CN116915409A - Linkable double-ring signature method and system based on identification - Google Patents
Linkable double-ring signature method and system based on identification Download PDFInfo
- Publication number
- CN116915409A CN116915409A CN202310650815.3A CN202310650815A CN116915409A CN 116915409 A CN116915409 A CN 116915409A CN 202310650815 A CN202310650815 A CN 202310650815A CN 116915409 A CN116915409 A CN 116915409A
- Authority
- CN
- China
- Prior art keywords
- ring member
- private key
- user
- signature
- member node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000009977 dual effect Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 230000004931 aggregating effect Effects 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method and a system for a linkable double-ring signature based on identification, wherein the method comprises the following steps: acquiring a main public and private key pair; user identity ID based on primary private key and said ring member node j j Generating a user private key sk of the ring member node j j The method comprises the steps of carrying out a first treatment on the surface of the When a ring member node j signs a message, calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list, and outputting the signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes; verifying the signature σ. The application effectively reduces the consumption of bandwidth resources, and makes the scheme easy to deploy, manage and realize.
Description
Technical Field
The disclosure relates to the technical field of information security, in particular to a method and a system for a linkable double-ring signature based on identification.
Background
The linkable ring signature (Linkable Ring Signature; LRS) is a special ring signature technology, and besides the non-counterfeitability and anonymity of the ring signature, the method can link the signatures signed by the same signer, is widely applied to scenes such as electronic voting, electronic anonymity election and the like, and solves the problem of repeated voting or multiple elections. Although existing linkable ring signature schemes effectively reduce signature length by employing a dual ring technique (dual). However, these schemes involve a process of exchanging digital certificates and public keys, require consuming higher bandwidth resources, and involve cumbersome certificate management issues.
To above-mentioned problem, this patent has designed a can link dicyclo signature scheme based on the sign cryptograph, not only can effectively reduce the signature size, and the communication both sides need not to exchange public key certificate and save the secret key directory moreover, can safe generation and verify the signature.
Disclosure of Invention
The application aims at a linkable double-ring signature scheme based on identification, and aims to solve the problems that the existing linkable double-ring signature involves complicated digital certificate exchange, large signature length and the like, effectively reduces bandwidth resource consumption, and enables the scheme to be easy to deploy, manage and realize.
The technical scheme of the application comprises the following steps:
a linkable dual ring signature method based on identification, applied to a ring member node j in a ring member list, the method comprising:
acquiring a main public and private key pair; wherein the primary public-private key pair is generated by a trusted central node;
user identity ID based on primary private key and said ring member node j j Generating a user private key sk of the ring member node j j ;
When the ring member node j signs a message, calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list, and outputting a signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
verifying the signature σ.
Further, the master public-private key pair is generated by a trusted central node, comprising:
acquiring system parameter lambda and selecting a random numberWherein (1)>Represents an integer set consisting of integers 0,1,2, …, q-1, q representing a large prime number;
the random number x is taken as the value of the master private key sk, and the master public key pk=g is calculated x The method comprises the steps of carrying out a first treatment on the surface of the Wherein g represents the multiplication cycle groupIs a generator of (1).
