WO2020103631A1 - Hidden-identity-based signcryption method employing asymmetric bilinear pairing - Google Patents
Hidden-identity-based signcryption method employing asymmetric bilinear pairingInfo
- Publication number
- WO2020103631A1 WO2020103631A1 PCT/CN2019/112508 CN2019112508W WO2020103631A1 WO 2020103631 A1 WO2020103631 A1 WO 2020103631A1 CN 2019112508 W CN2019112508 W CN 2019112508W WO 2020103631 A1 WO2020103631 A1 WO 2020103631A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- aux
- signcryption
- type
- bilinear
- identity
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Definitions
- the invention relates to the field of cryptographic technology, and in particular, to an identity-based signcryption method based on asymmetric bilinear pairs.
- Digital signature and public key encryption are the core contents of cryptography theory and application. Signcryption is a combination of digital signature and public key encryption, which not only ensures the integrity and verifiability of encrypted content, but also ensures the privacy of encrypted messages, and is more efficient than simply combining signatures and encryption For promotion.
- identity-based signcryption uses the user's identity as the public key, which can simplify the management and issuance of public key certificates.
- the original identity-based signcryption schemes need to publicly transmit the user's identity and public key information, and the efficiency is poor.
- the computing and storage capabilities of the device are limited, and in many applications, the user's identity information is often sensitive information and needs to be protected. Therefore, the development of an efficient identity-based identity hiding signcryption method (abbreviated as "hiding signcryption”) has important theoretical and practical significance.
- G 1 , G 2 and G T be three q-order cyclic groups (q can be prime or composite, such as RSA modulus).
- q can be prime or composite, such as RSA modulus.
- G 1 , G 2 and G T as a multiplicative group (all the schemes described in the present invention also work when G 1 , G 2 and G T are referred to as addition groups).
- a bilinear pair It is a bilinear mapping from G 1 ⁇ G 2 to G T and satisfies the following properties:
- Type 2 There is an effective calculation group homomorphism G 2 ⁇ G 1 , but there is no effective homomorphism from G 1 to G 2.
- This type of bilinear pair is generally realized by a general elliptic curve on the prime field, G 1 is the base field In the upper elliptic curve group, G 2 is the elliptic curve subgroup in the extended domain, and the homomorphism of G 2 ⁇ G 1 is generally traced and mapped.
- Type 3 There is no effective computable homomorphism of G 2 ⁇ G 1 or G 1 ⁇ G 2 (homology and even isomorphism must exist, in this case, there is no effectively computed isomorphism).
- This type of bilinear pair is also constructed with a general curve on the prime domain, and G 2 generally takes the kernel of the trace map.
- the public parameters need to have an effectively calculated isomorphism ⁇ : G 1 ⁇ G 2 , that is, ⁇ is an effectively calculateable isomorphism that maps the elements in G 1 to G 2 ; for type 3 bilinear pairs, the system discloses
- the present invention provides an efficient identity-based secret signcryption method in an asymmetric environment, including: a private key generator generates a system master private key Under asymmetric bilinear pair type-1 and type-2, the identity is The private key of the secret signer of is Identity is The private key of the secret signing verifier is Select Calculation And send ⁇ X, C ⁇ to among them Is a bilinear mapping. Calculation And Then accept the secret sign information M. Under asymmetric bilinear pair type-3, the identity is The private key of the secret signer of is Identity is The private key of the secret signing verifier is Select Calculation And send ⁇ X, C ⁇ to among them Is a bilinear mapping. Calculation And Then accept the secret sign information M.
- FIG. 1 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-2).
- Figure 2 is a flow chart of an example of an inventive method (asymmetric bilinear pairing type-3).
- FIG. 1 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-2); wherein, let G 1 ⁇ G 2 , auxM is empty, Is the unit element of group GT, H: ⁇ 0, 1 ⁇ * ⁇ G 1 is the hash function, D is the decryption function corresponding to the encryption function E, Refers to the use of the key K to decrypt the ciphertext C to get It means x from Randomly selected.
- FIG. 2 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-3); wherein, let G 1 ⁇ G 2 , aux M is empty, Is the unit element of the group G T , H 1 : ⁇ 0, 1 ⁇ * ⁇ G 1 , H 2 : ⁇ 0, 1 ⁇ * ⁇ G 2 are two hash functions, D is the decryption function corresponding to the encryption function E , Refers to the use of the key K to decrypt the ciphertext C to get It means x from Randomly selected.
- the present invention provides a secret signcryption method based on asymmetric bilinear pairs. Specific examples are given below:
- n takes 128, bilinear pairing G 1 ⁇ G 2 ⁇ G T , wherein G 1, G 2, and G T is a cyclic group of order q three, take 3594707740912722592580264824659245374581620005772120566140827390747490618210732713776201829166921179104690985316170865403357128018053115705235365035756944666781840271151398486024508905819032066430042870294016997308232041571009239026199854058373227102211040396565230117801219598111998342507534997235192001889 integer q, q binary length (denoted as
- ) is n polynomial; two Ha Greek function: H 1 : ⁇ 0, 1 ⁇ * ⁇ G 1 , H 2 : ⁇ 0, 1 ⁇ *
- msk 647581328478097883885856815637104132132453561065;
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Algebra (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a hidden-identity-based signcryption method employing an asymmetric bilinear pairing. The method comprises: a private key generator generating a system master private key (I); employing asymmetric bilinear pairings Type-1 and Type-2, configuring a private key of a hidden-identity-based signcryption sender identified as (II) to be (III), and configuring a private key of a hidden-identity-based signcryption verifier identified as (IV) to be (V); Â selecting (VI), calculating (VII), and sending {X, C} to (VIII), wherein (IX) is a bilinear map; (VIII) calculating (X), and if (XI), then accepting hidden-identity-based signcryption information M; employing an asymmetric bilinear pairing Type-3, configuring a private key of a hidden-identity-based signcryption sender identified as (II) to be (XII), and configuring a private key of a hidden-identity-based signcryption verifier identified as (IV) to be (XIII); Â selecting (VI), calculating (VII), and sending {X, C} to (VIII), wherein (IX) is a bilinear map; and (VIII) calculating (XIV), and if (XI), then accepting the hidden-identity-based signcryption information M.
