Nothing Special   »   [go: up one dir, main page]

CN102006165A - Ring signature method for anonymizing information based on multivariate public key cryptography - Google Patents

Ring signature method for anonymizing information based on multivariate public key cryptography Download PDF

Info

Publication number
CN102006165A
CN102006165A CN 201010544608 CN201010544608A CN102006165A CN 102006165 A CN102006165 A CN 102006165A CN 201010544608 CN201010544608 CN 201010544608 CN 201010544608 A CN201010544608 A CN 201010544608A CN 102006165 A CN102006165 A CN 102006165A
Authority
CN
China
Prior art keywords
ring
signature
ring signature
user
sigma
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 201010544608
Other languages
Chinese (zh)
Other versions
CN102006165B (en
Inventor
张亚玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Technology
Original Assignee
Xian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Technology filed Critical Xian University of Technology
Priority to CN2010105446082A priority Critical patent/CN102006165B/en
Publication of CN102006165A publication Critical patent/CN102006165A/en
Application granted granted Critical
Publication of CN102006165B publication Critical patent/CN102006165B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a ring signature method for anonymizing information based on multivariate public key cryptography, comprising the following steps: generating system parameters, generating a secret key, generating the ring signature and verifying the ring signature. The ring signature method based on the traditional cryptosystem is subjected to security threat under the quantum computer while the ring signature method based on the multivariate public key cryptosystem solves the problem that the existing ring signature systems are insecure under the quantum computation. The method has the advantages of security and high computing efficiency.