Further, the user identity ID based on the master private key and the ring member node j j Generating a user private key sk of the ring member node j j Comprising:
selecting a random numberWherein (1)>Represents an integer set consisting of integers 0,1,2, …, q-1, q representing a large prime number;
computing a first portion K of a user private key j =g l The method comprises the steps of carrying out a first treatment on the surface of the Wherein g represents the multiplication cycle groupIs a generator of (1);
computing a first portion K of the user private key j And user identity ID j A hash value h of (a);
calculating a second portion d of the user's private key j =l+xh (mod q); wherein x represents the value of the master private key sk;
user private key sk of output ring member node j j =(K j ,d j )。
Further, the calculating the link label I based on the user identity and the user private key of the ring member node in the ring member list includes:
acquiring ring member listsWhere n represents the number of ring member nodes in the ring member list, ID i Representing the user identity, K, of the ith ring member node i Representing a first portion of a user private key of an ith ring member node as a user identification of the ith ring member node;
generating parameters based on user identifications of all ring member nodesAnd calculates the parameter +.>A hash value u of (a);
computing link labels
Further, the outputting the signature σ of the message according to the link label I, the master public key and the private keys of the users of all ring member nodes includes:
selecting random numbersRandom number set +.>Wherein the random number setComprises n-1 random numbers c i ;
Calculating intermediate parametersWherein g r R times representing group element g, pk represents the master public key, +>Representing bit strings of arbitrary length {0,1} * Mapping to integer set->A secure cryptographic hash function thereon;
calculating an intermediate parameter based on the random number r, the hash value u and the link label I
Calculating message m, parametersHash values c of the intermediate parameter R and the intermediate parameter T;
based on the hash value c and the set of random numbersObtaining an intermediate reference value c for signing by the ring member node j j ;
Aggregating the random numbersAs a first part of the signature sigma, taking an intermediate parameter s as a second part of the signature sigma, and taking the link tag I as a third part of the signature sigma; wherein the intermediate parameter s=r-c j ·d j (mod q)。
Further, said verifying said signature σ comprises:
generating parameters based on user identifications of all ring member nodesAnd calculates the parameter +.>Hash value of (a)
Calculating intermediate parametersAnd intermediate parameters->
Calculating message m, parametersHash values c ' of the intermediate parameter R ' and the intermediate parameter T ';
at the hash valueIn the case of (2), the signature sigma verification is successful.
A linkable dual ring signature device based on an identity, the device being disposed in a ring member node j, the device comprising:
the key acquisition module is used for acquiring a main public key pair and a private key pair; wherein the primary public-private key pair is generated by a trusted central node;
a private key generation module for generating a private key based on the primary private key and the user identity ID of the ring member node j j Generating a user private key sk of the ring member node j j ;
The signature generation module is used for calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list when the ring member node j signs a message, and outputting the signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
and the signature verification module is used for verifying the signature sigma.
An identity-based linkable dual ring signature system, the system comprising:
a plurality of ring member nodes; wherein each ring member node j is configured to:
acquiring a main public and private key pair; wherein the primary public-private key pair is generated by a trusted central node;
user identity ID based on primary private key and said ring member node j j Generating a user private key sk of the ring member node j j ;
When the ring member node j signs a message, calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list, and outputting a signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
verifying the signature σ.
A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the method of any of the preceding claims when executing the computer program.
A computer readable storage medium having stored thereon computer program instructions, which when executed implement the method of any of the preceding claims.
Compared with the prior art, the application can have the following beneficial effects:
at present, the identification password is combined with the single ring signature, and the existing linkable double ring signature has the processes of exchanging digital certificates and public keys, so that higher bandwidth resources are required to be consumed, and the problems of complicated certificate management are involved, so that the safe and efficient development requirements are difficult to meet.
The application designs a linkable double-ring signature scheme based on the identification password algorithm, which not only can effectively reduce the signature size, but also can effectively reduce the signature sizeBecause the user identity is the public information such as mail address, mobile phone number, QQ number, identity card code, etc. in practice, and the K in the private key information i Is publicable, so that the signature can be safely generated and verified without exchanging public key certificates and saving a key catalog.
Drawings
FIG. 1 is a flowchart illustrating an identification-based linkable dual ring signature method, according to an example embodiment.
Detailed Description
The following detailed description of the present application is provided in connection with the examples and the accompanying drawings, which illustrate only one possible embodiment of the application, but not all possible embodiments, and are not intended to limit the application.
The application mainly comprises four parts of key generation (KGen), identification encryption (Extract), signature (Sign) and verification (Verify). The method comprises the following steps:
algorithm 1. Key generation (KGen): inputting system parameter lambda, randomly selectingCalculation of y=g x The algorithm outputs the primary private key sk=x and the primary public key pk=y of the sender. Wherein (1)>Is an integer set consisting of integers 0,1,2, …, q-1, q is a large prime number, g is a multiplication cycle group +.>Is a generator of (1).
Algorithm 2. Identification key extraction (Extract): input master private key sk and user identity ID a Randomly selectComputing a first portion K of a user private key a =g l Master private key sk and user identity ID a Hash value +.>Second portion d of user private key a =l+xh (mod q), outputting the user private key sk a =(K a ,d a ). Wherein mod q is a modulo q operation, +.>Representing bit strings of arbitrary length {0,1} * Mapping to integer set->A secure cryptographic hash function thereon.
