WO2018119670A1 - Method and device for certificateless partially blind signature - Google Patents

Method and device for certificateless partially blind signature Download PDF

Info

Publication number
WO2018119670A1
WO2018119670A1 PCT/CN2016/112385 CN2016112385W WO2018119670A1 WO 2018119670 A1 WO2018119670 A1 WO 2018119670A1 CN 2016112385 W CN2016112385 W CN 2016112385W WO 2018119670 A1 WO2018119670 A1 WO 2018119670A1
Authority
WO
WIPO (PCT)
Prior art keywords
signer
signature
private key
system parameter
key
Prior art date
Application number
PCT/CN2016/112385
Other languages
French (fr)
Chinese (zh)
Inventor
张鹏
李俊超
喻建平
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Priority to PCT/CN2016/112385 priority Critical patent/WO2018119670A1/en
Publication of WO2018119670A1 publication Critical patent/WO2018119670A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the invention belongs to the technical field of information security, and in particular relates to a method and device for blind signature of a certificateless part.
  • a blind signature is a signature that the signer completes without knowing the content of the message requested by the signature requester. This feature is called blindness.
  • the blind signature not only has the content integrity of the digital signature, the non-repudiation of the transaction and the authenticity of the identity of both parties, but also can protect the user's privacy by using blindness.
  • the signer knows nothing about the signed message, and it is easy to cause the signature to be illegally used by the malicious requester.
  • the concept of a partial blind signature is proposed, which divides the message into a blinded part and a public part, so that part of the blind signature is controllable to the content of the signature while ensuring user privacy.
  • the Key Generation Center knows the private keys of all users and can spoof any user's signature. This problem is called key escrow.
  • Al-Riyam and Paterson proposed the concept of Certificateless Public Key Cryptography (CL-PKC). For details, see Al-Riyami S S, Paterson K G. Certificateless Public Key Cryptography [J]. Lecture Notes in Computer Science, 2003, 2894 (2): 452-473.
  • CL-PKC the key generation center generates a partial private key for the user, and the private key of the user is composed of a partial private key and a secret value randomly selected by itself, thereby solving the key escrow problem.
  • Certificateless public key cryptography and blind signature The combination of certificateless public key cryptography and blind signature is called Certificateless Blind Signature (CL-BS).
  • CL-BS Certificateless Blind Signature
  • ID-PKC Certificate management and key escrow issues in ID-PKC.
  • certificateless public key cryptography and partial blind signature phase Combined with a Certificateless Partially Blind Signature (CL-PBS).
  • Document 2 indicates that the CL-PBS scheme proposed in Document 3 cannot resist the attack of a malicious user replacing the signer's public key and proposes an improved scheme. However, through the analysis of the improvement plan, it is found that it cannot prevent malicious users from tampering with the negotiation of public information attacks.
  • the embodiment of the invention provides a certificateless partial blind signature method, which aims to solve the problem of low security of negotiating public information in the existing certificateless partial blind signature.
  • a method for blind signature of a certificateless portion includes:
  • the signer extracts his private key as Public key is
  • the verifier performs signature verification.
  • the system parameters ⁇ G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub ⁇ are disclosed and s is stored as the master key value.
  • the signer extracts its private key as Public key is The specific steps are:
  • the signer randomly chooses As its secret value
  • the signer's identity ID B part of the private key
  • And secret value Get the signer's private key as
  • the specific steps of the verifier to perform signature verification include:
  • An embodiment of the present invention further provides a certificateless partial blind signature device, including:
  • An extracting unit configured for the signer to extract the private key and the public key
  • Partial blind signature unit used to receive h after calculation And send S to the signature requester
  • a verification unit for signature verification for signature verification.
  • the system parameter establishing unit comprises:
  • Function selection module for selecting collision-free hash functions H 1 : ⁇ 0,1 ⁇ * ⁇ G 1 ,
  • the extracting unit comprises:
  • Partial private key generation module for calculating according to the system parameter params, the signer's identity ID B , KGC Partial private key Sent to the signer;
  • a secret value generating module for randomly selecting according to the system parameter params and the signer's identity ID B As its secret value
  • Private key module used according to system parameter params, signer's identity ID B , partial private key And secret value Get the signer's private key as
  • Public key module for identifying the system parameter params, the signer's identity ID B, and the secret value Get the signer's public key
  • the verification unit comprises:
  • the solution of the present invention is safe under the negotiation information tampering attack, and effectively solves the security problem caused by tampering with the public information in the certificateless partial blind signature.
  • FIG. 1 is a schematic flowchart of a method for blind signature of a certificateless portion according to an embodiment of the present invention
  • FIG. 2 is a schematic flow chart of a method for blind signature of a certificateless portion according to an embodiment of the present invention
  • FIG. 3 is a structural block diagram of a certificateless partial blind signature device according to an embodiment of the present invention.
  • FIG. 4 is a structural block diagram of a system parameter establishing unit of the present invention.
  • FIG. 5 is a block diagram showing the structure of an extracting unit of the present invention.
  • Figure 6 is a block diagram showing the structure of a verification unit of the present invention.
  • Partial private key generation algorithm input system parameter params, signer's identity ID B , KGC calculation Partial private key Sent to the signer.
  • m is the information that the signature requester requests to sign
  • c is the public information that the signer negotiates with the signing requester, and the signer uses its private key.
  • public key The message m and the public consultation information c are signed with the signature requester.
  • the signer uses its private key. And public key
  • the message requester and the public negotiation information c are signed with the signature requester, and the signature requester changes the negotiation information c to c':
  • z' H 0 (c') verification equation Whether it is established. If it is established, it is a valid signature, that is, the tampering negotiation information c' is successful. In this verification process, you only need to verify the equation. Whether it is established;
  • an embodiment of the present invention provides a certificateless partial blind signature method, including the following steps:
  • l is a security parameter and satisfies the prime number q>2 l
  • ⁇ G 1 , + ⁇ is a cyclic addition group of order q
  • P is any generator in group G 1 ;
  • ⁇ G 2 , ⁇ is the order
  • Step S200 the signer extracts its private key as Public key is
  • Step S500 after the signer receives the h, the calculation is performed. And send S to the signature requester;
  • step S700 the verifier performs signature verification.
  • Step S110 determining the size of the safety factor l and the prime number q according to the safety requirement, and constructing the cyclic addition group ⁇ G 1 , + ⁇ and the cyclic multiplication group satisfying the bilinear mapping e: G 1 ⁇ G 1 ⁇ G 2 by using an elliptic curve. ⁇ G 2 , ⁇ ;
  • Step S120 selecting a collision-free hash function H 1 : ⁇ 0, 1 ⁇ * ⁇ G 1 ,
  • step S140 the system parameters ⁇ G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub ⁇ are disclosed, and s is saved as the master key value.
  • step S200 specifically includes:
  • Step S210 input system parameter params, signer's identity ID B , KGC calculation Partial private key Sent to the signer;
  • Step S220 according to the system parameter params and the identity ID B of the signer, the signer randomly selects As its secret value;
  • Step S230 according to the system parameter params, the signer's identity ID B , part of the private key And secret value Get the signer's private key as
  • Step S240 according to the system parameter params, the signer's identity ID B and the secret value Get the signer's public key
  • the method specifically includes:
  • an embodiment of the present invention further provides a certificateless partial blind signature device, including:
  • the extracting unit 200 is configured to extract a private key and a public key by the signer;
  • Partial blind signature unit 500 configured to receive h after calculation And send S to the signature requester
  • the verification unit 700 is configured to perform signature verification.
  • the system parameter establishing unit 100 further includes:
  • the construction module 101 is configured to determine the size of the safety factor l and the prime number q, and construct the cyclic addition group ⁇ G 1 , + ⁇ and the cyclic multiplication group satisfying the bilinear mapping e: G 1 ⁇ G 1 ⁇ G 2 by using an elliptic curve ⁇ G 2 , ⁇ ;
  • Function selection module 102 for selecting a collision-free hash function H 1 : ⁇ 0,1 ⁇ * ⁇ G 1 ,
  • the extracting unit 200 further includes:
  • Partial private key generation module 201 params, the signer's identity ID B, KGC calculated Partial private key Sent to the signer;
  • the secret value generating module 202 is configured to randomly select according to the system parameter params and the identity ID B of the signer. As its secret value;
  • the private key module 203 is configured to use a system parameter params, a signer's identity ID B , and a partial private key. And secret value Get the signer's private key as
  • Public key module 204 for using system parameter params, signer's identity ID B, and secret value Get the signer's public key
  • the verification unit 700 further includes:
  • Table 2 lists the number of calculations for specific time-consuming operations in each scenario, mainly comparing the amount of calculations by the signer, signature requester, and verifier during the scenario construction process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention belongs to the field of information security technology. A method for certificateless partially blind signature (CL-PBS), comprising: establishing a public system parameter params={G1, G2, P, e, g, H0, H1, H2, Ppub}; a signer extracting (SID) as a private key and extracting (P) as a public key; the signer randomly selecting γ∈Z*q, and calculating z=H0(c) and R=rP, and transmitting R to a signature requester; having received R, the signature requester randomly selecting blinding factors α and β∈Z*q, and calculating z=H0(c), R'=αR, (y), h'=H2(m, z, y), h=α-1(β-h'), and transmitting h to the signer; having received h, the signer calculating (S), and transmitting S to the signature requester; the signature requester performing an unblinding operation, calculating S'=αS, and obtaining σ= (y, h', S') as a signature for a message m and a negotiation message c; and a verifier performing signature verification. The method effectively solves the security problem caused by the falsification of negotiation public information during the CL-PBS.