Description

Based on the method for multivariable public key cryptography to the anonymous ring signature of message
Technical field
The invention belongs to field of information security technology, relate to a kind of based on the method for multivariable public key cryptography to the anonymous ring signature of message.
Background technology
Calendar year 2001, how under the anonymous background that betrays a secret, people such as Rivest have proposed a kind of novel signature technology, are called ring signature (ring signature).The ring signature can be regarded as a kind of special group's signature, and it does not have trusted party, does not have group's the process of setting up, and the group here is meant the set of being made up of a plurality of possible signers, is also referred to as ring.The foundation of this ring has spontaneity, and promptly ring is not needed to set up under the situation of discussing with other people by a signer.Ring signature to electronic document is signed by all members in the signer representative ring, but signer is anonymous fully for the signature verifier.The ingenious method that the ring signature provides a kind of anonymity to betray the pot to the roses.This unconditional anonymity of ring signature is very useful in some particular surroundingss to the long-term protection of informational needs.The ring signature can be realized unconditional anonymity, promptly can't follow the trail of signer's identity.This unconditional anonymity of ring signature is applicable to some particular surroundingss of the long-term protection of informational needs.The ring signature has caused extensive concern, has proposed various ring signature schemes.2002, people such as Abe proposed first ring signature scheme based on discrete logarithm on the finite field.Recently, bilinearity is encircled signature scheme to being used to design, yet the operation efficiency that bilinearity is right is very low.
The ring signature is because of its distinctive character, as spontaneity, anonymity etc., make it can be widely used in the issue of anonymity of the anonymity leakage of anonymous electronic voting, confidential information, E-Government, ecommerce, highlight and the anonymous authentication in the wireless sensor network.Briefly introduce several application below:
1) is used for anonymous leakage information.The Official corruption that for example reports an offender anonymously, in order to prevent official's reprisal, protection informant's privacy, the informant can encircle signature to the report electronic document.Anti-Corruption Bureau can also not expose informant's true identity in the authenticity that obtains report information.At this moment just can use the ring signature scheme.
2) be used for the anonymous authentication of ad-hoc, wireless sensor network.Characteristics such as the no center of ad-hoc and wireless sensor network, self-organizing and a lot of similarities that are configured with of encircling signature.So for the problems in the ad-hoc network, as: member's anonymous authentications etc., often a side of requirement participation entity can keep the privacy of own identity in application process, can use the ring signature and solve.
Along with the appearance of quantum computer, utilize quantum computer can in polynomial time, solve the factor and decompose and discrete logarithm problem, and then serious threat is to existing fail safe of signing based on the ring of conventional cipher system.Construct new public-key cryptosystem, make it can substitute cryptographic system, resist following extremely urgent based on the attack of quantum computer based on number theory.The multivariable public-key cryptosystem can be resisted the attack of quantum computer, and more effective on calculating than the scheme based on number theory, and therefore, the research of multivariable public key cryptography becomes very active problem in the cryptography development.
The multivariable public-key cryptosystem has experienced the development course in 20 years so far, occurred MIA family, OV family, HFE family, TTM family, MFE family, lSystems such as IC family.Because the fail safe and the efficient of multivariable public-key cryptosystem are higher, so obtained people's extensive concern recently.
The research that develops into the ring signature of multivariable cryptographic system provides new thinking, because up at present, does not also find the found the solution any advantage of quantum computer to secondary multivariable equation group.
Up to the present, proposed various ring signature schemes, but these schemes all are based on the conventional cipher system, for example RSA etc.In the face of the appearance of quantum computer, the conventional cipher system is on the hazard, and therefore, existing ring signature system will be no longer safe under quantum calculation.
Summary of the invention
The purpose of this invention is to provide a kind of method of the anonymous ring of message being signed, solve existing ring signature system unsafe defective under quantum calculation based on the multivariable public key cryptography.
The technical solution adopted in the present invention is that based on the method for multivariable public key cryptography to the anonymous ring signature of message, this method is implemented according to following steps:
Step 1. generation system parameter
1) k=GF (q) being set is the finite field that is characterized as p, wherein q=p l, l is a positive integer;
2) make K Be n the expansion of finite field k, n is a positive integer here, and g (x) is n irreducible function on the finite field k;
3) make that m is the number of equation in the multivariable equation group, n is the number of variable;
4) select H:{0,1} *→ k mBe the unidirectional irreversible hash function of the anti-collision of cryptography safety, system parameters be (k, q, p, l, m, n, H);
Step 2. key generates
1) supposes in the ring t user arranged, be made as U={u, u 1..., u T-1;