Description
本发明涉及密码技术领域,具体地说,涉及一种基于非对称双线性对的身份基匿签密方法。The invention relates to the field of cryptographic technology, and in particular, to an identity-based signcryption method based on asymmetric bilinear pairs.
数字签名和公钥加密是密码理论及应用的核心内容。签密是将数字签名和公钥加密的功能合二为一,既保证了加密内容的完整性和可验证性,又保证了加密消息的私密性,并且比简单地结合签名和加密的效率大为提升。与传统的公钥密码体制下相比,基于身份的签密将用户的身份作为公钥,可以简化公钥证书管理和发放的问题。但是,原有的基于身份签密方案均需公开传输用户的身份和公钥信息,并且效率较差。而在移动互联时代,设备的计算和存储能力受限,并且在很多应用中用户的身份信息往往属于敏感信息,需要保护。因此,发展高效的基于身份的身份匿藏签密方法(简记为“匿签密”)具有重要的理论及应用意义。Digital signature and public key encryption are the core contents of cryptography theory and application. Signcryption is a combination of digital signature and public key encryption, which not only ensures the integrity and verifiability of encrypted content, but also ensures the privacy of encrypted messages, and is more efficient than simply combining signatures and encryption For promotion. Compared with the traditional public key cryptosystem, identity-based signcryption uses the user's identity as the public key, which can simplify the management and issuance of public key certificates. However, the original identity-based signcryption schemes need to publicly transmit the user's identity and public key information, and the efficiency is poor. In the era of mobile internet, the computing and storage capabilities of the device are limited, and in many applications, the user's identity information is often sensitive information and needs to be protected. Therefore, the development of an efficient identity-based identity hiding signcryption method (abbreviated as "hiding signcryption") has important theoretical and practical significance.
令G
1、G
2和G
T是三个q阶循环群(q可以是素数,也可以是合数,如RSA模数)。为了描述方便起见,我们记G
1、G
2和G
T为乘法群(所有本发明中描述的方案均在G
1、G
2和G
T记为加法群时同样工作)。一般而言,一个双线性对
就是一个从G
1×G
2到G
T的双线性映射,并满足下面性质:
Let G 1 , G 2 and G T be three q-order cyclic groups (q can be prime or composite, such as RSA modulus). For the convenience of description, we refer to G 1 , G 2 and G T as a multiplicative group (all the schemes described in the present invention also work when G 1 , G 2 and G T are referred to as addition groups). Generally speaking, a bilinear pair It is a bilinear mapping from G 1 × G 2 to G T and satisfies the following properties:
(2)非退化性:对于每一个
总存在一个g
2∈G
2,使得
其中,
是G
1的单位元,
是G
T的单位元;
(2) Non-degeneration: For each There is always a g 2 ∈G 2 such that among them, Is the unit of G 1 , Is the unit of G T ;
(3)双线性映射可以有效计算。(3) Bilinear mapping can be effectively calculated.
双线性对有下面三种类型:There are three types of bilinear pairs:
类型1:G
1→G
2有一个可有效计算的同构,这时一般记为G
1=G
2(通常用G表示)。这类双线性对一般可以用超奇异椭圆曲线或超椭圆曲线来实现。
Type 1: G 1 → G 2 has an isomorphism that can be effectively calculated, in this case it is generally written as G 1 = G 2 (usually expressed by G). This type of bilinear pairing can generally be achieved with super-singular elliptic curves or super-elliptic curves.
类型2:有一个有效计算群同态G
2→G
1,但无从G
1到G
2的有效同态.这类双线性对一般用素数域上的一般椭圆曲线实现,G
1是基域上椭圆曲线群,G
2是 扩域上椭圆曲线子群,G
2→G
1的同态一般取迹映射。
Type 2: There is an effective calculation group homomorphism G 2 → G 1 , but there is no effective homomorphism from G 1 to G 2. This type of bilinear pair is generally realized by a general elliptic curve on the prime field, G 1 is the base field In the upper elliptic curve group, G 2 is the elliptic curve subgroup in the extended domain, and the homomorphism of G 2 → G 1 is generally traced and mapped.
类型3:没有任何G
2→G
1或G
1→G
2的有效可计算的同态(同态甚至同构一定是存在的,这里是指没有有效计算的同构)。这类双线性对也是用素域上的一般曲线来构造,G
2一般取迹映射的核。
Type 3: There is no effective computable homomorphism of G 2 → G 1 or G 1 → G 2 (homology and even isomorphism must exist, in this case, there is no effectively computed isomorphism). This type of bilinear pair is also constructed with a general curve on the prime domain, and G 2 generally takes the kernel of the trace map.
