WO2022120699A1 - One-way proxy re-encryption method and apparatus, and electronic device and system - Google Patents

One-way proxy re-encryption method and apparatus, and electronic device and system Download PDF

Info

Publication number
WO2022120699A1
WO2022120699A1 PCT/CN2020/135204 CN2020135204W WO2022120699A1 WO 2022120699 A1 WO2022120699 A1 WO 2022120699A1 CN 2020135204 W CN2020135204 W CN 2020135204W WO 2022120699 A1 WO2022120699 A1 WO 2022120699A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
key
parameter
encryption
private key
Prior art date
Application number
PCT/CN2020/135204
Other languages
French (fr)
Chinese (zh)
Inventor
韦家全
张鹏
刘宏伟
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Priority to PCT/CN2020/135204 priority Critical patent/WO2022120699A1/en
Publication of WO2022120699A1 publication Critical patent/WO2022120699A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/081Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself

Definitions

  • the present invention relates to the technical field of proxy re-encryption, and in particular to a one-way proxy re-encryption method, device, electronic device and system.
  • the authorizer executes the Setup algorithm to generate public parameters
  • the authorizer and the authorized party execute the KeyGen algorithm to generate their own public and private keys
  • the authorizer executes the Enc algorithm to encrypt data to generate the first ciphertext
  • the agent generates the re-encryption key
  • the agent knows the re-encryption key and the first ciphertext and executes the Re Enc algorithm to generate the second ciphertext
  • the authorized party uses its own private key to execute the Dec algorithm to decrypt the second ciphertext.
  • the authorizing party transfers the decryption authority to the authorized party, and proxy re-encryption is widely used in cloud computing data security, data fair transaction protocols, etc.
  • proxy re-encryption key it can be divided into bidirectional proxy re-encryption (Bidirectional PRE) and unidirectional proxy re-encryption (Unidirectional PRE).
  • Two-way proxy re-encryption means that the proxy can use the re-encryption key to not only convert the ciphertext under the authorized party's public key into the ciphertext under the authorized party's public key, but also convert the ciphertext under the authorized party's public key. It is the ciphertext under the authorized party's public key.
  • proxy re-encryption In one-way proxy re-encryption, the proxy can only convert the ciphertext under the authorizer's public key into the ciphertext under the authorized party's public key by using the re-encryption key. Obviously, proxy re-encryption in one direction prevents the proxy party from performing ciphertext transformation in the other direction without permission.
  • the re-encryption key generated by the authorizer depends on the authorizer's private key, and the re-encryption key is sent to the proxy party.
  • the first ciphertext generates the second ciphertext, and the second ciphertext is sent to the authorized party for decryption.
  • the agent and the authorized party collude, although the agent and the authorized party cannot obtain the private key of the authorized party, they can decrypt the first password generated by other authorized parties using this private key. Therefore, the anti-collusion attack ability of the one-way proxy re-encryption method is weak.
  • embodiments of the present invention provide a one-way proxy re-encryption method, device, electronic device and system to solve the problem that the existing one-way proxy re-encryption method has weak anti-collusion attack capability.
  • an embodiment of the present invention provides a one-way proxy re-encryption method, the method comprising:
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly.
  • generating the first ciphertext based on the first private key and the plaintext data includes:
  • p and q are preset prime numbers, respectively, requiring q
  • the bit length of q is l q
  • H 1 , H 2 and H 3 are the first
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • the third ciphertext parameter is generated based on the second ciphertext parameter.
  • the third ciphertext parameter is generated based on the second ciphertext parameter.
  • the first ciphertext is generated by the following method:
  • the plaintext data of m is expressed as F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter.
  • the index of the second ciphertext parameter changes with the first ciphertext parameter
  • the third hash function is used in the index of the second ciphertext parameter to convert the first ciphertext parameter to the first ciphertext parameter.
  • the private key is hidden to ensure that the first private key will not be exposed; and the first ciphertext parameter changes with the plaintext data, so the index in the second ciphertext parameter will change every time the first ciphertext is generated.
  • the preset ciphertext parameter is the first ciphertext parameter
  • the A private key and preset ciphertext parameters in the first ciphertext to generate a re-encryption key including:
  • the re-encryption key is generated based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
  • the authorizing party In the one-way proxy re-encryption method provided by the embodiment of the present invention, the authorizing party generates a re-encryption key according to the ciphertext conversion request information sent by authorization, so that the method can be applied when the authorizing party cannot actively select the authorized party, and It is an occasion when passively waiting for an authorized party to initiate a request.
  • this method can be called a one-way passive proxy re-encryption method.
  • the re-encryption is generated based on the ciphertext conversion request information, the first private key and the first ciphertext parameter keys, including:
  • the one-way proxy re-encryption method uses the parameter corresponding to the index in the second ciphertext parameter to generate the parameter of the re-encryption key. If the authorized party and the proxy party conspire to obtain the authorized party's private key, The authorized party and the agent can only obtain the overall value of H 3 [(x i1 +F) ⁇ x i2 ]mod q in the re-encryption key. Thanks to the characteristics of the hash function, this value cannot be deduced inversely.
  • the input (x i1 +F) ⁇ x i2 of the three-hash function H 3 is the specific value, and the specific value of the first private key cannot be deduced.
  • the third hash function is used in the second ciphertext parameter and the re-encryption key.
  • the use in the construction ensures that the first private key will not be exposed; because the construction of the first verification parameter and the second verification parameter ensures that the authorized party can generate the correct ciphertext conversion request for the authorized party only after the authorized party correctly calculates the ciphertext conversion request. If the authorized party maliciously submits incorrect first verification parameters and second verification parameters, it will be detected immediately, ensuring that the output re-encryption key is correct and is for the authorized party. square generated.
  • an embodiment of the present invention further provides a one-way proxy re-encryption method, the method comprising:
  • the first ciphertext is converted into a second ciphertext under the authorized party's second public key based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain the plaintext data.
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly.
  • the first public key pk i Expressed as The second public key pk j is expressed as
  • q is a set of non-negative and non-zero integers less than q
  • q is a preset prime number
  • bit length of q is l q
  • H 2 and H 3 are the second hash function and the third hash function, respectively, expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of ;
  • converting the first ciphertext based on the re-encryption key into a second ciphertext under the authorized party's second public key, so that the authorized party performs a Decryption to obtain the plaintext data including:
  • the first ciphertext is converted into the second public key of the authorized party based on the first ciphertext, the re-encryption key and the first verification parameter The second ciphertext below.
  • the construction of the re-encryption key and the first verification parameter provides a basis for the verification of the re-encryption key, and ensures the reliability of the re-encryption key verification; After the re-encryption key is verified, the first ciphertext is converted, which improves the reliability of the one-way proxy re-encryption method.
  • the second ciphertext parameter, the re-encryption key, and the first verification parameter are used to verify the re-encryption key's validity. correctness, including:
  • the first ciphertext, the re-encryption key, and the first verification are based on parameter to convert the first ciphertext into the second ciphertext under the authorized party's second public key, including:
  • the converted second ciphertext CT j (E',F, ⁇ ,g 2 ) is output.
  • an embodiment of the present invention further provides a one-way proxy re-encryption method, the method comprising:
  • the second public key pk j is expressed as
  • the first public key pk i is expressed as
  • the second ciphertext is obtained by converting the first ciphertext using the re-encryption key, and the first ciphertext is based on the first private key of the authorizing party and the plaintext data is generated, and the re-encryption key is generated based on the first private key and preset ciphertext parameters in the first ciphertext;
  • p and q are preset prime numbers, respectively, requiring q
  • the bit length of q is l q
  • H 1 , H 2 and H 3 are the first
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly.
  • the generating a first verification parameter by using the public parameter, and generating a second verification parameter by using the first public key and the second private key including:
  • the special structure of ⁇ enables the authorized party to specify an important value h, and in an open environment, only the authorized party can use its own private key to decrypt and extract h, and other irrelevant The party cannot know h, and this h is an important part of the re-encryption key, thus ensuring the reliability of the re-encryption key.
  • the decrypting the second ciphertext by using the second private key to obtain the plaintext data includes:
  • an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
  • an acquisition module for acquiring the first private key and plaintext data
  • a first ciphertext generating module configured to generate a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
  • a re-encryption key generation module configured to generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
  • a first sending module configured to send the first ciphertext and the re-encryption key to an agent, so that the agent uses the re-encryption key to convert the first ciphertext into an authorized The second ciphertext under the party's second public key.
  • an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
  • the first receiving module is configured to receive the first ciphertext and the re-encryption key sent by the authorizing party, where the first ciphertext is generated based on the first private key of the authorizing party and the plaintext data, and the re-encrypting ciphertext is generated based on the first private key of the authorizing party and the plaintext data.
  • the key is generated according to the first private key and preset ciphertext parameters in the first ciphertext;
  • a ciphertext conversion module configured to convert the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party can understand the second ciphertext
  • the ciphertext is decrypted to obtain the plaintext data.
  • an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
  • a verification parameter generation module configured to generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key;
  • a ciphertext conversion request generation module configured to generate ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key
  • a second sending module configured to send the ciphertext conversion request information to the authorizing party
  • the second receiving module is configured to receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is based on the authorizing party
  • the first private key and the plaintext data are generated, and the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext;
  • a decryption module configured to decrypt the second ciphertext by using the second private key to obtain the plaintext data
  • p and q are preset prime numbers, respectively, requiring q
  • the bit length of q is l q
  • H 1 , H 2 and H 3 are the first
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the processor By executing the computer instructions, the first aspect or any embodiment of the first aspect is executed, or the second aspect or any embodiment of the second aspect is executed, or the third aspect or the third aspect is executed.
  • an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the first aspect or any one of the first aspect.
  • an embodiment of the present invention further provides a one-way re-encryption system, the system comprising:
  • an authorizing party used to execute the first aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the first aspect;
  • proxy party connected to the authorized party, for executing the second aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the second aspect;
  • An authorized party connected with the authorized party, is used to execute the third aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the third aspect.
  • FIG. 1 shows a structural diagram of a one-way proxy re-encryption system in an embodiment of the present invention
  • FIG. 2 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention
  • FIG. 6 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention.
  • FIG. 8 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention.
  • FIG. 10 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention.
  • FIG. 11 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention.
  • FIG. 12 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention.
  • FIG. 13 is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present invention.
  • An embodiment of the present invention provides a one-way proxy re-encryption system.
  • the system includes an authorizer, an authorized party, and an agent.
  • the authorizing party generates a re-encryption key, and sends the re-encryption key and the first ciphertext to the agent, and the agent uses the re-encryption key to convert the first ciphertext into the authorized The second ciphertext that the second public key can decrypt.
  • the algorithm structure of the first ciphertext, the re-encryption key and the ciphertext conversion is improved in the system, so that the system has a higher anti-collusion attack capability.
  • the authorized party in the system is also used to generate ciphertext conversion request information, and send the ciphertext conversion request information to the authorized party, and the authorized party only receives the ciphertext conversion request information sent by the authorized party.
  • the re-encryption key is generated.
  • the one-way proxy re-encryption system described in this system can also be called a one-way passive proxy re-encryption system.
  • the authorizer sends the generated re-encryption key and the first ciphertext to the agent, and the agent verifies the correctness of the re-encryption key before converting the first ciphertext. After the re-encryption key is verified correctly, the first ciphertext is converted into the second ciphertext under the authorized party's second public key.
  • the specific configuration will be described in detail below.
  • the one-way proxy re-encryption method is described in detail from the perspectives of the authorizer, the proxy, and the authorized party, respectively.
  • an embodiment of a one-way proxy re-encryption method is provided. It should be noted that the steps shown in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases steps shown or described may be performed in an order different from that herein.
  • FIG. 2 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 2, the process includes the following steps:
  • the first private key is generated by the authorizing party using a key generation algorithm, and what is generated by the authorizing party includes the first private key and the first public key.
  • the specific manner of generating the first private key and the first public key is not limited, and specific settings may be made according to actual conditions.
  • the authorizing party needs to encrypt the plaintext data to generate the first ciphertext, and send the first ciphertext to the agent, so that the agent converts it and then sends it to the authorized party for decryption.
  • the agent converts it and then sends it to the authorized party for decryption.
  • the first ciphertext includes a plurality of ciphertext parameters.
  • the authorizing party uses the first private key to perform algorithmic processing on the plaintext data to generate the first ciphertext.
  • the first ciphertext may be obtained by directly using the first private key to perform algorithmic processing on the plaintext data, or may be obtained by the authorizing party using the first private key and other parameters (for example, public parameters generated by the authorizing party) It is obtained by performing algorithm processing on the plaintext data, which is not specifically limited here, it only needs to ensure that the formation of the first ciphertext depends on the first private key and the plaintext data.
  • the first ciphertext generated by the authorizer is composed of multiple ciphertext parameters, and there is an association relationship between each ciphertext parameter.
  • the authorizing party first generates the first ciphertext parameter by using the first private key and the plaintext data, and then generates the second ciphertext parameter on the basis of the first ciphertext parameter, and so on. Specifically, this step will be described in detail below.
  • S13 Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
  • the first ciphertext generated by the authorizing party includes various ciphertext parameters
  • the authorizing party generates the re-encryption key by using the preset ciphertext parameters in the first ciphertext and the first private key.
  • the authorizer can use the first private key and the preset ciphertext parameters as parameters of the preset function expression, substitute them into the preset function expression, and use the calculation of the preset function to generate the re-encryption key;
  • the authorizing party may also generate a re-encryption key based on the first private key and the preset ciphertext parameters in combination with other parameters (for example, public parameters generated by the authorizing party).
  • the specific algorithm structure of the algorithm for generating the re-encryption key is not limited here, as long as it is ensured that the re-encryption key is generated by relying on the first private key and the preset ciphertext parameters in the first ciphertext.
  • S14 Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
  • the authorized party After generating the first ciphertext and the re-encryption key, the authorized party sends it to the agent.
  • the subsequent proxy party converts the first ciphertext by using the re-encryption key, and converts the first ciphertext into a second ciphertext under the authorized party's second public key. This step will be described in detail below, and will not be indexed here.
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only The ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction, Thus, one-way re-encryption is realized; since the first ciphertext is generated based on the first private key and the plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and the plaintext data.
  • each ciphertext will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, using the learned parameters will also The plaintext corresponding to the other first ciphertext cannot be decrypted. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
  • FIG. 3 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 3, the process includes the following steps:
  • the authorizing party may use the KeyGen(param) algorithm to generate a first public-private key pair, where the first public-private key pair includes the first private key ski and the first public key pk i .
  • the first public key pair can be generated in the following manner:
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths, and g is The generator of the q-order subgroup G of .
  • the authorized party can use the Setup algorithm to generate public parameters.
  • the first ciphertext includes a plurality of ciphertext parameters.
  • the above S22 includes the following steps:
  • the authorizer may generate public parameters by using the Setup(l q ) algorithm, where l q is an input security parameter.
  • S223 Generate a second ciphertext parameter by using the first ciphertext parameter, the first private key and the public parameter.
  • the authorizer can use the Enc (ski,m) algorithm to generate the first ciphertext, and the input of the algorithm is the first private key and plaintext data specifically,
  • the plaintext data of m is expressed as F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter.
  • the index H 3 [(x i1 +F) ⁇ x i2 ] in the second ciphertext parameter V varies with the first ciphertext parameter F, and the index H 3 [(x i1 + F) x i2 ] is to use the third hash function H 3 to hide the first private key s i , which ensures that the first private key s i will not be exposed; and the first ciphertext parameter F changes with the plaintext data m , so the index H 3 [(x i1 +F) ⁇ x i2 ] in the second ciphertext parameter V will change every time the first ciphertext is generated, and the first private key does not need to be replaced at this time.
  • the authorized party and the agent collude and attempt to obtain the private key of the authorized party, the authorized party and the agent can only obtain H 3 [(x i1 +F) ⁇ x i2 ]mod q in the re-encryption key
  • the overall value thanks to the characteristics of the hash function, has always been unable to infer the specific value of the input (x i1 +F) ⁇ x i2 of the third hash function H3, let alone the specific value of the first private key. Numerical value, therefore, the use of the third hash function in the construction of the second ciphertext parameter and the re-encryption key ensures that the first private key is not exposed.
  • the structure of the encryption algorithm Enc (ski ,m) in this case determines the one-way in the one-way proxy re-encryption method.
  • the exponent part of the second ciphertext parameter V uses a hash function, and the input is not only related to the private key, but also related to the first ciphertext parameter F.
  • the subsequent ciphertext conversion algorithm ReEnc use rk ij to convert the ciphertext parameter E in the first ciphertext:
  • F, V and E are part of the first ciphertext of the authorized party i.
  • F, V and E in the first ciphertext belonging to authorized party j denote F j , V j and E j respectively.
  • the agent uses the same re-encryption key rk ij in an attempt to convert the first ciphertext of the authorized party j itself into a second ciphertext for the authorized party i, the agent performs re-encryption and calculates Obviously, the two hash functions of the exponent part of this formula cannot be reduced, and the corresponding result in the form of g r h cannot be obtained, that is to say, one can convert the first ciphertext of the authorizing party i The re-encryption key rk ij of the ciphertext that can be decrypted by party j cannot convert the first ciphertext of authorized party j into ciphertext that can be decrypte
  • the proxy re-encryption process is called a one-way proxy. Re-encryption process.
  • S23 Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
  • S24 Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
  • the first ciphertext parameter is generated based on the second ciphertext parameter.
  • the second ciphertext parameter is generated based on the first ciphertext parameter
  • the third ciphertext parameter is generated based on the second ciphertext parameter
  • the first ciphertext parameter is generated based on the second ciphertext parameter.
  • FIG. 4 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 4, the process includes the following steps:
  • the first ciphertext includes a plurality of ciphertext parameters.
  • S33 Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
  • the preset ciphertext parameter is the first ciphertext parameter.
  • the authorizing party regenerates the re-encryption key when receiving the ciphertext conversion request information sent by the authorized party.
  • the above S33 may include the following steps:
  • S331 Receive the ciphertext conversion request information sent by the authorized party.
  • the ciphertext conversion request information includes the second public key, a first verification parameter, and a second verification parameter, the first verification parameter is generated based on the public parameter, and the second verification parameter is based on the first verification parameter.
  • the public key and the second private key are generated.
  • the first verification parameter and the second verification parameter are generated by the authorized party.
  • the authorized party When the authorized party needs to perform proxy re-encryption, it sends a ciphertext conversion information request to the authorized party. After receiving the ciphertext conversion information request, the authorized party generates a re-encryption key.
  • S332 Generate a re-encryption key based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
  • the authorizing party After receiving the ciphertext conversion request information, the authorizing party extracts the parameters in the ciphertext conversion request information, and generates a re-encryption key in combination with the first private key and the first ciphertext parameter F.
  • the re-encryption key may be implemented by a ReKeyGen (ski, R, F) algorithm, and the input of the algorithm is the first private key ski of the authorizing party, the authorized party The sent ciphertext conversion request information R and the first ciphertext parameter F.
  • ReKeyGen ski, R, F
  • the specific algorithm is expressed as follows:
  • first verification parameter and the second verification parameter ensures that the authorized party can generate the correct re-encryption key for the authorized party only after the authorized party calculates the ciphertext conversion request correctly, if the authorized party maliciously submits an incorrect re-encryption key The first verification parameter and the second verification parameter will be detected immediately, ensuring that the output re-encryption key is correct and generated for the authorized party.
  • S34 Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
  • This algorithm The input is the authorizer's first private key ski and the first ciphertext CT i , and the output is plaintext data.
  • the algorithm may specifically include the following steps:
  • the authorizing party In the one-way proxy re-encryption method provided in this embodiment, the authorizing party generates a re-encryption key according to the ciphertext conversion request information sent by the authorized party, so that the method can be applied when the authorizing party cannot actively select the authorized party, but When passively waiting for an authorized party to initiate a request, for example, in a data fair transaction, this method can be called a one-way passive proxy re-encryption method.
  • a one-way proxy re-encryption method is provided, which can be used for the above-mentioned proxy party, such as a computer, a mobile phone, a tablet computer, and the like.
  • This embodiment corresponds to the one-way proxy re-encryption method described above in the embodiments of FIG. 2 to FIG. 4
  • FIG. 5 is a flowchart of the one-way proxy re-encryption method according to an embodiment of the present invention, as shown in FIG. 5 , The process includes the following steps:
  • the first ciphertext is generated based on the first private key of the authorizing party and plaintext data
  • the re-encryption key is based on the first private key and a preset password in the first ciphertext generated from the text parameters.
  • the authorizing party sends the generated re-encryption key and the first ciphertext to the proxy party.
  • the subsequent agent can use the received re-encryption key to convert the first ciphertext.
  • the agent After the agent receives the re-encryption key, it can first verify the correctness of the re-encryption key, and after the verification is passed, the first ciphertext is converted into the authorized party's second public key by using the re-encryption key.
  • the second ciphertext below. Specifically, this step will be described in detail below.
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly.
  • FIG. 6 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention. As shown in FIG. 6 , the flowchart includes the following steps:
  • S51 Receive the first ciphertext and the re-encryption key sent by the authorized party.
  • the first ciphertext is generated based on the first private key of the authorizing party and plaintext data
  • the re-encryption key is based on the first private key and a preset password in the first ciphertext generated from the text parameters.
  • the first public key pk i is expressed as
  • the second public key pk j is expressed as
  • q is a set of non-negative and non-zero integers less than q
  • q is a preset prime number
  • bit length of q is l q
  • H 2 and H 3 are the second hash function and the third hash function, respectively, expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • the first ciphertext is converted into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain plaintext data.
  • the above S52 may include the following steps:
  • the first verification parameter g 2 is expressed as
  • the algorithm verifies the correctness of the re-encryption key, and the input of the algorithm is the re-encryption key
  • the second ciphertext parameter V and the first verification parameter g 2 The specific algorithm is as follows:
  • the algorithm converts the first ciphertext into the second ciphertext, and the input of the algorithm is the first ciphertext CT i , the re-encryption key and the first verification parameter g 2 , the specific algorithm is expressed as follows:
  • the construction of the re-encryption key and the first verification parameter provides a basis for the verification of the re-encryption key, and ensures the reliability of the re-encryption key verification; After the re-encryption key is verified, the first ciphertext is converted, which improves the reliability of the one-way proxy re-encryption method.
  • FIG. 7 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention. As shown in FIG. 7 , the flowchart includes the following steps:
  • S61 Obtain a second private key, a second public key, a first public key of an authorizing party, and public parameters.
  • the second private key and the second public key are generated by the authorized party using a key generation algorithm, and the first public key and public parameters are obtained from the authorized party.
  • p and q are preset prime numbers, respectively, requiring q
  • the bit length of q is l q
  • H 1 , H 2 and H 3 are the first
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • the authorized party can also use the same algorithm as the authorized party, that is, KeyGen(param) to generate a second public-private key pair, where the public-private key pair includes the second private key sk j and the second public key pk j .
  • KeyGen(param) to generate a second public-private key pair, where the public-private key pair includes the second private key sk j and the second public key pk j .
  • the authorized party uses the public parameters to generate the first verification parameter g 2 , and uses the first public key pk i1 and the second private key x j1 to generate the second verification parameter ⁇ .
  • the authorized party sends the ciphertext conversion request information generated in the above S63 to the authorizer, so that the authorizer generates a re-encryption key based on the ciphertext conversion request information.
  • S65 Receive the second ciphertext sent by the proxy.
  • the second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is used to convert the first ciphertext.
  • the key is generated based on the first private key and preset ciphertext parameters in the first ciphertext.
  • the authorized party After receiving the second ciphertext sent by the agent, the authorized party can use the decryption algorithm to decrypt it to obtain corresponding plaintext data.
  • the re-encryption key since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only The ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction, Thus, one-way re-encryption is realized; since the first ciphertext is generated based on the first private key and the plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and the plaintext data.
  • each ciphertext will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, using the learned parameters will also The plaintext corresponding to the other first ciphertext cannot be decrypted. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
  • FIG. 8 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention Figure, as shown in Figure 8, the process includes the following steps:
  • S71 Obtain a second private key, a second public key, a first public key of an authorizing party, and public parameters.
  • S72 Generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key.
  • the above S72 may include the following steps:
  • the authorized party can use the RequestGen(sk j , p i ) algorithm to generate the ciphertext conversion request information, the input of the algorithm is the second private key and the first private key, and the algorithm is specifically expressed as follows:
  • the second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is used to convert the first ciphertext.
  • the key is generated based on the first private key and preset ciphertext parameters in the first ciphertext.
  • the above S76 can be implemented by using the Dec(sk j , CT j ) algorithm, where the input of the algorithm is the second private key of the authorized party and the second ciphertext, and specifically the algorithm can include the following steps:
  • the special structure of ⁇ enables the authorized party to specify an important value h, and in an open environment, only the authorized party can use its own private key to decrypt and extract h, and other irrelevant parties It is impossible to know h, and this h is an important part of the re-encryption key, thus ensuring the reliability of the re-encryption key.
  • An embodiment of the present invention also provides a one-way proxy re-encryption method, which is applied to the one-way proxy re-encryption system shown in FIG. 1 .
  • the method includes the following steps:
  • the authorizing party obtains the first private key and plaintext data.
  • S11 of the embodiment shown in FIG. 2 please refer to S11 of the embodiment shown in FIG. 2 , which will not be repeated here.
  • the authorizer obtains public parameters. For details, please refer to S221 of the embodiment shown in FIG. 3 , which will not be repeated here.
  • the authorized party obtains the second private key, the second public key, the first public key of the authorizing party, and the public parameters.
  • the second private key For details, please refer to S61 of the embodiment shown in FIG. 7 , which will not be repeated here.
  • the authorizing party generates a first ciphertext.
  • S222-S224 of the embodiment shown in FIG. 3 please refer to S222-S224 of the embodiment shown in FIG. 3 , which will not be repeated here.
  • the authorized party sends the ciphertext conversion request information to the authorized party.
  • the authorized party sends the ciphertext conversion request information to the authorized party.
  • S74 of the embodiment shown in FIG. 8 please refer to S74 of the embodiment shown in FIG. 8 , which will not be repeated here.
  • the authorizing party generates a re-encryption key based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
  • the authorizing party generates a re-encryption key based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
  • the authorizing party sends the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the second public key of the authorized party.
  • the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the second public key of the authorized party.
  • the agent verifies the correctness of the re-encryption key by using the second ciphertext parameter, the re-encryption key and the first verification parameter.
  • the agent verifies the correctness of the re-encryption key by using the second ciphertext parameter, the re-encryption key and the first verification parameter.
  • the agent converts the first ciphertext into the second ciphertext under the authorized party's second public key based on the first ciphertext, the re-encryption key and the first verification parameter .
  • S522 of the embodiment shown in FIG. 6 which will not be repeated here.
  • the proxy party sends the second ciphertext to the authorized party.
  • This embodiment also provides a one-way proxy re-encryption apparatus, which is used to implement the above-mentioned embodiments and preferred implementations, and the descriptions that have already been described will not be repeated.
  • module may be a combination of software and/or hardware that implements a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.
  • This embodiment provides a one-way proxy re-encryption device.
  • the device is applied to an authorizing party. As shown in FIG. 10 , the device includes:
  • a first ciphertext generating module 902 configured to generate a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
  • a re-encryption key generation module 903, configured to generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
  • the first sending module 904 is configured to send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into a re-encryption key.
  • the second ciphertext under the authorized party's second public key.
  • This embodiment also provides a one-way proxy re-encryption device, the device is applied to the proxy side, as shown in FIG. 11 , the device includes:
  • the first receiving module 101 is configured to receive a first ciphertext and a re-encryption key sent by an authorizing party, where the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is The key is generated according to the first private key and preset ciphertext parameters in the first ciphertext;
  • the ciphertext conversion module 102 is configured to convert the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party can The two ciphertexts are decrypted to obtain the plaintext data.
  • This embodiment also provides a one-way proxy re-encryption device, which is applied to an authorized party. As shown in FIG. 12 , the device includes:
  • a verification parameter generation module 112 configured to generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key;
  • a ciphertext conversion request generation module 113 configured to generate ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
  • a second sending module 114 configured to send the ciphertext conversion request information to the authorizing party
  • the second receiving module 115 is configured to receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext by using the re-encryption key, and the first ciphertext is based on the authorization
  • the first private key of the party and the plaintext data are generated, and the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext;
  • a decryption module 116 configured to decrypt the second ciphertext by using the second private key to obtain the plaintext data
  • p and q are preset prime numbers, respectively, requiring q
  • the bit length of q is l q
  • H 1 , H 2 and H 3 are the first
  • the hash function, the second hash function, and the third hash function are expressed as l 0 and l 1 are message lengths
  • g is The generator of the q-order subgroup G of .
  • the one-way proxy re-encryption apparatus in this embodiment is presented in the form of functional units, where the units refer to ASIC circuits, processors and memories that execute one or more software or fixed programs, and/or other devices that can provide the above functional device.
  • An embodiment of the present invention further provides an electronic device having the one-way proxy re-encryption apparatus shown in any of the above-mentioned FIGS. 10-12 .
  • FIG. 13 is a schematic structural diagram of an electronic device provided by an optional embodiment of the present invention.
  • the electronic device may include: at least one processor 211, such as a CPU (Central Processing Unit, central processing unit). processor), at least one communication interface 213, memory 214, at least one communication bus 212.
  • the communication bus 212 is used to realize the connection and communication between these components.
  • the communication interface 213 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 213 may also include a standard wired interface and a wireless interface.
  • the memory 214 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or may be a non-volatile memory (non-volatile memory), such as at least one disk memory.
  • the memory 214 may also be at least one storage device located away from the aforementioned processor 211 .
  • the processor 211 may be combined with the device described in any one of FIGS. 10-12 , the memory 214 stores application programs, and the processor 211 calls the program codes stored in the memory 214 for executing any of the above method steps.
  • the communication bus 212 may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the communication bus 212 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.
  • the memory 214 may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) memory), such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid-state drive (English: solid-state drive, abbreviation: SSD); the memory 214 may also include the above types of combination of memory.
  • volatile memory English: volatile memory
  • RAM random-access memory
  • non-volatile memory English: non-volatile memory
  • flash memory English: flash memory
  • hard disk English: hard disk drive, abbreviation: HDD
  • SSD solid-state drive
  • the memory 214 may also include the above types of combination of memory.
  • the processor 211 may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP.
  • CPU central processing unit
  • NP network processor
  • the processor 211 may further include a hardware chip.
  • the above-mentioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof.
  • the above-mentioned PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field programmable logic gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array logic, abbreviation: GAL) or any combination thereof.
  • memory 214 is also used to store program instructions.
  • the processor 211 may invoke program instructions to implement the one-way proxy replay as shown in any of the embodiments of FIGS. 2-4, or any of FIGS. 5-6, or any of the embodiments of FIGS. 7-8. encryption method.
  • Embodiments of the present invention further provide a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions can execute the one-way proxy re-encryption method in any of the foregoing method embodiments.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard) Disk Drive, abbreviation: HDD) or solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A one-way proxy re-encryption method and apparatus, and an electronic device and a system, which relate to the technical field of proxy re-encryption. The method comprises: acquiring a first private key and plaintext data (S11); generating a first ciphertext (S12) on the basis of the first private key and the plaintext data, wherein the first ciphertext comprises a plurality of ciphertext parameters; generating a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext (S13); and sending the first ciphertext and the re-encryption key to an agent party, such that the agent party converts, by using the re-encryption key, the first ciphertext into a second ciphertext under a second public key of an authorized party (S14). By means of a re-encryption key, a first ciphertext of an authorizing party can only be converted into a second ciphertext of an authorized party, and a first ciphertext of the authorized party cannot be converted into a second ciphertext of the authorizing party, thereby realizing one-way re-encryption; and when plaintext data changes, each ciphertext parameter also changes accordingly, and when under a collusion attack, no additional plaintext is exposed, thereby ensuring a strong capability to resist collusion attacks.