Algorithm 3 signature (Sign):
step 3.1: inputting user private key sk j =(K j ,d j ) List of ring membersMessage m. Calculating a hash value of a first part of a user private key +.>Wherein the application uses the first part K of the private key of the user i As user identification, ID i Representing the user identity of ring member i, n representing the number of ring member users, 1<i<n。
Step 3.2: computing link labels
Step 3.3: randomly selecting random numbersCalculate-> And s=r-c j ·d j (mod q). Wherein g r R times of group element g>Representing the identity K by a user in a ring member list i The vector, j, represents the signer number, 1<j<n,/>C, for the random number selected in the calculation process j Computationally generated R, T is an intermediate value and s is part of the signature result.
Step 3.4: output signature σ= (c) 1 ,…c n ,s,I)。
Algorithm 4. Verify (Verify): inputting signature sigma to be verified, ring member listMessage m. Calculation of If it isAlgorithm output 1 indicates that verification is successful, otherwise output 0.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. The embodiments are to be considered as illustrative only, and the present disclosure is not limited to the precise construction that has been described above and shown in the accompanying drawings, and various modifications and changes may be made without departing from the scope thereof.
Claims (10)
1. A method of identity-based linkable dual ring signature applied to a ring member node j in a ring member list, the method comprising:
acquiring a main public and private key pair; wherein the primary public-private key pair is generated by a trusted central node;
user identity ID based on primary private key and said ring member node j j Generating a user private key sk of the ring member node j j ;
When the ring member node j signs a message, calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list, and outputting a signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
verifying the signature σ.
2. The method of claim 1, wherein the master public-private key pair is generated by a trusted central node, comprising:
acquiring system parameter lambda and selecting a random numberWherein (1)>Represents an integer set consisting of integers 0,1,2, …, q-1, q representing a large prime number;
the random number x is taken as the value of the master private key sk, and the master public key pk=g is calculated x The method comprises the steps of carrying out a first treatment on the surface of the Wherein g represents the multiplication cycle groupIs a generator of (1).
3. The method of claim 1, wherein the user ID based on a master private key and the ring member node j j Generating a user private key sk of the ring member node j j Comprising:
selecting a random numberWherein (1)>Represents an integer set consisting of integers 0,1,2, …, q-1, q representing a large prime number;
computing a first portion K of a user private key j =g l The method comprises the steps of carrying out a first treatment on the surface of the Wherein g represents the multiplication cycle groupIs a generator of (1);
computing a first portion K of the user private key j And user identity ID j A hash value h of (a);
calculating a second portion d of the user's private key j =l+xh (mod q); wherein x represents the value of the master private key sk;
user private key sk of output ring member node j j =(K j ,d j )。
4. The method of claim 3, wherein the calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list comprises:
acquiring ring member listsWhere n represents the number of ring member nodes in the ring member list, ID i Representing the user identity, K, of the ith ring member node i Representing a first portion of a user private key of an ith ring member node as a user identification of the ith ring member node;
generating parameters based on user identifications of all ring member nodesAnd calculates the parameter +.>A hash value u of (a);
computing link labels
5. The method of claim 4, wherein outputting the signature σ of the message based on the link ticket I, a master public key, and user private keys of all ring member nodes, comprises:
selecting random numbersRandom number set +.>Wherein the set of random numbers +.>Comprises n-1 random numbers c i ;
Calculating intermediate parametersWherein g r R times representing group element g, pk represents the master public key, +>Representing bit strings of arbitrary length {0,1} * Mapping to integer set->A secure cryptographic hash function thereon;
calculating an intermediate parameter based on the random number r, the hash value u and the link label I
Calculating message m, parametersHash values c of the intermediate parameter R and the intermediate parameter T;
based on the hash value c and the set of random numbersObtaining an intermediate reference value c for signing by the ring member node j j ;
Aggregating the random numbersAs a first part of the signature sigma, taking an intermediate parameter s as a second part of the signature sigma, and taking the link tag I as a third part of the signature sigma; wherein the intermediate parameter s=r-c j ·d j (mod q)。
6. The method of claim 5, wherein said verifying said signature σ comprises:
generating parameters based on user identifications of all ring member nodesAnd calculates the parameter +.>Hash value +.>
Calculating intermediate parametersAnd intermediate parameters->
Calculating message m, parametersHash values c ' of the intermediate parameter R ' and the intermediate parameter T ';
at the hash valueIn the case of (2), the signature sigma verification is successful.