2) according to the multivariable public-key cryptosystem, each user u i(0≤i≤t-1) selection Fi is from k nTo k mBut inverse mapping, F iSatisfy:
A) F i(x 1..., x n)=(f I1..., f Im), f wherein Ij∈ k[x 1..., x n], j=1 ..., m;
B) any equation
F i(x 1,…,x n)=(y′ 1,…,y′ m)
All be easy to find the solution;
3) each user u i(0≤i≤t-1) selects wherein L 1iBe from k mTo k mA reversible affine transformation of selecting at random,
L 1i(x 1,…,x m)=M 1i·(x 1,…,x m) T+a 1i
M wherein 1iBe the invertible matrix of a m * m on the finite field k, a 1iIt is the column vector of m * 1 on the finite field k;
4) each user u i(0≤i≤t-1) selects L 2iBe from k nTo k nA reversible affine transformation of selecting at random
L 2i(x 1,…,x n)=M 2i·(x 1,…,x n) T+a 2i
M wherein 2iBe the invertible matrix of a n * n on the finite field k, a 2iIt is the column vector of n * 1 on the finite field k;
5) each user u i(0≤i≤t-1) announces its PKI
Figure BSA00000346100800041
F ‾ i ( x 1 , . . . , x n ) = ( f ‾ i 1 , . . . , f ‾ im )
Wherein each
Figure BSA00000346100800043
All be k[x 1..., x n] in multinomial;
6) each user u i(its private key SK that maintains secrecy of 0≤i≤t-1) i={ L 1i, F i, L 2i;
7) public key sets of t user in the ring is designated as
Figure BSA00000346100800044
Step 3. ring signature generates
Suppose member u π(0≤π≤t-1) represents all member U={u in the ring members 0, u 1..., u T-1To message M ∈ 0,1} *Sign, the user's of the t in the ring public key sets is designated as
Figure BSA00000346100800045
u πPKI be
Figure BSA00000346100800046
Private key is SK π={ L 1 π, F π, L 2 π, signer u πThe step of ring signature is as follows:
1) for i=0,1 ..., t-1 and i ≠ π, picked at random r i∈ k n, calculate
R i = F ‾ i ( r i ) ,
If R iIn have identically, then reselect r i
2) calculate
h=H(M||L);
3) calculate
R π = h - Σ i ≠ π R i ,
If R πAnd R iIdentical, then reselect r;
4) calculate
Figure BSA00000346100800051
5) output message M is about ring
Figure BSA00000346100800052
Ring signature sigma=(r 0, r 1... r T-1);
The checking of step 4. ring signature
Given ring
Figure BSA00000346100800053
The signature sigma about message M=(r 0, r 1... r T-1), any verifier's checking
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L )
Whether set up.If equation is set up, then accept the ring signature, otherwise refuse this ring signature.
Characteristics of the present invention also are,
Wherein in the step 3, signer calculates
Figure BSA00000346100800055
Figure BSA00000346100800056
Thereby make message M about ring
Figure BSA00000346100800057
Ring signature sigma=(r 0, r 1... r T-1) constituted the closed-loop that can verify and satisfy
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L ) .
Ring endorsement method based on the conventional cipher system, its fail safe is on the hazard under quantum computer, and the ring endorsement method that the present invention is based on the multivariable public-key cryptosystem is safe under quantum calculation, and method of the present invention not only has fail safe but also have the high advantage of computational efficiency.
Embodiment
The technical solution adopted in the present invention is that based on the method for multivariable public key cryptography to the anonymous ring signature of message, this method is implemented according to following steps:
Step 1. generation system parameter
1) k=GF (q) being set is the finite field that is characterized as p, wherein q=p l, l is a positive integer;
2) order
Figure BSA00000346100800059
Be n the expansion of finite field k, n is a positive integer here, and g (x) is n irreducible function on the finite field k;
3) make that m is the number of equation in the multivariable equation group, n is the number of variable;
4) select H:{0,1} *→ k mBe the unidirectional irreversible hash function of the anti-collision of cryptography safety, system parameters be (k, q, p, l, m, n, H).
Step 2. key generates
1) supposes in the ring t user arranged, be made as U={u 0, u 1..., u T-1;
2) according to the multivariable public-key cryptosystem, each user u i(0≤i≤t-1) selects F iBe from k nTo k mBut inverse mapping, F iSatisfy:
A) F i(x 1..., x n)=(f I1..., f Im), f wherein Ij∈ k[x 1..., x n], j=1 ..., m;
B) any equation
F i(x 1,…,x n)=(y′ 1,…,y′ m)
All be easy to find the solution;
3) each user u i(0≤i≤t-1) selects L at random 1iBe from k mTo k mA reversible affine transformation,
L 1i(x 1,…,x m)=M 1i·(x 1,…,x m) T+a 1i
M wherein 1iBe the invertible matrix of a m * m on the finite field k, a 1iIt is the column vector of m * 1 on the finite field k;
4) each user u i(0≤i≤t-1) selects L at random 2iBe from k nTo k nA reversible affine transformation
L 2i(x 1,…,x n)=M 2i·(x 1,…,x n) T+a 2i
M wherein 2iBe the invertible matrix of a n * n on the finite field k, a 2iIt is the column vector of n * 1 on the finite field k;
5) each user u i(0≤i≤t-1) announces its PKI
Figure BSA00000346100800061
F ‾ i ( x 1 , . . . , x n ) = ( f ‾ i 1 , . . . , f ‾ im )
Wherein each
Figure BSA00000346100800063
All be k[x 1..., x n] in multinomial;
6) each user u i(its private key SK that maintains secrecy of 0≤i≤t-1) i={ L 1i, F i, L 2i;
7) public key sets of t user in the ring is designated as
Figure BSA00000346100800071
Step 3. ring signature generates
Suppose member u π(0≤π≤t-1) represents all member U={u in the ring members 0, u 1..., u T-1To message M ∈ 0,1} *Sign, the user's of the t in the ring public key sets is designated as
Figure BSA00000346100800072
u πPKI be
Figure BSA00000346100800073
Private key is SK π={ L 1 π, F π, L 2 π.Signer u πThe step of ring signature is as follows:
1) for i=0,1 ..., t-1 and i ≠ π, picked at random r i∈ k n, calculate
R i = F ‾ i ( r i ) ,
If R iIn have identically, then reselect r i
2) calculate
h=H(M||L);
3) calculate
R π = h - Σ i ≠ π R i ,
If R πAnd R iIdentical, then reselect r;
4) calculate
Figure BSA00000346100800076
5) output message M is about ring
Figure BSA00000346100800077
Ring signature sigma=(r 0, r 1... r T-1).
The checking of step 4. ring signature