Description

单向代理重加密方法、装置、电子设备及系统One-way proxy re-encryption method, device, electronic device and system 技术领域technical field
本发明涉及代理重加密技术领域,具体涉及单向代理重加密方法、装置、电子设备及系统。The present invention relates to the technical field of proxy re-encryption, and in particular to a one-way proxy re-encryption method, device, electronic device and system.
背景技术Background technique
代理重加密(Proxy Re-Encryption,简称为PRE)是一种让密文进行安全转换的公钥加密体制,其概念由Blaze等人在1998年的欧密会上提出。典型地,方案主体包括授权方(Delegator)、被授权方(Delegatee)与代理方(Proxy),方案由概率多项式算法描述:PRE={Setup,KeyGen,Enc,Re KeyGen,Re Enc,Dec}。其中,授权方执行Setup算法产生公共参数,授权方与被授权方分别执行KeyGen算法产生各自的公钥与私钥,授权方执行Enc算法加密数据产生第一密文、执行Re KeyGen算法为被授权方产生重加密密钥,代理方已知重加密密钥与第一密文执行Re Enc算法产生第二密文,被授权方利用自身的私钥执行Dec算法即可解密第二密文。由此,授权方将解密权限转移至了被授权方,代理重加密被广泛应用于云计算数据安全、数据公平交易协议等。Proxy Re-Encryption (PRE for short) is a public key encryption system that allows ciphertext to be securely converted. Its concept was proposed by Blaze et al. Typically, the main body of the scheme includes a delegate (Delegator), a delegate (Delegatee) and a proxy (Proxy). The scheme is described by a probabilistic polynomial algorithm: PRE={Setup, KeyGen, Enc, Re KeyGen, Re Enc, Dec}. Among them, the authorizer executes the Setup algorithm to generate public parameters, the authorizer and the authorized party execute the KeyGen algorithm to generate their own public and private keys, the authorizer executes the Enc algorithm to encrypt data to generate the first ciphertext, and executes the ReKeyGen algorithm to be authorized The agent generates the re-encryption key, the agent knows the re-encryption key and the first ciphertext and executes the Re Enc algorithm to generate the second ciphertext, and the authorized party uses its own private key to execute the Dec algorithm to decrypt the second ciphertext. As a result, the authorizing party transfers the decryption authority to the authorized party, and proxy re-encryption is widely used in cloud computing data security, data fair transaction protocols, etc.
根据代理重加密密钥的密文转化能力,可将其划分为双向代理重加密(Bidirectional PRE)与单向代理重加密(Unidirectional PRE)。双向代理重加密是指代理方利用重加密密钥既能将在授权方公钥下的密文转换为被授权方公钥下的密文,又能将被授权方公钥下的密文转换为授权方公钥下的密文。而在单向代理重加密中,代理方利用重加密密钥只能将授权方公钥下的密文转换为被授权方公钥下的密文。显然,单向的代理重加密可以防止代理方未经许可在另一个方向执行密文转换。According to the ciphertext conversion ability of proxy re-encryption key, it can be divided into bidirectional proxy re-encryption (Bidirectional PRE) and unidirectional proxy re-encryption (Unidirectional PRE). Two-way proxy re-encryption means that the proxy can use the re-encryption key to not only convert the ciphertext under the authorized party's public key into the ciphertext under the authorized party's public key, but also convert the ciphertext under the authorized party's public key. It is the ciphertext under the authorized party's public key. In one-way proxy re-encryption, the proxy can only convert the ciphertext under the authorizer's public key into the ciphertext under the authorized party's public key by using the re-encryption key. Obviously, proxy re-encryption in one direction prevents the proxy party from performing ciphertext transformation in the other direction without permission.
现有的单向代理重加密方法中,授权方所生成的重加密密钥取决于授权方的私钥,并将重加密密钥发送至代理方,代理方利用重加密密钥以及授权方的第一密文产生第二密文,将第二密文发送至被授权方进行解密。然而,在这一技术方案中,若代理方与被授权方合谋,虽然代理方与被授权方无法谋取授权方的私钥,但是却能解密其他经过授权方使用此私钥生成的第一密文,进而导致该单向代理重加密方法的抗合谋攻击能力较弱。In the existing one-way proxy re-encryption method, the re-encryption key generated by the authorizer depends on the authorizer's private key, and the re-encryption key is sent to the proxy party. The first ciphertext generates the second ciphertext, and the second ciphertext is sent to the authorized party for decryption. However, in this technical solution, if the agent and the authorized party collude, although the agent and the authorized party cannot obtain the private key of the authorized party, they can decrypt the first password generated by other authorized parties using this private key. Therefore, the anti-collusion attack ability of the one-way proxy re-encryption method is weak.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明实施例提供了一种单向代理重加密方法、装置、电子设备及系统,以解决现有单向代理重加密方法的抗合谋攻击能力较弱的问题。In view of this, embodiments of the present invention provide a one-way proxy re-encryption method, device, electronic device and system to solve the problem that the existing one-way proxy re-encryption method has weak anti-collusion attack capability.
根据第一方面,本发明实施例提供了一种单向代理重加密方法,所述方法包括:According to a first aspect, an embodiment of the present invention provides a one-way proxy re-encryption method, the method comprising:
获取第一私钥以及明文数据;Obtain the first private key and plaintext data;
基于所述第一私钥以及所述明文数据,生成第一密文,所述第一密文包括多个密文参数;generating a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥;generating a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
将所述第一密文以及所述重加密密钥发送给代理方,以使得所述代理方利用所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文。Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second public key of the authorized party. the second ciphertext.
本发明实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by the embodiment of the present invention, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, the learned parameters can be used. The plaintext corresponding to the other first ciphertext cannot be decrypted either. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
结合第一方面,在第一方面第一实施方式中,所述基于所述第一私钥以及所述明文数据,生成第一密文,包括:With reference to the first aspect, in a first implementation manner of the first aspect, generating the first ciphertext based on the first private key and the plaintext data includes:
获取公共参数,所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); Obtain common parameters, which are represented as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
利用所述第一私钥、所述明文数据以及所述公共参数,生成第一密文参数,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2); Using the first private key, the plaintext data, and the public parameters, generate a first ciphertext parameter, and the first private key ski is expressed as ski =(sk i1 , sk i2 )=(x i1 , x i2 );
利用所述第一密文参数、所述第一私钥以及所述公共参数,生成第二密文参数;Using the first ciphertext parameter, the first private key and the public parameter to generate a second ciphertext parameter;
利用所述第二密文参数以及所述公共参数,生成第三密文参数,以得到所述第一密文;Using the second ciphertext parameter and the public parameter to generate a third ciphertext parameter to obtain the first ciphertext;
其中,
Figure PCTCN2020135204-appb-000001
Figure PCTCN2020135204-appb-000002
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000003
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000004
的q阶子群G的生成元。 in,
Figure PCTCN2020135204-appb-000001
and
Figure PCTCN2020135204-appb-000002
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000003
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000004
The generator of the q-order subgroup G of .
本发明实施例提供的单向代理重加密方法,由于第二密文参数是基于第一密文参数生成的,第三密文参数又是基于第二密文参数生成的,就会带来第一密文中的各个密文参数之间存在关联关系,有一个密文参数发生改变,其他密文参数也会相应发生改变,提高了第一密文的安全性。In the one-way proxy re-encryption method provided by the embodiment of the present invention, since the second ciphertext parameter is generated based on the first ciphertext parameter, and the third ciphertext parameter is generated based on the second ciphertext parameter, the third ciphertext parameter is generated based on the second ciphertext parameter. There is an association relationship between various ciphertext parameters in a ciphertext. When one ciphertext parameter changes, other ciphertext parameters will also change accordingly, which improves the security of the first ciphertext.
结合第一方面第一实施方式,在第一方面第二实施方式中,所述第一密文采用如下方法生成:With reference to the first embodiment of the first aspect, in the second embodiment of the first aspect, the first ciphertext is generated by the following method:
随机选取
Figure PCTCN2020135204-appb-000005
计算r=H 1(m,w); choose randomly
Figure PCTCN2020135204-appb-000005
Calculate r=H 1 (m,w);
计算
Figure PCTCN2020135204-appb-000006
D=V u,E=V r,s=u+r·H 3(D,E,F)mod q; calculate
Figure PCTCN2020135204-appb-000006
D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q;
输出所述第一密文CT i=(D,E,F,V,s); outputting the first ciphertext CT i =(D, E, F, V, s);
其中,m所述明文数据,表示为
Figure PCTCN2020135204-appb-000007
F为所述第一密文参数,V为所述第二密文参数,E为所述第三密文参数。 Among them, the plaintext data of m is expressed as
Figure PCTCN2020135204-appb-000007
F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter.
本发明实施例提供的单向代理重加密方法,在第二密文参数中指数是随第一密文参数变化的,且在第二密文参数的指数中利用第三哈希函数将第一私钥隐藏,保证了第一私钥不会暴露;且第一密文参数是随明文数据变化的,所以第二密文 参数中的指数在每一次生成第一密文时都会发生改变。因此,当被授权方与代理方合谋时,仍然无法利用某一个第一密文中的第二密文参数的指数值来解密出其他第一密文对应的明文,提高了抗共谋攻击的能力。In the one-way proxy re-encryption method provided by the embodiment of the present invention, the index of the second ciphertext parameter changes with the first ciphertext parameter, and the third hash function is used in the index of the second ciphertext parameter to convert the first ciphertext parameter to the first ciphertext parameter. The private key is hidden to ensure that the first private key will not be exposed; and the first ciphertext parameter changes with the plaintext data, so the index in the second ciphertext parameter will change every time the first ciphertext is generated. Therefore, when the authorized party colludes with the agent, it is still impossible to use the index value of the second ciphertext parameter in a certain first ciphertext to decrypt the plaintexts corresponding to other first ciphertexts, which improves the ability to resist collusion attacks. .
结合第一方面第一实施方式,或第一方面第二实施方式,在第一方面第三实施方式中,所述预设密文参数为所述第一密文参数,所述根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥,包括:With reference to the first embodiment of the first aspect or the second embodiment of the first aspect, in the third embodiment of the first aspect, the preset ciphertext parameter is the first ciphertext parameter, and the A private key and preset ciphertext parameters in the first ciphertext to generate a re-encryption key, including:
接收所述被授权方发送的密文转换请求信息,所述密文转换请求信息包括所述第二公钥、第一验证参数以及第二验证参数,所述第一验证参数是基于公共参数生成的,所述第二验证参数是基于第一公钥以及第二私钥生成的,所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000008
所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000009
所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第一验证参数g 2表示为:g 2=g h,其中,
Figure PCTCN2020135204-appb-000010
所述第二验证参数δ表示为:
Figure PCTCN2020135204-appb-000011
Receive ciphertext conversion request information sent by the authorized party, where the ciphertext conversion request information includes the second public key, a first verification parameter, and a second verification parameter, where the first verification parameter is generated based on a public parameter , the second verification parameter is generated based on the first public key and the second private key, and the first public key pk i is expressed as
Figure PCTCN2020135204-appb-000008
The second public key pk j is expressed as
Figure PCTCN2020135204-appb-000009
The second private key is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ), and the first verification parameter g 2 is expressed as: g 2 =gh , wherein,
Figure PCTCN2020135204-appb-000010
The second verification parameter δ is expressed as:
Figure PCTCN2020135204-appb-000011
基于所述密文转换请求信息、所述第一私钥以及所述第一密文参数,生成所述重加密密钥。The re-encryption key is generated based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
本发明实施例提供的单向代理重加密方法,授权方依据被授权发送的密文转换请求信息才进行重加密密钥的生成,使得该方法可以应用在授权方不能主动选择被授权方,而是被动等待被授权方发起请求的场合,例如,数据公平交易中,该方法有可以称之为单向被动代理重加密方法。In the one-way proxy re-encryption method provided by the embodiment of the present invention, the authorizing party generates a re-encryption key according to the ciphertext conversion request information sent by authorization, so that the method can be applied when the authorizing party cannot actively select the authorized party, and It is an occasion when passively waiting for an authorized party to initiate a request. For example, in a fair data transaction, this method can be called a one-way passive proxy re-encryption method.
结合第一方面第三实施方式,在第一方面第四实施方式中,所述基于所述密文转换请求信息、所述第一私钥以及所述第一密文参数,生成所述重加密密钥,包括:With reference to the third implementation of the first aspect, in the fourth implementation of the first aspect, the re-encryption is generated based on the ciphertext conversion request information, the first private key and the first ciphertext parameter keys, including:
计算
Figure PCTCN2020135204-appb-000012
calculate
Figure PCTCN2020135204-appb-000012
判断g h′=g 2是否成立; Determine whether g h′ = g 2 is established;
当g h′=g 2成立时,计算
Figure PCTCN2020135204-appb-000013
When g h′ = g 2 is established, calculate
Figure PCTCN2020135204-appb-000013
输出所述重加密密钥
Figure PCTCN2020135204-appb-000014
output the re-encryption key
Figure PCTCN2020135204-appb-000014
本发明实施例提供的单向代理重加密方法,利用与第二密文参数中指数对应的参数生成重加密密钥的参数,若被授权方和代理方合谋,企图获取授权方的私钥,被授权方和代理方只能获取重加密密钥中的H 3[(x i1+F)·x i2]mod q整体的值,得益于哈希函数的特性,一直这个值无法逆推出第三哈希函数H 3的输入(x i1+F)·x i2具体是多少,更无法推出第一私钥的具体数值,因此,第三哈希函数在第二密文参数以及重加密密钥构造中的使用,保证了第一私钥不会暴露;由于第一验证参数和第二验证参数的构造保证了被授权方只有正确计算密文转换请求后,授权方才能够为被授权方生成正确的重加密密钥,如果被授权方恶意提交了不正确的第一验证参数以及第二验证参数,将会被立即检测出来,保证了输出的重加密密钥是正确的,且是为被授权方生成的。 The one-way proxy re-encryption method provided by the embodiment of the present invention uses the parameter corresponding to the index in the second ciphertext parameter to generate the parameter of the re-encryption key. If the authorized party and the proxy party conspire to obtain the authorized party's private key, The authorized party and the agent can only obtain the overall value of H 3 [(x i1 +F)·x i2 ]mod q in the re-encryption key. Thanks to the characteristics of the hash function, this value cannot be deduced inversely. The input (x i1 +F)·x i2 of the three-hash function H 3 is the specific value, and the specific value of the first private key cannot be deduced. Therefore, the third hash function is used in the second ciphertext parameter and the re-encryption key. The use in the construction ensures that the first private key will not be exposed; because the construction of the first verification parameter and the second verification parameter ensures that the authorized party can generate the correct ciphertext conversion request for the authorized party only after the authorized party correctly calculates the ciphertext conversion request. If the authorized party maliciously submits incorrect first verification parameters and second verification parameters, it will be detected immediately, ensuring that the output re-encryption key is correct and is for the authorized party. square generated.
根据第二方面,本发明实施例还提供了一种单向代理重加密方法,所述方法包括:According to a second aspect, an embodiment of the present invention further provides a one-way proxy re-encryption method, the method comprising:
接收授权方发送的第一密文以及重加密密钥,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的;Receive the first ciphertext and re-encryption key sent by the authorized party, where the first ciphertext is generated based on the first private key of the authorized party and plaintext data, and the re-encryption key is based on the first The private key and the preset ciphertext parameters in the first ciphertext are generated;
基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据。The first ciphertext is converted into a second ciphertext under the authorized party's second public key based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain the plaintext data.
本发明实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by the embodiment of the present invention, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, the learned parameters can be used. The plaintext corresponding to the other first ciphertext cannot be decrypted either. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
结合第二方面,在第二方面第一实施方式中,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2),第一公钥pk i表示为
Figure PCTCN2020135204-appb-000015
所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000016
所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2); With reference to the second aspect, in the first embodiment of the second aspect, the first private key ski is expressed as ski =(sk i1 , sk i2 )=(x i1 , x i2 ) , the first public key pk i Expressed as
Figure PCTCN2020135204-appb-000015
The second public key pk j is expressed as
Figure PCTCN2020135204-appb-000016
The second private key is represented as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 );
所述第一密文CT i表示为CT i=(D,E,F,V,s),
Figure PCTCN2020135204-appb-000017
D=V u,E=V r,s=u+r·H 3(D,E,F)mod q,
Figure PCTCN2020135204-appb-000018
r=H 1(m,w),m为所述明文数据,F为第一密文参数,V为第二密文参数,E为第三密文参数; The first ciphertext CT i is expressed as CT i =(D, E, F, V, s),
Figure PCTCN2020135204-appb-000017
D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q,
Figure PCTCN2020135204-appb-000018
r=H 1 (m, w), m is the plaintext data, F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter;
所述重加密密钥
Figure PCTCN2020135204-appb-000019
表示为:
Figure PCTCN2020135204-appb-000020
the re-encryption key
Figure PCTCN2020135204-appb-000019
Expressed as:
Figure PCTCN2020135204-appb-000020
Figure PCTCN2020135204-appb-000021
Figure PCTCN2020135204-appb-000021
Figure PCTCN2020135204-appb-000022
为小于q的非负非零整数集合,q为分别为预设素数,q的位长度为l q,H 2以及H 3分别为第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000023
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000024
的q阶子群G的生成元;
Figure PCTCN2020135204-appb-000022
is a set of non-negative and non-zero integers less than q, q is a preset prime number, the bit length of q is l q , H 2 and H 3 are the second hash function and the third hash function, respectively, expressed as
Figure PCTCN2020135204-appb-000023
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000024
The generator of the q-order subgroup G of ;
其中,所述基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据,包括:Wherein, converting the first ciphertext based on the re-encryption key into a second ciphertext under the authorized party's second public key, so that the authorized party performs a Decryption to obtain the plaintext data, including:
利用所述第二密文参数、所述重加密密钥以及第一验证参数,验证所述重加密密钥的正确性,所述第一验证参数g 2表示为g 2=g h,其中,
Figure PCTCN2020135204-appb-000025
The correctness of the re-encryption key is verified by using the second ciphertext parameter, the re-encryption key and the first verification parameter, and the first verification parameter g 2 is expressed as g 2 =g h , wherein,
Figure PCTCN2020135204-appb-000025
当所述重加密密钥验证通过时,基于所述第一密文、所述重加密密钥以及所述第一验证参数,将所述第一密文转换为被授权方的第二公钥下的第二密文。When the verification of the re-encryption key is passed, the first ciphertext is converted into the second public key of the authorized party based on the first ciphertext, the re-encryption key and the first verification parameter The second ciphertext below.