本发明所描述的方法可以在上述三种类型双线性对任一类型上都可以工作,区别在于:对于类型1双线性对,G
1=G
2;对于类型2双线性对,系统公开参数中需要有一个可有效计算的同构ψ:G
1→G
2,即ψ为将G
1中元素映射到G
2的可有效计算的同构;对于类型3双线性对,系统公开参数中不需要有一个可有效计算的同构ψ:G
1→G
2,但每个用户的私钥由一个增加到两个,分别用于签密和验证签密。在下述的发明方案描述中,基于类型-2和类型-3来描述,当应用到类型-1双线性对时则有G
1=G
2。
The method described in the present invention can work on any of the above three types of bilinear pairs, the difference is that: for type 1 bilinear pairs, G 1 = G 2 ; for type 2 bilinear pairs, the system The public parameters need to have an effectively calculated isomorphism ψ: G 1 → G 2 , that is, ψ is an effectively calculateable isomorphism that maps the elements in G 1 to G 2 ; for type 3 bilinear pairs, the system discloses There is no need to have an isomorphic ψ that can be effectively calculated in the parameters: G 1 → G 2 , but each user's private key is increased from one to two, which are used for signcryption and verification signcryption, respectively. In the following description of the invention scheme, the description is based on type-2 and type-3, and when applied to the type-1 bilinear pair, G 1 = G 2 .
发明内容Summary of the invention
为解决上述问题,本发明提供了一种非对称环境下高效的基于身份的匿签密方法,包括:私钥生成器生成系统主私钥
在非对称双线性对类型-1和类型-2下,身份为
的匿签密发送方的私钥为
身份为
的匿签密验证方的私钥为
选取
计算
并将{X,C}发送给
其中
是双线性映射。
计算
且
则接受匿签密信息M。在非对称双线性对类型-3下,身份为
的匿签密发送方的私钥为
身份为
的匿签密验证方的私钥为
选取
计算
并将{X,C}发送给
其中
是双线性映射。
计算
且
则接受匿签密信息M。
In order to solve the above problems, the present invention provides an efficient identity-based secret signcryption method in an asymmetric environment, including: a private key generator generates a system master private key Under asymmetric bilinear pair type-1 and type-2, the identity is The private key of the secret signer of is Identity is The private key of the secret signing verifier is Select Calculation And send {X, C} to among them Is a bilinear mapping. Calculation And Then accept the secret sign information M. Under asymmetric bilinear pair type-3, the identity is The private key of the secret signer of is Identity is The private key of the secret signing verifier is Select Calculation And send {X, C} to among them Is a bilinear mapping. Calculation And Then accept the secret sign information M.
图1是发明方法一个实例(非对称双线性配对类型-2)实现的流程图。FIG. 1 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-2).
图2是发明方法一个实例(非对称双线性配对类型-3)实现的流程图。Figure 2 is a flow chart of an example of an inventive method (asymmetric bilinear pairing type-3).
图1是发明方法一个实例(非对称双线性配对类型-2)实现的流程图;其中,令G
1≠G
2,
auxM为空,
为群GT的单位元,H:{0,1}
*→G
1是哈希函数,D是与加密函数E对应的解密函数,
指的是利用密钥K对密文C进行解密得到
表示的是x从
中随机选取。
FIG. 1 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-2); wherein, let G 1 ≠ G 2 , auxM is empty, Is the unit element of group GT, H: {0, 1} * → G 1 is the hash function, D is the decryption function corresponding to the encryption function E, Refers to the use of the key K to decrypt the ciphertext C to get It means x from Randomly selected.
图2是发明方法一个实例(非对称双线性配对类型-3)实现的流程图;其中,令G
1≠G
2,
aux
M为空,
为群G
T的单位元,H
1:{0,1}
*→G
1,H
2:{0,1}
*→G
2是两个哈希函数,D是与加密函数E对应的解密函数,
指的是利用密钥K对密文C进行解密得到
表示的是x从
中随机选取。
FIG. 2 is a flowchart of an example of an inventive method (asymmetric bilinear pairing type-3); wherein, let G 1 ≠ G 2 , aux M is empty, Is the unit element of the group G T , H 1 : {0, 1} * → G 1 , H 2 : {0, 1} * → G 2 are two hash functions, D is the decryption function corresponding to the encryption function E , Refers to the use of the key K to decrypt the ciphertext C to get It means x from Randomly selected.