Description

一种无证书部分盲签名方法和装置Uncertified partial blind signature method and device 技术领域Technical field
本发明属于信息安全技术领域,尤其涉及一种无证书部分盲签名方法和装置。The invention belongs to the technical field of information security, and in particular relates to a method and device for blind signature of a certificateless part.
背景技术Background technique
盲签名是签名者在不知道签名请求者所请求消息内容情况下完成的一种签名,这种特性称为盲性。盲签名不仅具有数字签名所具有的内容完整性、交易的不可抵赖性和双方身份的真实性等性质,还可以利用盲性很好地保护用户隐私。在盲签名中签名者对签名消息一无所知,易造成签名被恶意的请求者非法使用。随后,部分盲签名的概念被提出,其将消息分为盲化部分和公共部分,因此部分盲签名在保证用户隐私的同时又对签名内容部分可控。A blind signature is a signature that the signer completes without knowing the content of the message requested by the signature requester. This feature is called blindness. The blind signature not only has the content integrity of the digital signature, the non-repudiation of the transaction and the authenticity of the identity of both parties, but also can protect the user's privacy by using blindness. In the blind signature, the signer knows nothing about the signed message, and it is easy to cause the signature to be illegally used by the malicious requester. Subsequently, the concept of a partial blind signature is proposed, which divides the message into a blinded part and a public part, so that part of the blind signature is controllable to the content of the signature while ensuring user privacy.
在基于身份的密码体制中,密钥生成中心(Key Generation Center,KGC)知道所有用户的私钥,可以伪造任何用户的签名,这种问题被称为密钥托管问题。为了解决此问题,2003年Al-Riyam和Paterson提出了无证书公钥密码学(Certificateless Public Key Cryptography,CL-PKC)的概念。具体可参见文献:Al-Riyami S S,Paterson K G.Certificateless Public Key Cryptography[J].Lecture Notes in Computer Science,2003,2894(2):452-473.以下简称文献1。在CL-PKC中,密钥生成中心为用户生成部分私钥,而用户的私钥是由部分私钥和自己随机选择的秘密值组成,从而解决密钥托管问题。将无证书公钥密码学和盲签名相结合称为无证书的盲签名(Certificateless Blind Signature,CL-BS),将CL-BS用于电子商务中既可以保护用户的隐私,又可以避免PKI中的证书管理和ID-PKC中的密钥托管问题。为了更好地应用到电子现金系统中,将无证书公钥密码学和部分盲签名相 结合称为无证书的部分盲签名(Certificateless Partially Blind Signature,CL-PBS)。In an identity-based cryptosystem, the Key Generation Center (KGC) knows the private keys of all users and can spoof any user's signature. This problem is called key escrow. In order to solve this problem, in 2003 Al-Riyam and Paterson proposed the concept of Certificateless Public Key Cryptography (CL-PKC). For details, see Al-Riyami S S, Paterson K G. Certificateless Public Key Cryptography [J]. Lecture Notes in Computer Science, 2003, 2894 (2): 452-473. In CL-PKC, the key generation center generates a partial private key for the user, and the private key of the user is composed of a partial private key and a secret value randomly selected by itself, thereby solving the key escrow problem. The combination of certificateless public key cryptography and blind signature is called Certificateless Blind Signature (CL-BS). The use of CL-BS in e-commerce can protect the privacy of users and avoid PKI. Certificate management and key escrow issues in ID-PKC. In order to be better applied to the electronic cash system, certificateless public key cryptography and partial blind signature phase Combined with a Certificateless Partially Blind Signature (CL-PBS).
现有的已经有发表相关无证书的部分盲签名的相关文献,如:Existing literature on the publication of relevant uncertified partial blind signatures, such as:
Cheng L,Wen Q.Cryptanalysis and improvement of a certificateless partially blind signature[J].IET Information Security,2015,9(6):380-386.以下简称文献2。Cheng L, Wen Q. Cryptanalysis and improvement of a certificateless partially blind signature [J]. IET Information Security, 2015, 9(6): 380-386.
Zhang L,Zhang F,Qin B,et al.Corrigendum:″Provably-secure electronic cash based on certicateless partially-blind signatures″[J].Electronic Commerce Research & applications,2011,10(1):545-552.以下简称文献3。Zhang L, Zhang F, Qin B, et al. Corrigendum: "Provably-secure electronic cash based on certicateless partially-blind signatures" [J]. Electronic Commerce Research & applications, 2011, 10(1): 545-552. Referred to as document 3.
文献2指出文献3提出的CL-PBS方案不能抵抗恶意的用户替换签名者公钥的攻击并提出了改进方案。但通过对改进方案分析,发现其并不能防恶意的用户篡改协商公共信息攻击。Document 2 indicates that the CL-PBS scheme proposed in Document 3 cannot resist the attack of a malicious user replacing the signer's public key and proposes an improved scheme. However, through the analysis of the improvement plan, it is found that it cannot prevent malicious users from tampering with the negotiation of public information attacks.
发明内容Summary of the invention
本发明实施例提供一种无证书部分盲签名方法,旨在解决现有的无证书部分盲签名中协商公共信息安全性低的问题。The embodiment of the invention provides a certificateless partial blind signature method, which aims to solve the problem of low security of negotiating public information in the existing certificateless partial blind signature.
本发明实施例是这样实现的,一种无证书部分盲签名方法,包括:The embodiment of the present invention is implemented in this manner, and a method for blind signature of a certificateless portion includes:
建立一个公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};其中,l为安全参数,且满足素数q>2l,{G1,+}是阶为q的循环加法群,P为群G1中的任意生成元;{G2,·}是阶为q的循环乘法群,g为生成元;双线性对映射e:G1×G1→G2,g=e(P,P)∈G2;hash函数:
Figure PCTCN2016112385-appb-000001
H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000002
KGC选取s为主密钥,Ppub=sP为公钥;Establish a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub }; where l is a security parameter and satisfies the prime number q> 2 l , {G 1 , +} is a cyclic addition group of order q, P is an arbitrary generator in group G 1 ; {G 2 , ·} is a cyclic multiplicative group of order q, g is a generator; bilinear pair mapping e :G 1 ×G 1 →G 2 ,g=e(P,P)∈G 2 ;hash function:
Figure PCTCN2016112385-appb-000001
H 1 :{0,1} * →G 1 ,
Figure PCTCN2016112385-appb-000002
KGC selects s as the primary key and P pub =sP as the public key;
签名者提取其私钥为
Figure PCTCN2016112385-appb-000003
公钥为
Figure PCTCN2016112385-appb-000004
The signer extracts his private key as
Figure PCTCN2016112385-appb-000003
Public key is
Figure PCTCN2016112385-appb-000004
签名者随机选择
Figure PCTCN2016112385-appb-000005
并计算z=H0(c)和R=rP,并把R发送给签名请求者; Signer randomly selected
Figure PCTCN2016112385-appb-000005
And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
签名请求者接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000006
并计算z=H0(c)、R′=αR,
Figure PCTCN2016112385-appb-000007
h′=H2(m,z,y),h=α-1(β-h′),并把h发送给签名者;After the signature requester receives R, randomly selects the blinding factor
Figure PCTCN2016112385-appb-000006
And calculate z=H 0 (c), R'=αR,
Figure PCTCN2016112385-appb-000007
h'=H 2 (m,z,y),h=α -1 (β-h'), and send h to the signer;
签名者接收到h后,计算
Figure PCTCN2016112385-appb-000008
并把S发送给签名请求者;After the signer receives h, the calculation
Figure PCTCN2016112385-appb-000008
And send S to the signature requester;
签名请求者进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);The signature requester performs the detachment work, calculates S'=αS, and obtains the signature of the message m and the negotiation message c as σ=(y, h', S');
验证者进行签名验证。The verifier performs signature verification.
优选地,所述建立一个公开系统参数params={G1,G2,P,l,q,e,H1,H2,H3,Ppub}的具体步骤为:Preferably, the specific steps of establishing a public system parameter params={G 1 , G 2 , P, l, q, e, H 1 , H 2 , H 3 , P pub } are:
根据安全需要,确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·};According to the security needs, determine the size of the safety factor l and the prime number q, and construct the cyclic addition group {G 1 , +} and the cyclic multiplication group {G 2 satisfying the bilinear mapping e: G 1 × G 1 → G 2 by using the elliptic curve. ,·};
选择无碰撞杂凑函数
Figure PCTCN2016112385-appb-000009
H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000010
Select collision-free hash function
Figure PCTCN2016112385-appb-000009
H 1 :{0,1} * →G 1 ,
Figure PCTCN2016112385-appb-000010
从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGC的主密钥,并计算Ppub=sP作为其对应的公钥;An integer s is randomly selected from the integer multiplication group of mod q as the master key of the private key generation center KGC, and P pub =sP is calculated as its corresponding public key;
公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。The system parameters {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub } are disclosed and s is stored as the master key value.
优选地,所述签名者提取其私钥为
Figure PCTCN2016112385-appb-000011
公钥为
Figure PCTCN2016112385-appb-000012
的具体步骤为:Preferably, the signer extracts its private key as
Figure PCTCN2016112385-appb-000011
Public key is
Figure PCTCN2016112385-appb-000012
The specific steps are:
输入系统参数params,签名者的身份IDB,KGC计算
Figure PCTCN2016112385-appb-000013
并把部分私钥
Figure PCTCN2016112385-appb-000014
发送给签名者;Enter the system parameter params, the signer's identity ID B , KGC calculation
Figure PCTCN2016112385-appb-000013
Partial private key
Figure PCTCN2016112385-appb-000014
Sent to the signer;
根据系统参数params和签名者的身份IDB,签名者随机选择
Figure PCTCN2016112385-appb-000015
作为其秘密值;According to the system parameter params and the signer's identity ID B , the signer randomly chooses
Figure PCTCN2016112385-appb-000015
As its secret value;
根据系统参数params、签名者的身份IDB、部分私钥
Figure PCTCN2016112385-appb-000016
和秘密值
Figure PCTCN2016112385-appb-000017
得到签名者的私钥为
Figure PCTCN2016112385-appb-000018
According to the system parameter params, the signer's identity ID B , part of the private key
Figure PCTCN2016112385-appb-000016
And secret value
Figure PCTCN2016112385-appb-000017
Get the signer's private key as
Figure PCTCN2016112385-appb-000018
根据系统参数params、签名者的身份IDB和秘密值
Figure PCTCN2016112385-appb-000019
得到签名者的公钥
Figure PCTCN2016112385-appb-000020
According to the system parameter params, the signer's identity ID B and the secret value
Figure PCTCN2016112385-appb-000019
Get the signer's public key
Figure PCTCN2016112385-appb-000020