本发明实施例提供的单向代理重加密方法,重加密密钥以及第一验证参数的构造为重加密密钥的验证提供了基础,保证了重加密密钥验证的可靠性;且该方法只有在重加密密钥验证通过后,才进行第一密文的转换,提高了单向代理重加密方法的可靠性。In the one-way proxy re-encryption method provided by the embodiment of the present invention, the construction of the re-encryption key and the first verification parameter provides a basis for the verification of the re-encryption key, and ensures the reliability of the re-encryption key verification; After the re-encryption key is verified, the first ciphertext is converted, which improves the reliability of the one-way proxy re-encryption method.
结合第二方面第一实施方式,在第二方面第二实施方式中,所述利用所述第二密文参数、所述重加密密钥以及第一验证参数,验证所述重加密密钥的正确性,包括:With reference to the first embodiment of the second aspect, in the second embodiment of the second aspect, the second ciphertext parameter, the re-encryption key, and the first verification parameter are used to verify the re-encryption key's validity. correctness, including:
判断等式
Figure PCTCN2020135204-appb-000026
是否成立; Judgment Equation
Figure PCTCN2020135204-appb-000026
whether it is established;
当等式
Figure PCTCN2020135204-appb-000027
成立时,确定所述重加密密钥验证通过。 when the equation
Figure PCTCN2020135204-appb-000027
When established, it is determined that the re-encryption key verification is passed.
结合第二方面第一实施方式,或第二方面第二实施方式,在第二方面第三实施方式中,所述基于所述第一密文、所述重加密密钥以及所述第一验证参数,将所述第一密文转换为被授权方的第二公钥下的第二密文,包括:With reference to the first embodiment of the second aspect, or the second embodiment of the second aspect, in the third embodiment of the second aspect, the first ciphertext, the re-encryption key, and the first verification are based on parameter to convert the first ciphertext into the second ciphertext under the authorized party's second public key, including:
判断等式
Figure PCTCN2020135204-appb-000028
是否成立; Judgment Equation
Figure PCTCN2020135204-appb-000028
whether it is established;
当等式
Figure PCTCN2020135204-appb-000029
成立时,计算
Figure PCTCN2020135204-appb-000030
when the equation
Figure PCTCN2020135204-appb-000029
When established, calculate
Figure PCTCN2020135204-appb-000030
输出转换后的所述第二密文CT j=(E′,F,δ,g 2)。 The converted second ciphertext CT j =(E',F,δ,g 2 ) is output.
根据第三方面,本发明实施例还提供了一种单向代理重加密方法,所述方法包括:According to a third aspect, an embodiment of the present invention further provides a one-way proxy re-encryption method, the method comprising:
获取第二私钥、第二公钥、授权方的第一公钥以及公共参数,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000031
所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000032
所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); Obtain the second private key, the second public key, the first public key of the authorizing party and the public parameters, the second private key sk j is represented as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ) , the second public key pk j is expressed as
Figure PCTCN2020135204-appb-000031
The first public key pk i is expressed as
Figure PCTCN2020135204-appb-000032
The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数;Using the public parameter to generate a first verification parameter, and using the first public key and the second private key to generate a second verification parameter;
基于所述第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息;generating ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
将所述密文转换请求信息发送给所述授权方;sending the ciphertext conversion request information to the authorizing party;
接收代理方发送的第二密文,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的;Receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext using the re-encryption key, and the first ciphertext is based on the first private key of the authorizing party and the plaintext data is generated, and the re-encryption key is generated based on the first private key and preset ciphertext parameters in the first ciphertext;
利用所述第二私钥对所述第二密文进行解密,得到所述明文数据;Decrypt the second ciphertext using the second private key to obtain the plaintext data;
其中,
Figure PCTCN2020135204-appb-000033
Figure PCTCN2020135204-appb-000034
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000035
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000036
的q阶子群G的生成元。 in,
Figure PCTCN2020135204-appb-000033
and
Figure PCTCN2020135204-appb-000034
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000035
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000036
The generator of the q-order subgroup G of .
本发明实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by the embodiment of the present invention, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, the learned parameters can be used. The plaintext corresponding to the other first ciphertext cannot be decrypted either. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
结合第三方面,在第三方面第一实施方式中,所述利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数,包括:With reference to the third aspect, in the first implementation manner of the third aspect, the generating a first verification parameter by using the public parameter, and generating a second verification parameter by using the first public key and the second private key, including :
随机选取
Figure PCTCN2020135204-appb-000037
并计算所述第一验证参数g 2:g 2=g hchoose randomly
Figure PCTCN2020135204-appb-000037
and calculating the first verification parameter g 2 : g 2 =g h ;
计算所述第二验证参数δ:
Figure PCTCN2020135204-appb-000038
Calculate the second verification parameter δ:
Figure PCTCN2020135204-appb-000038
本发明实施例提供的单向代理重加密方法,δ的特殊构造使得被授权方指定了一个重要的值h,且在公开环境下只有授权方才能使用自身私钥解密提取出h,其他不相关方无法知晓h,且这个h是重加密密钥的重要组成部分,从而保证了重加密密钥的可靠性。In the one-way proxy re-encryption method provided by the embodiment of the present invention, the special structure of δ enables the authorized party to specify an important value h, and in an open environment, only the authorized party can use its own private key to decrypt and extract h, and other irrelevant The party cannot know h, and this h is an important part of the re-encryption key, thus ensuring the reliability of the re-encryption key.
结合第三方面第一实施方式,在第三方面第二实施方式中,所述第二密文CT j表示为CT j=(E′,F,δ,g 2),
Figure PCTCN2020135204-appb-000039
Figure PCTCN2020135204-appb-000040
E=V r,r=H 1(m,w),
Figure PCTCN2020135204-appb-000041
g 2=g h
Figure PCTCN2020135204-appb-000042
Figure PCTCN2020135204-appb-000043
With reference to the first embodiment of the third aspect, in the second embodiment of the third aspect, the second ciphertext CT j is expressed as CT j =(E′,F,δ,g 2 ),
Figure PCTCN2020135204-appb-000039
Figure PCTCN2020135204-appb-000040
E=V r , r=H 1 (m,w),
Figure PCTCN2020135204-appb-000041
g 2 =g h ,
Figure PCTCN2020135204-appb-000042
Figure PCTCN2020135204-appb-000043
所述重加密密钥
Figure PCTCN2020135204-appb-000044
表示为
Figure PCTCN2020135204-appb-000045
the re-encryption key
Figure PCTCN2020135204-appb-000044
Expressed as
Figure PCTCN2020135204-appb-000045
其中,所述利用所述第二私钥对所述第二密文进行解密,得到所述明文数据,包括:The decrypting the second ciphertext by using the second private key to obtain the plaintext data includes:
计算
Figure PCTCN2020135204-appb-000046
calculate
Figure PCTCN2020135204-appb-000046
判断等式
Figure PCTCN2020135204-appb-000047
是否成立; Judgment Equation
Figure PCTCN2020135204-appb-000047
whether it is established;
当等式
Figure PCTCN2020135204-appb-000048
成立时,输出所述明文数据m。 when the equation
Figure PCTCN2020135204-appb-000048
When established, the plaintext data m is output.
根据第四方面,本发明实施例还提供了一种单向代理重加密装置,所述装置包括:According to a fourth aspect, an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
获取模块,用于获取第一私钥以及明文数据;an acquisition module for acquiring the first private key and plaintext data;
第一密文生成模块,用于基于所述第一私钥以及所述明文数据,生成第一密文,所述第一密文包括多个密文参数;a first ciphertext generating module, configured to generate a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
重加密密钥生成模块,用于根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥;a re-encryption key generation module, configured to generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
第一发送模块,用于将所述第一密文以及所述重加密密钥发送给代理方,以使得所述代理方利用所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文。a first sending module, configured to send the first ciphertext and the re-encryption key to an agent, so that the agent uses the re-encryption key to convert the first ciphertext into an authorized The second ciphertext under the party's second public key.
根据第五方面,本发明实施例还提供了一种单向代理重加密装置,所述装置包括:According to a fifth aspect, an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
第一接收模块,用于接收授权方发送的第一密文以及重加密密钥,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的;The first receiving module is configured to receive the first ciphertext and the re-encryption key sent by the authorizing party, where the first ciphertext is generated based on the first private key of the authorizing party and the plaintext data, and the re-encrypting ciphertext is generated based on the first private key of the authorizing party and the plaintext data. The key is generated according to the first private key and preset ciphertext parameters in the first ciphertext;
密文转换模块,用于基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据。A ciphertext conversion module, configured to convert the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party can understand the second ciphertext The ciphertext is decrypted to obtain the plaintext data.
根据第六方面,本发明实施例还提供了一种单向代理重加密装置,所述装置包括:According to a sixth aspect, an embodiment of the present invention further provides a one-way proxy re-encryption device, the device comprising:
第二获取模块,用于获取第二私钥、第二公钥、授权方的第一公钥以及公共参数,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000049
所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000050
所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); The second obtaining module is used to obtain the second private key, the second public key, the first public key of the authorizing party and the public parameters, and the second private key sk j is represented as sk j =(sk j1 ,sk j2 )= (x j1 ,x j2 ), the second public key pk j is expressed as
Figure PCTCN2020135204-appb-000049
The first public key pk i is expressed as
Figure PCTCN2020135204-appb-000050
The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
验证参数生成模块,用于利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数;a verification parameter generation module, configured to generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key;
密文转换请求生成模块,用于基于所述第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息;a ciphertext conversion request generation module, configured to generate ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
第二发送模块,用于将所述密文转换请求信息发送给所述授权方;a second sending module, configured to send the ciphertext conversion request information to the authorizing party;
第二接收模块,用于接收代理方发送的第二密文,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的;The second receiving module is configured to receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is based on the authorizing party The first private key and the plaintext data are generated, and the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext;
解密模块,用于利用所述第二私钥对所述第二密文进行解密,得到所述明文数据;a decryption module, configured to decrypt the second ciphertext by using the second private key to obtain the plaintext data;
其中,
Figure PCTCN2020135204-appb-000051
Figure PCTCN2020135204-appb-000052
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000053
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000054
的q阶子群G的生成元。 in,
Figure PCTCN2020135204-appb-000051
and
Figure PCTCN2020135204-appb-000052
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000053
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000054
The generator of the q-order subgroup G of .
根据第七方面,本发明实施例提供了一种电子设备,包括:存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器中存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行第一方面或者第一方面的任意一种实施方式,或,执行第二方面或者第二方面的任意一种实施方式,或,执行第三方面或者第三方面的任意一种实施方式中所述的单向代理重加密方法。According to a seventh aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the processor By executing the computer instructions, the first aspect or any embodiment of the first aspect is executed, or the second aspect or any embodiment of the second aspect is executed, or the third aspect or the third aspect is executed The one-way proxy re-encryption method described in any one of the embodiments of .
根据第八方面,本发明实施例提供了一种计算机可读存储介质,所述计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行第一方面或者第一方面的任意一种实施方式,或,执行第二方面或者第二方面的任意一种实施方式,或,执行第三方面或者第三方面的任意一种实施方式中所述的单向代理重加密方法。According to an eighth aspect, an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the first aspect or any one of the first aspect. An implementation manner, or, implements the second aspect or any implementation manner of the second aspect, or implements the one-way proxy re-encryption method described in the third aspect or any implementation manner of the third aspect.
根据第九方面,本发明实施例还提供了一种单向重加密系统,所述系统包括:According to a ninth aspect, an embodiment of the present invention further provides a one-way re-encryption system, the system comprising:
授权方,用于执行本发明第一方面,或第一方面任一项实施方式中所述的单向代理重加密方法;an authorizing party, used to execute the first aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the first aspect;
代理方,与所述授权方连接,用于执行本发明第二方面,或第二方面任一项实施方式中所述的单向代理重加密方法;a proxy party, connected to the authorized party, for executing the second aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the second aspect;
被授权方,与所述被授权方连接,用于执行本发明第三方面,或第三方面任一项实施方式中所述的单向代理重加密方法。An authorized party, connected with the authorized party, is used to execute the third aspect of the present invention, or the one-way proxy re-encryption method described in any embodiment of the third aspect.
附图说明Description of drawings
为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative efforts.
图1示出了本发明实施例中单向代理重加密系统的结构图;1 shows a structural diagram of a one-way proxy re-encryption system in an embodiment of the present invention;
图2是根据本发明实施例的单向代理重加密方法的流程图;2 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图3是根据本发明实施例的单向代理重加密方法的流程图;3 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图4是根据本发明实施例的单向代理重加密方法的流程图;4 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图5是根据本发明实施例的单向代理重加密方法的流程图;5 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图6是根据本发明实施例的单向代理重加密方法的流程图;6 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图7是根据本发明实施例的单向代理重加密方法的流程图;7 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图8是根据本发明实施例的单向代理重加密方法的流程图;8 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图9是根据本发明实施例的单向代理重加密方法的流程图;9 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention;
图10是根据本发明实施例的单向代理重加密装置的结构框图;10 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention;
图11是根据本发明实施例的单向代理重加密装置的结构框图;11 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention;
图12是根据本发明实施例的单向代理重加密装置的结构框图;12 is a structural block diagram of a one-way proxy re-encryption apparatus according to an embodiment of the present invention;
图13是本发明实施例提供的电子设备的硬件结构示意图。FIG. 13 is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of the present invention.
本发明实施例提供了一种单向代理重加密系统,如图1所示,该系统包括授权方、被授权方以及代理方。其中,授权方生成重加密密钥,并将重加密密钥以及第一密文发送给代理方,代理方利用重加密密钥对第一密文进行转换,将其转换为利用被授权方的第二公钥能够解密的第二密文。其中,在系统中对第一密文、重加密密钥以及密文转换的算法构造进行改进,以使得本系统具有较高的抗合谋攻击能力。An embodiment of the present invention provides a one-way proxy re-encryption system. As shown in FIG. 1 , the system includes an authorizer, an authorized party, and an agent. The authorizing party generates a re-encryption key, and sends the re-encryption key and the first ciphertext to the agent, and the agent uses the re-encryption key to convert the first ciphertext into the authorized The second ciphertext that the second public key can decrypt. Among them, the algorithm structure of the first ciphertext, the re-encryption key and the ciphertext conversion is improved in the system, so that the system has a higher anti-collusion attack capability.
进一步地,该系统中的被授权方还用于生成密文转换请求信息,并将该密文转换请求信息发送给授权方,授权方只有在收到被授权方发送的密文转换请求信息时才生成重加密密钥。基于此,本系统中所述的单向代理重加密系统又可以称之为单向被动代理重加密系统。Further, the authorized party in the system is also used to generate ciphertext conversion request information, and send the ciphertext conversion request information to the authorized party, and the authorized party only receives the ciphertext conversion request information sent by the authorized party. The re-encryption key is generated. Based on this, the one-way proxy re-encryption system described in this system can also be called a one-way passive proxy re-encryption system.
其中,授权方将生成的重加密密钥以及第一密文发送给代理方,代理方在对第一密文进行转换之前,先验证重加密密钥的正确性。在重加密密钥验证正确之后,再对将第一密文转换为被授权方的第二公钥下的第二密文。The authorizer sends the generated re-encryption key and the first ciphertext to the agent, and the agent verifies the correctness of the re-encryption key before converting the first ciphertext. After the re-encryption key is verified correctly, the first ciphertext is converted into the second ciphertext under the authorized party's second public key.
其中,关于具体的构造将在下文中进行详细描述。在下文所述的单向代理重加密方法对应的实施例中,分别从授权方、代理方以及被授权方的角度对单向代理重加密方法进行详细描述。Among them, the specific configuration will be described in detail below. In the embodiments corresponding to the one-way proxy re-encryption method described below, the one-way proxy re-encryption method is described in detail from the perspectives of the authorizer, the proxy, and the authorized party, respectively.
根据本发明实施例,提供了一种单向代理重加密方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present invention, an embodiment of a one-way proxy re-encryption method is provided. It should be noted that the steps shown in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases steps shown or described may be performed in an order different from that herein.
在本实施例中提供了一种单向代理重加密方法,可用于上述的授权方,如电脑、手机、平板电脑等,图2是根据本发 明实施例的单向代理重加密方法的流程图,如图2所示,该流程包括如下步骤:This embodiment provides a one-way proxy re-encryption method, which can be used for the above-mentioned authorized parties, such as computers, mobile phones, tablet computers, etc. FIG. 2 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 2, the process includes the following steps:
S11,获取第一私钥以及明文数据。S11, obtain a first private key and plaintext data.
其中,第一私钥是授权方利用密钥生成算法生成的,授权方所生成的包括第一私钥以及第一公钥。在本实施例中,对生成第一私钥以及第一公钥的具体方式并不做任何限制,具体可以根据实际情况进行相应的设置。Wherein, the first private key is generated by the authorizing party using a key generation algorithm, and what is generated by the authorizing party includes the first private key and the first public key. In this embodiment, the specific manner of generating the first private key and the first public key is not limited, and specific settings may be made according to actual conditions.
授权方需要将明文数据加密后生成第一密文,并将第一密文发送给代理方,以使得代理方对其进行转换后再发送给被授权方进行解密。在此对授权方获取明文数据的方式并不做任何限制,其具体获取方式可以根据实际情况进行相应的选择。The authorizing party needs to encrypt the plaintext data to generate the first ciphertext, and send the first ciphertext to the agent, so that the agent converts it and then sends it to the authorized party for decryption. There is no restriction on the way that the authorized party obtains the plaintext data, and the specific way of obtaining the data can be selected according to the actual situation.