本发明提供了一种基于非对称双线性对的匿签密方法,现举例给出具体实施方式:The present invention provides a secret signcryption method based on asymmetric bilinear pairs. Specific examples are given below:
系统建立:生成系统公开参数,一个安全参数n取128,双线性对
G
1×G
2→G
T,其中G
1、G
2和G
T是三个q阶循环群,整数q取3594707740912722592580264824659245374581620005772120566140827390747490618210732713776201829166921179104690985316170865403357128018053115705235365035756944666781840271151398486024508905819032066430042870294016997308232041571009239026199854058373227102211040396565230117801219598111998342507534997235192001889,q的二进制长度(记为|q|)为n的多项式;两个哈希函数:H
1:{0,1}
*→G
1,H
2:{0,1}
*→G
2,分别采用MD5和SHA256函数;密钥导出函数KDF:{0,1}
*→{0,1}
n采用Openssl的AES算法内置KDF;g
1为G
1的生成元,取值72026754027934651490995918212523766243371000525971101339334699885320636543746077563483364060839557244370694227487917252409638191550569389028359389164974323853180025346237445763293422583856014029352597479177910324941936807527651378495009235344516904490274731975063077229612562360754643102255089897348148780690,g
2∈G
2为G
2的生成元,取值7770630256160844001061836831347865610850334358908951970056605558701855341430296 8551516717115506698339473642981470868826042443741805044287846666289451133627751364843226483789350336451089265057408624982566636736744757835440696623220350219622426665921578454579853475107616688094007335536946549349101096432348567,
为群G
T的单位元;E采用对称加密函数AES;系统公开参数包括:
System establishment: generate public system parameters, a security parameter n takes 128, bilinear pairing G 1 × G 2 → G T , wherein G 1, G 2, and G T is a cyclic group of order q three, take 3594707740912722592580264824659245374581620005772120566140827390747490618210732713776201829166921179104690985316170865403357128018053115705235365035756944666781840271151398486024508905819032066430042870294016997308232041571009239026199854058373227102211040396565230117801219598111998342507534997235192001889 integer q, q binary length (denoted as | q |) is n polynomial; two Ha Greek function: H 1 : {0, 1} * → G 1 , H 2 : {0, 1} * → G 2 , using MD5 and SHA256 functions respectively; key derivation function KDF: {0, 1} * → { 0,1} n using the AES algorithm built KDF Openssl; g 1 is a generator of G. 1, the value 72026754027934651490995918212523766243371000525971101339334699885320636543746077563483364060839557244370694227487917252409638191550569389028359389164974323853180025346237445763293422583856014029352597479177910324941936807527651378495009235344516904490274731975063077229612562360754643102255089897348148780690, g 2 ∈G 2 generators of G 2, the value 7770630256160844001061836831347865610850334358908951970056605558701855341430296 85515167171155066983394736429814708688260424437418050442878466662894511336277513648432264837893503 36451089265057408624982566636736744757835440696623220350219622426665921578454579853475107616688094007335536946549349101096432348567, It is the unit element of group G T ; E adopts symmetric encryption function AES; the public parameters of the system include:
系统公开参数可以由系统内的用户协商决定,或由可信第三方给定;PKG生成系统主密钥
msk取647581328478097883885856815637104132132453561065;
The public parameters of the system can be negotiated and decided by users in the system, or given by a trusted third party; msk is 647581328478097883885856815637104132132453561065;
用户私钥提取:具有身份ID∈{0,1}
*的用户在PKG注册,PKG为其生成私钥:
User private key extraction: Users with identity ID ∈ {0, 1} * are registered with PKG, and PKG generates private keys for them:
为了描述方便起见,下述的方法描述中签密的生成方的身份记为
令
计算签密和验证签密私钥分别
签密验证方记为
令
签密和验证签密私钥分别为
For convenience of description, the identity of the signcryption generator in the following method description is written as make Calculate signcryption and verify signcryption private key separately The signcryption verifier is recorded as make Signcryption and verification signcryption private keys are
匿签密生成:令M∈{0,1}
*为匿签密的信息,M取值2MMMMMMMMMMMMMMMMmmmmmmMMMMMMMMMMMMMMMMMMMMM;用户
选取x=344135958399807195458316225370763102587786809162,计算
若采用类型-3双线性对,计算
(若采用类型-2双线性对,计算
)若
(否则重新选取x,重新计算PS),计算K=KDF(PS,aux
K)=KDF(PS,aux
K)={rounds=10;rd_key=946168116 875979576 895575096 811676005 1969327858 1096281546 1949731314 1146599575 4252685724 3157080150},
计算
得667afc15fc776f81b5f74e9028723c7236f804cf40491f86cbcc70a1ef3b5976e1343fe5cdedd30ad1da70fbfd61cf53a1a7ab57d004c56799351dd3afa32cdf13506dc5e10af7cd39fc3ca426cb7b7fd091c5d70454517841a01412e48d2b43;最后,用户
将{X,C}发送给用户
Secret signcryption generation: let M ∈ {0, 1} * for secret signcryption information, M takes the value 2MMMMMMMMMMMMMMMMmmmmmmMMMMMMMMMMMMMMMMMMMMM; user Choose x = 344135958399807195458316225370763102587786809162, calculate If using type-3 bilinear pair, calculate (If type-2 bilinear pair is used, calculate ) If (Otherwise re-select x, recalculate PS), calculate K = KDF (PS, aux K ) = KDF (PS, aux K ) = {rounds = 10; rd_key = 946168116 875979576 895575096 811676005 1969327858 1096281546 1949731314 1146599575 4252685724 3157080150}, Calculation 667afc15fc776f81b5f74e9028723c7236f804cf40491f86cbcc70a1ef3b5976e1343fe5cdedd30ad1da70fbfd61cf53a1a7ab57d004c56799351dd3afa32cdf13506dc5e10af7cd39fbd7cdd Send {X, C} to the user
匿签密验证:用户
接收到{X,C}后,若采用类型-3双线性对,计算
(若采用类型-1双线性对,计算
若采用类型-2双线性对,计算
若
计算K=KDF(PS,aux
K)={rounds=10;rd_key=946168116 875979576 895575096 811676005 1969327858 1096281546 1949731314 1146599575 4252685724 3157080150},
利用K对C解密得到
且
与传输密文相等,验证成功,接受匿签密信息M。
Secret signcryption verification: user After receiving {X, C}, if using type-3 bilinear pair, calculate (If type-1 bilinear pair is used, calculate If type-2 bilinear pairs are used, calculate If Calculate K = KDF (PS, aux K ) = {rounds = 10; rd_key = 946168116 875979576 895575096 811676005 1969327858 1096281546 1949731314 1146599575 4252685724 3157080150}, Use K to decrypt C And It is equal to the transmitted ciphertext, the verification is successful, and the secret signcryption information M is accepted.