优选地,所述验证者进行签名验证的具体步骤包括:Preferably, the specific steps of the verifier to perform signature verification include:
验证者接收到签名者的消息-签名对(m,c,σ=(y,h′,S′));The verifier receives the message-signature pair of the signer (m, c, σ = (y, h', S'));
计算z=H0(c),
Figure PCTCN2016112385-appb-000021
Calculate z=H 0 (c),
Figure PCTCN2016112385-appb-000021
验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名;Verify that the equality h'=H 2 (m,z,y') holds, and if so, the verifier believes that (m,c,σ=(y,h',S')) is valid by the signer Blind signature
否则无效。Otherwise invalid.
本发明的实施例还提供一种无证书部分盲签名装置,包括:An embodiment of the present invention further provides a certificateless partial blind signature device, including:
系统参数建立单元,用于建立公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};a system parameter establishing unit for establishing a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub };
提取单元,用于签名者提取私钥及公钥;An extracting unit, configured for the signer to extract the private key and the public key;
承诺单元,用于随机选择
Figure PCTCN2016112385-appb-000022
并计算z=H0(c)和R=rP,并把R发送给签名请求者;Commitment unit for random selection
Figure PCTCN2016112385-appb-000022
And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
盲化单元,用于接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000023
并计算z=H0(c)、R′=αR,
Figure PCTCN2016112385-appb-000024
h′=H2(m,z,y),h=α-1(β-h′),并把h发送给签名者;Blind unit for randomly selecting the blinding factor after receiving R
Figure PCTCN2016112385-appb-000023
And calculate z=H 0 (c), R'=αR,
Figure PCTCN2016112385-appb-000024
h'=H 2 (m,z,y),h=α -1 (β-h'), and send h to the signer;
部分盲签名单元,用于接收到h后,计算
Figure PCTCN2016112385-appb-000025
并把S发送给签名请求者;Partial blind signature unit, used to receive h after calculation
Figure PCTCN2016112385-appb-000025
And send S to the signature requester;
脱盲单元,用于进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);a detachment unit for performing detachment work, calculating S'=αS, obtaining a signature of the message m and the negotiation message c as σ=(y, h', S');
验证单元,用于进行签名验证。A verification unit for signature verification.
优选地,所述系统参数建立单元包括:Preferably, the system parameter establishing unit comprises:
构建模块,用于确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·}; Constructing a module for determining the size of the safety factor l and the prime number q, constructing a cyclic addition group {G 1 , +} and a cyclic multiplication group {G satisfying the bilinear map e: G 1 × G 1 → G 2 using an elliptic curve 2 ,·};
函数选择模块,用于选择无碰撞杂凑函数
Figure PCTCN2016112385-appb-000026
H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000027
Function selection module for selecting collision-free hash functions
Figure PCTCN2016112385-appb-000026
H 1 :{0,1} * →G 1 ,
Figure PCTCN2016112385-appb-000027
密钥模块,用于从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGC的主密钥,并计算Ppub=sP作为其对应的公钥,并公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。a key module for randomly selecting an integer s from the integer multiplication group of mod q as the master key of the private key generation center KGC, and calculating P pub =sP as its corresponding public key, and exposing the system parameter {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub }, and save s as the master key value.
优选地,所述提取单元包括:Preferably, the extracting unit comprises:
部分私钥生成模块,用于根据系统参数params,签名者的身份IDB,KGC计算
Figure PCTCN2016112385-appb-000028
并把部分私钥
Figure PCTCN2016112385-appb-000029
发送给签名者;Partial private key generation module for calculating according to the system parameter params, the signer's identity ID B , KGC
Figure PCTCN2016112385-appb-000028
Partial private key
Figure PCTCN2016112385-appb-000029
Sent to the signer;
秘密值生成模块,用于根据系统参数params和签名者的身份IDB,随机选择
Figure PCTCN2016112385-appb-000030
作为其秘密值;a secret value generating module for randomly selecting according to the system parameter params and the signer's identity ID B
Figure PCTCN2016112385-appb-000030
As its secret value;
私钥模块,用于根据系统参数params、签名者的身份IDB、部分私钥
Figure PCTCN2016112385-appb-000031
和秘密值
Figure PCTCN2016112385-appb-000032
得到签名者的私钥为
Figure PCTCN2016112385-appb-000033
Private key module, used according to system parameter params, signer's identity ID B , partial private key
Figure PCTCN2016112385-appb-000031
And secret value
Figure PCTCN2016112385-appb-000032
Get the signer's private key as
Figure PCTCN2016112385-appb-000033
公钥模块,用于根据系统参数params、签名者的身份IDB和秘密值
Figure PCTCN2016112385-appb-000034
得到签名者的公钥
Figure PCTCN2016112385-appb-000035
Public key module for identifying the system parameter params, the signer's identity ID B, and the secret value
Figure PCTCN2016112385-appb-000034
Get the signer's public key
Figure PCTCN2016112385-appb-000035
优选地,所述验证单元包括:Preferably, the verification unit comprises:
接收模块,用于接收签名请求者发送的消息-签名对(m,c,σ=(y,h′,S′));a receiving module, configured to receive a message-signature pair (m, c, σ=(y, h', S')) sent by the signature requester;
计算模块,用于计算z=H0(c),
Figure PCTCN2016112385-appb-000036
a calculation module for calculating z=H 0 (c),
Figure PCTCN2016112385-appb-000036
验证模块,用于验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名,否则无效。a verification module for verifying whether the equation h'=H 2 (m, z, y') holds, and if so, the verifier believes that (m, c, σ = (y, h', S')) is The signer performs a valid blind signature, otherwise it is invalid.
本发明的技术方案,由于由于签名者把协商信息插入到计算
Figure PCTCN2016112385-appb-000037
中,其中z=H0(c),通过证明签名方案的正确性时,签名者插入协商信息z=H0(c)不仅对应到签名请求者C进行盲化签名插入的协商信息
Figure PCTCN2016112385-appb-000038
同时也与验证等式中用到的插入协商协商信息
Figure PCTCN2016112385-appb-000039
相对应,因此,本发明的方案在协商信息篡 改攻击下是安全的,有效解决了无证书部分盲签名中因协商公共信息篡改而带来的安全性问题。The technical solution of the present invention, since the signer inserts the negotiation information into the calculation
Figure PCTCN2016112385-appb-000037
Where z=H 0 (c), by proving the correctness of the signature scheme, the signer inserts the negotiation information z=H 0 (c) not only corresponds to the negotiation information of the signature requester C for blind signature insertion
Figure PCTCN2016112385-appb-000038
Also negotiates the insertion negotiation information used in the verification equation.
Figure PCTCN2016112385-appb-000039
Correspondingly, therefore, the solution of the present invention is safe under the negotiation information tampering attack, and effectively solves the security problem caused by tampering with the public information in the certificateless partial blind signature.
附图说明DRAWINGS
图1是本发明实施例提供的一种无证书部分盲签名方法流程示意图;FIG. 1 is a schematic flowchart of a method for blind signature of a certificateless portion according to an embodiment of the present invention;
图2是本发明实施例提供的一种无证书部分盲签名方法流程简图;2 is a schematic flow chart of a method for blind signature of a certificateless portion according to an embodiment of the present invention;
图3是本发明实施例提供的一种无证书部分盲签名装置结构框图;3 is a structural block diagram of a certificateless partial blind signature device according to an embodiment of the present invention;
图4是本发明的系统参数建立单元的结构框图;4 is a structural block diagram of a system parameter establishing unit of the present invention;
图5是本发明的提取单元的结构框图;Figure 5 is a block diagram showing the structure of an extracting unit of the present invention;
图6是本发明的验证单元的结构框图。Figure 6 is a block diagram showing the structure of a verification unit of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
为了更有效的理解本发明的技术方案,我们简单描述一下上述文献2中的部分盲签名的过程:In order to more effectively understand the technical solution of the present invention, we briefly describe the process of partial blind signature in the above document 2:
首先建立一个建立一个公开系统参数params={G1,G2,P,l,q,e,H0,H1,H2,Ppub}。First, establish a public system parameter params={G 1 , G 2 , P, l, q, e, H 0 , H 1 , H 2 , P pub }.
给定安全参数l,且满足素数q>2l,{G1,+}是阶为q的循环加法群,P为群G1中的任意生成元;{G2,·}是阶为q的循环乘法群,g为生成元;双线性对映射e:G1×G1→G2,g=e(P,P)∈G2;hash函数:
Figure PCTCN2016112385-appb-000040
Figure PCTCN2016112385-appb-000041
KGC选取s为主密钥,Ppub=sP为公钥,系统参数params={G1,G2,P,l,q,e,H0,H1,H2,Ppub}。Given the security parameter l, and satisfying the prime number q>2 l , {G 1 , +} is a cyclic addition group of order q, P is any generator in group G 1 ; {G 2 ,·} is the order q The cyclic multiplication group, g is the generator; the bilinear pair map e: G 1 × G 1 → G 2 , g = e(P, P) ∈ G 2 ; hash function:
Figure PCTCN2016112385-appb-000040
Figure PCTCN2016112385-appb-000041
KGC selects s as the primary key, P pub =sP as the public key, and the system parameters params={G 1 , G 2 , P, l, q, e, H 0 , H 1 , H 2 , P pub }.
然后进行密钥提取算法:Then perform the key extraction algorithm:
部分私钥生成算法:输入系统参数params,签名者的身份IDB,KGC计算
Figure PCTCN2016112385-appb-000042
并把部分私钥
Figure PCTCN2016112385-appb-000043
发送给签名者。Partial private key generation algorithm: input system parameter params, signer's identity ID B , KGC calculation
Figure PCTCN2016112385-appb-000042
Partial private key
Figure PCTCN2016112385-appb-000043
Sent to the signer.
设置秘密值算法:输入系统参数params和签名者的身份IDB,签名者随机选择作为其秘密值。Set the secret value algorithm: enter the system parameter params and the signer's identity ID B , the signer randomly chooses As its secret value.
设置私钥算法:算法输入系统参数、签名者的身份IDB、部分私钥
Figure PCTCN2016112385-appb-000045
和秘密值
Figure PCTCN2016112385-appb-000046
输出签名者的私钥为
Figure PCTCN2016112385-appb-000047
Set the private key algorithm: algorithm input system parameters, signer's identity ID B , partial private key
Figure PCTCN2016112385-appb-000045
And secret value
Figure PCTCN2016112385-appb-000046
The private key of the output signer is
Figure PCTCN2016112385-appb-000047
设置公钥算法:算法输入系统参数、签名者的身份IDB和秘密值
Figure PCTCN2016112385-appb-000048
输入签名者的公钥
Figure PCTCN2016112385-appb-000049