S12,基于第一私钥以及明文数据,生成第一密文。S12, based on the first private key and the plaintext data, generate a first ciphertext.
其中,所述第一密文包括多个密文参数。Wherein, the first ciphertext includes a plurality of ciphertext parameters.
授权方在上述S11中生成第一私钥之后,利用第一私钥对明文数据进行算法处理后,生成第一密文。其中,所述的第一密文可以是直接利用第一私钥对明文数据进行算法处理后得到的,也可以是授权方利用第一私钥以及其他参数(例如,授权方生成的公共参数)对明文数据进行算法处理后得到的,在此并不对其进行具体限定,只需保证第一密文的形成是依赖于第一私钥以及明文数据的。After generating the first private key in the above S11, the authorizing party uses the first private key to perform algorithmic processing on the plaintext data to generate the first ciphertext. The first ciphertext may be obtained by directly using the first private key to perform algorithmic processing on the plaintext data, or may be obtained by the authorizing party using the first private key and other parameters (for example, public parameters generated by the authorizing party) It is obtained by performing algorithm processing on the plaintext data, which is not specifically limited here, it only needs to ensure that the formation of the first ciphertext depends on the first private key and the plaintext data.
授权方所生成的第一密文是由多个密文参数组成,各个密文参数之间存在关联关系。例如,授权方先利用第一私钥以及明文数据生成第一密文参数,再在第一密文参数的基础上生成第二密文参数,等等。具体将在下文中对该步骤进行详细描述。The first ciphertext generated by the authorizer is composed of multiple ciphertext parameters, and there is an association relationship between each ciphertext parameter. For example, the authorizing party first generates the first ciphertext parameter by using the first private key and the plaintext data, and then generates the second ciphertext parameter on the basis of the first ciphertext parameter, and so on. Specifically, this step will be described in detail below.
S13,根据第一私钥以及第一密文中的预设密文参数,生成重加密密钥。S13: Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
如上文所述,授权方所生成的第一密文中包括多种密文参数,那么,授权方就利用第一密文中的预设密文参数以及第一私钥生成重加密密钥。例如,授权方可以将第一私钥以及预设密文参数作为预设函数表达式的参数,将其代入到预设函数表达式中,利用预设函数的计算即可生成重加密密钥;授权方也可以是在第一私钥以及预设密文参数的基础上,再结合其他参数(例如,授权方生成的公共参数)生成重加密密钥。As described above, the first ciphertext generated by the authorizing party includes various ciphertext parameters, then the authorizing party generates the re-encryption key by using the preset ciphertext parameters in the first ciphertext and the first private key. For example, the authorizer can use the first private key and the preset ciphertext parameters as parameters of the preset function expression, substitute them into the preset function expression, and use the calculation of the preset function to generate the re-encryption key; The authorizing party may also generate a re-encryption key based on the first private key and the preset ciphertext parameters in combination with other parameters (for example, public parameters generated by the authorizing party).
在此对重加密密钥的生成算法的具体算法结构并不做任何限制,只需保证重加密密钥是依赖于第一私钥以及第一密文中的预设密文参数生成的即可。The specific algorithm structure of the algorithm for generating the re-encryption key is not limited here, as long as it is ensured that the re-encryption key is generated by relying on the first private key and the preset ciphertext parameters in the first ciphertext.
S14,将第一密文以及重加密密钥发送给代理方,以使得代理方利用重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文。S14: Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
授权方在生成第一密文以及重加密密钥之后,将其发送给代理方。后续代理方在利用重加密密钥对第一密文进行转换,将第一密文转换为被授权方的第二公钥下的第二密文。关于该步骤具体将在下文中进行详细描述,在此不再指数。After generating the first ciphertext and the re-encryption key, the authorized party sends it to the agent. The subsequent proxy party converts the first ciphertext by using the re-encryption key, and converts the first ciphertext into a second ciphertext under the authorized party's second public key. This step will be described in detail below, and will not be indexed here.
本实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by this embodiment, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only The ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction, Thus, one-way re-encryption is realized; since the first ciphertext is generated based on the first private key and the plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and the plaintext data. When the data changes, the parameters of each ciphertext will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, using the learned parameters will also The plaintext corresponding to the other first ciphertext cannot be decrypted. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
在本实施例中提供了一种单向代理重加密方法,可用于上述的授权方,如电脑、手机、平板电脑等,图3是根据本发明实施例的单向代理重加密方法的流程图,如图3所示,该流程包括如下步骤:This embodiment provides a one-way proxy re-encryption method, which can be used for the above-mentioned authorized parties, such as computers, mobile phones, tablet computers, etc. FIG. 3 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 3, the process includes the following steps:
S21,获取第一私钥以及明文数据。S21, obtain the first private key and plaintext data.
例如,授权方可以利用KeyGen(param)算法生成第一公私钥对,所述的第一公私钥对包括第一私钥sk i以及第一公钥pk i。具体地,可以采用如下方式生成所述的第一公钥对: For example, the authorizing party may use the KeyGen(param) algorithm to generate a first public-private key pair, where the first public-private key pair includes the first private key ski and the first public key pk i . Specifically, the first public key pair can be generated in the following manner:
(1)随机选取
Figure PCTCN2020135204-appb-000055
(1) Randomly selected
Figure PCTCN2020135204-appb-000055
(2)输出sk i=(sk i1,sk i2)=(x i1,x i2),
Figure PCTCN2020135204-appb-000056
(2) Output sk i =(sk i1 ,sk i2 )=(x i1 ,x i2 ),
Figure PCTCN2020135204-appb-000056
其中,param为公共参数,可以表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1),
Figure PCTCN2020135204-appb-000057
Figure PCTCN2020135204-appb-000058
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000059
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000060
的q阶子群G的生成元。例如,授权方可以利用Setup算法产生公共参数。 Among them, param is a common parameter, which can be expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 ),
Figure PCTCN2020135204-appb-000057
and
Figure PCTCN2020135204-appb-000058
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000059
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000060
The generator of the q-order subgroup G of . For example, the authorized party can use the Setup algorithm to generate public parameters.
其余详细请参见图2所示实施例的S11,在此不再赘述。For other details, please refer to S11 of the embodiment shown in FIG. 2 , which will not be repeated here.
S22,基于第一私钥以及明文数据,生成第一密文。S22, based on the first private key and the plaintext data, generate a first ciphertext.
其中,所述第一密文包括多个密文参数。Wherein, the first ciphertext includes a plurality of ciphertext parameters.
具体地,上述S22包括如下步骤:Specifically, the above S22 includes the following steps:
S221,获取公共参数。S221, obtain public parameters.
其中,所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1)。可选地,授权方可以利用Setup(l q)算法生成公共参数,其中,l q为输入的安全参数。 Wherein, the common parameters are expressed as param=(p, q, g, H 1 , H 2 , H 3 , l 0 , l 1 ). Optionally, the authorizer may generate public parameters by using the Setup(l q ) algorithm, where l q is an input security parameter.
S222,利用第一私钥、明文数据以及公共参数,生成第一密文参数。S222, generating a first ciphertext parameter by using the first private key, the plaintext data, and the public parameter.
其中,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2)。 Wherein, the first private key ski is expressed as ski =(sk i1 , sk i2 )= ( x i1 , x i2 ).
S223,利用第一密文参数、第一私钥以及公共参数,生成第二密文参数。S223: Generate a second ciphertext parameter by using the first ciphertext parameter, the first private key and the public parameter.
S224,利用第二密文参数以及公共参数,生成第三密文参数,以得到第一密文。S224, using the second ciphertext parameter and the public parameter to generate a third ciphertext parameter to obtain the first ciphertext.
授权方可以采用Enc(sk i,m)算法生成第一密文,该算法的输入为第一私钥以及明文数据
Figure PCTCN2020135204-appb-000061
具体地, The authorizer can use the Enc (ski,m) algorithm to generate the first ciphertext, and the input of the algorithm is the first private key and plaintext data
Figure PCTCN2020135204-appb-000061
specifically,
(1)随机选取
Figure PCTCN2020135204-appb-000062
计算r=H 1(m,w); (1) Randomly selected
Figure PCTCN2020135204-appb-000062
Calculate r=H 1 (m,w);
(2)计算
Figure PCTCN2020135204-appb-000063
D=V u,E=V r,s=u+r·H 3(D,E,F)mod q; (2) Calculation
Figure PCTCN2020135204-appb-000063
D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q;
(3)输出所述第一密文CT i=(D,E,F,V,s); (3) outputting the first ciphertext CT i =(D, E, F, V, s);
其中,m所述明文数据,表示为
Figure PCTCN2020135204-appb-000064
F为所述第一密文参数,V为所述第二密文参数,E为所述第三密文参数。 Among them, the plaintext data of m is expressed as
Figure PCTCN2020135204-appb-000064
F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter.
在第二密文参数V中的指数H 3[(x i1+F)·x i2]是随第一密文参数F变化的,且在第二密文参数的指数H 3[(x i1+F)·x i2]是利用第三哈希函数H 3将第一私钥sk i隐藏,保证了第一私钥sk i不会暴露;且第一密文参数F是随明文数据m变化的,所以第二密文参数V中的指数H 3[(x i1+F)·x i2]在每一次生成第一密文时都会发生改变,此时并不需要进行第一私钥的更换。因此,当被授权方与代理方合谋时,仍然无法利用某一个第一密文中的第二密文参数的指数值来解密出其他第一密文对应的明文,提高了抗共谋攻击的能力。具体地,若被授权方和代理方合谋,企图获取授权方的私钥,被授权方和代理方只能获取重加密密钥中的H 3[(x i1+F)·x i2]mod q整体的值,得益于哈希函数的特性,一直这个值无法逆推出第三哈希函数H 3的输入(x i1+F)·x i2具体是多少,更无法推出第一私钥的具体数值,因此,第三哈希函数在第二密文参数以及重加密密钥构造中的使用,保证了第一私钥不会暴露。 The index H 3 [(x i1 +F)·x i2 ] in the second ciphertext parameter V varies with the first ciphertext parameter F, and the index H 3 [(x i1 + F) x i2 ] is to use the third hash function H 3 to hide the first private key s i , which ensures that the first private key s i will not be exposed; and the first ciphertext parameter F changes with the plaintext data m , so the index H 3 [(x i1 +F)·x i2 ] in the second ciphertext parameter V will change every time the first ciphertext is generated, and the first private key does not need to be replaced at this time. Therefore, when the authorized party colludes with the agent, it is still impossible to use the index value of the second ciphertext parameter in a certain first ciphertext to decrypt the plaintexts corresponding to other first ciphertexts, which improves the ability to resist collusion attacks. . Specifically, if the authorized party and the agent collude and attempt to obtain the private key of the authorized party, the authorized party and the agent can only obtain H 3 [(x i1 +F)·x i2 ]mod q in the re-encryption key The overall value, thanks to the characteristics of the hash function, has always been unable to infer the specific value of the input (x i1 +F)·x i2 of the third hash function H3, let alone the specific value of the first private key. Numerical value, therefore, the use of the third hash function in the construction of the second ciphertext parameter and the re-encryption key ensures that the first private key is not exposed.
此外需要说明的是,本案中加密算法Enc(sk i,m)的构造决定了单向代理重加密方法中的单向。具体地,在加密算法Enc(sk i,m)中,第二密文参数V的指数部分使用了哈希函数,输入除了与私钥有关,还与第一密文参数F有关。在后续的密文转换算法ReEnc中,使用rk ij将第一密文中的密文参数E进行转换: In addition, it should be noted that the structure of the encryption algorithm Enc (ski ,m) in this case determines the one-way in the one-way proxy re-encryption method. Specifically, in the encryption algorithm Enc(ski ,m), the exponent part of the second ciphertext parameter V uses a hash function, and the input is not only related to the private key, but also related to the first ciphertext parameter F. In the subsequent ciphertext conversion algorithm ReEnc, use rk ij to convert the ciphertext parameter E in the first ciphertext:
Figure PCTCN2020135204-appb-000065
Figure PCTCN2020135204-appb-000065
上述的F,V和E是授权方i的第一密文的一部分。此外,将属于被授权方j自己的第一密文中的F、V以及E分别记为F j、V j以及E j,则
Figure PCTCN2020135204-appb-000066
此时若代理方使用同一个重加密密钥rk ij,企图将被授权方j自己的第一密文,为授权方i转换出一个第二密文,则代理方执行重加密,计算
Figure PCTCN2020135204-appb-000067
很明显此式的指数部分的两个哈希函数无法约去,也就不能得到相应的形如g r·h的结果,也就是说一个能将授权方i的第一密文转换到被授权方j能解密的密文的重加密密钥rk ij,无法将被授权方j的第一密文转换为授权方i能解密的密文。当这一个rk ij只能进行授权方i到被授权方j这一个方向的转换,无法进行被授权方j到授权方i这个方向的转换时,将该代理重加密过程称之为单向代理重加密过程。 The above-mentioned F, V and E are part of the first ciphertext of the authorized party i. In addition, denote F, V and E in the first ciphertext belonging to authorized party j as F j , V j and E j respectively, then
Figure PCTCN2020135204-appb-000066
At this time, if the agent uses the same re-encryption key rk ij in an attempt to convert the first ciphertext of the authorized party j itself into a second ciphertext for the authorized party i, the agent performs re-encryption and calculates
Figure PCTCN2020135204-appb-000067
Obviously, the two hash functions of the exponent part of this formula cannot be reduced, and the corresponding result in the form of g r h cannot be obtained, that is to say, one can convert the first ciphertext of the authorizing party i The re-encryption key rk ij of the ciphertext that can be decrypted by party j cannot convert the first ciphertext of authorized party j into ciphertext that can be decrypted by authorized party i. When this rk ij can only perform the conversion from authorizer i to authorizer j, but cannot perform the conversion from authorizer j to authorizer i, the proxy re-encryption process is called a one-way proxy. Re-encryption process.
S23,根据第一私钥以及第一密文中的预设密文参数,生成重加密密钥。S23: Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
详细请参见图2所示实施例的S13,在此不再赘述。For details, please refer to S13 of the embodiment shown in FIG. 2 , which will not be repeated here.
S24,将第一密文以及重加密密钥发送给代理方,以使得代理方利用重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文。S24: Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
详细请参见图2所示实施例的S14,在此不再赘述。For details, please refer to S14 of the embodiment shown in FIG. 2 , which will not be repeated here.
本实施例提供的单向代理重加密方法,由于第二密文参数是基于第一密文参数生成的,第三密文参数又是基于第二密文参数生成的,就会带来第一密文中的各个密文参数之间存在关联关系,有一个密文参数发生改变,其他密文参数也会相应发生改变,提高了第一密文的安全性。In the one-way proxy re-encryption method provided by this embodiment, since the second ciphertext parameter is generated based on the first ciphertext parameter, and the third ciphertext parameter is generated based on the second ciphertext parameter, the first ciphertext parameter is generated based on the second ciphertext parameter. There is an association relationship between various ciphertext parameters in the ciphertext. When one ciphertext parameter changes, other ciphertext parameters will also change accordingly, which improves the security of the first ciphertext.
在本实施例中提供了一种单向代理重加密方法,可用于上述的授权方,如电脑、手机、平板电脑等,图4是根据本发明实施例的单向代理重加密方法的流程图,如图4所示,该流程包括如下步骤:This embodiment provides a one-way proxy re-encryption method, which can be used for the above-mentioned authorized parties, such as computers, mobile phones, tablet computers, etc. FIG. 4 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention , as shown in Figure 4, the process includes the following steps:
S31,获取第一私钥以及明文数据。S31, obtain the first private key and plaintext data.
详细请参见图2所示实施例的S11,在此不再赘述。For details, please refer to S11 of the embodiment shown in FIG. 2 , which will not be repeated here.
S32,基于第一私钥以及明文数据,生成第一密文。S32, based on the first private key and the plaintext data, generate a first ciphertext.
其中,所述第一密文包括多个密文参数。Wherein, the first ciphertext includes a plurality of ciphertext parameters.
详细请参见图3所示实施例的S22,在此不再赘述。For details, please refer to S22 of the embodiment shown in FIG. 3 , which will not be repeated here.
S33,根据第一私钥以及第一密文中的预设密文参数,生成重加密密钥。S33: Generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext.
其中,所述预设密文参数为所述第一密文参数。Wherein, the preset ciphertext parameter is the first ciphertext parameter.
在本实施例中,授权方在接收到被授权方发送的密文转换请求信息时,再生成重加密密钥。具体地,上述S33可以包括如下步骤:In this embodiment, the authorizing party regenerates the re-encryption key when receiving the ciphertext conversion request information sent by the authorized party. Specifically, the above S33 may include the following steps:
S331,接收被授权方发送的密文转换请求信息。S331: Receive the ciphertext conversion request information sent by the authorized party.
其中,所述密文转换请求信息包括所述第二公钥、第一验证参数以及第二验证参数,所述第一验证参数是基于公共参数生成的,所述第二验证参数是基于第一公钥以及第二私钥生成的。所述的第一验证参数以及第二验证参数是被授权方生成的。The ciphertext conversion request information includes the second public key, a first verification parameter, and a second verification parameter, the first verification parameter is generated based on the public parameter, and the second verification parameter is based on the first verification parameter. The public key and the second private key are generated. The first verification parameter and the second verification parameter are generated by the authorized party.
具体地,所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000068
所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000069
Figure PCTCN2020135204-appb-000070
所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第一验证参数g 2表示为:g 2=g h,其中,
Figure PCTCN2020135204-appb-000071
所述第二验证参数δ表示为:
Figure PCTCN2020135204-appb-000072
Specifically, the first public key pk i is expressed as
Figure PCTCN2020135204-appb-000068
The second public key pk j is expressed as
Figure PCTCN2020135204-appb-000069
Figure PCTCN2020135204-appb-000070
The second private key is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ), and the first verification parameter g 2 is expressed as: g 2 =gh , wherein,
Figure PCTCN2020135204-appb-000071
The second verification parameter δ is expressed as:
Figure PCTCN2020135204-appb-000072
被授权方在需要进行代理重加密时,向授权方发送密文转换信息请求。授权方在接收到该密文转换信息请求之后,再生成重加密密钥。其中,密文转换请求信息可以表示为R=(δ,g 2,pk i1)。 When the authorized party needs to perform proxy re-encryption, it sends a ciphertext conversion information request to the authorized party. After receiving the ciphertext conversion information request, the authorized party generates a re-encryption key. The ciphertext conversion request information can be expressed as R=(δ, g 2 , pk i1 ).
S332,基于密文转换请求信息、第一私钥以及第一密文参数,生成重加密密钥。S332: Generate a re-encryption key based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
授权方在接收到密文转换请求信息之后,提取密文转换请求信息中的参数,并结合第一私钥以及第一密文参数F,生成重加密密钥。After receiving the ciphertext conversion request information, the authorizing party extracts the parameters in the ciphertext conversion request information, and generates a re-encryption key in combination with the first private key and the first ciphertext parameter F.
作为本实施例的一种可选实施方式,所述重加密密钥可以通过ReKeyGen(sk i,R,F)算法实现,该算法的输入为授权方的第一私钥sk i、被授权方发送的密文转换请求信息R以及第一密文参数F。具体算法表示如下: As an optional implementation manner of this embodiment, the re-encryption key may be implemented by a ReKeyGen (ski, R, F) algorithm, and the input of the algorithm is the first private key ski of the authorizing party, the authorized party The sent ciphertext conversion request information R and the first ciphertext parameter F. The specific algorithm is expressed as follows:
(1)计算
Figure PCTCN2020135204-appb-000073
(1) Calculation
Figure PCTCN2020135204-appb-000073
(2)判断g h′=g 2是否成立; (2) Judging whether g h′ = g 2 is established;
(3)当g h′=g 2成立时,计算
Figure PCTCN2020135204-appb-000074
(3) When g h′ = g 2 is established, calculate