本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be explained in the subsequent description, and partly become obvious from the description, or be understood by implementing the present invention. The objects and other advantages of the present invention can be realized and obtained by the structures particularly pointed out in the description, claims and drawings.
应该理解的是,本发明所公开的实施例不限于这里所公开的特定处理步骤,而应当延伸到相关领域的普通技术人员所理解的这些特征的等同替代。还应当理解的是,在此使用的术语仅用于描述特定实施例的目的,而并不意味着限制。It should be understood that the disclosed embodiments of the present invention are not limited to the specific processing steps disclosed herein, but should extend to equivalent replacements of these features as understood by those of ordinary skill in the relevant art. It should also be understood that the terminology used herein is for the purpose of describing particular embodiments only, and is not meant to be limiting.
说明书中提到的“两个实施例”或“实施例”意指结合实施例描述的特定特征、结构或特性包括在本发明的至少两个实施例中。因此,说明书通篇各个地方出现的短语“两个实施例”或“实施例”并不一定均指同一实施例。The "two embodiments" or "embodiments" mentioned in the specification mean that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least two embodiments of the present invention. Therefore, the phrases "two embodiments" or "embodiments" appearing in various places throughout the specification do not necessarily all refer to the same embodiment.
虽然上述示例用于说明本发明在一个或多个应用中的原理,但对于本领域的技术人员来说,在不背离本发明的原理和思想的情况下,明显可以在形式上、用法及实施的细节上作各种修改而不用付出创造性劳动。因此,本发明由所附的权利要求书来限定。Although the above examples are used to illustrate the principles of the present invention in one or more applications, it is obvious to those skilled in the art that they can be used in form, usage and implementation without departing from the principles and ideas of the present invention Make various modifications to the details without paying creative efforts. Therefore, the present invention is defined by the appended claims.
Claims (7)
- 一种高效的基于非对称双线性对的身份基匿签密方法,所述方法包括:An efficient identity-based signcryption method based on asymmetric bilinear pairs, the method includes:系统建立:生成系统公开参数,包括:一个安全参数n,双线性对 整数q,其中G 1、G 2和G T是三个q阶循环群,q的二进制长度(记为|q|)为n的多项式;两个哈希函数:H 1:{0,1} *→G 1,H 2:{0,1} *→G 2,一个可有效计算的同构ψ:G 1→G 2,一个密钥导出函数KDF:{0,1} *→{0,1} n;令g 1∈G 1为G 1的生成元,g 2∈G 2为G 2的生成元, 为群G T的单位元;E为一个对称加密函数;系统公开参数记为: System establishment: generating system public parameters, including: a security parameter n, bilinear pair Integer q, where G 1 , G 2 and G T are three q-order cyclic groups, and the binary length of q (denoted by | q |) is a polynomial of n; two hash functions: H 1 : {0, 1} * → G 1 , H 2 : {0, 1} * → G 2 , an isomorphic ψ that can be effectively calculated: G 1 → G 2 , a key derivation function KDF: {0, 1} * → {0, 1} n; g 1 ∈G 1 so as generator of G 1, g 2 ∈G 2 is a generator of G 2, Is the unit element of group G T ; E is a symmetric encryption function; the public parameters of the system are recorded as:系统公开参数可以由系统内的用户协商决定,或由可信第三方给定;私钥生成器(Private Key Generator,简称为PKG)生成用户主密钥 (msk从 中随机选取,其中 的取值范围为1到q-1中的整数,且q为一个大素数);公开发布SysPar,保密保存msk。 The public parameters of the system can be negotiated and determined by the users in the system or given by a trusted third party; the private key generator (Private Key Generator, PKG for short) generates the user master key (msk from Randomly selected in The value range is an integer from 1 to q-1, and q is a large prime number); SysPar is publicly released, and msk is kept confidential.用户私钥生成:具有身份ID∈{0,1} *的用户在PKG注册,PKG根据主密钥msk和用户身份生成用户私钥: 其中 用来签密, 用来验证签密。为了描述方便起见,下述的描述中签密生成方记为 签密和验证签密私钥分别为 签密验证方记为 签密和验证签密私钥分别为 User private key generation: Users with identity ID ∈ {0, 1} * are registered with PKG, and PKG generates user private key based on master key msk and user identity: among them Used for signcryption, Used to verify signcryption. For the convenience of description, the signcryption generator is denoted as Signcryption and verification signcryption private keys are The signcryption verifier is recorded as Signcryption and verification signcryption private keys are匿签密生成:令M∈{0,1} *为匿签密的信息; Secret signcryption generation: Let M ∈ {0, 1} * be secret signcryption information;构造方法一(基于Type 1双线性对):用户 选取 计算 计算 若 (否则重新选取x),计算K=KDF(PS,aux K),aux K或为空,或为 的一个子集,aux K的具体形式或者双方事先约定或者是协议规范的一部分,aux d可为空或包含一些不会泄露通信双方身份的附加信息;计算 即:将K作为对称加密函数E的密钥对 按照规定或约定编码方式进行加密,其中aux M是可为空或包含一个时间戳信息的集合;最后,用户 将{X,C}发送给用户 Construction method one (based on Type 1 bilinear pair): user Select Calculation Calculation If (Otherwise re-select x), calculate K = KDF (PS, aux K ), aux K is either empty, or is A subset of aux K , the specific form of aux K or the agreement between the