7. A linkable dual ring signature device based on identification, said device being disposed in a ring member node j, said device comprising:
the key acquisition module is used for acquiring a main public key pair and a private key pair; wherein the primary public-private key pair is generated by a trusted central node;
a private key generation module for generating a private key based on the primary private key and the user identity ID of the ring member node j j Generating a user private key sk of the ring member node j j ;
The signature generation module is used for calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list when the ring member node j signs a message, and outputting the signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
and the signature verification module is used for verifying the signature sigma.
8. An identity-based linkable dual ring signature system, the system comprising:
a plurality of ring member nodes; wherein each ring member node j is configured to:
acquiring a main public and private key pair; wherein the primary public-private key pair is generated by a trusted central node;
user identity ID based on primary private key and said ring member node j j Generating a user privacy of the ring member node jKey sk j ;
When the ring member node j signs a message, calculating a link label I based on the user identity and the user private key of the ring member node in the ring member list, and outputting a signature sigma of the message according to the link label I, the main public key and the user private keys of all ring member nodes;
verifying the signature σ.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the method of any one of claims 1 to 6 when executing the computer program.
10. A computer readable storage medium having stored thereon computer program instructions, which when executed implement the method of any of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310650815.3A CN116915409A (en) | 2023-06-02 | 2023-06-02 | Linkable double-ring signature method and system based on identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310650815.3A CN116915409A (en) | 2023-06-02 | 2023-06-02 | Linkable double-ring signature method and system based on identification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116915409A true CN116915409A (en) | 2023-10-20 |
Family
ID=88361705
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310650815.3A Pending CN116915409A (en) | 2023-06-02 | 2023-06-02 | Linkable double-ring signature method and system based on identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116915409A (en) |
-
2023
- 2023-06-02 CN CN202310650815.3A patent/CN116915409A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Karati et al. | Provably secure and lightweight certificateless signature scheme for IIoT environments | |
CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
Huang et al. | Cost-effective authentic and anonymous data sharing with forward security | |
Schröder et al. | Verifiable data streaming | |
EP2302834A2 (en) | System and method for providing credentials | |
KR20100116215A (en) | Group signature system, device, and program | |
US7000110B1 (en) | One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device | |
WO2011148902A1 (en) | Anonymous credential system, user device, verification device, anonymous credential method, and anonymous credential program | |
CN110932865B (en) | Linkable ring signature generation method based on SM2 digital signature algorithm | |
Li et al. | Generalization of proxy signature-based on discrete logarithms | |
JP2004208262A (en) | Apparatus and method of ring signature based on id employing bilinear pairing | |
EP2351287A2 (en) | Method of generating a cryptographic key, network and computer program therefor | |
WO2014068427A1 (en) | Reissue of cryptographic credentials | |
Shankar et al. | Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward‐Curve Digital Signature Algorithm | |
KR101382626B1 (en) | System and method for id-based strong designated verifier signature | |
Meshram et al. | A provably secure lightweight subtree-based short signature scheme with fuzzy user data sharing for human-centered IoT | |
CN112152813B (en) | Certificateless content extraction signcryption method supporting privacy protection | |
CN116346328A (en) | Digital signature method, system, equipment and computer readable storage medium | |
CN114499887B (en) | Signing key generation and related methods, systems, computer devices and storage media | |
Li et al. | A forward-secure certificate-based signature scheme | |
CN108768634A (en) | Verifiable Encryptosystem signature generating method and system | |
Fei et al. | A secure digital signature algorithm based on elliptic curve and chaotic mappings | |
Liu et al. | Strong Identity‐Based Proxy Signature Schemes, Revisited | |
CN116915409A (en) | Linkable double-ring signature method and system based on identification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |