with They are:
- step S1-4 The following private key parameters are generated in step S1-4:
- step S1-5 Rotating in step S1-5 to generate A 2 , B 2 ;
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- Complex Calculations (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
- 一种多变量公钥的签名系统,其特征在于,包括第一处理器、第一线性仿射变换部件、陷门部件和第二线性仿射变换部件;所述第一处理器,用于接收待签名的消息并且将接收到的待签名的消息发送至第一线性仿射变换部件,用于生成随机数并且将生成的随机数发送至陷门部件;所述第一线性仿射变换部件,用于对接收到的待签名的消息进行仿射变换计算,然后将仿射变换计算结果发送至陷门部件;所述陷门部件,用于根据私钥参数生成多变量多项式方程组,用于将接收到的随机数和仿射变换结果代入至多变量多项式方程组中进行求解,并且将得到的解传送给第二线性仿射变换部件;所述第二线性仿射变换部件,用于对陷门部件发送的解进行仿射变换计算得到签名。
- 根据权利要求1所述的多变量公钥的签名系统,其特征在于,所述第一处理器包第一调度器、第一存储器和随机数生成器;所述第一调度器连接选择开关,用于识别第一处理器所接收到的开状态信号和闭状态信号,通过选择开关控制第一处理器的工作状态;用于将存储在第一处理器中的数据调度至第一线性仿射变换部件、陷门部件和第二线性仿射变换部件;用于将签名发送给其他用户;第一存储器,用于存储第一处理器中的数据;用于存储签名;随机数生成器,用于随机生成随机数。
- 根据权利要求1所述的多变量公钥的签名系统,其特征在于,所述陷门部件包括矩阵轮转器、矩阵运算器、多项式和矩阵转换器以及多项式运算器;矩阵运算器,用于生成矩阵;用于对矩阵进行基本运算和转换;多项式和矩阵转换器,用于将矩阵转换为多项式;用于将多项式转换成矩阵;多项式运算器,用于求取多项式在有限域中的逆;用于对多项式进行基本运算;矩阵轮转器,用于对矩阵进行轮转。
- 一种基于权利要求1所述的多变量公钥的签名系统实现的多变量公钥的 签名方法,其特征在于,步骤如下:S1、系统初始化:随机生成私钥参数,并且存储于第一处理器中;S2、第一处理器接收待签名的消息,然后将待签名的消息发送至第一线性仿射变换部件;S3、第一线性仿射变换部件对接收到的待签名的消息进行仿射变换计算,然后将仿射变换结果发送至陷门部件;同时第一处理器中随机生成一组随机数发送至陷门部件;S4、陷门部件根据私钥参数生成多变量多项式方程组,然后将接收到的随机数和仿射变换结果代入至多变量多项式方程组中进行求解,最后将得到的解传送给第二线性仿射变换部件;S5、第二线性仿射变换部件接收到陷门部件发送的解后,对其进行仿射变换计算,最终得到签名。
- 根据权利要求4所述的多变量公钥的签名方法,其特征在于,所述步骤S1中系统初始化的具体步骤如下:S1-1、设定系统中所有部件都是建立在一个阶为p的有限域上,其中p是一个奇素数,记此有限域为GFp;S1-2、根据安全级别选择系数v,r,s,其中v是随机数的个数,r是第一次生成签名的长度,s是第二次生成签名的长度,此外h=v+r,n=h+s,m=r+s,m是签名的总长度;S1-4、生成如下私钥参数:随机生成一组维度为v×v的矩阵A1,随机生成一组维度为v×r的矩阵B1,随机生成r组维度为v×1的矩阵Ci,随机生成一组维度为r×1的矩阵D1,随机生成s组维度为h×h的矩阵Ar+j,随机生成一组维度为h×s矩阵Br+1,随机生成s组维度为h×1矩阵Cr+j,,随机生成一组维度为s×1的矩阵Dr+1,随机生成m个常数Ek,其中i=1,2,3,...,r,j=1,2,3,...,s,k=1,2,3,...,m。
- 根据权利要求5所述的多变量公钥的签名方法,其特征在于,步骤S4中陷门部件根据私钥参数生成多变量多项式方程组,并且将接收到的随机数和仿射变换结果代入至多变量多项式方程组中进行求解的具体过程如下:S4-1-4、使用多项式和矩阵转换器将g1转换成矩阵w1=[ω1,ω2,…,ωr];其中ω1至ωr是矩阵w1中的元素;然后使用矩阵轮转器对矩阵w1进行轮转处理,得到矩阵wi=[ωr-i+2,…,ωr,ω1,ω2,…,ωr-i+1],i=2,3,…,r;S4-2-1、陷门部件调用参数A1,Ci,Ei,r,v,使用矩阵运算器计算中间值矩阵K′1=[k′1,k′2,…,k′v]=A1V1,k′1至k′v为矩阵K′1中的元素;S4-2-2、使用矩阵轮转器对矩阵K′1进行轮转处理,得到矩阵K′i=[k′v-i+2,…,k′v,k′1,k′2,…,k′v-i+1],i=1,2,…,r;