Figure PCTCN2020135204-appb-000074
(4)输出所述重加密密钥
Figure PCTCN2020135204-appb-000075
(4) Output the re-encryption key
Figure PCTCN2020135204-appb-000075
由于第一验证参数和第二验证参数的构造保证了被授权方只有正确计算密文转换请求后,授权方才能够为被授权方生 成正确的重加密密钥,如果被授权方恶意提交了不正确的第一验证参数以及第二验证参数,将会被立即检测出来,保证了输出的重加密密钥是正确的,且是为被授权方生成的。Because the construction of the first verification parameter and the second verification parameter ensures that the authorized party can generate the correct re-encryption key for the authorized party only after the authorized party calculates the ciphertext conversion request correctly, if the authorized party maliciously submits an incorrect re-encryption key The first verification parameter and the second verification parameter will be detected immediately, ensuring that the output re-encryption key is correct and generated for the authorized party.
S34,将第一密文以及重加密密钥发送给代理方,以使得代理方利用重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文。S34: Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the authorized party's second public key.
详细请参见图2所示实施例的S14,在此并不赘述。For details, please refer to S14 of the embodiment shown in FIG. 2 , which is not repeated here.
进一步可选地,授权方还可以利用Dec(sk i,CT i)算法对第一密文CT i=(D,E,F,V,s)进行解密,得到相应的明文数据m,该算法的输入为授权方的第一私钥sk i以及第一密文CT i,输出为明文数据。该算法具体可以包括如下步骤: Further optionally, the authorizing party can also use the Dec(ski, CT i ) algorithm to decrypt the first ciphertext CT i = (D, E, F, V, s) to obtain the corresponding plaintext data m. This algorithm The input is the authorizer's first private key ski and the first ciphertext CT i , and the output is plaintext data. The algorithm may specifically include the following steps:
(1)判断等式
Figure PCTCN2020135204-appb-000076
是否成立,若成立则计算
Figure PCTCN2020135204-appb-000077
否则,输出错误符号⊥; (1) Judgment Equation
Figure PCTCN2020135204-appb-000076
Whether it is established, if so, calculate
Figure PCTCN2020135204-appb-000077
Otherwise, output the error symbol ⊥;
(2)判断等式
Figure PCTCN2020135204-appb-000078
是否成立,若成立则输出明文数据m;否则,输出错误符号⊥。 (2) Judgment Equation
Figure PCTCN2020135204-appb-000078
Whether it is established, if so, output the plaintext data m; otherwise, output the error symbol ⊥.
本实施例提供的单向代理重加密方法,授权方依据被授权发送的密文转换请求信息才进行重加密密钥的生成,使得该方法可以应用在授权方不能主动选择被授权方,而是被动等待被授权方发起请求的场合,例如,数据公平交易中,该方法有可以称之为单向被动代理重加密方法。In the one-way proxy re-encryption method provided in this embodiment, the authorizing party generates a re-encryption key according to the ciphertext conversion request information sent by the authorized party, so that the method can be applied when the authorizing party cannot actively select the authorized party, but When passively waiting for an authorized party to initiate a request, for example, in a data fair transaction, this method can be called a one-way passive proxy re-encryption method.
在本实施例中提供了一种单向代理重加密方法,可用于上述的代理方,如电脑、手机、平板电脑等。本实施例与上文图2-图4实施例中所述的单向代理重加密方法对应,图5是根据本发明实施例的单向代理重加密方法的流程图,如图5所示,该流程包括如下步骤:In this embodiment, a one-way proxy re-encryption method is provided, which can be used for the above-mentioned proxy party, such as a computer, a mobile phone, a tablet computer, and the like. This embodiment corresponds to the one-way proxy re-encryption method described above in the embodiments of FIG. 2 to FIG. 4 , and FIG. 5 is a flowchart of the one-way proxy re-encryption method according to an embodiment of the present invention, as shown in FIG. 5 , The process includes the following steps:
S41,接收授权方发送的第一密文以及重加密密钥。S41: Receive the first ciphertext and the re-encryption key sent by the authorized party.
其中,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的。Wherein, the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is based on the first private key and a preset password in the first ciphertext generated from the text parameters.
如上文所述,授权方将生成的重加密密钥以及第一密文发送给代理方。相应地,后续代理方就可以利用接收到重加密密钥对第一密文进行转换。As described above, the authorizing party sends the generated re-encryption key and the first ciphertext to the proxy party. Correspondingly, the subsequent agent can use the received re-encryption key to convert the first ciphertext.
其中,关于重加密密钥以及第一密文的生成方式,请详见图2-图4所示实施例的相关描述,在此不再赘述。Wherein, regarding the method of generating the re-encryption key and the first ciphertext, please refer to the relevant descriptions of the embodiments shown in FIG. 2 to FIG. 4 for details, which will not be repeated here.
S42,基于重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文,以使得被授权方对第二密文进行解密得到明文数据。S42 , converting the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain plaintext data.
代理方在接收到重加密密钥之后,可以先对重加密密钥的正确性进行验证,在验证通过之后,再利用重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文。具体将在下文中对该步骤进行详细描述。After the agent receives the re-encryption key, it can first verify the correctness of the re-encryption key, and after the verification is passed, the first ciphertext is converted into the authorized party's second public key by using the re-encryption key. The second ciphertext below. Specifically, this step will be described in detail below.
本发明实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by the embodiment of the present invention, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only be used for A ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction , thereby realizing one-way re-encryption; since the first ciphertext is generated based on the first private key and plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and plaintext data, when When the plaintext data changes, each ciphertext parameter will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, the learned parameters can be used. The plaintext corresponding to the other first ciphertext cannot be decrypted either. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
在本实施例中提供了一种单向代理重加密方法,可用于上述的代理方,如电脑、手机、平板电脑等。该方法与图2-图4所示实施例中所述的单向代理重加密方法对应。图6是根据本发明实施例的单向代理重加密方法的流程图,如图6所示,该流程包括如下步骤:In this embodiment, a one-way proxy re-encryption method is provided, which can be used for the above-mentioned proxy party, such as a computer, a mobile phone, a tablet computer, and the like. This method corresponds to the one-way proxy re-encryption method described in the embodiments shown in FIG. 2 to FIG. 4 . FIG. 6 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention. As shown in FIG. 6 , the flowchart includes the following steps:
S51,接收授权方发送的第一密文以及重加密密钥。S51: Receive the first ciphertext and the re-encryption key sent by the authorized party.
其中,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的。Wherein, the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is based on the first private key and a preset password in the first ciphertext generated from the text parameters.
具体地,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2),第一公钥pk i表示为
Figure PCTCN2020135204-appb-000079
所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000080
所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2)。 Specifically, the first private key ski is expressed as sk i =(sk i1 ,sk i2 )=(x i1 , x i2 ) , and the first public key pk i is expressed as
Figure PCTCN2020135204-appb-000079
The second public key pk j is expressed as
Figure PCTCN2020135204-appb-000080
The second private key is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ).
所述第一密文CT i表示为CT i=(D,E,F,V,s),
Figure PCTCN2020135204-appb-000081
D=V u,E=V r,s=u+r·H 3(D,E,F)mod q,
Figure PCTCN2020135204-appb-000082
r=H 1(m,w),m为所述明文数据,F为第一密文参数,V为第二密文参数,E为第三密文参数; The first ciphertext CT i is expressed as CT i =(D, E, F, V, s),
Figure PCTCN2020135204-appb-000081
D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q,
Figure PCTCN2020135204-appb-000082
r=H 1 (m, w), m is the plaintext data, F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter;
所述重加密密钥
Figure PCTCN2020135204-appb-000083
表示为:
Figure PCTCN2020135204-appb-000084
the re-encryption key
Figure PCTCN2020135204-appb-000083
Expressed as:
Figure PCTCN2020135204-appb-000084
Figure PCTCN2020135204-appb-000085
Figure PCTCN2020135204-appb-000085
Figure PCTCN2020135204-appb-000086
为小于q的非负非零整数集合,q为分别为预设素数,q的位长度为l q,H 2以及H 3分别为第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000087
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000088
的q阶子群G的生成元。
Figure PCTCN2020135204-appb-000086
is a set of non-negative and non-zero integers less than q, q is a preset prime number, the bit length of q is l q , H 2 and H 3 are the second hash function and the third hash function, respectively, expressed as
Figure PCTCN2020135204-appb-000087
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000088
The generator of the q-order subgroup G of .
S52,基于重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文,以使得被授权方对第二密文进行解密得到明文数据。S52, the first ciphertext is converted into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain plaintext data.
具体地,上述S52可以包括如下步骤:Specifically, the above S52 may include the following steps:
S521,利用第二密文参数、重加密密钥以及第一验证参数,验证重加密密钥的正确性。S521, using the second ciphertext parameter, the re-encryption key, and the first verification parameter to verify the correctness of the re-encryption key.
其中,所述第一验证参数g 2表示为
Figure PCTCN2020135204-appb-000089
Wherein, the first verification parameter g 2 is expressed as
Figure PCTCN2020135204-appb-000089
具体地,可以采用
Figure PCTCN2020135204-appb-000090
算法验证重加密密钥的正确性,该算法的输入为重加密密钥
Figure PCTCN2020135204-appb-000091
第二密文参数V以及第一验证参数g 2。具体算法如下: Specifically, it is possible to use
Figure PCTCN2020135204-appb-000090
The algorithm verifies the correctness of the re-encryption key, and the input of the algorithm is the re-encryption key
Figure PCTCN2020135204-appb-000091
The second ciphertext parameter V and the first verification parameter g 2 . The specific algorithm is as follows:
(1)判断等式
Figure PCTCN2020135204-appb-000092
是否成立; (1) Judgment Equation
Figure PCTCN2020135204-appb-000092
whether it is established;
(2)当等式
Figure PCTCN2020135204-appb-000093
成立时,确定所述重加密密钥验证通过;否则,可以输出错误符号。 (2) When the equation
Figure PCTCN2020135204-appb-000093
When established, it is determined that the re-encryption key verification is passed; otherwise, an error symbol may be output.
S522,当重加密密钥验证通过时,基于第一密文、重加密密钥以及第一验证参数,将第一密文转换为被授权方的第二公钥下的第二密文。S522, when the re-encryption key verification is passed, based on the first ciphertext, the re-encryption key and the first verification parameter, convert the first ciphertext into a second ciphertext under the authorized party's second public key.
具体地,可以采用
Figure PCTCN2020135204-appb-000094
算法将第一密文转换为第二密文,该算法的输入为第一密文CT i、重加密密钥
Figure PCTCN2020135204-appb-000095
以及第一验证参数g 2,具体算法表示如下: Specifically, it is possible to use
Figure PCTCN2020135204-appb-000094
The algorithm converts the first ciphertext into the second ciphertext, and the input of the algorithm is the first ciphertext CT i , the re-encryption key
Figure PCTCN2020135204-appb-000095
and the first verification parameter g 2 , the specific algorithm is expressed as follows:
(1)判断等式
Figure PCTCN2020135204-appb-000096
是否成立; (1) Judgment Equation
Figure PCTCN2020135204-appb-000096
whether it is established;
(2)当等式
Figure PCTCN2020135204-appb-000097
成立时,计算
Figure PCTCN2020135204-appb-000098
(2) When the equation
Figure PCTCN2020135204-appb-000097
When established, calculate
Figure PCTCN2020135204-appb-000098
(3)输出转换后的所述第二密文CT j=(E′,F,δ,g 2)。 (3) Output the converted second ciphertext CT j =(E',F,δ,g 2 ).
本发明实施例提供的单向代理重加密方法,重加密密钥以及第一验证参数的构造为重加密密钥的验证提供了基础,保证了重加密密钥验证的可靠性;且该方法只有在重加密密钥验证通过后,才进行第一密文的转换,提高了单向代理重加密方法的可靠性。In the one-way proxy re-encryption method provided by the embodiment of the present invention, the construction of the re-encryption key and the first verification parameter provides a basis for the verification of the re-encryption key, and ensures the reliability of the re-encryption key verification; After the re-encryption key is verified, the first ciphertext is converted, which improves the reliability of the one-way proxy re-encryption method.
在本实施例中提供了一种单向代理重加密方法,可用于上述的被授权方,如电脑、手机、平板电脑等。该方法与图2-图4所示的方法,以及图5-图6所示的方法对应。图7是根据本发明实施例的单向代理重加密方法的流程图,如图7所示,该流程包括如下步骤:In this embodiment, a one-way proxy re-encryption method is provided, which can be used for the above-mentioned authorized party, such as a computer, a mobile phone, a tablet computer, and the like. This method corresponds to the methods shown in FIGS. 2-4 and the methods shown in FIGS. 5-6 . FIG. 7 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention. As shown in FIG. 7 , the flowchart includes the following steps:
S61,获取第二私钥、第二公钥、授权方的第一公钥以及公共参数。S61: Obtain a second private key, a second public key, a first public key of an authorizing party, and public parameters.
其中,第二私钥以及第二公钥是被授权方利用密钥生成算法生成的,第一公钥以及公共参数是从授权方获取到的。The second private key and the second public key are generated by the authorized party using a key generation algorithm, and the first public key and public parameters are obtained from the authorized party.
具体地,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000099
Figure PCTCN2020135204-appb-000100
所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000101
所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1)。 Specifically, the second private key sk j is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ), and the second public key pk j is expressed as
Figure PCTCN2020135204-appb-000099
Figure PCTCN2020135204-appb-000100
The first public key pk i is expressed as
Figure PCTCN2020135204-appb-000101
The common parameters are expressed as param=(p, q, g, H 1 , H 2 , H 3 , l 0 , l 1 ).
其中,
Figure PCTCN2020135204-appb-000102
Figure PCTCN2020135204-appb-000103
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000104
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000105
的q阶子群G的生成元。 in,
Figure PCTCN2020135204-appb-000102
and
Figure PCTCN2020135204-appb-000103
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000104
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000105
The generator of the q-order subgroup G of .
例如,被授权方也可以利用与授权方相同的算法,即,KeyGen(param)生成第二公私钥对,所述的公私钥对包括第二私钥sk j以及第二公钥pk j。详细请参见图3所示实施例的S21的详细描述,在此不再赘述。 For example, the authorized party can also use the same algorithm as the authorized party, that is, KeyGen(param) to generate a second public-private key pair, where the public-private key pair includes the second private key sk j and the second public key pk j . For details, please refer to the detailed description of S21 in the embodiment shown in FIG. 3 , which will not be repeated here.
S62,利用公共参数生成第一验证参数,并利用第一公钥以及第二私钥生成第二验证参数。S62, using the public parameter to generate the first verification parameter, and using the first public key and the second private key to generate the second verification parameter.
被授权方利用公共参数生成第一验证参数g 2,并利用第一公钥pk i1以及第二私钥x j1生成第二验证参数δ。 The authorized party uses the public parameters to generate the first verification parameter g 2 , and uses the first public key pk i1 and the second private key x j1 to generate the second verification parameter δ.
S63,基于第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息。S63, based on the first verification parameter, the second verification parameter and the first public key, generate ciphertext conversion request information.
其中,密文转换请求信息可以表示为R=(δ,g 2,pk j1)。 The ciphertext conversion request information may be expressed as R=(δ, g 2 , pk j1 ).
S64,将密文转换请求信息发送给授权方。S64, sending the ciphertext conversion request information to the authorizing party.
被授权方将上述S63中生成的密文转换请求信息发送给授权方,以使得授权方基于该密文转换请求信息生成重加密密钥。The authorized party sends the ciphertext conversion request information generated in the above S63 to the authorizer, so that the authorizer generates a re-encryption key based on the ciphertext conversion request information.
S65,接收代理方发送的第二密文。S65: Receive the second ciphertext sent by the proxy.
其中,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的。The second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is used to convert the first ciphertext. The key is generated based on the first private key and preset ciphertext parameters in the first ciphertext.
S66,利用第二私钥对第二密文进行解密,得到明文数据。S66, decrypt the second ciphertext by using the second private key to obtain plaintext data.
被授权方在接收到代理方发送的第二密文之后,就可以利用解密算法对其进行解密,从而得到相应的明文数据。After receiving the second ciphertext sent by the agent, the authorized party can use the decryption algorithm to decrypt it to obtain corresponding plaintext data.
本实施例提供的单向代理重加密方法,由于重加密密钥是基于第一私钥以及第一密文中的预设密文参数生成的,那么重加密密钥只能将授权方的第一密文转换为被授权方的第二密文,而并不能够将被授权方的第一密文转换为授权方的第二密文,即该重加密密钥只能实现一个方向的转换,从而实现单向重加密;由于第一密文是基于第一私钥以及明文数据生成的,相应地,第一密文中的多个密文参数均与第一私钥以及明文数据相关,当明文数据变化时,各个密文参数也会相应变化,即使被授权方与代理方合谋,能够获知某个第一密文中的参数,但是由于第一密文还与明文数据有关,利用获知的参数也不能够解密出其他第一密文对应的明文。因此,该方法在共谋攻击下,没有额外的明文被暴露出来,保证了较强的抗合谋攻击能力。In the one-way proxy re-encryption method provided by this embodiment, since the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext, the re-encryption key can only The ciphertext is converted into the second ciphertext of the authorized party, but the first ciphertext of the authorized party cannot be converted into the second ciphertext of the authorized party, that is, the re-encryption key can only realize the conversion in one direction, Thus, one-way re-encryption is realized; since the first ciphertext is generated based on the first private key and the plaintext data, correspondingly, multiple ciphertext parameters in the first ciphertext are related to the first private key and the plaintext data. When the data changes, the parameters of each ciphertext will also change accordingly. Even if the authorized party colludes with the agent, they can learn the parameters in a first ciphertext, but since the first ciphertext is also related to the plaintext data, using the learned parameters will also The plaintext corresponding to the other first ciphertext cannot be decrypted. Therefore, under the collusion attack, no additional plaintext is exposed, which ensures a strong anti-collusion attack capability.
在本实施例中提供了一种单向代理重加密方法,可用于上述的被授权方,如电脑、手机、平板电脑等,图8是根据本发明实施例的单向代理重加密方法的流程图,如图8所示,该流程包括如下步骤:In this embodiment, a one-way proxy re-encryption method is provided, which can be used for the above-mentioned authorized parties, such as computers, mobile phones, tablet computers, etc. FIG. 8 is a flowchart of a one-way proxy re-encryption method according to an embodiment of the present invention Figure, as shown in Figure 8, the process includes the following steps:
S71,获取第二私钥、第二公钥、授权方的第一公钥以及公共参数。S71: Obtain a second private key, a second public key, a first public key of an authorizing party, and public parameters.
其中,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000106
所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000107
所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); Wherein, the second private key sk j is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ), and the second public key pk j is expressed as