Given ring The signature sigma about message M=(r 0, r 1... r T-1), any verifier's checking
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L )
Whether set up.If equation is set up, then accept the ring signature, otherwise refuse this ring signature.
Respectively correctness, anonymity and unforgeable of signing based on the ring of multivariable public-key cryptosystem of the present invention analyzed below:
Here we are from the correctness of cipher theory proof digital signature method of the present invention.
● correctness
Proposed by the invention is correct based on multivariable ring signature.
If the recipient receives that message M is about ring
Figure BSA00000346100800081
Signature sigma=(r 0, r 1... r T-1), if this signature is to be undertaken by as above signature step, and in the process of transmission, do not change, then because
Figure BSA00000346100800082
Obtain
F ‾ π ( r π ) = R π
Again because
R π = h - Σ i ≠ π R i , h=H(M||L), R i = F ‾ i ( r i ) , i = 0,1 , . . . , t - 1 ,
So
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L )
Set up, so the checking formula is set up.
● the signer anonymity
Proposed by the invention satisfies the unconditional anonymity of signer based on multivariable ring signature.
If signature sigma=(r 0, r 1... r T-1) be the effective signature of message M, according to the generative process of signature, all u iBe a member in the ring, u iBy the process that generates the ring signature message M is encircled signature, according to the generative process of signature, all r i∈ k n(i=0,1 ..., π-1, π+1 ..., t-1) all be picked at random, and It also is picked at random.Because h=H (M||U) can be regarded as k mOn a random value, therefore
Figure BSA00000346100800091
Be k mA value of last completely random,
Figure BSA00000346100800092
Be k nA value of last completely random.Therefore encircle signature sigma=(r 0, r 1... r T-1) middle r i∈ k n(i=0,1 ..., t-1) all be k nA value of last completely random.So σ=(r 0, r 1... r T-1) probability that occurs equates, all be
Figure BSA00000346100800093
And it is irrelevant with signer.Even if therefore external attacker has illegally obtained the private key of all possible signer, element is a t element in the ring, and the probability that it can determine real signer is no more than
● the signature unforgeable
The present invention propose based on the ring signature scheme of multivariable polynomial about multivariable public-key cryptosystem (MPKC) known attack can not forge, if in MPKC under the known attack, selected multivariable signature system is safe in the ring signature scheme.Here known attack comprises the algebraically attack among the MPKC, and linearisation is attacked, order attack and differential attack etc.
Proof: suppose that the key that is generated by generating algorithm is right
Figure BSA00000346100800095
And public key sets
Figure BSA00000346100800096
Send to assailant A.A can utilize known attack among the MPKC, attacks as algebraically, and linearisation is attacked, and order is attacked, differential attack or the like.A exports (R *, M *, σ *), if Vrfy R*(M *, R *Set up)=1, success attack.In this process, A can not inquire (*, M *, σ *), and We analyze the ring signature (R that A output is forged now *, M *, σ *) computation complexity.We suppose assailant A imitation signer u πForgery is about ring R *Ring signature (R *, M *, σ *), not general, suppose
Figure BSA00000346100800098
Step 1) during assailant A generates according to the ring signature, 2), 3) calculate, but in order to forge the signature of certain message M, need be by trying to achieve r π, satisfy
F ‾ π ( r π ) = R π
Forge ring signature sigma=(r 0, r 1... r T-1).This problem find the solution the problem of finding the solution that belongs to multivariable quadratic polynomial equation group on the finite field, also be the multivariable public-key cryptosystem based on difficult problem.Attack to the multivariable public-key cryptosystem at present has following method:
1) algebraically is attacked: attack at the algebraically of multivariable public-key cryptosystem and be meant and do not knowing under the situation of private key directly from quadratic equation
Figure BSA00000346100800101
In find the solution ciphertext r π
Figure BSA00000346100800102
Base algorithm and XL algorithm are the most effective algebraically attack methods.If selected actual multivariable public-key cryptosystem can be resisted direct algebraically attack in this programme, the ring signature among the present invention also can be resisted direct algebraically and attack.
2) lienarized equation is attacked: a lienarized equation is meant given PKI
Figure BSA00000346100800104
Always have following equation to set up:
Σ i , j a ij r π , i R π , j + Σ i b i r π , i + Σ j c j R π , j + d = 0
R π∈ k mOccurrence substitution following formula, we obtain r πOne affine (linearity) relation.If selected actual multivariable public-key cryptosystem can be resisted and utilize lienarized equation to attack attacking in this programme, the ring signature among the present invention also can be resisted lienarized equation and attack.
3) order is attacked: Goubin and Courtois point out that minimum order is attacked and are applicable to triangle-Jia-subtract system.The complexity that order is attacked is about
Figure BSA00000346100800106
Wherein k is F πMinimum order is the number of the linear combination of r in the component.
If selected actual multivariable public-key cryptosystem can be resisted and utilize minimum order to attack in this programme, then the signature of the ring among the present invention also can be resisted minimum order attack.
4) differential attack: the PKI that provides a multivariable public-key cryptosystem
Figure BSA00000346100800107
One group of quadratic polynomial, its difference
Figure BSA00000346100800108