Set the public key algorithm: algorithm input system parameters, signer's identity ID B and secret value
Figure PCTCN2016112385-appb-000048
Enter the signer's public key
Figure PCTCN2016112385-appb-000049
然后再进行部分盲签名生成算法:Then part of the blind signature generation algorithm:
假设m为签名请求者请求签名的信息,c为签名者与签名请求者协商的公共信息,签名者用其私钥
Figure PCTCN2016112385-appb-000050
和公钥
Figure PCTCN2016112385-appb-000051
与签名请求者进行消息m和公共协商信息c签名。具体过程如下:Suppose m is the information that the signature requester requests to sign, c is the public information that the signer negotiates with the signing requester, and the signer uses its private key.
Figure PCTCN2016112385-appb-000050
And public key
Figure PCTCN2016112385-appb-000051
The message m and the public consultation information c are signed with the signature requester. The specific process is as follows:
a)承诺。签名者随机选择
Figure PCTCN2016112385-appb-000052
并计算z=H0(c)和R=rzP,并将R发送签名请求者。a) Commitment. Signer randomly selected
Figure PCTCN2016112385-appb-000052
And calculate z = H 0 (c) and R = rzP, and send R to the signature requester.
b)盲化。签名请求者接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000053
并计算z=H0(c),R′=γR,
Figure PCTCN2016112385-appb-000054
h=γ-1(β-h′),并把h发送给签名者。b) Blind. After the signature requester receives R, randomly selects the blinding factor
Figure PCTCN2016112385-appb-000053
And calculate z = H 0 (c), R' = γR,
Figure PCTCN2016112385-appb-000054
h = γ -1 (β-h') and send h to the signer.
c)部分盲签名。接受到h后,签名者只需计算
Figure PCTCN2016112385-appb-000055
并把S发送签名请求者。c) Partial blind signature. After accepting h, the signer only needs to calculate
Figure PCTCN2016112385-appb-000055
And send S to the signature requester.
d)脱盲。签名请求者计算S′=γS+αPpubd) literacy. The signature requester calculates S' = γS + αP pub .
这一系列的交互后,签名请求者得到对消息m和协商信息c的签名为σ=(R′,h′,S′)。After this series of interactions, the signature requester obtains the signature of the message m and the negotiation information c as σ=(R', h', S').
最后进行签名验证算法:Finally, the signature verification algorithm is performed:
验证者接受到由签名者对消息m和协商信息c的签名为σ=(R′,h′,S′)后,先计算z=H0(c),
Figure PCTCN2016112385-appb-000056
最后验证等式
Figure PCTCN2016112385-appb-000057
是否成立。如果成立,则认为消息-签名对(m,c,σ=(R′,h′,S′))是签名者合法的签名。 否则无效。The verifier receives the signature by the signer message negotiation information c and m is σ = (R ', h' , S '), the first calculation z = H 0 (c),
Figure PCTCN2016112385-appb-000056
Final verification equation
Figure PCTCN2016112385-appb-000057
Whether it is established. If so, the message-signature pair (m, c, σ = (R', h', S')) is considered to be the signature of the signer. Otherwise invalid.
以上方案会产生安全攻击,具体攻击分析如下:The above scenarios will generate security attacks. The specific attacks are analyzed as follows:
因为是对方案进行将协商信息c篡改为c′攻击,签名者用其私钥
Figure PCTCN2016112385-appb-000058
和公钥
Figure PCTCN2016112385-appb-000059
与签名请求者进行消息m和公共协商信息c签名,签名请求者将协商信息c篡改为c′:Because the scheme is to change the negotiation information c篡 to c' attack, the signer uses its private key.
Figure PCTCN2016112385-appb-000058
And public key
Figure PCTCN2016112385-appb-000059
The message requester and the public negotiation information c are signed with the signature requester, and the signature requester changes the negotiation information c to c':
a)承诺。签名者随机选择
Figure PCTCN2016112385-appb-000060
并计算z=H0(c)和R=rzP,并将R发送签名请求者。a) Commitment. Signer randomly selected
Figure PCTCN2016112385-appb-000060
And calculate z = H 0 (c) and R = rzP, and send R to the signature requester.
b)盲化。签名请求者接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000061
计算z=H0(c),z′=H0(c′)、R′=γR,R″=z-1z′R′,
Figure PCTCN2016112385-appb-000062
h=γ-1(β-h′)和h″=zz′-1h,并把h″发送给签名者。b) Blind. After the signature requester receives R, randomly selects the blinding factor
Figure PCTCN2016112385-appb-000061
Calculate z = H 0 (c), z' = H 0 (c'), R' = γR, R" = z -1 z'R',
Figure PCTCN2016112385-appb-000062
h = γ -1 (β-h') and h" = zz' - 1 h, and send h" to the signer.
c)部分盲签名。接受到h″后,签名者只需计算
Figure PCTCN2016112385-appb-000063
并把S发送签名请求者。c) Partial blind signature. After accepting h′′, the signer only needs to calculate
Figure PCTCN2016112385-appb-000063
And send S to the signature requester.
d)脱盲。签名请求者计算S′=z-1z′S,S″=γS′+αPpubd) literacy. The signature requester calculates S'=z -1 z'S, S" = γS' + αP pub .
这一系列的交互后,签名请求者得到对消息m和协商信息c′的签名为σ=(R″,h′,S″)。After this series of interactions, the signature requester obtains the signature of the message m and the negotiation information c' as σ = (R", h', S").
签名请求者对消息m和协商信息c′的签名为σ=(R″,h′,S″),需要计算
Figure PCTCN2016112385-appb-000064
z′=H0(c′)验证等式
Figure PCTCN2016112385-appb-000065
是否成立。如果成立,则为有效的签名,即篡改协商信息c′成功。在这个验证过程中,其实只需要验证等式
Figure PCTCN2016112385-appb-000066
是否成立;The signature of the signature requester to the message m and the negotiation information c' is σ=(R′′, h′, S′′), which needs to be calculated.
Figure PCTCN2016112385-appb-000064
z'=H 0 (c') verification equation
Figure PCTCN2016112385-appb-000065
Whether it is established. If it is established, it is a valid signature, that is, the tampering negotiation information c' is successful. In this verification process, you only need to verify the equation.
Figure PCTCN2016112385-appb-000066
Whether it is established;
Figure PCTCN2016112385-appb-000067
Figure PCTCN2016112385-appb-000067
Figure PCTCN2016112385-appb-000068
Figure PCTCN2016112385-appb-000068
即在未经签名者同意的前提下,签名请求者篡改公共信息后所形成的签名也能通过验证等式验证,故验证者相信σ=(R″,h′,S″)是签名者对消息m和协商消息c′的有效签名。That is, without the consent of the signer, the signature formed by the signature requester after tampering with the public information can also be verified by the verification equation, so the verifier believes that σ=(R′′,h′,S′′) is the signer pair. The valid signature of message m and negotiation message c'.
结合图1及图2所示,本发明的实施例提供一种无证书部分盲签名方法,包括以下步骤:As shown in FIG. 1 and FIG. 2, an embodiment of the present invention provides a certificateless partial blind signature method, including the following steps:
步骤S100,建立一个公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};Step S100, establishing a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub };
其中,l为安全参数,且满足素数q>2l,{G1,+}是阶为q的循环加法群,P为群G1中的任意生成元;{G2,·}是阶为q的循环乘法群,g为生成元;双线性对映射e:G1×G1→G2,g=e(P,P)∈G2;hash函数:
Figure PCTCN2016112385-appb-000069
H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000070
KGC选取s为主密钥,Ppub=sP为公钥;Where l is a security parameter and satisfies the prime number q>2 l , {G 1 , +} is a cyclic addition group of order q, P is any generator in group G 1 ; {G 2 ,·} is the order The cyclic multiplicative group of q, g is the generator; the bilinear pair map e:G 1 ×G 1 →G 2 ,g=e(P,P)∈G 2 ;hash function:
Figure PCTCN2016112385-appb-000069
H 1 :{0,1} * →G 1 ,
Figure PCTCN2016112385-appb-000070
KGC selects s as the primary key and P pub =sP as the public key;
步骤S200,签名者提取其私钥为
Figure PCTCN2016112385-appb-000071
公钥为
Figure PCTCN2016112385-appb-000072
Step S200, the signer extracts its private key as
Figure PCTCN2016112385-appb-000071
Public key is
Figure PCTCN2016112385-appb-000072
步骤S300,签名者随机选择
Figure PCTCN2016112385-appb-000073
并计算z=H0(c)和R=rP,并把R发送给签名请求者;Step S300, the signer randomly selects
Figure PCTCN2016112385-appb-000073
And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
步骤S400,签名请求者接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000074
并计算z=H0(c),R′=αR,
Figure PCTCN2016112385-appb-000075
h′=H2(m,z,y),h=α-1(β-h′),并把h发送给签名者;Step S400, after the signature requester receives the R, randomly selects the blinding factor.
Figure PCTCN2016112385-appb-000074
And calculate z = H 0 (c), R' = αR,
Figure PCTCN2016112385-appb-000075
h'=H 2 (m,z,y),h=α -1 (β-h'), and send h to the signer;
步骤S500,签名者接收到h后,计算
Figure PCTCN2016112385-appb-000076
并把S发送给签名请求者;Step S500, after the signer receives the h, the calculation is performed.
Figure PCTCN2016112385-appb-000076
And send S to the signature requester;
步骤S600,签名请求者进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);Step S600, the signature requester performs the detachment work, calculates S'=αS, and obtains the signature of the message m and the negotiation message c as σ=(y, h', S');
步骤S700,验证者进行签名验证。 In step S700, the verifier performs signature verification.
优选地,在所述步骤S100中,所述建立一个公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub}的具体步骤为:Preferably, in the step S100, the specific steps of establishing a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub } are:
步骤S110,根据安全需要,确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·};Step S110, determining the size of the safety factor l and the prime number q according to the safety requirement, and constructing the cyclic addition group {G 1 , +} and the cyclic multiplication group satisfying the bilinear mapping e: G 1 × G 1 → G 2 by using an elliptic curve. {G 2 ,·};
步骤S120,选择无碰撞杂凑函数H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000077
Figure PCTCN2016112385-appb-000078
Step S120, selecting a collision-free hash function H 1 : {0, 1} * → G 1 ,
Figure PCTCN2016112385-appb-000077
Figure PCTCN2016112385-appb-000078
步骤S130,从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGC的主密钥,并计算Ppub=sP作为其对应的公钥;Step S130, randomly selecting an integer s from the integer multiplication group of mod q as the master key of the private key generation center KGC, and calculating P pub =sP as its corresponding public key;
步骤S140,公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。In step S140, the system parameters {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub } are disclosed, and s is saved as the master key value.
进一步地,所述步骤S200具体包括:Further, the step S200 specifically includes:
步骤S210,输入系统参数params,签名者的身份IDB,KGC计算
Figure PCTCN2016112385-appb-000079
Figure PCTCN2016112385-appb-000080