Figure PCTCN2020135204-appb-000106
The first public key pk i is expressed as
Figure PCTCN2020135204-appb-000107
The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
S72,利用公共参数生成第一验证参数,并利用第一公钥以及所述第二私钥生成第二验证参数。S72: Generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key.
具体地,上述S72可以包括如下步骤:Specifically, the above S72 may include the following steps:
S721,随机选取
Figure PCTCN2020135204-appb-000108
并计算第一验证参数g 2:g 2=g hS721, randomly selected
Figure PCTCN2020135204-appb-000108
And calculate the first verification parameter g 2 : g 2 =g h .
S722,计算第二验证参数δ:
Figure PCTCN2020135204-appb-000109
S722, calculate the second verification parameter δ:
Figure PCTCN2020135204-appb-000109
S73,基于第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息。S73, based on the first verification parameter, the second verification parameter and the first public key, generate ciphertext conversion request information.
其中,密文转换请求信息R可以表示为:R=(δ,g 2,pk j1)。被授权方可以利用RequestGen(sk j,pk i)算法生成密文转换请求信息,该算法的输入为第二私钥以及第一私钥,所述算法具体表示如下: The ciphertext conversion request information R may be expressed as: R=(δ, g 2 , pk j1 ). The authorized party can use the RequestGen(sk j , p i ) algorithm to generate the ciphertext conversion request information, the input of the algorithm is the second private key and the first private key, and the algorithm is specifically expressed as follows:
(1)随机选取
Figure PCTCN2020135204-appb-000110
并计算第一验证参数g 2:g 2=g h(1) Randomly selected
Figure PCTCN2020135204-appb-000110
and calculate the first verification parameter g 2 : g 2 =g h ;
(2)计算第二验证参数δ:
Figure PCTCN2020135204-appb-000111
(2) Calculate the second verification parameter δ:
Figure PCTCN2020135204-appb-000111
(3)输出密文转换请求信息R=(δ,g 2,pk j1)。 (3) Output ciphertext conversion request information R=(δ, g 2 , pk j1 ).
S74,将密文转换请求信息发送给授权方。S74, sending the ciphertext conversion request information to the authorizing party.
详细请参见图7所示实施例的S64,在此不再赘述。For details, please refer to S64 of the embodiment shown in FIG. 7 , which will not be repeated here.
S75,接收代理方发送的第二密文。S75: Receive the second ciphertext sent by the agent.
其中,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文 数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的。The second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is used to convert the first ciphertext. The key is generated based on the first private key and preset ciphertext parameters in the first ciphertext.
所述第二密文CT j表示为CT j=(E′,F,δ,g 2),
Figure PCTCN2020135204-appb-000112
E=V r,r=H 1(m,w),
Figure PCTCN2020135204-appb-000113
g 2=g h
Figure PCTCN2020135204-appb-000114
The second ciphertext CT j is expressed as CT j =(E′,F,δ,g 2 ),
Figure PCTCN2020135204-appb-000112
E=V r , r=H 1 (m,w),
Figure PCTCN2020135204-appb-000113
g 2 =g h ,
Figure PCTCN2020135204-appb-000114
所述重加密密钥
Figure PCTCN2020135204-appb-000115
表示为
Figure PCTCN2020135204-appb-000116
the re-encryption key
Figure PCTCN2020135204-appb-000115
Expressed as
Figure PCTCN2020135204-appb-000116
S76,利用第二私钥对第二密文进行解密,得到明文数据。S76, decrypt the second ciphertext by using the second private key to obtain plaintext data.
具体地,上述S76可以采用Dec(sk j,CT j)算法实现,所述算法的输入为被授权方的第二私钥以及第二密文,具体地该算法可以包括如下步骤: Specifically, the above S76 can be implemented by using the Dec(sk j , CT j ) algorithm, where the input of the algorithm is the second private key of the authorized party and the second ciphertext, and specifically the algorithm can include the following steps:
S761,计算
Figure PCTCN2020135204-appb-000117
S761, Computing
Figure PCTCN2020135204-appb-000117
S762,判断等式
Figure PCTCN2020135204-appb-000118
是否成立。 S762, Judgment Equation
Figure PCTCN2020135204-appb-000118
is established.
当等式
Figure PCTCN2020135204-appb-000119
成立时,执行S763;否则,出错,可以输出错误符号⊥。 when the equation
Figure PCTCN2020135204-appb-000119
When established, execute S763; otherwise, if an error occurs, the error symbol ⊥ can be output.
S763,输出明文数据m。S763, output plaintext data m.
本实施例提供的单向代理重加密方法,δ的特殊构造使得被授权方指定了一个重要的值h,且在公开环境下只有授权方才能使用自身私钥解密提取出h,其他不相关方无法知晓h,且这个h是重加密密钥的重要组成部分,从而保证了重加密密钥的可靠性。In the one-way proxy re-encryption method provided by this embodiment, the special structure of δ enables the authorized party to specify an important value h, and in an open environment, only the authorized party can use its own private key to decrypt and extract h, and other irrelevant parties It is impossible to know h, and this h is an important part of the re-encryption key, thus ensuring the reliability of the re-encryption key.
本发明实施例还提供了一种单向代理重加密方法,应用于图1所示的单向代理重加密系统中,如图9所示,所述方法包括如下步骤:An embodiment of the present invention also provides a one-way proxy re-encryption method, which is applied to the one-way proxy re-encryption system shown in FIG. 1 . As shown in FIG. 9 , the method includes the following steps:
S801,授权方获取第一私钥以及明文数据。详细请参见图2所示实施例的S11,在此不再赘述。S801, the authorizing party obtains the first private key and plaintext data. For details, please refer to S11 of the embodiment shown in FIG. 2 , which will not be repeated here.
S802,授权方获取公共参数。详细请参见图3所示实施例的S221,在此不再赘述。S802, the authorizer obtains public parameters. For details, please refer to S221 of the embodiment shown in FIG. 3 , which will not be repeated here.
S803,被授权方获取第二私钥、第二公钥、授权方的第一公钥以及公共参数。详细请参见图7所示实施例的S61,在此不再赘述。S803, the authorized party obtains the second private key, the second public key, the first public key of the authorizing party, and the public parameters. For details, please refer to S61 of the embodiment shown in FIG. 7 , which will not be repeated here.
S804,授权方生成第一密文。详细请参见图3所示实施例的S222-S224,在此不再赘述。S804, the authorizing party generates a first ciphertext. For details, please refer to S222-S224 of the embodiment shown in FIG. 3 , which will not be repeated here.
S805,被授权方生成密文转换请求信息。详细请参见图8所示实施例的S72-S73,在此不再赘述。S805, the authorized party generates ciphertext conversion request information. For details, please refer to S72-S73 of the embodiment shown in FIG. 8 , which will not be repeated here.
S806,被授权方将密文转换请求信息发送给授权方。详细请参见图8所示实施例的S74,在此不再赘述。S806, the authorized party sends the ciphertext conversion request information to the authorized party. For details, please refer to S74 of the embodiment shown in FIG. 8 , which will not be repeated here.
S807,授权方基于密文转换请求信息、第一私钥以及第一密文参数,生成重加密密钥。详细请参见图4所示实施例的S332,在此不再赘述。S807, the authorizing party generates a re-encryption key based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter. For details, please refer to S332 of the embodiment shown in FIG. 4 , which will not be repeated here.
S808,授权方将第一密文以及重加密密钥发送给代理方,以使得代理方利用重加密密钥将第一密文转换为被授权方的第二公钥下的第二密文。详细请参见图4所示实施例的S34,在此不再赘述。S808, the authorizing party sends the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second ciphertext under the second public key of the authorized party. For details, please refer to S34 of the embodiment shown in FIG. 4 , which will not be repeated here.
S809,代理方利用第二密文参数、重加密密钥以及第一验证参数,验证重加密密钥的正确性。详细请参见图6所示实施例的S521,在此不再赘述。S809, the agent verifies the correctness of the re-encryption key by using the second ciphertext parameter, the re-encryption key and the first verification parameter. For details, please refer to S521 of the embodiment shown in FIG. 6 , which will not be repeated here.
S810,当重加密密钥验证通过时,代理方基于第一密文、重加密密钥以及第一验证参数,将第一密文转换为被授权方的第二公钥下的第二密文。详细请参见图6所示实施例的S522,在此不再赘述。S810, when the re-encryption key verification is passed, the agent converts the first ciphertext into the second ciphertext under the authorized party's second public key based on the first ciphertext, the re-encryption key and the first verification parameter . For details, please refer to S522 of the embodiment shown in FIG. 6 , which will not be repeated here.
S811,代理方将第二密文发送给被授权方。S811, the proxy party sends the second ciphertext to the authorized party.
S812,被授权方计算
Figure PCTCN2020135204-appb-000120
详细请参见图8所示实施例的S761,在此不再赘述。 S812, authorized party computing
Figure PCTCN2020135204-appb-000120
For details, please refer to S761 of the embodiment shown in FIG. 8 , which will not be repeated here.
S813,被授权方等式
Figure PCTCN2020135204-appb-000121
是否成立。当等式成立时,执行S814;否则,报错。详细请参见图8所示实施例的S762,在此不再赘述。 S813, Authorized Way Equation
Figure PCTCN2020135204-appb-000121
is established. When the equation is established, execute S814; otherwise, report an error. For details, please refer to S762 of the embodiment shown in FIG. 8 , which will not be repeated here.
S814,被授权方输出明文数据m。详细请参见图8所示实施例的S763,在此不再赘述。S814, the authorized party outputs plaintext data m. For details, please refer to S763 of the embodiment shown in FIG. 8 , which will not be repeated here.
在本实施例中还提供了一种单向代理重加密装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。This embodiment also provides a one-way proxy re-encryption apparatus, which is used to implement the above-mentioned embodiments and preferred implementations, and the descriptions that have already been described will not be repeated. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.
本实施例提供一种单向代理重加密装置,该装置应用于授权方,如图10所示,所述装置包括:This embodiment provides a one-way proxy re-encryption device. The device is applied to an authorizing party. As shown in FIG. 10 , the device includes:
获取模块901,用于获取第一私钥以及明文数据;an acquisition module 901 for acquiring a first private key and plaintext data;
第一密文生成模块902,用于基于所述第一私钥以及所述明文数据,生成第一密文,所述第一密文包括多个密文参数;a first ciphertext generating module 902, configured to generate a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
重加密密钥生成模块903,用于根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥;A re-encryption key generation module 903, configured to generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
第一发送模块904,用于将所述第一密文以及所述重加密密钥发送给代理方,以使得所述代理方利用所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文。The first sending module 904 is configured to send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into a re-encryption key. The second ciphertext under the authorized party's second public key.
本实施例还提供了一种单向代理重加密装置,该装置应用于代理方,如图11所示,所述装置包括:This embodiment also provides a one-way proxy re-encryption device, the device is applied to the proxy side, as shown in FIG. 11 , the device includes:
第一接收模块101,用于接收授权方发送的第一密文以及重加密密钥,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的;The first receiving module 101 is configured to receive a first ciphertext and a re-encryption key sent by an authorizing party, where the first ciphertext is generated based on the first private key of the authorizing party and plaintext data, and the re-encryption key is The key is generated according to the first private key and preset ciphertext parameters in the first ciphertext;
密文转换模块102,用于基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据。The ciphertext conversion module 102 is configured to convert the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party can The two ciphertexts are decrypted to obtain the plaintext data.
本实施例还提供了一种单向代理重加密装置,该装置应用与被授权方,如图12所示,所述装置包括:This embodiment also provides a one-way proxy re-encryption device, which is applied to an authorized party. As shown in FIG. 12 , the device includes:
第二获取模块111,用于获取第二私钥、第二公钥、授权方的第一公钥以及公共参数,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
Figure PCTCN2020135204-appb-000122
所述第一公钥pk i表示为
Figure PCTCN2020135204-appb-000123
所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); The second obtaining module 111 is configured to obtain the second private key, the second public key, the first public key of the authorizing party, and the public parameters, where the second private key sk j is represented as sk j =(sk j1 ,sk j2 ) =(x j1 ,x j2 ), the second public key pk j is expressed as
Figure PCTCN2020135204-appb-000122
The first public key pk i is expressed as
Figure PCTCN2020135204-appb-000123
The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
验证参数生成模块112,用于利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数;a verification parameter generation module 112, configured to generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key;
密文转换请求生成模块113,用于基于所述第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息;A ciphertext conversion request generation module 113, configured to generate ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
第二发送模块114,用于将所述密文转换请求信息发送给所述授权方;A second sending module 114, configured to send the ciphertext conversion request information to the authorizing party;
第二接收模块115,用于接收代理方发送的第二密文,所述第二密文是利用重加密密钥对第一密文转换得到的,所述 第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的;The second receiving module 115 is configured to receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext by using the re-encryption key, and the first ciphertext is based on the authorization The first private key of the party and the plaintext data are generated, and the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext;
解密模块116,用于利用所述第二私钥对所述第二密文进行解密,得到所述明文数据;A decryption module 116, configured to decrypt the second ciphertext by using the second private key to obtain the plaintext data;
其中,
Figure PCTCN2020135204-appb-000124
Figure PCTCN2020135204-appb-000125
为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
Figure PCTCN2020135204-appb-000126
l 0与l 1为消息长度,g为
Figure PCTCN2020135204-appb-000127
的q阶子群G的生成元。 in,
Figure PCTCN2020135204-appb-000124
and
Figure PCTCN2020135204-appb-000125
is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
Figure PCTCN2020135204-appb-000126
l 0 and l 1 are message lengths, and g is
Figure PCTCN2020135204-appb-000127
The generator of the q-order subgroup G of .
本实施例中的单向代理重加密装置是以功能单元的形式来呈现,这里的单元是指ASIC电路,执行一个或多个软件或固定程序的处理器和存储器,和/或其他可以提供上述功能的器件。The one-way proxy re-encryption apparatus in this embodiment is presented in the form of functional units, where the units refer to ASIC circuits, processors and memories that execute one or more software or fixed programs, and/or other devices that can provide the above functional device.
上述各个模块的更进一步的功能描述与上述对应实施例相同,在此不再赘述。Further functional descriptions of the above-mentioned modules are the same as those of the above-mentioned corresponding embodiments, and are not repeated here.
本发明实施例还提供一种电子设备,具有上述图10-12中任一项所示的单向代理重加密装置。An embodiment of the present invention further provides an electronic device having the one-way proxy re-encryption apparatus shown in any of the above-mentioned FIGS. 10-12 .
请参阅图13,图13是本发明可选实施例提供的一种电子设备的结构示意图,如图13所示,该电子设备可以包括:至少一个处理器211,例如CPU(Central Processing Unit,中央处理器),至少一个通信接口213,存储器214,至少一个通信总线212。其中,通信总线212用于实现这些组件之间的连接通信。其中,通信接口213可以包括显示屏(Display)、键盘(Keyboard),可选通信接口213还可以包括标准的有线接口、无线接口。存储器214可以是高速RAM存储器(Random Access Memory,易挥发性随机存取存储器),也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器214可选的还可以是至少一个位于远离前述处理器211的存储装置。其中处理器211可以结合图10-12中任一项所描述的装置,存储器214中存储应用程序,且处理器211调用存储器214中存储的程序代码,以用于执行上述任一方法步骤。Please refer to FIG. 13. FIG. 13 is a schematic structural diagram of an electronic device provided by an optional embodiment of the present invention. As shown in FIG. 13, the electronic device may include: at least one processor 211, such as a CPU (Central Processing Unit, central processing unit). processor), at least one communication interface 213, memory 214, at least one communication bus 212. Among them, the communication bus 212 is used to realize the connection and communication between these components. The communication interface 213 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 213 may also include a standard wired interface and a wireless interface. The memory 214 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or may be a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 214 may also be at least one storage device located away from the aforementioned processor 211 . The processor 211 may be combined with the device described in any one of FIGS. 10-12 , the memory 214 stores application programs, and the processor 211 calls the program codes stored in the memory 214 for executing any of the above method steps.
其中,通信总线212可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。通信总线212可以分为地址总线、数据总线、控制总线等。为便于表示,图13中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus 212 may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The communication bus 212 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.
其中,存储器214可以包括易失性存储器(英文:volatile memory),例如随机存取存储器(英文:random-access memory,缩写:RAM);存储器也可以包括非易失性存储器(英文:non-volatile memory),例如快闪存储器(英文:flash memory),硬盘(英文:hard disk drive,缩写:HDD)或固态硬盘(英文:solid-state drive,缩写:SSD);存储器214还可以包括上述种类的存储器的组合。The memory 214 may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) memory), such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid-state drive (English: solid-state drive, abbreviation: SSD); the memory 214 may also include the above types of combination of memory.
其中,处理器211可以是中央处理器(英文:central processing unit,缩写:CPU),网络处理器(英文:network processor,缩写:NP)或者CPU和NP的组合。The processor 211 may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP.
其中,处理器211还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(英文:application-specific integrated circuit,缩写:ASIC),可编程逻辑器件(英文:programmable logic device,缩写:PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gate array,缩写:FPGA),通用阵列逻辑(英文:generic array logic,缩写:GAL)或其任意组合。The processor 211 may further include a hardware chip. The above-mentioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof. The above-mentioned PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field programmable logic gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array logic, abbreviation: GAL) or any combination thereof.
可选地,存储器214还用于存储程序指令。处理器211可以调用程序指令,实现如本申请图2-4中任一项,或图5-6中任一项,或图7-8中任一项实施例中所示的单向代理重加密方法。Optionally, memory 214 is also used to store program instructions. The processor 211 may invoke program instructions to implement the one-way proxy replay as shown in any of the embodiments of FIGS. 2-4, or any of FIGS. 5-6, or any of the embodiments of FIGS. 7-8. encryption method.
本发明实施例还提供了一种非暂态计算机存储介质,所述计算机存储介质存储有计算机可执行指令,该计算机可执行指令可执行上述任意方法实施例中的单向代理重加密方法。其中,所述存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard Disk Drive,缩写:HDD)或固态硬盘(Solid-State Drive,SSD)等;所述存储介质还可以包括上述种类的存储器的组合。Embodiments of the present invention further provide a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions can execute the one-way proxy re-encryption method in any of the foregoing method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard) Disk Drive, abbreviation: HDD) or solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.
虽然结合附图描述了本发明的实施例,但是本领域技术人员可以在不脱离本发明的精神和范围的情况下做出各种修改和变型,这样的修改和变型均落入由所附权利要求所限定的范围之内。Although the embodiments of the present invention have been described with reference to the accompanying drawings, various modifications and variations can be made by those skilled in the art without departing from the spirit and scope of the present invention, and such modifications and variations fall within the scope of the appended claims within the limits of the requirements.