Be defined as This is one group of function about x.Key is to utilize the concealed structure in the difference to attack the multivariable public-key cryptosystem.If actual multivariable public-key cryptosystem selected in this programme can be resisted differential attack, then the signature of the ring among the present invention also can be resisted differential attack.
Know by above proof, if our selected multivariable public-key cryptosystem existing be safe under MPKC is attacked, ring signature then of the present invention existing also be safe under MPKC is attacked.
Embodiment
Anonymity ring signature scheme step 1. generation system parameter based on multivariable public key cryptography TTS (20,28) system
1) k=GF (q)=GF (2 is set 8) be the finite field that is characterized as p=2;
2) make that m=20 is the number of equation in the multivariable equation group, n=28 is the number of variable;
3) select H:{0,1} *→ k mBe the unidirectional irreversible hash function of the anti-collision of cryptography safety,
System parameters be (k, q, p, l, m, n, H).
Step 2. key generates
1) supposes in the ring t user arranged, be made as U={u 0, u 1..., u T-1;
2) according to the multivariable public-key cryptosystem, each user u i(0≤i≤t-1) selection F is from k nTo k mBut inverse mapping, F is the mappings of following central authorities
Figure BSA00000346100800111
y i = x i + Σ j = 1 7 p i , j x j x 8 + ( i + j mod 9 ) , i = 8 . . . 16 ;
y 17=x 17+p 17,1x 1x 6+p 17,2x 2x 5+p 17,3x 3x 4+p 17,4x 9x 16+p 17,5x 10x 15+p 17,6x 11x 14+p 17,7x 12x 13;y 18=x 18+p 18,1x 2x 7+p 18,2x 3x 6+p 18,3x 4x 5+p 18,4x 10x 17+p 18,5x 11x 16+p 18,6x 12x 15+p 18,7x 13x 14
y i = x i + p i , 0 x i - 11 x i - 9 + Σ j = 19 i p i , j - 18 x 2 ( i - j ) x j + Σ j = i + 1 27 p i , j - 18 x i - j + 19 x j , i = 19 . . . 27 .
The F here is called as central authorities' mapping of TTS (20,28);
3) each user u i(0≤i≤t-1) selects wherein L 1iBe from k mTo k mA reversible affine transformation of selecting at random,
L 1i(x 1,…,x m)=M 1i·(x 1,…,x m) T+a 1i
M wherein 1iBe the invertible matrix of a m * m on the finite field k, a 1iThe column vector of m * 1 on the finite field k;
4) each user u i(0≤i≤t-1) selects L 2iBe from k nTo k nA reversible affine transformation of selecting at random
L 2i(x 1,…,x n)=M 2i·(x 1,…,x n) T+a 2i
M wherein 2iBe the invertible matrix of a n * n on the finite field k, a 2iThe column vector of n * 1 on the finite field k, a 2iChoose feasible
Figure BSA00000346100800121
There is not constant component;
5) each user u i(0≤i≤t-1) announces its PKI
Figure BSA00000346100800122
F ‾ i ( x 1 , . . . , x n ) = ( f ‾ i 1 , . . . , f ‾ im )
Wherein each
Figure BSA00000346100800124
All be k[x 1..., x n] in multinomial;
6) each user u i(its private key SK that maintains secrecy of 0≤i≤t-1) i={ L 1i, F i, L 2i;
7) public key sets of t user in the ring is designated as
Figure BSA00000346100800125
Step 3. ring signature generates
If suppose member u π(0≤π≤t-1) represents all member U={u in the ring members 0, u 1..., u T-1Message M is signed, the user's of the t in the ring public key sets is designated as u πPKI be
Figure BSA00000346100800127
Private key is SK π={ L 1 π, F π, L 2 π.Signer u πThe step of ring signature is as follows:
1) for i=0,1 ..., t-1 and i ≠ π, picked at random r i∈ k n, calculate
R i = F ‾ i ( r i ) ,
If R iIn have identically, then reselect r i
2) calculate
h=H(M||L);
3) calculate
R π = h - Σ i ≠ π R i ,
If R πAnd R iIdentical, then reselect r;
4) calculate
Figure BSA00000346100800131
Concrete process is as follows:
At first calculate Calculate a possible x=F then -1(y) ∈ k nAs follows:
A) assigned at random x 1..., x 7∈ k attempts finding the solution x 8..., x 16Utilize preceding 9 equations.Because the determinant of this system of linear equations (to x arbitrarily 2X 7) be one about x 1Number of times is 9 multinomial, x 1There are 9/256ths kinds of selections to make first system degradation at most.Do not separate if having, again assigned at random x 1..., x 7∈ k finds x up to us 8..., x 16One separate;
B) the continuous x that finds the solution 17And x 18, use to meet following two equation (x 17And x 18);
C) assign an x at random 0, attempt from last 9 equation solution x 19..., x 27Do not separate if having, again selection x at random 0Separate x up to one 19..., x 27Found;
D) the above-mentioned institute of note tries to achieve and separates (the x into x= 0, x 1..., x 27)=F -1(y) ∈ k n, calculate
r π = L 2 π - 1 x ∈ k n
5) output message M is about ring
Figure BSA00000346100800134
Ring signature sigma=(r 0, r 1... r T-1).
The checking of step 4 ring signature
Given ring
Figure BSA00000346100800135
The signature sigma about message M=(r 0, r 1... r T-1), any verifier can the certifying signature correctness, by checking:
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L )
Whether set up.If equation is set up, then accept the ring signature, otherwise refuse this ring signature.
Method of the present invention provides the number of rings word signature of electronic document, can be used for protecting the integrality of electronic document in issue, storage or transmission, the safeguard protection of authenticity; Simultaneously; can protect the anonymity of signer again; do not expose with the information that guarantees the signature user; under the situation of this signature by checking; make certain member's signature in the ring that the verifier of signature can be sure of that this signature is made up of a plurality of users; but the verifier can not confirm this signature on earth by which member's signature, and the probability of each member's signature equates.
The present invention is directed to the appearance of quantum computer, the conventional cipher system is on the hazard, and utilizes the advantage based on multivariable public key cryptography safety under quantum calculation, and solving existing ring signature system will no longer safe defective under quantum calculation.The ring signature scheme based on the multivariable public-key cryptosystem of invention satisfies the unconditional anonymity and the unforgeable of signer, is better than the conventional cipher system on efficient.