two parties in advance or part of the protocol specification, aux d can be empty or contain some additional information that will not disclose the identity of the communicating parties; calculation That is: use K as the key pair of the symmetric encryption function E Encrypt according to the prescribed or agreed coding method, where aux M is a set that can be empty or contain a timestamp information; finally, the user Send {X, C} to the user构造方法二(基于Type 2双线性对):用户 选取 计算 计算 若 (否则重新选取 x),计算K=KDF(PS,aux K),aux K或为空,或为 的一个子集,aux K的具体形式或者双方事先约定或者是协议规范的一部分,aux d可为空或包含一些不会泄露通信双方身份的附加信息;计算 即:将K作为对称加密函数E的密钥对 按照规定或约定编码方式进行加密,其中aux M是可为空或包含一个时间戳信息的集合;最后,用户 将{X,C}发送给用户 Construction method two (based on Type 2 bilinear pair): user Select Calculation Calculation If (Otherwise re-select x), calculate K = KDF (PS, aux K ), aux K is either empty, or is A subset of aux K , the specific form of aux K or the agreement between the two parties in advance or part of the protocol specification, aux d can be empty or contain some additional information that will not disclose the identity of the communicating parties; calculation That is: use K as the key pair of the symmetric encryption function E Encrypt according to the prescribed or agreed coding method, where aux M is a set that can be empty or contain a timestamp information; finally, the user Send {X, C} to the user构造方法三(基于Type 3双线性对):用户 选取 计算 计算 若 (否则重新选取x),计算K=KDF(PS,aux K),aux K或为空,或为 的一个子集(这里,哈希函数H 1将 的身份映射到群G 1,哈希函数H 2将 的身份映射到群G 2,且 并且aux K的具体形式或者双方事先约定或者是协议规范的一部分,aux d可为空或包含一些不会泄露通信双方身份的附加信息;计算 即:将K作为对称加密函数E的密钥对 按照规定或约定编码方式进行加密,其中aux M是可为空或包含一个时间戳信息的集合;最后,用户 将{X,C}发送给用户 Construction method three (based on Type 3 bilinear pair): user Select Calculation Calculation If (Otherwise re-select x), calculate K = KDF (PS, aux K ), aux K is either empty, or is A subset of (here, the hash function H 1 will Is mapped to the group G 1 , the hash function H 2 will Is mapped to group G 2 , and And the specific form of aux K is either agreed in advance by both parties or is part of the protocol specification. Aux d can be empty or contain some additional information that will not reveal the identity of both parties in the communication; calculation That is: use K as the key pair of the symmetric encryption function E Encrypt according to the prescribed or agreed coding method, where aux M is a set that can be empty or contain a timestamp information; finally, the user Send {X, C} to the user匿签密验证:用户 接收到{X,C}后,针对如上的三种匿签密算法分别做如下解密及验证: Secret signcryption verification: user After receiving {X, C}, decrypt and verify the above three secret signcryption algorithms as follows:验证方法一(基于Type 1双线性对):计算 若 返回无效字符,表明匿签密无效;否则,计算K=KDF(PS,aux K),利用K对C解密得到 若 且 且aux M有效,则接受匿签密信息M,否则拒绝接受。 Verification method 1 (based on Type 1 bilinear pair): calculation If Invalid characters are returned, indicating that the secret signcryption is invalid; otherwise, K = KDF (PS, aux K ) is calculated, and K is used to decrypt C to obtain If And If aux M is valid, the secret sign M is accepted, otherwise it is rejected.验证方法二(基于Type 2双线性对):计算 若 返回无效字符,表明匿签密无效;否则,计算K=KDF(PS,aux K),利用K对C解密得到 若 且 且aux M有效,则接受匿签密信息M,否则拒绝接受。 Verification method two (based on Type 2 bilinear pair): calculation If Invalid characters are returned, indicating that the secret signcryption is invalid; otherwise, K = KDF (PS, aux K ) is calculated, and K is used to decrypt C to obtain If And If aux M is valid, the secret sign M is accepted, otherwise it is rejected.验证方法三(基于Type 3双线性对):计算 若 返回无效字符,表明匿签密无效;否则,计算K=KDF(PS,aux K),利用K对C解密得到 若 且 且aux M有效,则接受匿签密信息M,否则拒绝接受。 Verification method three (based on Type 3 bilinear pair): calculation If Invalid characters are returned, indicating that the secret signcryption is invalid; otherwise, K = KDF (PS, aux K ) is calculated, and K is used to decrypt C to obtain If And If aux M is valid, the secret sign M is accepted, otherwise it is rejected.
- 如权利要求1所述的方法,其特征在于,The method of claim 1, wherein:群G 1和G 2可以相等(记为G),即基于Type 1的双线性配对的构造(如构造方法一);q为素数或合数;从 中随机选取,或在 中随机选取,其中 或 为空或包含一个时间戳信息;aux d为空或包含不会泄露通信双方身份的附件信息;E是一个认证加密函数或者带有辅助输入的认证加密函数。 Groups G 1 and G 2 can be equal (denoted as G), that is, a bilinear pairing structure based on Type 1 (such as construction method 1); q is prime or composite; from Randomly selected in, or in Randomly selected in or Is empty or contains a timestamp information; aux d is empty or contains attachment information that will not reveal the identity of both parties to the communication; E is an authentication encryption function or an authentication encryption function with auxiliary input.