- 根据权利要求5所述的多变量公钥的签名方法,其特征在于,将步骤S5中获取到签名及该签名对应的消息输入至签名验证系统,所述签名验证系统包括第二处理器和公钥变换部件;所述第二处理器,用于接收公钥、签名及签名对应的消息签名,用于将公钥和签名发送至公钥变换部件;用于接收公钥变换部件返回的运算结果,将运算结果和消息进行比较,若运算结果和消息相等,则签名的验证结果为通过验证;其中公钥由随机生成的私钥和随机生成的私钥轮转得到的私钥生成;所述公钥变换部件,用于将接收到的签名与公钥进行运算,然后将运算结果返回给第二处理器。
- 根据权利要求7所述的多变量公钥的签名方法,其特征在于,所述第二处理器包括第二调度器和第二存储器;所述第二调度器连接选择开关,用于识别第二处理器所接收到的开状态信号和闭状态信号,通过选择开关控制第二处理器的工作状态;用于将存储在第一处理器中的数据调度至公钥变换部件;用于将签名验证结果发送给其他用户;第二存储器,用于存储签名及签名对应的消息;用于存储公钥变换部件返回的运算结果。
- 根据权利要求7所述的多变量公钥的签名方法,其特征在于,所述步骤S1还包括以下步骤:针对随机生成的私钥参数进行轮转,然后根据随机生成的私钥参数及其轮转后获取的私钥参数生成公钥参数,并且将生成的公钥参数进行公布;所述签名验证系统实现的签名验证方法具体如下:S6、第二处理器接收公钥、签名及签名对应消息,并且将公钥和签名发送至公钥变换部件;S7、公钥变换部件将接收到的签名与公钥进行运算,然后将运算结果返回给第二处理器;S8、第二处理器接收到公钥变换部件发送的运算结果后,将运算结果和消息进行比较,若运算结果和消息相等,则签名的验证结果为通过验证。
- 根据权利要求9所述的多变量公钥的签名方法,其特征在于,所述步骤S1中生成公钥的步骤具体如下:S1-5、初始化中心映射F=(F1,F2,…,Fm),其中Fi的维度为(n+1)× (n+1),i=1,2,3,…,m;其中其中当1≤i≤r时,矩阵Ai获取过程如下:当r+1≤i≤m时,矩阵Ai即为步骤S1-4中随机生成的s组维度为h×h的矩阵Ar+j;当1≤i≤r时,矩阵Bi获取过程如下:首先根据步骤S1-4得到维度为v×r的矩阵B1:B1=[b1,b2,…,br];其中b1至br为矩阵B1中的元素;然后对矩阵B1进行轮转处理后得到矩阵Bi:Bi=[br-i+2,…,br,b1,…,br-i+1],i=2,3,…,r;当r+1≤i≤m时,矩阵Bi获取过程如下:首先根据步骤S1-4得到维度为h×s矩阵Br+1:Br+1=[b′1,b′2,…,b′s];其中b′1至b′s为矩阵Br+1中的元素;然后对矩阵Br+1进行轮转处理得到矩阵Bi:Bi=[b′s-i+2,…,b′s,b′1,…,b′s-i+1],i=r+2,r+3,…,m;其中矩阵Ci即为步骤S1-4随机生成的r组维度为v×1的矩阵Ci;当1≤i≤r时,矩阵Di获取过程如下:当r+1≤i≤m时,矩阵Di获取过程如下:其中矩阵Ei即为步骤S1-4随机生成m个常数Ek,k=1,2,3,…,m;首先计算公钥的中间值P′:P′=[P′1,P′2,…,P′m];然后根据中间值P′计算出公钥P为:P=L1×P′=[P1,P2,…,Pm];其中P1至Pm为公钥P中各元素;所述步骤S7中公钥变换部件对签名与公钥进行运算的具体过程如下:将签名sig=[x′1,x′2,…,x′n]带入公钥P=[P1,P2,…,Pm]中,得到:得到Z=[z1,z2,…,zm]作为运算结果;所述步骤S8中,第二处理器将公钥变换部件返回的运算结果 Z=[z1,z2,…,zm]与消息Y=[y1,y2,…,ym]进行比较,若两者相等,则签名sig=[x′1,x′2,…,x′n]验证通过。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2016422576A AU2016422576B2 (en) | 2016-09-09 | 2016-12-06 | Multivariable public key signature system and method |
GB1902689.7A GB2572068B (en) | 2016-09-09 | 2016-12-06 | Signature system and method for multivariable public key |
SG11201902079RA SG11201902079RA (en) | 2016-09-09 | 2016-12-06 | Signature system and method for multivariable public key |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610815728.9A CN106330463B (zh) | 2016-09-09 | 2016-09-09 | 一种多变量公钥的签名系统和方法 |
CN201610815728.9 | 2016-09-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018045647A1 true WO2018045647A1 (zh) | 2018-03-15 |
Family
ID=57787005