Claims (2)

1. based on the method for multivariable public key cryptography, it is characterized in that this method is implemented according to following steps to the anonymous ring signature of message:
Step 1. generation system parameter
1) k=GF (q) being set is the finite field that is characterized as p, wherein q=p l, l is a positive integer;
2) order
Figure FSA00000346100700011
Be n the expansion of finite field k, n is a positive integer here, and g (x) is n irreducible function on the finite field k;
3) make that m is the number of equation in the multivariable equation group, n is the number of variable;
4) select H:{0,1} *→ k mBe the unidirectional irreversible hash function of the anti-collision of cryptography safety, system parameters be (k, q, p, l, m, n, H);
Step 2. key generates
1) supposes in the ring t user arranged, be made as U={u 0, u 1..., u T-1;
2) according to the multivariable public-key cryptosystem, each user u i(0≤i≤t-1) selects F iBe from k nTo k mBut inverse mapping, F iSatisfy:
A) F i(x 1..., x n)=(f I1..., f Im), f wherein Ij∈ k[x 1..., x n], j=1 ..., m;
B) any equation
F i(x 1,…,x n)=(y′ 1,…,y′ m)
All be easy to find the solution;
3) each user u i(0≤i≤t-1) selects wherein L 1iBe from k mTo k mA reversible affine transformation of selecting at random,
L 1i(x 1,…,x m)=M 1i·(x 1,…,x m) T+a 1i
M wherein 1iBe the invertible matrix of a m * m on the finite field k, a 1iIt is the column vector of m * 1 on the finite field k;
4) each user u i(0≤i≤t-1) selects L 2iBe from k nTo k nA reversible affine transformation of selecting at random
L 2i(x 1,…,x n)=M 2i·(x 1,…,x n) T+a 2i
M wherein 2iBe the invertible matrix of a n * n on the finite field k, a 2iIt is the column vector of n * 1 on the finite field k;
5) each user u i(0≤i≤t-1) announces its PKI
F ‾ i ( x 1 , . . . , x n ) = ( f ‾ i 1 , . . . , f ‾ im )
Wherein each
Figure FSA00000346100700023
All be k[x 1..., x n] in multinomial;
6) each user u i(its private key SK that maintains secrecy of 0≤i≤t-1) i={ L 1i, F i, L 2i;
7) public key sets of t user in the ring is designated as
Figure FSA00000346100700024
Step 3. ring signature generates
Suppose member u π(0≤π≤t-1) represents all member U={u in the ring members 0, u 1..., u T-1To message M ∈ 0,1} *Sign, the user's of the t in the ring public key sets is designated as
Figure FSA00000346100700025
The PKI of u π is
Figure FSA00000346100700026
Private key is SK π={ L 1 π, F π, L 2 π, signer u πThe step of ring signature is as follows:
1) for i=0,1 ..., t-1 and i ≠ π, picked at random r i∈ k n, calculate
R i = F ‾ i ( r i ) ,
If R iIn have identically, then reselect r i
2) calculate
h=H(M||L);
3) calculate
R π = h - Σ i ≠ π R i ,
If R πAnd R iIdentical, then reselect r;
4) calculate
Figure FSA00000346100700031
5) output message M is about ring
Figure FSA00000346100700032
Ring signature sigma=(r 0, r 1... r T-1);
The checking of step 4. ring signature
Given ring The signature sigma about message M=(r 0, r 1... r T-1), any verifier's checking
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L )
Whether set up,, then accept the ring signature, otherwise refuse this ring signature if equation is set up.
2. method according to claim 1 is characterized in that, in this method step 3, signer calculates
Figure FSA00000346100700036
Thereby make message M about ring
Figure FSA00000346100700037
Ring signature sigma=(r 0, r 1... r T-1) constituted the closed-loop that can verify and satisfy
Σ i = 0 t - 1 F ‾ i ( r i ) = H ( M | | L ) .
CN2010105446082A 2010-11-11 2010-11-11 Ring signature method for anonymizing information based on multivariate public key cryptography Expired - Fee Related CN102006165B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105446082A CN102006165B (en) 2010-11-11 2010-11-11 Ring signature method for anonymizing information based on multivariate public key cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105446082A CN102006165B (en) 2010-11-11 2010-11-11 Ring signature method for anonymizing information based on multivariate public key cryptography

