[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108494561B - Aggregation electronic signature method with fixed signature length - Google Patents

Aggregation electronic signature method with fixed signature length Download PDF

Info

Publication number
CN108494561B
CN108494561B CN201810229044.XA CN201810229044A CN108494561B CN 108494561 B CN108494561 B CN 108494561B CN 201810229044 A CN201810229044 A CN 201810229044A CN 108494561 B CN108494561 B CN 108494561B
Authority
CN
China
Prior art keywords
data owner
key
electronic signature
signature
generation center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810229044.XA
Other languages
Chinese (zh)
Other versions
CN108494561A (en
Inventor
高梓渊
王保仓
詹宇
卢珂
刘鹤群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810229044.XA priority Critical patent/CN108494561B/en
Publication of CN108494561A publication Critical patent/CN108494561A/en
Application granted granted Critical
Publication of CN108494561B publication Critical patent/CN108494561B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for aggregating electronic signatures with fixed signature length, which comprises the following steps: 1. generating cryptographic system parameters; 2. generating a key for the data owner; 3. generating a private key and a public key of a data owner; 4. the data owner electronically signs the message; 5. the data owner aggregates the electronic signature; 6. the data owner sends the message set and the aggregated electronic signature to the user respectively; 7. judging whether a signature verification equation is established or not, and receiving or giving up the message by the user; 8. and finishing the signature. The invention adopts the hash function to process the sensitive information, so that the information received by the user is correct. By processing the electronic signatures of all messages in an aggregation mode, the calculation of temporary variables is reduced in the signature process, the verification efficiency of the electronic signatures by users is improved, and the method can be applied to the field of cloud computing.

Description

固定签名长度的聚合电子签名方法Aggregated electronic signature method with fixed signature length

技术领域technical field

本发明属于通信技术领域,更进一步涉及数据通信技术领域中的一种固定签名长度的聚合电子签名方法。本发明可用于云计算中的大量数据存储环境下,数据拥有者在存储数据时对所存储的所有数据进行电子签名,然后将所有数据以及电子签名发送给用户。使用数据的用户通过对电子签名进行验证,从而可以检测出接收到的数据是否在数据传输过程中被攻击者篡改。The invention belongs to the technical field of communication, and further relates to a method for aggregated electronic signature with fixed signature length in the technical field of data communication. The present invention can be used in a large data storage environment in cloud computing, the data owner electronically signs all the stored data when storing the data, and then sends all the data and the electronic signature to the user. The user who uses the data can detect whether the received data has been tampered with by the attacker during the data transmission process by verifying the electronic signature.

背景技术Background technique

聚合签名可用于云计算中,例如在大量数据存储环境下,数据拥有者在存储数据时对所存储的所有数据进行电子签名,然后由聚合人将所有的电子签名聚合成一个电子签名并发送给用户。使用数据的用户只需要对聚合后的电子签名进行验证,便可以检测出接收到的所有数据是否在数据传输过程中被攻击者篡改。现有的聚合电子签名方案对数据进行电子签名后得到两个部分,在聚合时只能对电子签名中第一部分进行聚合,然后将电子签名中第一部分的聚合签名和所有的第二部分发送给用户,因此提高了对传输带宽的要求,并且增加了用户在电子签名验证上所需要的花费。Aggregated signatures can be used in cloud computing. For example, in a large-scale data storage environment, the data owner electronically signs all the stored data when storing data, and then the aggregator aggregates all the electronic signatures into one electronic signature and sends it to user. Users who use the data only need to verify the aggregated electronic signature to detect whether all the received data has been tampered with by the attacker during the data transmission process. The existing aggregated electronic signature scheme obtains two parts after electronically signing the data. During aggregation, only the first part of the electronic signature can be aggregated, and then the aggregated signature of the first part of the electronic signature and all the second parts are sent to users, thus increasing the requirements for transmission bandwidth and increasing the cost of users in electronic signature verification.