Claims (18)

  1. 一种单向代理重加密方法,其特征在于,所述方法包括:A one-way proxy re-encryption method, characterized in that the method comprises:
    获取第一私钥以及明文数据;Obtain the first private key and plaintext data;
    基于所述第一私钥以及所述明文数据,生成第一密文,所述第一密文包括多个密文参数;generating a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
    根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥;generating a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
    将所述第一密文以及所述重加密密钥发送给代理方,以使得所述代理方利用所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文。Send the first ciphertext and the re-encryption key to the agent, so that the agent uses the re-encryption key to convert the first ciphertext into the second public key of the authorized party. the second ciphertext.
  2. 根据权利要求1所述的方法,其特征在于,所述基于所述第一私钥以及所述明文数据,生成第一密文,包括:The method according to claim 1, wherein the generating the first ciphertext based on the first private key and the plaintext data comprises:
    获取公共参数,所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1); Obtain common parameters, which are represented as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
    利用所述第一私钥、所述明文数据以及所述公共参数,生成第一密文参数,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2); Using the first private key, the plaintext data, and the public parameters, generate a first ciphertext parameter, and the first private key ski is expressed as ski =(sk i1 , sk i2 )=(x i1 , x i2 );
    利用所述第一密文参数、所述第一私钥以及所述公共参数,生成第二密文参数;Using the first ciphertext parameter, the first private key and the public parameter to generate a second ciphertext parameter;
    利用所述第二密文参数以及所述公共参数,生成第三密文参数,以得到所述第一密文;Using the second ciphertext parameter and the public parameter to generate a third ciphertext parameter to obtain the first ciphertext;
    其中,
    Figure PCTCN2020135204-appb-100001
    Figure PCTCN2020135204-appb-100002
    为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
    Figure PCTCN2020135204-appb-100003
    l 0与l 1为消息长度,g为
    Figure PCTCN2020135204-appb-100004
    的q阶子群G的生成元。     in,
    Figure PCTCN2020135204-appb-100001
    and
    Figure PCTCN2020135204-appb-100002
    is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
    Figure PCTCN2020135204-appb-100003
    l 0 and l 1 are message lengths, and g is
    Figure PCTCN2020135204-appb-100004
    The generator of the q-order subgroup G of .
  3. 根据权利要求2所述的方法,其特征在于,所述第一密文采用如下方法生成:The method according to claim 2, wherein the first ciphertext is generated by the following method:
    随机选取
    Figure PCTCN2020135204-appb-100005
    计算r=H 1(m,w);     choose randomly
    Figure PCTCN2020135204-appb-100005
    Calculate r=H 1 (m,w);
    计算
    Figure PCTCN2020135204-appb-100006
    D=V u,E=V r,s=u+r·H 3(D,E,F)mod q;     calculate
    Figure PCTCN2020135204-appb-100006
    D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q;
    输出所述第一密文CT i=(D,E,F,V,s); outputting the first ciphertext CT i =(D, E, F, V, s);
    其中,m所述明文数据,表示为
    Figure PCTCN2020135204-appb-100007
    F为所述第一密文参数,V为所述第二密文参数,E为所述第三密文参数。     Among them, the plaintext data of m is expressed as
    Figure PCTCN2020135204-appb-100007
    F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter.
  4. 根据权利要求2或3所述的方法,其特征在于,所述预设密文参数为所述第一密文参数,所述根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥,包括:The method according to claim 2 or 3, wherein the preset ciphertext parameter is the first ciphertext parameter, and the preset ciphertext parameter is based on the first private key and the first ciphertext Ciphertext parameters to generate re-encryption keys, including:
    接收所述被授权方发送的密文转换请求信息,所述密文转换请求信息包括所述第二公钥、第一验证参数以及第二验证参数,所述第一验证参数是基于公共参数生成的,所述第二验证参数是基于第一公钥以及第二私钥生成的,所述第一公钥pk i表示为
    Figure PCTCN2020135204-appb-100008
    所述第二公钥pk j表示为
    Figure PCTCN2020135204-appb-100009
    所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第一验证参数g 2表示为:g 2=g h,其中,
    Figure PCTCN2020135204-appb-100010
    所述第二验证参数δ表示为:
    Figure PCTCN2020135204-appb-100011
    Receive ciphertext conversion request information sent by the authorized party, where the ciphertext conversion request information includes the second public key, a first verification parameter, and a second verification parameter, where the first verification parameter is generated based on a public parameter , the second verification parameter is generated based on the first public key and the second private key, and the first public key pk i is expressed as
    Figure PCTCN2020135204-appb-100008
    The second public key pk j is expressed as
    Figure PCTCN2020135204-appb-100009
    The second private key is expressed as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ), and the first verification parameter g 2 is expressed as: g 2 =gh , wherein,
    Figure PCTCN2020135204-appb-100010
    The second verification parameter δ is expressed as:
    Figure PCTCN2020135204-appb-100011
    基于所述密文转换请求信息、所述第一私钥以及所述第一密文参数,生成所述重加密密钥。The re-encryption key is generated based on the ciphertext conversion request information, the first private key, and the first ciphertext parameter.
  5. 根据权利要求4所述的方法,其特征在于,所述基于所述密文转换请求信息、所述第一私钥以及所述第一密文参数,生成所述重加密密钥,包括:The method according to claim 4, wherein the generating the re-encryption key based on the ciphertext conversion request information, the first private key and the first ciphertext parameter comprises:
    计算
    Figure PCTCN2020135204-appb-100012
    calculate
    Figure PCTCN2020135204-appb-100012
    判断g h′=g 2是否成立; Determine whether g h′ = g 2 is established;
    当g h′=g 2成立时,计算
    Figure PCTCN2020135204-appb-100013
    When g h′ = g 2 is established, calculate
    Figure PCTCN2020135204-appb-100013
    输出所述重加密密钥
    Figure PCTCN2020135204-appb-100014
    output the re-encryption key
    Figure PCTCN2020135204-appb-100014
  6. 一种单向代理重加密方法,其特征在于,所述方法包括:A one-way proxy re-encryption method, characterized in that the method comprises:
    接收授权方发送的第一密文以及重加密密钥,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的;Receive the first ciphertext and re-encryption key sent by the authorized party, where the first ciphertext is generated based on the first private key of the authorized party and plaintext data, and the re-encryption key is based on the first The private key and the preset ciphertext parameters in the first ciphertext are generated;
    基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据。The first ciphertext is converted into a second ciphertext under the authorized party's second public key based on the re-encryption key, so that the authorized party decrypts the second ciphertext to obtain the plaintext data.
  7. 根据权利要求6所述的方法,其特征在于,所述第一私钥sk i表示为sk i=(sk i1,sk i2)=(x i1,x i2),第一公钥pk i表示为
    Figure PCTCN2020135204-appb-100015
    所述第二公钥pk j表示为
    Figure PCTCN2020135204-appb-100016
    所述第二私钥表示为sk j=(sk j1,sk j2)=(x j1,x j2);     The method according to claim 6, wherein the first private key ski is expressed as sk i =(sk i1 ,sk i2 )=(x i1 , x i2 ) , and the first public key pk i is expressed as
    Figure PCTCN2020135204-appb-100015
    The second public key pk j is expressed as
    Figure PCTCN2020135204-appb-100016
    The second private key is represented as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 );
    所述第一密文CT i表示为CT i=(D,E,F,V,s),
    Figure PCTCN2020135204-appb-100017
    D=V u,E=V r,s=u+r·H 3(D,E,F)mod q,
    Figure PCTCN2020135204-appb-100018
    r=H 1(m,w),m为所述明文数据,F为第一密文参数,V为第二密文参数,E为第三密文参数;     The first ciphertext CT i is expressed as CT i =(D, E, F, V, s),
    Figure PCTCN2020135204-appb-100017
    D=V u , E=V r , s=u+r·H 3 (D,E,F)mod q,
    Figure PCTCN2020135204-appb-100018
    r=H 1 (m, w), m is the plaintext data, F is the first ciphertext parameter, V is the second ciphertext parameter, and E is the third ciphertext parameter;
    所述重加密密钥
    Figure PCTCN2020135204-appb-100019
    表示为:
    Figure PCTCN2020135204-appb-100020
    the re-encryption key
    Figure PCTCN2020135204-appb-100019
    Expressed as:
    Figure PCTCN2020135204-appb-100020
    Figure PCTCN2020135204-appb-100021
    Figure PCTCN2020135204-appb-100021
    Figure PCTCN2020135204-appb-100022
    为小于q的非负非零整数集合,q为分别为预设素数,q的位长度为l q,H 2以及H 3分别为第二哈希函数以及第三哈希函数,分别表示为
    Figure PCTCN2020135204-appb-100023
    l 0与l 1为消息长度,g为
    Figure PCTCN2020135204-appb-100024
    的q阶子群G的生成元;
    Figure PCTCN2020135204-appb-100022
    is a set of non-negative and non-zero integers less than q, q is a preset prime number, the bit length of q is l q , H 2 and H 3 are the second hash function and the third hash function, respectively, expressed as
    Figure PCTCN2020135204-appb-100023
    l 0 and l 1 are message lengths, and g is
    Figure PCTCN2020135204-appb-100024
    The generator of the q-order subgroup G of ;
    其中,所述基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据,包括:Wherein, converting the first ciphertext based on the re-encryption key into a second ciphertext under the authorized party's second public key, so that the authorized party performs a Decryption to obtain the plaintext data, including:
    利用所述第二密文参数、所述重加密密钥以及第一验证参数,验证所述重加密密钥的正确性,所述第一验证参数g 2表示为g 2=g h,其中,
    Figure PCTCN2020135204-appb-100025
    The correctness of the re-encryption key is verified by using the second ciphertext parameter, the re-encryption key and the first verification parameter, and the first verification parameter g 2 is expressed as g 2 =g h , wherein,
    Figure PCTCN2020135204-appb-100025
    当所述重加密密钥验证通过时,基于所述第一密文、所述重加密密钥以及所述第一验证参数,将所述第一密文转换为被授权方的第二公钥下的第二密文。When the verification of the re-encryption key is passed, the first ciphertext is converted into the second public key of the authorized party based on the first ciphertext, the re-encryption key and the first verification parameter The second ciphertext below.
  8. 根据权利要求7所述的方法,其特征在于,所述利用所述第二密文参数、所述重加密密钥以及第一验证参数,验证所述重加密密钥的正确性,包括:The method according to claim 7, wherein the verifying the correctness of the re-encryption key by using the second ciphertext parameter, the re-encryption key and the first verification parameter comprises:
    判断等式
    Figure PCTCN2020135204-appb-100026
    是否成立;     Judgment Equation
    Figure PCTCN2020135204-appb-100026
    whether it is established;
    当等式
    Figure PCTCN2020135204-appb-100027
    成立时,确定所述重加密密钥验证通过。     when the equation
    Figure PCTCN2020135204-appb-100027
    When established, it is determined that the re-encryption key verification is passed.
  9. 根据权利要求7或8所述的方法,其特征在于,所述基于所述第一密文、所述重加密密钥以及所述第一验证参数,将所述第一密文转换为被授权方的第二公钥下的第二密文,包括:The method according to claim 7 or 8, wherein the first ciphertext is converted into an authorized one based on the first ciphertext, the re-encryption key and the first verification parameter The second ciphertext under the party's second public key, including:
    判断等式
    Figure PCTCN2020135204-appb-100028
    是否成立;     Judgment Equation
    Figure PCTCN2020135204-appb-100028
    whether it is established;
    当等式
    Figure PCTCN2020135204-appb-100029
    成立时,计算
    Figure PCTCN2020135204-appb-100030
    when the equation
    Figure PCTCN2020135204-appb-100029
    When established, calculate
    Figure PCTCN2020135204-appb-100030
    输出转换后的所述第二密文CT j=(E′,F,δ,g 2)。 The converted second ciphertext CT j =(E',F,δ,g 2 ) is output.
  10. 一种单向代理重加密方法,其特征在于,所述方法包括:A one-way proxy re-encryption method, characterized in that the method comprises:
    获取第二私钥、第二公钥、授权方的第一公钥以及公共参数,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
    Figure PCTCN2020135204-appb-100031
    所述第一公钥pk i表示为
    Figure PCTCN2020135204-appb-100032
    所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1);     Obtain the second private key, the second public key, the first public key of the authorizing party and the public parameters, the second private key sk j is represented as sk j =(sk j1 ,sk j2 )=(x j1 ,x j2 ) , the second public key pk j is expressed as
    Figure PCTCN2020135204-appb-100031
    The first public key pk i is expressed as
    Figure PCTCN2020135204-appb-100032
    The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
    利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数;Using the public parameter to generate a first verification parameter, and using the first public key and the second private key to generate a second verification parameter;
    基于所述第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息;generating ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
    将所述密文转换请求信息发送给所述授权方;sending the ciphertext conversion request information to the authorizing party;
    接收代理方发送的第二密文,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的;Receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext using the re-encryption key, and the first ciphertext is based on the first private key of the authorizing party and the plaintext data is generated, and the re-encryption key is generated based on the first private key and preset ciphertext parameters in the first ciphertext;
    利用所述第二私钥对所述第二密文进行解密,得到所述明文数据;Decrypt the second ciphertext using the second private key to obtain the plaintext data;
    其中,
    Figure PCTCN2020135204-appb-100033
    Figure PCTCN2020135204-appb-100034
    为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
    Figure PCTCN2020135204-appb-100035
    l 0与l 1为消息长度,g为
    Figure PCTCN2020135204-appb-100036
    的q阶子群G的生成元。     in,
    Figure PCTCN2020135204-appb-100033
    and
    Figure PCTCN2020135204-appb-100034
    is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are the first The hash function, the second hash function, and the third hash function are expressed as
    Figure PCTCN2020135204-appb-100035
    l 0 and l 1 are message lengths, and g is
    Figure PCTCN2020135204-appb-100036
    The generator of the q-order subgroup G of .
  11. 根据权利要求10所述的方法,其特征在于,所述利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数,包括:The method according to claim 10, wherein the generating a first verification parameter by using the public parameter, and generating a second verification parameter by using the first public key and the second private key, comprises:
    随机选取
    Figure PCTCN2020135204-appb-100037
    并计算所述第一验证参数g 2:g 2=g h    choose randomly
    Figure PCTCN2020135204-appb-100037
    and calculating the first verification parameter g 2 : g 2 =g h ;
    计算所述第二验证参数δ:
    Figure PCTCN2020135204-appb-100038
    Calculate the second verification parameter δ:
    Figure PCTCN2020135204-appb-100038
  12. 根据权利要求11所述的方法,其特征在于,所述第二密文CT j表示为CT j=(E′,F,δ,g 2),
    Figure PCTCN2020135204-appb-100039
    Figure PCTCN2020135204-appb-100040
    E=V r,r=H 1(m,w),
    Figure PCTCN2020135204-appb-100041
    g 2=g h
    Figure PCTCN2020135204-appb-100042
    The method according to claim 11, wherein the second ciphertext CT j is expressed as CT j =(E',F,δ,g 2 ),
    Figure PCTCN2020135204-appb-100039
    Figure PCTCN2020135204-appb-100040
    E=V r , r=H 1 (m,w),
    Figure PCTCN2020135204-appb-100041
    g 2 =g h ,
    Figure PCTCN2020135204-appb-100042
    所述重加密密钥
    Figure PCTCN2020135204-appb-100043
    表示为
    Figure PCTCN2020135204-appb-100044
    the re-encryption key
    Figure PCTCN2020135204-appb-100043
    Expressed as
    Figure PCTCN2020135204-appb-100044
    其中,所述利用所述第二私钥对所述第二密文进行解密,得到所述明文数据,包括:The decrypting the second ciphertext by using the second private key to obtain the plaintext data includes:
    计算
    Figure PCTCN2020135204-appb-100045
    calculate
    Figure PCTCN2020135204-appb-100045
    判断等式
    Figure PCTCN2020135204-appb-100046
    是否成立;     Judgment Equation
    Figure PCTCN2020135204-appb-100046
    whether it is established;
    当等式
    Figure PCTCN2020135204-appb-100047
    成立时,输出所述明文数据m。     when the equation
    Figure PCTCN2020135204-appb-100047
    When established, the plaintext data m is output.
  13. 一种单向代理重加密装置,其特征在于,所述装置包括:A one-way proxy re-encryption device, characterized in that the device comprises:
    获取模块,用于获取第一私钥以及明文数据;an acquisition module for acquiring the first private key and plaintext data;
    第一密文生成模块,用于基于所述第一私钥以及所述明文数据,生成第一密文,所述第一密文包括多个密文参数;a first ciphertext generating module, configured to generate a first ciphertext based on the first private key and the plaintext data, where the first ciphertext includes a plurality of ciphertext parameters;
    重加密密钥生成模块,用于根据所述第一私钥以及所述第一密文中的预设密文参数,生成重加密密钥;a re-encryption key generation module, configured to generate a re-encryption key according to the first private key and preset ciphertext parameters in the first ciphertext;
    第一发送模块,用于将所述第一密文以及所述重加密密钥发送给代理方,以使得所述代理方利用所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文。a first sending module, configured to send the first ciphertext and the re-encryption key to an agent, so that the agent uses the re-encryption key to convert the first ciphertext into an authorized The second ciphertext under the party's second public key.
  14. 一种单向代理重加密装置,其特征在于,所述装置包括:A one-way proxy re-encryption device, characterized in that the device comprises:
    第一接收模块,用于接收授权方发送的第一密文以及重加密密钥,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是根据所述第一私钥以及所述第一密文中的预设密文参数生成的;The first receiving module is configured to receive the first ciphertext and the re-encryption key sent by the authorizing party, where the first ciphertext is generated based on the first private key of the authorizing party and the plaintext data, and the re-encrypting ciphertext is generated based on the first private key of the authorizing party and the plaintext data. The key is generated according to the first private key and preset ciphertext parameters in the first ciphertext;
    密文转换模块,用于基于所述重加密密钥将所述第一密文转换为被授权方的第二公钥下的第二密文,以使得所述被授权方对所述第二密文进行解密得到所述明文数据。A ciphertext conversion module, configured to convert the first ciphertext into a second ciphertext under the second public key of the authorized party based on the re-encryption key, so that the authorized party can understand the second ciphertext The ciphertext is decrypted to obtain the plaintext data.
  15. 一种单向代理重加密装置,其特征在于,所述装置包括:A one-way proxy re-encryption device, characterized in that the device comprises:
    第二获取模块,用于获取第二私钥、第二公钥、授权方的第一公钥以及公共参数,所述第二私钥sk j表示为sk j=(sk j1,sk j2)=(x j1,x j2),所述第二公钥pk j表示为
    Figure PCTCN2020135204-appb-100048
    所述第一公钥pk i表示为
    Figure PCTCN2020135204-appb-100049
    所述公共参数表示为param=(p,q,g,H 1,H 2,H 3,l 0,l 1);     The second obtaining module is used to obtain the second private key, the second public key, the first public key of the authorizing party and the public parameters, and the second private key sk j is represented as sk j =(sk j1 ,sk j2 )= (x j1 ,x j2 ), the second public key pk j is expressed as
    Figure PCTCN2020135204-appb-100048
    The first public key pk i is expressed as
    Figure PCTCN2020135204-appb-100049
    The common parameter is expressed as param=(p,q,g,H 1 ,H 2 ,H 3 ,l 0 ,l 1 );
    验证参数生成模块,用于利用所述公共参数生成第一验证参数,并利用所述第一公钥以及所述第二私钥生成第二验证参数;a verification parameter generation module, configured to generate a first verification parameter by using the public parameter, and generate a second verification parameter by using the first public key and the second private key;
    密文转换请求生成模块,用于基于所述第一验证参数、第二验证参数以及第一公钥,生成密文转换请求信息;a ciphertext conversion request generation module, configured to generate ciphertext conversion request information based on the first verification parameter, the second verification parameter and the first public key;
    第二发送模块,用于将所述密文转换请求信息发送给所述授权方;a second sending module, configured to send the ciphertext conversion request information to the authorizing party;
    第二接收模块,用于接收代理方发送的第二密文,所述第二密文是利用重加密密钥对第一密文转换得到的,所述第一密文是基于所述授权方的第一私钥以及明文数据生成的,所述重加密密钥是基于所述第一私钥以及所述第一密文中的预设密文参数生成的;The second receiving module is configured to receive the second ciphertext sent by the agent, where the second ciphertext is obtained by converting the first ciphertext by using a re-encryption key, and the first ciphertext is based on the authorizing party The first private key and plaintext data are generated, and the re-encryption key is generated based on the first private key and the preset ciphertext parameters in the first ciphertext;
    解密模块,用于利用所述第二私钥对所述第二密文进行解密,得到所述明文数据;a decryption module, configured to decrypt the second ciphertext by using the second private key to obtain the plaintext data;
    其中,
    Figure PCTCN2020135204-appb-100050
    Figure PCTCN2020135204-appb-100051
    为小于p与q的非负非零整数集合,p和q为分别为预设素数,要求q|p-1,q的位长度为l q,H 1、H 2以及H 3分别为第一哈希函数、第二哈希函数以及第三哈希函数,分别表示为
    Figure PCTCN2020135204-appb-100052
    l 0与l 1为消息长度,g为
    Figure PCTCN2020135204-appb-100053
    的q阶子群G的生成元。     in,
    Figure PCTCN2020135204-appb-100050
    and
    Figure PCTCN2020135204-appb-100051
    is a set of non-negative and non-zero integers less than p and q, p and q are preset prime numbers, respectively, requiring q|p-1, the bit length of q is l q , and H 1 , H 2 and H 3 are respectively the first The hash function, the second hash function, and the third hash function are expressed as
    Figure PCTCN2020135204-appb-100052
    l 0 and l 1 are message lengths, and g is
    Figure PCTCN2020135204-appb-100053
    The generator of the q-order subgroup G of .
  16. 一种电子设备,其特征在于,包括:An electronic device, comprising:
    存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器中存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行权利要求1-5中任一项,或6-9中任一项,或10-12中任一项所述的单向代理重加密方法。A memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the processor executes any one of claims 1-5 by executing the computer instructions , or any one of 6-9, or the one-way proxy re-encryption method described in any one of 10-12.
  17. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使计算机执行权利要求1-5中任一项,或6-9中任一项,或10-12中任一项所述的单向代理重加密方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause a computer to execute any one of claims 1-5, or any one of 6-9 Item, or the one-way proxy re-encryption method described in any one of 10-12.
  18. 一种单向重加密系统,其特征在于,所述系统包括:A one-way re-encryption system, characterized in that the system includes:
    授权方,用于执行权利要求1-5中任一项所述的单向代理重加密方法;An authorizing party, used to execute the one-way proxy re-encryption method described in any one of claims 1-5;
    代理方,与所述授权方连接,用于执行权利要求6-9中任一项所述的单向代理重加密方法;a proxy party, connected with the authorized party, for executing the one-way proxy re-encryption method described in any one of claims 6-9;
    被授权方,与所述被授权方连接,用于执行权利要求10-12中任一项所述的单向代理重加密方法。an authorized party, connected with the authorized party, for executing the one-way proxy re-encryption method according to any one of claims 10-12.
PCT/CN2020/135204 2020-12-10 2020-12-10 One-way proxy re-encryption method and apparatus, and electronic device and system WO2022120699A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/135204 WO2022120699A1 (en) 2020-12-10 2020-12-10 One-way proxy re-encryption method and apparatus, and electronic device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/135204 WO2022120699A1 (en) 2020-12-10 2020-12-10 One-way proxy re-encryption method and apparatus, and electronic device and system