并把部分私钥
Figure PCTCN2016112385-appb-000081
发送给签名者;Step S210, input system parameter params, signer's identity ID B , KGC calculation
Figure PCTCN2016112385-appb-000079
Figure PCTCN2016112385-appb-000080
Partial private key
Figure PCTCN2016112385-appb-000081
Sent to the signer;
步骤S220,根据系统参数params和签名者的身份IDB,签名者随机选择
Figure PCTCN2016112385-appb-000082
作为其秘密值;Step S220, according to the system parameter params and the identity ID B of the signer, the signer randomly selects
Figure PCTCN2016112385-appb-000082
As its secret value;
步骤S230,根据系统参数params、签名者的身份IDB、部分私钥
Figure PCTCN2016112385-appb-000083
和秘密值
Figure PCTCN2016112385-appb-000084
得到签名者的私钥为
Figure PCTCN2016112385-appb-000085
Step S230, according to the system parameter params, the signer's identity ID B , part of the private key
Figure PCTCN2016112385-appb-000083
And secret value
Figure PCTCN2016112385-appb-000084
Get the signer's private key as
Figure PCTCN2016112385-appb-000085
步骤S240,根据系统参数params、签名者的身份IDB和秘密值
Figure PCTCN2016112385-appb-000086
得到签名者的公钥
Figure PCTCN2016112385-appb-000087
Step S240, according to the system parameter params, the signer's identity ID B and the secret value
Figure PCTCN2016112385-appb-000086
Get the signer's public key
Figure PCTCN2016112385-appb-000087
进一步地,所述步骤S700中,具体包括:Further, in the step S700, the method specifically includes:
步骤S710,验证者接收到签名者的消息-签名对(m,c,σ=(y,h′,S′));Step S710, the verifier receives the message-signature pair of the signer (m, c, σ = (y, h', S'));
步骤S720,计算z=H0(c),
Figure PCTCN2016112385-appb-000088
Step S720, calculating z=H 0 (c),
Figure PCTCN2016112385-appb-000088
步骤S730,验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名; Step S730, verifying whether the equation h'=H 2 (m, z, y') holds, and if so, the verifier believes that (m, c, σ = (y, h', S')) is the signer Conduct effective blind signatures;
否则无效。Otherwise invalid.
由于签名者把协商信息插入到计算
Figure PCTCN2016112385-appb-000089
中,其中z=H0(c),通过证明签名方案的正确性时,发现签名者插入协商信息z=H0(c)不仅对应到签名请求者进行盲化签名插入的协商信息
Figure PCTCN2016112385-appb-000090
同时也与验证等式中用到的插入协商协商信息
Figure PCTCN2016112385-appb-000091
相对应。故本方案可以防公共协商信息篡改攻击。Because the signer inserts the negotiation information into the calculation
Figure PCTCN2016112385-appb-000089
Where z=H 0 (c), by proving the correctness of the signature scheme, it is found that the signer inserts the negotiation information z=H 0 (c) not only corresponds to the negotiation information of the signature requester for blind signature insertion.
Figure PCTCN2016112385-appb-000090
Also negotiates the insertion negotiation information used in the verification equation.
Figure PCTCN2016112385-appb-000091
Corresponding. Therefore, this program can prevent public consultation information from tampering attacks.
如图3所示,本发明的实施例还提供一种无证书部分盲签名装置,包括:As shown in FIG. 3, an embodiment of the present invention further provides a certificateless partial blind signature device, including:
系统参数建立单元100,用于建立公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};a system parameter establishing unit 100, configured to establish a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub };
提取单元200,用于签名者提取私钥及公钥;The extracting unit 200 is configured to extract a private key and a public key by the signer;
承诺单元300,用于随机选择
Figure PCTCN2016112385-appb-000092
并计算z=H0(c)和R=rP,并把R发送给签名请求者;Commitment unit 300 for random selection
Figure PCTCN2016112385-appb-000092
And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
盲化单元400,用于接受到R后,随机选择盲化因子
Figure PCTCN2016112385-appb-000093
并计算z=H0(c)、R′=αR,
Figure PCTCN2016112385-appb-000094
h′=H2(m,z,y),h=α-1(β-h′),并把h发送给签名者;The blinding unit 400 is configured to randomly select a blinding factor after receiving the R
Figure PCTCN2016112385-appb-000093
And calculate z=H 0 (c), R'=αR,
Figure PCTCN2016112385-appb-000094
h'=H 2 (m,z,y),h=α -1 (β-h'), and send h to the signer;
部分盲签名单元500,用于接收到h后,计算
Figure PCTCN2016112385-appb-000095
并把S发送给签名请求者;Partial blind signature unit 500, configured to receive h after calculation
Figure PCTCN2016112385-appb-000095
And send S to the signature requester;
脱盲单元600,用于进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);The detachment unit 600 is configured to perform detachment work, calculate S'=αS, and obtain the signature of the message m and the negotiation message c as σ=(y, h', S');
验证单元700,用于进行签名验证。The verification unit 700 is configured to perform signature verification.
如图4所示,进一步地,所述系统参数建立单元100包括:As shown in FIG. 4, the system parameter establishing unit 100 further includes:
构建模块101,用于确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·};The construction module 101 is configured to determine the size of the safety factor l and the prime number q, and construct the cyclic addition group {G 1 , +} and the cyclic multiplication group satisfying the bilinear mapping e: G 1 × G 1 → G 2 by using an elliptic curve { G 2 ,·};
函数选择模块102,用于选择无碰撞杂凑函数
Figure PCTCN2016112385-appb-000096
H1:{0,1}*→G1
Figure PCTCN2016112385-appb-000097
Function selection module 102 for selecting a collision-free hash function
Figure PCTCN2016112385-appb-000096
H 1 :{0,1} * →G 1 ,
Figure PCTCN2016112385-appb-000097
密钥模块103,用于从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGC的主密钥,并计算Ppub=sP作为其对应的公钥,并公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。The key module 103 is configured to randomly select an integer s from the integer multiplication group of mod q as the master key of the private key generation center KGC, calculate P pub =sP as its corresponding public key, and disclose the system parameter {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub }, and s is stored as the master key value.
如图5所示,进一步地,所述提取单元200进一步包括:As shown in FIG. 5, the extracting unit 200 further includes:
部分私钥生成模块201,用于根据系统参数params,签名者的身份IDB,KGC计算
Figure PCTCN2016112385-appb-000098
并把部分私钥
Figure PCTCN2016112385-appb-000099
发送给签名者;Partial private key generation module 201, according to the system parameters params, the signer's identity ID B, KGC calculated
Figure PCTCN2016112385-appb-000098
Partial private key
Figure PCTCN2016112385-appb-000099
Sent to the signer;
秘密值生成模块202,用于根据系统参数params和签名者的身份IDB,随机选择
Figure PCTCN2016112385-appb-000100
作为其秘密值;The secret value generating module 202 is configured to randomly select according to the system parameter params and the identity ID B of the signer.
Figure PCTCN2016112385-appb-000100
As its secret value;
私钥模块203,用于根据系统参数params、签名者的身份IDB、部分私钥
Figure PCTCN2016112385-appb-000101
和秘密值
Figure PCTCN2016112385-appb-000102
得到签名者的私钥为
Figure PCTCN2016112385-appb-000103
The private key module 203 is configured to use a system parameter params, a signer's identity ID B , and a partial private key.
Figure PCTCN2016112385-appb-000101
And secret value
Figure PCTCN2016112385-appb-000102
Get the signer's private key as
Figure PCTCN2016112385-appb-000103
公钥模块204,用于根据系统参数params、签名者的身份IDB和秘密值
Figure PCTCN2016112385-appb-000104
得到签名者的公钥
Figure PCTCN2016112385-appb-000105
Public key module 204 for using system parameter params, signer's identity ID B, and secret value
Figure PCTCN2016112385-appb-000104
Get the signer's public key
Figure PCTCN2016112385-appb-000105
如图6所示,更进一步地,所述验证单元700包括:As shown in FIG. 6, the verification unit 700 further includes:
接收模块701,用于接收签名请求者发送的消息-签名对(m,c,σ=(y,h′,S′));The receiving module 701 is configured to receive a message-signature pair (m, c, σ=(y, h', S')) sent by the signature requester;
计算模块702,用于计算z=H0(c),
Figure PCTCN2016112385-appb-000106
a calculation module 702, configured to calculate z=H 0 (c),
Figure PCTCN2016112385-appb-000106
验证模块702,用于验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名,否则无效。The verification module 702 is configured to verify whether the equation h'=H 2 (m, z, y') is established, and if so, the verifier believes that (m, c, σ = (y, h', S')) is A valid blind signature is performed by the signer, otherwise it is invalid.
下面,将本发明中的技术方案与上述已存在的CL-PBS方案进行计算效率的比较,其中包括文献2及文献3中的方案,其中文献2是对文献3存在公钥替换攻击提出的改进方案。使用嵌入度为2的超奇异椭圆曲线E(FP):y2=x3+x,其中q=2159+217+1为160比特素数,p为满足条件p+1=12qr的512比特素数。硬件平台:CPU为CPIV 3-GHZ,512MB内存和Windows XP操作系统。表1列出密码方案中耗时大的基本单元运算效率。 In the following, the technical solution in the present invention is compared with the above-mentioned existing CL-PBS scheme, including the schemes in the literature 2 and the document 3, wherein the document 2 is an improvement on the public key replacement attack in the document 3. Program. A super-singular elliptic curve E(F P ) with an embedding degree of 2 is used: y 2 = x 3 + x, where q = 2 159 + 2 17 +1 is a 160-bit prime number, and p is 512 satisfying the condition p+1 = 12qr Bit number. Hardware platform: CPU is CPIV 3-GHZ, 512MB memory and Windows XP operating system. Table 1 lists the time-consuming basic unit operation efficiencies in the cryptographic scheme.
表1 方案中基本单元运算效率(单位为:毫秒)Table 1 Basic unit operation efficiency in the scheme (in milliseconds)
Figure PCTCN2016112385-appb-000107
Figure PCTCN2016112385-appb-000107
表2列出了各方案中具体耗时运算的计算数量,主要比较签名者、签名请求者和验证者在方案构建过程中计算量。Table 2 lists the number of calculations for specific time-consuming operations in each scenario, mainly comparing the amount of calculations by the signer, signature requester, and verifier during the scenario construction process.
表2 各种方案的计算性能比较(单位:毫秒)Table 2 Comparison of calculation performance of various schemes (unit: millisecond)
Figure PCTCN2016112385-appb-000108
Figure PCTCN2016112385-appb-000108
综上,可以明显得到本发明所构造的方案具有更高的效率。In summary, it can be clearly seen that the solution constructed by the present invention has higher efficiency.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。 The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims (8)