- 如权利要求书1~2中任一项所述的方法,其特征在于,对于Type 2和Type 3双线性对,G 1≠G 2。 The method according to any one of claims 1 to 2, characterized in that, for Type 2 and Type 3 bilinear pairs, G 1 ≠ G 2 .
- 如权利要求书1~2中任一项所述的方法,其特征在于,对于Type 2双线性对,其构造方法不需要哈希函数H 2:{0,1} *→G 2。 The method according to any one of claims 1 to 2, characterized in that, for the Type 2 bilinear pair, its construction method does not require a hash function H 2 : {0, 1} * → G 2 .
- 如权利要求书1~2中任一项所述的方法,其特征在于,对于Type 3双线性对,其构造方法不需要一个可有效计算的同构ψ:G 1→G 2。 The method according to any one of claims 1 to 2, characterized in that, for the Type 3 bilinear pair, the construction method does not require an isomorphic ψ that can be effectively calculated: G 1 → G 2 .
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811403997.XA CN109462481B (en) | 2018-11-23 | 2018-11-23 | Secret signcryption method based on asymmetric bilinear pairings |
CN201811403997.X | 2018-11-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020103631A1 true WO2020103631A1 (en) | 2020-05-28 |
Family
ID=65611372
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/112508 WO2020103631A1 (en) | 2018-11-23 | 2019-10-22 | Hidden-identity-based signcryption method employing asymmetric bilinear pairing |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109462481B (en) |
WO (1) | WO2020103631A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111786774A (en) * | 2020-06-28 | 2020-10-16 | 南京信息工程大学 | Method for realizing key agreement protocol based on linear feedback shift register |
CN114257366A (en) * | 2021-12-20 | 2022-03-29 | 成都卫士通信息产业股份有限公司 | Information homomorphic processing method, device, equipment and computer readable storage medium |
CN114362917A (en) * | 2021-12-28 | 2022-04-15 | 安徽师范大学 | Method for discovering safe verifiable data truth value in mobile crowd sensing |
CN114844625A (en) * | 2022-03-08 | 2022-08-02 | 武汉大学 | Electricity conversion appointment service method and equipment based on heterogeneous signcryption and excitation mechanism |
CN115225357A (en) * | 2022-07-12 | 2022-10-21 | 浙江工商大学 | Verifiable privacy protection multi-subset data aggregation method |
CN117478329A (en) * | 2023-10-16 | 2024-01-30 | 武汉大学 | Multi-user collusion-resistant ciphertext retrieval method and equipment based on identity key encapsulation |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109462481B (en) * | 2018-11-23 | 2022-04-26 | 上海扈民区块链科技有限公司 | Secret signcryption method based on asymmetric bilinear pairings |
CN110086620A (en) * | 2019-03-25 | 2019-08-02 | 电子科技大学 | R-ate Bilinear map implementation method based on the library OpenSSL |
CN111310210B (en) * | 2020-02-17 | 2022-06-17 | 复旦大学 | Double-authentication symmetric searchable encryption method based on password and secret signcryption |
CN114978658B (en) * | 2022-05-17 | 2023-10-27 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7590236B1 (en) * | 2004-06-04 | 2009-09-15 | Voltage Security, Inc. | Identity-based-encryption system |
CN105306212A (en) * | 2015-08-31 | 2016-02-03 | 赵运磊 | Signcryption method with hidden identity and strong security |
CN106453253A (en) * | 2016-09-06 | 2017-02-22 | 赵运磊 | Efficient identity-based concealed signcryption method |
WO2018070932A1 (en) * | 2016-10-14 | 2018-04-19 | Huawei International Pte. Ltd. | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure |
CN108650097A (en) * | 2018-04-28 | 2018-10-12 | 上海扈民区块链科技有限公司 | A kind of efficient aggregation number endorsement method |
CN109462481A (en) * | 2018-11-23 | 2019-03-12 | 上海扈民区块链科技有限公司 | It is a kind of that decryption method is signed based on hideing for asymmetric Bilinear map |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7822200B2 (en) * | 2005-03-07 | 2010-10-26 | Microsoft Corporation | Method and system for asymmetric key security |
US7921294B2 (en) * | 2006-09-07 | 2011-04-05 | International Business Machines Corporation | Verification of encryption key |
CA2677148C (en) * | 2007-02-02 | 2015-11-24 | Telcordia Technologies, Inc. | Method and system to authorize and assign digital certificates without loss of privacy |
CN101626364A (en) * | 2008-07-08 | 2010-01-13 | 赵运磊 | Method for authentication for resisting secrete data disclosure and key exchange based on passwords |
CN103746811B (en) * | 2013-12-27 | 2017-01-25 | 西安邮电大学 | Anonymous signcryption method from identity public key system to certificate public key system |
CN105743646B (en) * | 2016-02-03 | 2019-05-10 | 四川长虹电器股份有限公司 | A kind of Identity based encryption method and system |
EP3437247B1 (en) * | 2016-03-29 | 2019-10-23 | Koninklijke Philips N.V. | System and method for distribution of identity based key material and certificate |
CN106850195B (en) * | 2016-04-18 | 2020-05-19 | 中国科学院信息工程研究所 | Group key negotiation and communication method in instant communication |
CN107566121B (en) * | 2016-11-18 | 2020-03-10 | 上海扈民区块链科技有限公司 | Efficient secret consensus method |
CN108173639B (en) * | 2018-01-22 | 2020-10-27 | 中国科学院数据与通信保护研究教育中心 | Two-party cooperative signature method based on SM9 signature algorithm |
CN108667616B (en) * | 2018-05-03 | 2021-05-04 | 西安电子科技大学 | Cross-cloud security authentication system and method based on identification |
-
2018
- 2018-11-23 CN CN201811403997.XA patent/CN109462481B/en active Active
-
2019