Cheng等人在其发表的论文“Cryptanalysis and improvement ofacertification aggregate signature scheme.”(期刊Information Sciences 295(2015)337-346,2014.10.19)中提出了一种无证书聚合电子签名方法。该方法的主要步骤是:(1)密钥生成中心KGC(Key Generation Center)利用安全参数计算系统的主密钥和主公钥。(2)KGC利用数据拥有者的身份信息计算数据拥有者的部分私钥,并将部分私钥发送给数据拥有者。(3)数据拥有者随机选取一个密钥,并且计算相应的公钥。(4)电子签名时,数据拥有者首先选取随机数乘以自己的公钥得到电子签名的第一部分;用自己选取的随机数、部分公钥、密钥和需要进行签名的所有数据通过计算得到相应电子签名的第二部分;(4)数据拥有者对所有的电子签名的第一部分进行聚合得到一个电子签名,然后将聚合得到的电子签名、所有电子签名的第二部分、需要进行签名的所有数据发送给用户。(5)用户通过对聚合得到的电子签名、所有电子签名的第二部分、需要进行签名的所有数据的计算可以检测出接收到的数据是否在数据传输过程中被攻击者篡改。该方法存在的不足之处是:该方法要将所有电子签名的第二部分发送给用户,用户对所有电子签名的第二部分进行验证,严重影响了用户对电子签名的验证效率。Cheng et al. proposed a certificateless aggregate electronic signature method in their paper "Cryptanalysis and improvement of acertification aggregate signature scheme." (Journal Information Sciences 295(2015) 337-346, 2014.10.19). The main steps of the method are: (1) The key generation center KGC (Key Generation Center) uses the security parameters to calculate the master key and master public key of the system. (2) KGC uses the identity information of the data owner to calculate part of the private key of the data owner, and sends part of the private key to the data owner. (3) The data owner randomly selects a key and calculates the corresponding public key. (4) When signing electronically, the data owner first selects a random number and multiplies his own public key to obtain the first part of the electronic signature; obtains the first part of the electronic signature with the random number, part of the public key, key and all the data that needs to be signed by himself. The second part of the corresponding electronic signature; (4) The data owner aggregates the first part of all electronic signatures to obtain an electronic signature, and then aggregates the electronic signature obtained by aggregation, the second part of all electronic signatures, and all the electronic signatures that need to be signed. data is sent to the user. (5) The user can detect whether the received data has been tampered with by the attacker during the data transmission process by calculating the aggregated electronic signature, the second part of all electronic signatures, and all the data that needs to be signed. The disadvantage of this method is that the method sends the second part of all electronic signatures to the user, and the user verifies the second part of all electronic signatures, which seriously affects the user's verification efficiency of the electronic signature.

青岛大学在其申请的专利文献“一种并行密钥隔离的基于身份的聚合签名方法”(申请日:2013.08.29,申请号201310384259.6,申请公布号CN103414731A)中公开了一种聚合电子签名方法。该方法的主要步骤是:(1)参与所述聚合签名方法的每一个数据拥有者首先分别选择不同的消息,并对消息进行签名得到相应的电子签名,并把所有的电子签名发送给聚合方。(2)聚合方对所有的电子签名执行聚合操作,并将聚合后的电子签名发送给用户。(3)用户首先计算一些临时变量,然后利用临时变量对聚合后的电子签名进行验证,确信生成的聚合签名是否来自指定的数据拥有者。(4)每个数据拥有者的密钥都会周期性的更新,在每个时间段,两个协助器交替的帮助数据拥有者进行密钥的更新,一个时间段数据拥有者密钥的泄露不会影响到其他时间段系统的安全性。该方法存在的不足之处是:第一,电子签名过程中,因为攻击者可以窃取一些敏感信息,使得攻击者可以篡改数据拥有者发送给用户的消息,用户将无法正确接收数据拥有者发送的消息;第二,该方法的验证过程中由于需要使用多个临时变量来对聚合后的电子签名进行验证,因此需要计算多个临时变量,严重影响了用户对电子签名的验证效率。Qingdao University disclosed an aggregated electronic signature method in its patent document "An Identity-Based Aggregate Signature Method with Parallel Key Isolation" (application date: 2013.08.29, application number 201310384259.6, application publication number CN103414731A). The main steps of the method are: (1) Each data owner participating in the aggregated signature method first selects a different message, signs the message to obtain a corresponding electronic signature, and sends all the electronic signatures to the aggregated party . (2) The aggregator performs aggregation operations on all electronic signatures, and sends the aggregated electronic signatures to the user. (3) The user first calculates some temporary variables, and then uses the temporary variables to verify the aggregated electronic signature to ensure that the generated aggregated signature is from the specified data owner. (4) The key of each data owner will be updated periodically. In each time period, two facilitators alternately help the data owner to update the key, and the leakage of the data owner's key in a time period will not It will affect the security of the system in other time periods. The shortcomings of this method are: first, in the process of electronic signature, because the attacker can steal some sensitive information, the attacker can tamper with the message sent by the data owner to the user, and the user will not be able to correctly receive the message sent by the data owner. Second, in the verification process of this method, multiple temporary variables need to be used to verify the aggregated electronic signature, so multiple temporary variables need to be calculated, which seriously affects the user's verification efficiency of the electronic signature.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于针对上述现有技术在进行聚合签名时电子签名长度不固定的问题,提供一个固定签名长度的聚合电子签名方法。The purpose of the present invention is to provide an aggregated electronic signature method with a fixed signature length in view of the problem that the length of the electronic signature is not fixed when the aggregated signature is performed in the prior art.