  1. 一种无证书部分盲签名方法,其特征在于,包括:A certificateless partial blind signature method, comprising:
    建立一个公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};其中,l为安全参数,且满足素数q>2l,{G1,+}是阶为q的循环加法群,P为群G1中的任意生成元;{G2,·}是阶为q的循环乘法群,g为生成元;双线性对映射e:G1×G1→G2,g=e{P,P)∈G2;hash函数:
    Figure PCTCN2016112385-appb-100001
    H1:{0,1}*→G1
    Figure PCTCN2016112385-appb-100002
    KGC选取s为主密钥,Ppub=sP为公钥;    Establish a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub }; where l is a security parameter and satisfies the prime number q> 2 l , {G 1 , +} is a cyclic addition group of order q, P is an arbitrary generator in group G 1 ; {G 2 , ·} is a cyclic multiplicative group of order q, g is a generator; bilinear pair mapping e :G 1 ×G 1 →G 2 ,g=e{P,P)∈G 2 ;hash function:
    Figure PCTCN2016112385-appb-100001
    H 1 :{0,1} * →G 1 ,
    Figure PCTCN2016112385-appb-100002
    KGC selects s as the primary key and P pub =sP as the public key;
    签名者提取其私钥为
    Figure PCTCN2016112385-appb-100003
    公钥为
    Figure PCTCN2016112385-appb-100004
    The signer extracts his private key as
    Figure PCTCN2016112385-appb-100003
    Public key is
    Figure PCTCN2016112385-appb-100004
    签名者随机选择
    Figure PCTCN2016112385-appb-100005
    并计算z=H0(c)和R=rP,并把R发送给签名请求者;    Signer randomly selected
    Figure PCTCN2016112385-appb-100005
    And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
    签名请求者接受到R后,随机选择盲化因子
    Figure PCTCN2016112385-appb-100006
    并计算z=H0(c)、R′=αR,
    Figure PCTCN2016112385-appb-100007
    h′=H2(m,z,y),h=α-1(β-h′),并把h发送给签名者;    After the signature requester receives R, randomly selects the blinding factor
    Figure PCTCN2016112385-appb-100006
    And calculate z=H 0 (c), R'=αR,
    Figure PCTCN2016112385-appb-100007
    h'=H 2 (m,z,y),h=α -1 (β-h'), and send h to the signer;
    签名者接收到h后,计算
    Figure PCTCN2016112385-appb-100008
    并把S发送给签名请求者;    After the signer receives h, the calculation
    Figure PCTCN2016112385-appb-100008
    And send S to the signature requester;
    签名请求者进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);The signature requester performs the detachment work, calculates S'=αS, and obtains the signature of the message m and the negotiation message c as σ=(y, h', S');
    验证者进行签名验证。The verifier performs signature verification.
  2. 如权利要求1所述的无证书部分盲签名方法,其特征在于,所述建立一个公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub}的具体步骤为:The uncertified partial blind signature method according to claim 1, wherein said establishing a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P The specific steps of pub } are:
    根据安全需要,确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·};According to the security needs, determine the size of the safety factor l and the prime number q, and construct the cyclic addition group {G 1 , +} and the cyclic multiplication group {G 2 satisfying the bilinear mapping e: G 1 × G 1 → G 2 by using the elliptic curve. ,·};
    选择无碰撞杂凑函数
    Figure PCTCN2016112385-appb-100009
    H1:{0,1}*→G1
    Figure PCTCN2016112385-appb-100010
    Select collision-free hash function
    Figure PCTCN2016112385-appb-100009
    H 1 :{0,1} * →G 1 ,
    Figure PCTCN2016112385-appb-100010
    从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGC的主密钥,并计算Ppub=sP作为其对应的公钥;An integer s is randomly selected from the integer multiplication group of mod q as the master key of the private key generation center KGC, and P pub =sP is calculated as its corresponding public key;
    公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。 The system parameters {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub } are disclosed and s is stored as the master key value.
  3. 如权利要求1所述的无证书部分盲签名方法,其特征在于,所述签名者提取其私钥为
    Figure PCTCN2016112385-appb-100011
    公钥为
    Figure PCTCN2016112385-appb-100012
    的具体步骤为:    The certificateless partial blind signature method according to claim 1, wherein said signer extracts his private key as
    Figure PCTCN2016112385-appb-100011
    Public key is
    Figure PCTCN2016112385-appb-100012
    The specific steps are:
    输入系统参数params,签名者的身份IDB,KGC计算
    Figure PCTCN2016112385-appb-100013
    并把部分私钥
    Figure PCTCN2016112385-appb-100014
    发送给签名者;    Enter the system parameter params, the signer's identity ID B , KGC calculation
    Figure PCTCN2016112385-appb-100013
    Partial private key
    Figure PCTCN2016112385-appb-100014
    Sent to the signer;
    根据系统参数params和签名者的身份IDB,签名者随机选择
    Figure PCTCN2016112385-appb-100015
    作为其秘密值;    The system parameters params and the identity of the signer ID B, the signer randomly selected
    Figure PCTCN2016112385-appb-100015
    As its secret value;
    根据系统参数params、签名者的身份IDB、部分私钥
    Figure PCTCN2016112385-appb-100016
    和秘密值
    Figure PCTCN2016112385-appb-100017
    得到签名者的私钥为
    Figure PCTCN2016112385-appb-100018
    According to the system parameter params, the signer's identity ID B , part of the private key
    Figure PCTCN2016112385-appb-100016
    And secret value
    Figure PCTCN2016112385-appb-100017
    Get the signer's private key as
    Figure PCTCN2016112385-appb-100018
    根据系统参数params、签名者的身份IDB和秘密值
    Figure PCTCN2016112385-appb-100019
    得到签名者的公钥
    Figure PCTCN2016112385-appb-100020
    According to the system parameter params, the signer's identity ID B and the secret value
    Figure PCTCN2016112385-appb-100019
    Get the signer's public key
    Figure PCTCN2016112385-appb-100020
  4. 如权利要求1所述的无证书部分盲签名方法,其特征在于,所述验证者进行签名验证的具体步骤包括:The certificateless partial blind signature method according to claim 1, wherein the specific step of the verifier performing signature verification comprises:
    验证者接收到签名者的消息-签名对(m,c,σ=(y,h′,S′));The verifier receives the message-signature pair of the signer (m, c, σ = (y, h', S'));
    计算z=H0(c),
    Figure PCTCN2016112385-appb-100021
    Calculate z=H 0 (c),
    Figure PCTCN2016112385-appb-100021
    验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名;Verify that the equality h'=H 2 (m,z,y') holds, and if so, the verifier believes that (m,c,σ=(y,h',S')) is valid by the signer Blind signature
    否则无效。Otherwise invalid.
  5. 一种无证书部分盲签名装置,其特征在于,包括:A certificateless partial blind signature device, comprising:
    系统参数建立单元,用于建立公开系统参数params={G1,G2,P,e,g,H0,H1,H2,Ppub};a system parameter establishing unit for establishing a public system parameter params={G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub };
    提取单元,用于签名者提取私钥及公钥;An extracting unit, configured for the signer to extract the private key and the public key;
    承诺单元,用于随机选择
    Figure PCTCN2016112385-appb-100022
    并计算z=H0(c)和R=rP,并把R发送给签名请求者;    Commitment unit for random selection
    Figure PCTCN2016112385-appb-100022
    And calculate z = H 0 (c) and R = rP, and send R to the signature requester;
    盲化单元,用于接受到R后,随机选择盲化因子
    Figure PCTCN2016112385-appb-100023
    并计算z=H0(c)、R′=αR,
    Figure PCTCN2016112385-appb-100024
    h′=H2(m,z,y),h=α-1(β-h′),并把h发 送给签名者;    Blind unit for randomly selecting the blinding factor after receiving R
    Figure PCTCN2016112385-appb-100023
    And calculate z=H 0 (c), R'=αR,
    Figure PCTCN2016112385-appb-100024
    h' = H 2 (m, z, y), h = α -1 (β-h'), and send h to the signer;
    部分盲签名单元,用于接收到h后,计算
    Figure PCTCN2016112385-appb-100025
    并把S发送给签名请求者;    Partial blind signature unit, used to receive h after calculation
    Figure PCTCN2016112385-appb-100025
    And send S to the signature requester;
    脱盲单元,用于进行脱盲工作,计算S′=αS,得到消息m和协商消息c的签名为σ=(y,h′,S′);a detachment unit for performing detachment work, calculating S'=αS, obtaining a signature of the message m and the negotiation message c as σ=(y, h', S');
    验证单元,用于进行签名验证。A verification unit for signature verification.
  6. 根据权利要求5所述的无证书部分盲签名装置,其特征在于,所述系统参数建立单元包括:The certificateless partial blind signature device according to claim 5, wherein the system parameter establishing unit comprises:
    构建模块,用于确定安全系数l和素数q的大小,利用椭圆曲线构造满足双线性映射e:G1×G1→G2的循环加法群{G1,+}和循环乘法群{G2,·};Constructing a module for determining the size of the safety factor l and the prime number q, constructing a cyclic addition group {G 1 , +} and a cyclic multiplication group {G satisfying the bilinear map e: G 1 × G 1 → G 2 using an elliptic curve 2 ,·};
    函数选择模块,用于选择无碰撞杂凑函数
    Figure PCTCN2016112385-appb-100026
    H1:{0,1}*→G1
    Figure PCTCN2016112385-appb-100027
    Function selection module for selecting collision-free hash functions
    Figure PCTCN2016112385-appb-100026
    H 1 :{0,1} * →G 1 ,
    Figure PCTCN2016112385-appb-100027
    密钥模块,用于从mod q的整数乘法群中随机选取一个整数s作为私钥生成中心KGG的主密钥,并计算Ppub=sP作为其对应的公钥,并公开系统参数{G1,G2,P,e,g,H0,H1,H2,Ppub},并将s作为主密钥值保存。a key module for randomly selecting an integer s from the integer multiplication group of mod q as the master key of the private key generation center KGG, and calculating P pub =sP as its corresponding public key, and exposing the system parameter {G 1 , G 2 , P, e, g, H 0 , H 1 , H 2 , P pub }, and save s as the master key value.
  7. 根据权利要求5所述的无证书部分盲签名装置,其特征在于,所述提取单元包括:The certificateless partial blind signature device according to claim 5, wherein the extracting unit comprises:
    部分私钥生成模块,用于根据系统参数params,签名者的身份IDB,KGG计算
    Figure PCTCN2016112385-appb-100028
    并把部分私钥
    Figure PCTCN2016112385-appb-100029
    发送给签名者;    Part of the private key generation module for calculating according to the system parameter params, the signer's identity ID B , KGG
    Figure PCTCN2016112385-appb-100028
    Partial private key
    Figure PCTCN2016112385-appb-100029
    Sent to the signer;
    秘密值生成模块,用于根据系统参数params和签名者的身份IDB,随机选择
    Figure PCTCN2016112385-appb-100030
    作为其秘密值;    a secret value generating module for randomly selecting according to the system parameter params and the signer's identity ID B
    Figure PCTCN2016112385-appb-100030
    As its secret value;
    私钥模块,用于根据系统参数params、签名者的身份IDB、部分私钥
    Figure PCTCN2016112385-appb-100031
    和秘密值
    Figure PCTCN2016112385-appb-100032
    得到签名者的私钥为
    Figure PCTCN2016112385-appb-100033
    Private key module, used according to system parameter params, signer's identity ID B , partial private key
    Figure PCTCN2016112385-appb-100031
    And secret value
    Figure PCTCN2016112385-appb-100032
    Get the signer's private key as
    Figure PCTCN2016112385-appb-100033
    公钥模块,用于根据系统参数params、签名者的身份IDB和秘密值
    Figure PCTCN2016112385-appb-100034
    得到签名者的公钥
    Figure PCTCN2016112385-appb-100035
    The public key module, ID B for identity and a secret value based on system parameters params, the signer
    Figure PCTCN2016112385-appb-100034
    Get the signer's public key
    Figure PCTCN2016112385-appb-100035
  8. 根据权利要求5所述的无证书部分盲签名装置,其特征在于,所述验证单元包括:The certificateless partial blind signature device according to claim 5, wherein the verification unit comprises:
    接收模块,用于接收签名请求者发送的消息-签名对(m,c,σ=(y,h′,S′));a receiving module, configured to receive a message-signature pair (m, c, σ=(y, h', S')) sent by the signature requester;
    计算模块,用于计算z=H0(c),
    Figure PCTCN2016112385-appb-100036
    a calculation module for calculating z=H 0 (c),
    Figure PCTCN2016112385-appb-100036
    验证模块,用于验证等式h′=H2(m,z,y′)是否成立,如果是,验证者就相信(m,c,σ=(y,h′,S′))是由签名者进行有效的盲签名,否则无效。 a verification module for verifying whether the equation h'=H 2 (m, z, y') holds, and if so, the verifier believes that (m, c, σ = (y, h', S')) is The signer performs a valid blind signature, otherwise it is invalid.
PCT/CN2016/112385 2016-12-27 2016-12-27 Method and device for certificateless partially blind signature WO2018119670A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112385 WO2018119670A1 (en) 2016-12-27 2016-12-27 Method and device for certificateless partially blind signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/112385 WO2018119670A1 (en) 2016-12-27 2016-12-27 Method and device for certificateless partially blind signature