Publications (1)

Publication Number Publication Date
WO2022120699A1 true WO2022120699A1 (en) 2022-06-16

Family

ID=81972963

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/135204 WO2022120699A1 (en) 2020-12-10 2020-12-10 One-way proxy re-encryption method and apparatus, and electronic device and system

Country Status (1)

Country Link
WO (1) WO2022120699A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118751A (en) * 2022-07-15 2022-09-27 广东浪潮智慧计算技术有限公司 Block chain-based supervision system, method, equipment and medium
CN115361109A (en) * 2022-07-08 2022-11-18 暨南大学 Homomorphic encryption method supporting bidirectional proxy re-encryption
CN115544552A (en) * 2022-11-29 2022-12-30 蓝象智联(杭州)科技有限公司 Similarity detection method and device without plaintext data exposure and storage medium
CN116094845A (en) * 2023-04-10 2023-05-09 中国人民解放军国防科技大学 Efficient revocation conditional proxy re-encryption method and system
CN117835231A (en) * 2024-03-06 2024-04-05 长光卫星技术股份有限公司 Communication satellite safe transmission method, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140098960A1 (en) * 2011-11-30 2014-04-10 Huawei Technologies Co., Ltd. Ciphertext Processing Method, Apparatus, and System
CN103888249A (en) * 2013-12-04 2014-06-25 中国人民武装警察部队工程大学 Agent re-encryption method used for group traffic
CN110310117A (en) * 2019-06-25 2019-10-08 杭州趣链科技有限公司 A kind of secure data method of commerce based on proxy re-encryption
CN110505233A (en) * 2019-08-29 2019-11-26 苏州同济区块链研究院有限公司 A kind of method of anti-conspiracy/secret protection proxy re-encryption
CN110635909A (en) * 2019-10-16 2019-12-31 淮北师范大学 Attribute-based collusion attack resistant proxy re-encryption method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140098960A1 (en) * 2011-11-30 2014-04-10 Huawei Technologies Co., Ltd. Ciphertext Processing Method, Apparatus, and System
CN103888249A (en) * 2013-12-04 2014-06-25 中国人民武装警察部队工程大学 Agent re-encryption method used for group traffic
CN110310117A (en) * 2019-06-25 2019-10-08 杭州趣链科技有限公司 A kind of secure data method of commerce based on proxy re-encryption
CN110505233A (en) * 2019-08-29 2019-11-26 苏州同济区块链研究院有限公司 A kind of method of anti-conspiracy/secret protection proxy re-encryption
CN110635909A (en) * 2019-10-16 2019-12-31 淮北师范大学 Attribute-based collusion attack resistant proxy re-encryption method

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361109A (en) * 2022-07-08 2022-11-18 暨南大学 Homomorphic encryption method supporting bidirectional proxy re-encryption
CN115361109B (en) * 2022-07-08 2024-05-07 暨南大学 Homomorphic encryption method supporting bidirectional proxy re-encryption
CN115118751A (en) * 2022-07-15 2022-09-27 广东浪潮智慧计算技术有限公司 Block chain-based supervision system, method, equipment and medium
CN115118751B (en) * 2022-07-15 2024-04-19 广东浪潮智慧计算技术有限公司 Blockchain-based supervision system, method, equipment and medium
CN115544552A (en) * 2022-11-29 2022-12-30 蓝象智联(杭州)科技有限公司 Similarity detection method and device without plaintext data exposure and storage medium
CN115544552B (en) * 2022-11-29 2023-03-14 蓝象智联(杭州)科技有限公司 Similarity detection method and device without plaintext data exposure and storage medium
CN116094845A (en) * 2023-04-10 2023-05-09 中国人民解放军国防科技大学 Efficient revocation conditional proxy re-encryption method and system
CN117835231A (en) * 2024-03-06 2024-04-05 长光卫星技术股份有限公司 Communication satellite safe transmission method, equipment and medium
CN117835231B (en) * 2024-03-06 2024-05-17 长光卫星技术股份有限公司 Communication satellite safe transmission method, equipment and medium

Similar Documents

Publication Publication Date Title
WO2022120699A1 (en) One-way proxy re-encryption method and apparatus, and electronic device and system
CN108111301B (en) Method and system for realizing SSH protocol based on post-quantum key exchange
US10785019B2 (en) Data transmission method and apparatus
US11784801B2 (en) Key management method and related device
CN106416121B (en) Common mode RSA key pair for signature generation and encryption/decryption
US11533297B2 (en) Secure communication channel with token renewal mechanism
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
WO2016000453A1 (en) Fully homomorphic message authentication method, device and system
US11399019B2 (en) Failure recovery mechanism to re-establish secured communications
EP3673610B1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
JP5405658B2 (en) Efficient method for calculating secret functions using resettable tamper-resistant hardware tokens
US11949776B2 (en) Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
US11431489B2 (en) Encryption processing system and encryption processing method
CN112671725B (en) Unidirectional proxy re-encryption method, device, electronic equipment and system
CN115580396A (en) System and method for inquiring hiding trace
CN111565108B (en) Signature processing method, device and system
TWI734087B (en) Signature system based on homomorphic encryption and method thereof
US12010216B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
WO2023115603A1 (en) Multi-party privacy computation method and apparatus based on semi-trusted hardware
WO2023115602A1 (en) Method and apparatus for remotely acquiring correlated randomness on basis of semi-trusted hardware
CN117914483A (en) Secure communication method, apparatus, device and medium
CN118174967A (en) Information verification method and related equipment
JP2004012826A (en) Method and device for communicating public key cryptograph

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28/09/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 20964637

Country of ref document: EP

Kind code of ref document: A1