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/108691 WO2018045647A1 (zh) | 2016-09-09 | 2016-12-06 | 一种多变量公钥的签名系统和方法 |
Country Status (5)
Country | Link |
---|---|
CN (1) | CN106330463B (zh) |
AU (1) | AU2016422576B2 (zh) |
GB (1) | GB2572068B (zh) |
SG (1) | SG11201902079RA (zh) |
WO (1) | WO2018045647A1 (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108880816A (zh) * | 2017-05-15 | 2018-11-23 | 深圳职业技术学院 | 一种彩虹签名装置 |
CN109525393A (zh) * | 2017-09-20 | 2019-03-26 | 深圳职业技术学院 | 一种抗量子计算攻击的数字签名方法、验证方法及系统 |
CN108989056A (zh) * | 2018-09-28 | 2018-12-11 | 深圳职业技术学院 | 一种基于掩码的彩虹签名装置和方法 |
CN111211897B (zh) * | 2019-12-20 | 2021-11-09 | 河南大学 | 一种基于随机预言模型的时间控制加密安全增强方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130329883A1 (en) * | 2012-06-12 | 2013-12-12 | Kryptnostic | Method for fully homomorphic encryption using multivariate cryptography |
CN103490897A (zh) * | 2013-09-17 | 2014-01-01 | 华南理工大学 | 一种多变量公钥签名/验证系统及签名/验证方法 |
CN103501227A (zh) * | 2013-10-23 | 2014-01-08 | 西安电子科技大学 | 一种改进的多变量公钥密码加解密方案 |
CN104009848A (zh) * | 2014-05-26 | 2014-08-27 | 华南理工大学 | 一种混合型的多变量数字签名系统及方法 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103490883B (zh) * | 2013-09-17 | 2016-10-05 | 华南理工大学 | 一种多变量公钥加密/解密系统及加密/解密方法 |
CN103780382B (zh) * | 2014-01-13 | 2017-01-18 | 华南理工大学 | 一种基于超球面的多变量公钥加密/解密系统及方法 |
-
2016
- 2016-09-09 CN CN201610815728.9A patent/CN106330463B/zh active Active
- 2016-12-06 SG SG11201902079RA patent/SG11201902079RA/en unknown
- 2016-12-06 WO PCT/CN2016/108691 patent/WO2018045647A1/zh active Application Filing
- 2016-12-06 GB GB1902689.7A patent/GB2572068B/en not_active Expired - Fee Related
- 2016-12-06 AU AU2016422576A patent/AU2016422576B2/en not_active Ceased
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130329883A1 (en) * | 2012-06-12 | 2013-12-12 | Kryptnostic | Method for fully homomorphic encryption using multivariate cryptography |
CN103490897A (zh) * | 2013-09-17 | 2014-01-01 | 华南理工大学 | 一种多变量公钥签名/验证系统及签名/验证方法 |
CN103501227A (zh) * | 2013-10-23 | 2014-01-08 | 西安电子科技大学 | 一种改进的多变量公钥密码加解密方案 |
CN104009848A (zh) * | 2014-05-26 | 2014-08-27 | 华南理工大学 | 一种混合型的多变量数字签名系统及方法 |
Also Published As
Publication number | Publication date |
---|---|
AU2016422576B2 (en) | 2020-04-16 |
GB2572068A (en) | 2019-09-18 |