- 2019-10-22 WO PCT/CN2019/112508 patent/WO2020103631A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7590236B1 (en) * | 2004-06-04 | 2009-09-15 | Voltage Security, Inc. | Identity-based-encryption system |
CN105306212A (en) * | 2015-08-31 | 2016-02-03 | 赵运磊 | Signcryption method with hidden identity and strong security |
CN106453253A (en) * | 2016-09-06 | 2017-02-22 | 赵运磊 | Efficient identity-based concealed signcryption method |
WO2018070932A1 (en) * | 2016-10-14 | 2018-04-19 | Huawei International Pte. Ltd. | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure |
CN108650097A (en) * | 2018-04-28 | 2018-10-12 | 上海扈民区块链科技有限公司 | A kind of efficient aggregation number endorsement method |
CN109462481A (en) * | 2018-11-23 | 2019-03-12 | 上海扈民区块链科技有限公司 | It is a kind of that decryption method is signed based on hideing for asymmetric Bilinear map |
Non-Patent Citations (1)
Title |
---|
SUI, GUANGYE ET AL.: "Revisiting OAKE in the eCK Security Model", IEEE CNS 2018 - IEEE INTERNATIONAL WORKSHOP ON ATTACKS AND DEFENSES FOR INTERNET -OF- THINGS (ADIOT, 13 August 2018 (2018-08-13), XP055584050 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111786774A (en) * | 2020-06-28 | 2020-10-16 | 南京信息工程大学 | Method for realizing key agreement protocol based on linear feedback shift register |
CN114257366A (en) * | 2021-12-20 | 2022-03-29 | 成都卫士通信息产业股份有限公司 | Information homomorphic processing method, device, equipment and computer readable storage medium |
CN114257366B (en) * | 2021-12-20 | 2024-04-12 | 成都卫士通信息产业股份有限公司 | Information homomorphic processing method, device, equipment and computer readable storage medium |
CN114362917A (en) * | 2021-12-28 | 2022-04-15 | 安徽师范大学 | Method for discovering safe verifiable data truth value in mobile crowd sensing |
CN114362917B (en) * | 2021-12-28 | 2024-04-30 | 安徽师范大学 | Security verifiable data true value discovery method in mobile crowd sensing |
CN114844625A (en) * | 2022-03-08 | 2022-08-02 | 武汉大学 | Electricity conversion appointment service method and equipment based on heterogeneous signcryption and excitation mechanism |
CN114844625B (en) * | 2022-03-08 | 2024-04-16 | 武汉大学 | Electricity conversion reservation service method and equipment based on heterogeneous signcryption and excitation mechanism |
CN115225357A (en) * | 2022-07-12 | 2022-10-21 | 浙江工商大学 | Verifiable privacy protection multi-subset data aggregation method |
CN115225357B (en) * | 2022-07-12 | 2023-09-01 | 浙江工商大学 | Verifiable privacy protection multi-subset data aggregation method |
CN117478329A (en) * | 2023-10-16 | 2024-01-30 | 武汉大学 | Multi-user collusion-resistant ciphertext retrieval method and equipment based on identity key encapsulation |
CN117478329B (en) * | 2023-10-16 | 2024-04-26 | 武汉大学 | Multi-user collusion-resistant ciphertext retrieval method and equipment based on identity key encapsulation |
Also Published As
Publication number | Publication date |
---|---|
CN109462481B (en) | 2022-04-26 |
CN109462481A (en) | 2019-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020103631A1 (en) | Hidden-identity-based signcryption method employing asymmetric bilinear pairing | |
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
Smart | Identity-based authenticated key agreement protocol based on Weil pairing | |
CN110830236B (en) | Identity-based encryption method based on global hash | |
CN106921638B (en) | Safety device based on asymmetric encryption | |
US8589679B2 (en) | Identifier-based signcryption with two trusted authorities | |
CN104539423A (en) | Achievement method of certificate-less public key cryptosystem without bilinear pairing operation | |
CN108989054B (en) | Cipher system and digital signature method | |
JP2003298568A (en) | Authenticated identification-based cryptosystem with no key escrow | |
JP2004208262A (en) | Apparatus and method of ring signature based on id employing bilinear pairing | |
JP2013539295A (en) | Authenticated encryption of digital signatures with message recovery | |
WO2020164252A1 (en) | Identity-based identity hiding key agreement method based on bilinear paring | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN104811302A (en) | Oval curve mixing signcryption method based on certificateless effect | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
Ch et al. | Efficient signcryption schemes based on hyperelliptic curve cryptosystem | |
CN110784314A (en) | Certificateless encrypted information processing method | |
CN106453253B (en) | A kind of hideing for efficient identity-based signs decryption method | |
CN117879833A (en) | Digital signature generation method based on improved elliptic curve | |
CN109412815B (en) | Method and system for realizing cross-domain secure communication | |
Zheng et al. | Threshold attribute‐based signcryption and its application to authenticated key agreement | |
Tian et al. | Design and implementation of SM9 Identity based Cryptograph algorithm | |
Nayak | A secure ID-based signcryption scheme based on elliptic curve cryptography | |
Yang et al. | Certificateless universal designated verifier signature schemes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19886275 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21/08/2021) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19886275 Country of ref document: EP Kind code of ref document: A1 |