Publications (2)

Publication Number Publication Date
CN102006165A true CN102006165A (en) 2011-04-06
CN102006165B CN102006165B (en) 2012-11-07

Family

ID=43813259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105446082A Expired - Fee Related CN102006165B (en) 2010-11-11 2010-11-11 Ring signature method for anonymizing information based on multivariate public key cryptography

Country Status (1)

Country Link
CN (1) CN102006165B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006168A (en) * 2010-11-11 2011-04-06 西安理工大学 Ring signature method for anonymizing information based on multivariate digital signature
CN103220146A (en) * 2013-04-02 2013-07-24 西安理工大学 Zero knowledge digital signature method based on multivariate public key cryptosystem
CN103220147A (en) * 2013-04-02 2013-07-24 西安理工大学 Strongly designated verifier signature method based on multivariate public key cryptosystem
CN103312498A (en) * 2013-06-20 2013-09-18 武汉大学 Quantum computation resistant public key cryptography method
CN103729588A (en) * 2013-12-25 2014-04-16 飞天诚信科技股份有限公司 Signature method of signature device
CN103748832A (en) * 2011-08-29 2014-04-23 索尼公司 Signature verification device, signature verification method, program, and recording medium
CN105376240A (en) * 2015-11-26 2016-03-02 合肥高维数据技术有限公司 Anonymous submission system with no need for trusted third party
CN105744522A (en) * 2016-04-29 2016-07-06 东北大学 WMN anonymous access authentication system and method based on proxy ring signature
CN106027262A (en) * 2016-07-01 2016-10-12 陕西科技大学 Multi-variable signing method resisting key recovery attack
CN106100843A (en) * 2016-06-17 2016-11-09 东南大学 Multivariate PKI generates, encryption and decryption approaches
CN106209376A (en) * 2016-07-01 2016-12-07 陕西科技大学 A kind of multivariate endorsement method resisting forgery attack
CN106507347A (en) * 2017-01-09 2017-03-15 大连理工大学 A kind of key generation method for protecting wireless sensor network security
CN109981296A (en) * 2019-04-03 2019-07-05 王晓兰 A kind of ring signatures method based on Rainbow
CN110061850A (en) * 2019-04-24 2019-07-26 电子科技大学 The collision calculation method and editable block chain building method of chameleon hash function
CN110190957A (en) * 2019-05-29 2019-08-30 西安邮电大学 Multivariable broadcasting multi-signature method based on no certificate
CN116743396A (en) * 2023-08-14 2023-09-12 深圳奥联信息安全技术有限公司 Optimized ring signature method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1462520A (en) * 2001-05-04 2003-12-17 美国多科摩通讯研究所股份有限公司 Ring-based signature scheme
US20060233364A1 (en) * 2002-07-29 2006-10-19 Jan Camenisch Fine-grained forward-secure signature scheme
CN1870499A (en) * 2005-01-11 2006-11-29 丁津泰 Method for generating multiple variable commom key password system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1462520A (en) * 2001-05-04 2003-12-17 美国多科摩通讯研究所股份有限公司 Ring-based signature scheme
US20060233364A1 (en) * 2002-07-29 2006-10-19 Jan Camenisch Fine-grained forward-secure signature scheme
CN1870499A (en) * 2005-01-11 2006-11-29 丁津泰 Method for generating multiple variable commom key password system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《中国矿业大学学报》 20070531 王晓峰等 面向协同设计的基于身份环签名方案 343-346,370 1-2 第36卷, 第3期 2 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006168B (en) * 2010-11-11 2013-03-13 西安理工大学 Ring signature method for anonymizing information based on multivariate digital signature
CN102006168A (en) * 2010-11-11 2011-04-06 西安理工大学 Ring signature method for anonymizing information based on multivariate digital signature
CN103748832A (en) * 2011-08-29 2014-04-23 索尼公司 Signature verification device, signature verification method, program, and recording medium
CN103220147B (en) * 2013-04-02 2016-08-10 西安理工大学 Strong designated verifier signature method based on multivariate public key cryptosystem
CN103220146A (en) * 2013-04-02 2013-07-24 西安理工大学 Zero knowledge digital signature method based on multivariate public key cryptosystem
CN103220147A (en) * 2013-04-02 2013-07-24 西安理工大学 Strongly designated verifier signature method based on multivariate public key cryptosystem
CN103220146B (en) * 2013-04-02 2016-12-28 西安理工大学 Zero Knowledge digital signature method based on multivariate public key cryptosystem
CN103312498A (en) * 2013-06-20 2013-09-18 武汉大学 Quantum computation resistant public key cryptography method
CN103312498B (en) * 2013-06-20 2016-01-27 武汉大学 A kind of public key cryptography method of anti-quantum calculation
CN103729588A (en) * 2013-12-25 2014-04-16 飞天诚信科技股份有限公司 Signature method of signature device
CN103729588B (en) * 2013-12-25 2016-04-06 飞天诚信科技股份有限公司 A kind of endorsement method of signature device
CN105376240B (en) * 2015-11-26 2018-07-06 合肥高维数据技术有限公司 A kind of anonymous submission system for being not required to trusted third party
CN105376240A (en) * 2015-11-26 2016-03-02 合肥高维数据技术有限公司 Anonymous submission system with no need for trusted third party
CN105744522A (en) * 2016-04-29 2016-07-06 东北大学 WMN anonymous access authentication system and method based on proxy ring signature
CN105744522B (en) * 2016-04-29 2018-10-23 东北大学 A kind of WMN anonymous access authentication systems and method based on proxy ring signature
CN106100843A (en) * 2016-06-17 2016-11-09 东南大学 Multivariate PKI generates, encryption and decryption approaches
CN106209376A (en) * 2016-07-01 2016-12-07 陕西科技大学 A kind of multivariate endorsement method resisting forgery attack
CN106027262A (en) * 2016-07-01 2016-10-12 陕西科技大学 Multi-variable signing method resisting key recovery attack
CN106027262B (en) * 2016-07-01 2017-02-22 陕西科技大学 Multi-variable signing method resisting key recovery attack
CN106507347A (en) * 2017-01-09 2017-03-15 大连理工大学 A kind of key generation method for protecting wireless sensor network security
CN109981296A (en) * 2019-04-03 2019-07-05 王晓兰 A kind of ring signatures method based on Rainbow
CN110061850A (en) * 2019-04-24 2019-07-26 电子科技大学 The collision calculation method and editable block chain building method of chameleon hash function
CN110190957A (en) * 2019-05-29 2019-08-30 西安邮电大学 Multivariable broadcasting multi-signature method based on no certificate
CN116743396A (en) * 2023-08-14 2023-09-12 深圳奥联信息安全技术有限公司 Optimized ring signature method and system
CN116743396B (en) * 2023-08-14 2023-11-03 深圳奥联信息安全技术有限公司 Optimized ring signature method and system