Publications (1)

Publication Number Publication Date
WO2018119670A1 true WO2018119670A1 (en) 2018-07-05

Family

ID=62707593

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/112385 WO2018119670A1 (en) 2016-12-27 2016-12-27 Method and device for certificateless partially blind signature

Country Status (1)

Country Link
WO (1) WO2018119670A1 (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900299A (en) * 2018-08-17 2018-11-27 延边大学 The shared key method of individual privacy is protected between a kind of group in communication
CN110009354A (en) * 2019-04-04 2019-07-12 郑州师范学院 Voting method based on group ranking in a kind of block chain
CN111711524A (en) * 2020-05-25 2020-09-25 南京师范大学 Certificate-based lightweight outsourcing data auditing method
CN111783136A (en) * 2020-06-17 2020-10-16 联想(北京)有限公司 Data protection method, device, equipment and storage medium
CN112235113A (en) * 2020-07-15 2021-01-15 秦绪祥 Wisdom community endowment service platform
CN112241526A (en) * 2020-10-26 2021-01-19 北京华大信安科技有限公司 Batch verification method and system based on SM9 digital signature
CN112291059A (en) * 2020-07-28 2021-01-29 北京金山云网络技术有限公司 Key generation method and device, storage medium and electronic equipment
CN112364335A (en) * 2020-11-09 2021-02-12 成都卫士通信息产业股份有限公司 Identification identity authentication method and device, electronic equipment and storage medium
CN112383397A (en) * 2020-09-15 2021-02-19 淮阴工学院 Heterogeneous signcryption communication method based on biological characteristics
CN112906059A (en) * 2021-01-19 2021-06-04 中国银联股份有限公司 Proxy signature and verification method, device, system and storage medium
CN113038465A (en) * 2021-02-25 2021-06-25 安徽农业大学 Certificate-free condition privacy protection authentication scheme capable of being revoked in WBANs
CN113098684A (en) * 2021-03-26 2021-07-09 国网河南省电力公司电力科学研究院 Intelligent power grid-oriented untraceable blind signature method and system
CN113221130A (en) * 2021-01-28 2021-08-06 武汉大学 Certificateless online and offline signature method and medium for food safety Internet of things
CN113301520A (en) * 2021-05-21 2021-08-24 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN113360943A (en) * 2021-06-23 2021-09-07 京东数科海益信息科技有限公司 Block chain private data protection method and device
CN113810412A (en) * 2021-09-17 2021-12-17 国家工业信息安全发展研究中心 Certificateless identification resolution identity trust control method, system and equipment
CN113904777A (en) * 2021-09-23 2022-01-07 武汉大学 Signcryption method based on SM2 digital signature algorithm
CN114039722A (en) * 2021-01-26 2022-02-11 中安网脉(北京)技术股份有限公司 Secret sharing hidden identity SM2 signature private key generation device and method thereof
CN114339728A (en) * 2021-12-30 2022-04-12 扬州大学 Privacy protection and secure communication method suitable for wireless medical sensor network
CN114726542A (en) * 2022-04-08 2022-07-08 中国再保险(集团)股份有限公司 Data transmission method and device based on privacy intersection
CN115001764A (en) * 2022-05-23 2022-09-02 中国科学技术大学 Cross-domain key agreement method and system based on consensus database under layered system
CN115174053A (en) * 2022-06-23 2022-10-11 武汉大学 Signature generation method and device for disclainable ring authentication based on SM9 algorithm
CN115174056A (en) * 2022-06-23 2022-10-11 武汉大学 Chameleon signature generation method and device based on SM9 signature
CN115174055A (en) * 2022-06-23 2022-10-11 武汉大学 SM9 signature-based certificate-based signature generation method and device
CN115174054A (en) * 2022-06-23 2022-10-11 武汉大学 Certificateless signature generation method and device based on SM9 signature
CN115174101A (en) * 2022-06-23 2022-10-11 武汉大学 Method and system for generating disclainable ring signature based on SM2 algorithm
CN115174052A (en) * 2022-06-23 2022-10-11 武汉大学 Adapter signature generation method and device based on SM9 signature
CN115225361A (en) * 2022-07-14 2022-10-21 浪潮云信息技术股份公司 Anonymous authentication and tracking method and system for P2P network
CN116032480A (en) * 2022-09-21 2023-04-28 辽宁工程技术大学 Certificate-free broadcast multiple signature method based on pair-free mapping
CN116094729A (en) * 2023-01-12 2023-05-09 武汉大学 Method and system for offline authorization and online signature generation based on SM9 signature
CN116150793A (en) * 2023-03-17 2023-05-23 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system
CN116318738A (en) * 2023-05-18 2023-06-23 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium
CN117201015A (en) * 2023-09-27 2023-12-08 西安邮电大学 Multi-source network coding group signcryption method based on certificate-free
CN117499039A (en) * 2023-10-09 2024-02-02 贵州大学 Blockchain signature method based on elliptic curve public key cryptographic algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387019A (en) * 2011-10-19 2012-03-21 西安电子科技大学 Certificateless partially blind signature method
US20150358167A1 (en) * 2013-09-16 2015-12-10 Huawei Device Co., Ltd. Certificateless Multi-Proxy Signature Method and Apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387019A (en) * 2011-10-19 2012-03-21 西安电子科技大学 Certificateless partially blind signature method
US20150358167A1 (en) * 2013-09-16 2015-12-10 Huawei Device Co., Ltd. Certificateless Multi-Proxy Signature Method and Apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHENG LIN: "Research on Provably Secure Certificateless Signature Schemes", CDFD INFORMATION TECHNOLOGY, no. 4, 15 April 2015 (2015-04-15), pages 66 - 67 *

Cited By (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900299A (en) * 2018-08-17 2018-11-27 延边大学 The shared key method of individual privacy is protected between a kind of group in communication
CN110009354A (en) * 2019-04-04 2019-07-12 郑州师范学院 Voting method based on group ranking in a kind of block chain
CN111711524A (en) * 2020-05-25 2020-09-25 南京师范大学 Certificate-based lightweight outsourcing data auditing method
CN111783136A (en) * 2020-06-17 2020-10-16 联想(北京)有限公司 Data protection method, device, equipment and storage medium
CN112235113A (en) * 2020-07-15 2021-01-15 秦绪祥 Wisdom community endowment service platform
CN112291059B (en) * 2020-07-28 2022-10-21 北京金山云网络技术有限公司 Key generation method and device, storage medium and electronic equipment
CN112291059A (en) * 2020-07-28 2021-01-29 北京金山云网络技术有限公司 Key generation method and device, storage medium and electronic equipment
CN112383397A (en) * 2020-09-15 2021-02-19 淮阴工学院 Heterogeneous signcryption communication method based on biological characteristics
CN112241526A (en) * 2020-10-26 2021-01-19 北京华大信安科技有限公司 Batch verification method and system based on SM9 digital signature
CN112241526B (en) * 2020-10-26 2024-03-19 北京华大信安科技有限公司 Batch verification method and system based on SM9 digital signature
CN112364335A (en) * 2020-11-09 2021-02-12 成都卫士通信息产业股份有限公司 Identification identity authentication method and device, electronic equipment and storage medium
CN112364335B (en) * 2020-11-09 2022-05-13 成都卫士通信息产业股份有限公司 Identification identity authentication method and device, electronic equipment and storage medium
CN112906059A (en) * 2021-01-19 2021-06-04 中国银联股份有限公司 Proxy signature and verification method, device, system and storage medium
CN112906059B (en) * 2021-01-19 2024-02-23 中国银联股份有限公司 Proxy signature and verification method, device, system and storage medium
CN114039722A (en) * 2021-01-26 2022-02-11 中安网脉(北京)技术股份有限公司 Secret sharing hidden identity SM2 signature private key generation device and method thereof
CN113221130A (en) * 2021-01-28 2021-08-06 武汉大学 Certificateless online and offline signature method and medium for food safety Internet of things
CN113038465A (en) * 2021-02-25 2021-06-25 安徽农业大学 Certificate-free condition privacy protection authentication scheme capable of being revoked in WBANs
CN113038465B (en) * 2021-02-25 2022-05-17 安徽农业大学 Revocable certificateless condition privacy protection authentication method in self-organizing network
CN113098684A (en) * 2021-03-26 2021-07-09 国网河南省电力公司电力科学研究院 Intelligent power grid-oriented untraceable blind signature method and system
CN113301520A (en) * 2021-05-21 2021-08-24 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN113301520B (en) * 2021-05-21 2023-02-28 国网四川省电力公司电力科学研究院 Method for secure communication of wireless sensor network
CN113360943A (en) * 2021-06-23 2021-09-07 京东数科海益信息科技有限公司 Block chain private data protection method and device
CN113810412A (en) * 2021-09-17 2021-12-17 国家工业信息安全发展研究中心 Certificateless identification resolution identity trust control method, system and equipment
CN113904777A (en) * 2021-09-23 2022-01-07 武汉大学 Signcryption method based on SM2 digital signature algorithm
CN113904777B (en) * 2021-09-23 2023-10-03 武汉大学 SM2 digital signature algorithm-based signcryption method
CN114339728A (en) * 2021-12-30 2022-04-12 扬州大学 Privacy protection and secure communication method suitable for wireless medical sensor network
CN114339728B (en) * 2021-12-30 2023-09-19 扬州大学 Privacy protection and safety communication method suitable for wireless medical sensor network
CN114726542A (en) * 2022-04-08 2022-07-08 中国再保险(集团)股份有限公司 Data transmission method and device based on privacy intersection
CN114726542B (en) * 2022-04-08 2024-04-09 中国再保险(集团)股份有限公司 Data transmission method and device based on privacy intersection
CN115001764A (en) * 2022-05-23 2022-09-02 中国科学技术大学 Cross-domain key agreement method and system based on consensus database under layered system
CN115174054A (en) * 2022-06-23 2022-10-11 武汉大学 Certificateless signature generation method and device based on SM9 signature
CN115174055A (en) * 2022-06-23 2022-10-11 武汉大学 SM9 signature-based certificate-based signature generation method and device
CN115174052B (en) * 2022-06-23 2024-04-16 武汉大学 Adapter signature generation method and device based on SM9 signature
CN115174053B (en) * 2022-06-23 2024-04-12 武汉大学 Signature generation method and device for repudiation ring authentication based on SM9 algorithm
CN115174053A (en) * 2022-06-23 2022-10-11 武汉大学 Signature generation method and device for disclainable ring authentication based on SM9 algorithm
CN115174054B (en) * 2022-06-23 2024-04-19 武汉大学 Certificate-free signature generation method and device based on SM9 signature
CN115174052A (en) * 2022-06-23 2022-10-11 武汉大学 Adapter signature generation method and device based on SM9 signature
CN115174101A (en) * 2022-06-23 2022-10-11 武汉大学 Method and system for generating disclainable ring signature based on SM2 algorithm
CN115174056A (en) * 2022-06-23 2022-10-11 武汉大学 Chameleon signature generation method and device based on SM9 signature
CN115174055B (en) * 2022-06-23 2024-04-26 武汉大学 Certificate signature generation method and device based on SM9 signature
CN115174056B (en) * 2022-06-23 2024-04-19 武汉大学 Chameleon signature generation method and chameleon signature generation device based on SM9 signature
CN115225361A (en) * 2022-07-14 2022-10-21 浪潮云信息技术股份公司 Anonymous authentication and tracking method and system for P2P network
CN116032480B (en) * 2022-09-21 2024-05-17 辽宁工程技术大学 Certificate-free broadcast multiple signature method based on pair-free mapping
CN116032480A (en) * 2022-09-21 2023-04-28 辽宁工程技术大学 Certificate-free broadcast multiple signature method based on pair-free mapping
CN116094729B (en) * 2023-01-12 2024-04-19 武汉大学 Method and system for offline authorization and online signature generation based on SM9 signature
CN116094729A (en) * 2023-01-12 2023-05-09 武汉大学 Method and system for offline authorization and online signature generation based on SM9 signature
CN116150793B (en) * 2023-03-17 2023-10-24 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system
CN116150793A (en) * 2023-03-17 2023-05-23 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system
CN116318738B (en) * 2023-05-18 2023-09-05 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium
CN116318738A (en) * 2023-05-18 2023-06-23 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium
CN117201015A (en) * 2023-09-27 2023-12-08 西安邮电大学 Multi-source network coding group signcryption method based on certificate-free
CN117201015B (en) * 2023-09-27 2024-05-17 西安邮电大学 Multi-source network coding group signcryption method based on certificate-free
CN117499039B (en) * 2023-10-09 2024-03-26 贵州大学 Blockchain signature method based on elliptic curve public key cryptographic algorithm
CN117499039A (en) * 2023-10-09 2024-02-02 贵州大学 Blockchain signature method based on elliptic curve public key cryptographic algorithm

Similar Documents

Publication Publication Date Title
WO2018119670A1 (en) Method and device for certificateless partially blind signature
CN106789019B (en) Certificate-free partial blind signature method and device
US10944575B2 (en) Implicitly certified digital signatures
Zhang et al. Efficient ID-based public auditing for the outsourced data in cloud storage
US9967239B2 (en) Method and apparatus for verifiable generation of public keys
CN108989050B (en) Certificateless digital signature method
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
US8433897B2 (en) Group signature system, apparatus and storage medium
JP3522447B2 (en) Authentication exchange method and additional public electronic signature method
EP3681093B1 (en) Secure implicit certificate chaining
CN102387019B (en) Certificateless partially blind signature method
US9882890B2 (en) Reissue of cryptographic credentials
US20090210716A1 (en) Direct anonymous attestation using bilinear maps
CN111211910B (en) Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
JP2004208263A (en) Apparatus and method of blind signature based on individual identification information employing bilinear pairing
JP6043804B2 (en) Combined digital certificate
KR20030062402A (en) Apparatus and method for generating and verifying id-based proxy signature by using bilinear parings
CN106656508B (en) A kind of Partial Blind Signature method and apparatus of identity-based
US20150006900A1 (en) Signature protocol
Tso A new way to generate a ring: Universal ring signature
Pandey et al. Detection of Blind Signature Using Recursive Sum
CN116886401A (en) Cloud storage data integrity auditing method based on identity
Kumar et al. Cryptanalysis and improvement of two provably secure certificateless signature schemes
CN117611162A (en) Transaction authentication method and device based on elliptic curve cryptography algorithm
Shim On the security of verifiably encrypted signature schemes in a multi-user setting

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16925041

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11-09-2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16925041

Country of ref document: EP

Kind code of ref document: A1