实现本方法目的的思路是:数据拥有者在对消息进行电子签名时,采用哈希函数对敏感的信息进行处理,由于攻击者可以查询到发送过程中的敏感信息,所以哈希函数的使用可以保证敏感信息不被攻击者窃取,从而保证发送的消息不被攻击者篡改;数据拥有者对所有的消息进行电子签名后,将所有消息的电子签名进行聚合处理,从而使得电子签名的长度固定,数据拥有者只需要将固定长度的电子签名发送给用户,用户对聚合后的电子签名进行验证。因此,本方法使得数据拥有者发送给用户的电子签名长度固定,提高用户验证签名的效率。The idea of realizing the purpose of this method is as follows: when the data owner signs the message electronically, the hash function is used to process the sensitive information. Since the attacker can query the sensitive information in the sending process, the use of the hash function can To ensure that sensitive information is not stolen by attackers, so as to ensure that the sent messages are not tampered with by attackers; after the data owner electronically signs all messages, the electronic signatures of all messages are aggregated, so that the length of the electronic signature is fixed. The data owner only needs to send a fixed-length electronic signature to the user, and the user verifies the aggregated electronic signature. Therefore, the method makes the length of the electronic signature sent by the data owner to the user to be fixed, and improves the efficiency of the user's signature verification.

根据以上思路,本发明的具体实现步骤包括如下:According to the above ideas, the specific implementation steps of the present invention include the following:

(1)生成密码系统参数:(1) Generate password system parameters:

(1a)密钥生成中心根据密码系统安全参数z选取一个大素数i,其中z<264且i>2z(1a) The key generation center selects a large prime number i according to the security parameter z of the cryptographic system, wherein z < 264 and i>2z;

(1b)密钥生成中心构造两个i阶的加法循环群G1和G2,在G1中随机选取一个生成元;(1b) The key generation center constructs two additive cyclic groups G 1 and G 2 of order i, and randomly selects a generator in G 1 ;

(1c)密钥生成中心分别构造第一个哈希函数H1:{0,1}*→G1;第二个哈希函数H2:{0,1}*→G1;第三个哈希函数H3:{0,1}*→Zq *;第四个哈希函数H4:{0,1}l→G1(1c) The key generation center respectively constructs the first hash function H 1 : {0,1} * →G 1 ; the second hash function H 2 : {0,1} * →G 1 ; the third hash function H 2 : {0,1}*→G 1 ; Hash function H 3 : {0,1} * →Z q * ; the fourth hash function H 4 : {0,1} l →G 1 ;

(1d)密钥生成中心在q阶的剩余类群Zq中随机选取一个密码系统的主密钥;(1d) The key generation center randomly selects the master key of a cryptosystem in the remaining class Z q of order q;

(1e)将密码系统的主密钥和加法循环群生成元的积,作为密码系统的主公钥;(1e) Use the product of the master key of the cryptosystem and the generator of the additive cyclic group as the master public key of the cryptosystem;

(1f)数据拥有者在密码系统信息库中选取拟电子签名的消息集合;(1f) The data owner selects the set of messages to be electronically signed in the cryptographic system information database;

(2)生成数据拥有者的密钥:(2) Generate the key of the data owner:

(2a)数据拥有者向密钥生成中心提交身份信息ID;(2a) The data owner submits the identity information ID to the key generation center;

(2b)利用密钥计算公式,密钥生成中心生成数据拥有者的密钥;(2b) using the key calculation formula, the key generation center generates the key of the data owner;

(2c)通过安全信道,密钥生成中心将数据拥有者的密钥发送给数据拥有者;(2c) Through the secure channel, the key generation center sends the data owner's key to the data owner;

(3)生成数据拥有者的私钥和公钥:(3) Generate the private key and public key of the data owner:

(3a)数据拥有者在q阶的剩余类群Zq中选取一个随机数作为私钥;(3a) The data owner selects a random number from the remaining group Z q of order q as the private key;