Also Published As

Publication number Publication date
CN102006165B (en) 2012-11-07

Similar Documents

Publication Publication Date Title
CN102006165B (en) Ring signature method for anonymizing information based on multivariate public key cryptography
CN102006166B (en) Ring signature method for anonymizing information based on multivariate polynomial
CN101834724B (en) Authenticated encryption method of public key and digital signature method
CN102611749B (en) Cloud-storage data safety auditing method
CN103220147B (en) Strong designated verifier signature method based on multivariate public key cryptosystem
CN104023044A (en) Cloud-storage data lightweight-level public auditing method with privacy protection
CN102811125A (en) Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN102006168B (en) Ring signature method for anonymizing information based on multivariate digital signature
US20180006803A1 (en) Multivariate Signature Method for Resisting Key Recovery Attack
CN101651542B (en) Method for protecting security of digital signature documents of multiple verifiers strongly designated by multiple signers.
CN104320259A (en) Certificateless signature method based on Schnorr signature algorithm
CN102006170B (en) Ring signature method for anonymizing information based on MQ problem in finite field
CN102006167B (en) Ring signature method for anonymizing information based on algebra
CN103997409A (en) Encryption device and method for generating and verifying linear homomorphic structure preserving signature
Zhan et al. Cryptanalysis of a certificateless aggregate signature scheme for healthcare wireless sensor network
CN116346328A (en) Digital signature method, system, equipment and computer readable storage medium
CN102006169B (en) Ring signature method for anonymizing information based on secondary multivariate problem in finite field
CN104917615A (en) Trusted computing platform attribute verification method based on ring signature
Feng et al. White-box implementation of Shamir’s identity-based signature scheme
CN102291396A (en) Anonymous authentication algorithm for remote authentication between credible platforms
CN111431715A (en) Policy control signature method supporting privacy protection
Yang et al. Cryptanalysis and improvement of a blockchain-based certificateless signature for IIoT devices
CN102136911A (en) Method for encrypting electronic document
Wang et al. Privacy‐Preserving Meter Report Protocol of Isolated Smart Grid Devices
Liu et al. Strong Identity‐Based Proxy Signature Schemes, Revisited

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121107

Termination date: 20151111

EXPY Termination of patent right or utility model