AU2016422576A1 (en) | 2019-03-21 |
CN106330463A (zh) | 2017-01-11 |
SG11201902079RA (en) | 2019-05-30 |
GB201902689D0 (en) | 2019-04-17 |
CN106330463B (zh) | 2019-08-20 |
GB2572068B (en) | 2022-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10521616B2 (en) | Remote re-enrollment of physical unclonable functions | |
WO2018045647A1 (zh) | 一种多变量公钥的签名系统和方法 | |
CN100583755C (zh) | 使用同源来设计密码系统 | |
CN106941407B (zh) | 一种平台数据动态加密的方法和装置 | |
WO2014112548A1 (ja) | 秘匿計算システム、演算装置、秘匿計算方法、およびプログラム | |
CN105721158A (zh) | 云安全隐私性和完整性保护方法和系统 | |
WO2015103977A1 (zh) | 一种基于超球面的多变量公钥加密/解密系统及方法 | |
JP2021515271A (ja) | コンピュータにより実施される投票処理およびシステム | |
CN108833117B (zh) | 一种私钥存储和读取方法、装置及硬件设备 | |
US8356182B2 (en) | Electronic signature system and electronic signature verifying method | |
JP2022095852A (ja) | デジタル署名方法、署名情報の検証方法、関連装置及び電子機器 | |
CN101729250B (zh) | 增量可证数据完整性验证方法、设备和系统 | |
Vadapalli et al. | Duoram: A {Bandwidth-Efficient} Distributed {ORAM} for 2-and 3-Party Computation | |
CN109274504B (zh) | 一种基于云平台的多用户大数据存储分享方法及系统 | |
US11784814B2 (en) | Arithmetic device and method | |
CN101471779B (zh) | 可证数据完整性验证方法、设备和系统 | |
Zhang et al. | Efficient ring signature schemes over NTRU Lattices | |
CN115694822A (zh) | 基于零知识证明的验证方法、装置和系统、设备及介质 | |
CN102546185A (zh) | 加密数据的方法及加密数据的传输装置 | |
CN112184441A (zh) | 数据处理方法、装置、节点设备及存储介质 | |
CN104410498A (zh) | 一种动态口令认证方法及其系统 | |
WO2019239776A1 (ja) | 復号装置、暗号化装置及び暗号システム | |
CN102611550A (zh) | 加密数据的方法和加密数据的传输方法 | |
Bertók et al. | A multi-round bilinear-map-based secure password hashing scheme | |
Harjito et al. | Comparative Analysis between Elgamal and NTRU Algorithms and their implementation of Digital Signature for Electronic Certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16915581 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 201902689 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20161206 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2016422576 Country of ref document: AU Date of ref document: 20161206 Kind code of ref document: A |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 12/07/2019) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16915581 Country of ref document: EP Kind code of ref document: A1 |