(3b)将私钥与加法循环群G1的生成元相乘的积,作为数据拥有者的公钥;(3b) The product of multiplying the private key by the generator of the additive cyclic group G 1 is taken as the public key of the data owner;

(4)数据拥有者对每一个拟电子签名的消息进行电子签名:(4) The data owner electronically signs each message to be electronically signed:

(4a)数据拥有者在消息集合中随机选取一个消息;(4a) The data owner randomly selects a message in the message set;

(4b)数据拥有者在q阶的剩余类群Zq中选取一个随机数;(4b) The data owner selects a random number from the remaining group Z q of order q;

(4c)将随机数与加法循环群G1的生成元相乘的积,作为电子签名的第一部分;(4c) The product of multiplying the random number by the generator of the additive cyclic group G 1 is used as the first part of the electronic signature;

(4d)数据拥有者使用密钥生成中心构造的第二个哈希函数,对主公钥进行哈希操作,将哈希值作为电子签名的第二部分;(4d) The data owner uses the second hash function constructed by the key generation center to perform a hash operation on the master public key, and uses the hash value as the second part of the electronic signature;

(4e)数据拥有者使用密钥生成中心构造的第三个哈希函数,对所选的敏感的消息进行哈希操作,将哈希值作为电子签名的第三部分;(4e) The data owner uses the third hash function constructed by the key generation center to perform a hash operation on the selected sensitive message, and use the hash value as the third part of the electronic signature;

(4f)利用电子签名计算公式,计算电子签名的第四部分;(4f) Calculate the fourth part of the electronic signature by using the electronic signature calculation formula;

(4g)判断是否选取完消息集合中所有的消息,若是,则执行步骤(5),否则,执行步骤(4a);(4g) judge whether to select all messages in the message set, if so, execute step (5), otherwise, execute step (4a);

(5)数据拥有者对电子签名进行聚合:(5) The data owner aggregates the electronic signature:

(5a)将消息集合中所有消息电子签名的第一部分相加之和,作为第一个电子签名;(5a) The sum of the first parts of the electronic signatures of all messages in the message set is taken as the first electronic signature;

(5b)将消息集合中所有消息电子签名的第四部分相加之和,作为第二个电子签名;(5b) The sum of the fourth parts of the electronic signatures of all messages in the message set is added as the second electronic signature;

(6)数据拥有者分别将消息集合、固定长度的第一个电子签名、固定长度的第二个电子签名发送给用户;(6) The data owner sends the message set, the first electronic signature of fixed length, and the second electronic signature of fixed length to the user respectively;

(7)判断验证签名等式是否成立,若是,则执行步骤(8),否则,执行步骤(9);(7) judge whether the verification signature equation is established, if yes, then execute step (8), otherwise, execute step (9);

(8)用户存储所接收的消息集合后执行步骤(10);(8) Step (10) is performed after the user stores the received message set;

(9)用户放弃所接收的消息集合后执行步骤(10);(9) Step (10) is performed after the user abandons the received message set;

(10)结束签名。(10) End signature.

本发明与现有技术相比具有如下优点:Compared with the prior art, the present invention has the following advantages:

第一,由于本发明在数据拥有者电子签名过程中通过哈希函数处理一些敏感信息,保证了敏感信息在传输过程中的隐私性,克服了现有技术中攻击者可以获取电子签名过程中的敏感信息,从而攻击者可以篡改数据拥有者发送给用户的消息的问题,使得本发明实现了攻击者不能篡改数据拥有者发送给用户的消息,保证了用户接收到的消息是正确的。First, because the present invention processes some sensitive information through a hash function in the process of the data owner's electronic signature, the privacy of the sensitive information in the transmission process is guaranteed, and the problem that the attacker can obtain the electronic signature in the prior art is overcome. Sensitive information, so that the attacker can tamper with the message sent by the data owner to the user, so that the present invention realizes that the attacker cannot tamper with the message sent by the data owner to the user, and ensures that the message received by the user is correct.

第二,由于本发明通过使用聚合方式处理所有消息的电子签名,数据拥有者将聚合后的电子签名发送给用户,用户对聚合后的电子签名进行验证,减少了临时变量的计算,克服了现有技术中需要计算临时变量导致的验证效率低下的问题,使得本发明提高了电子签名的验证效率。Second, because the present invention processes the electronic signatures of all messages by using the aggregation method, the data owner sends the aggregated electronic signatures to the user, and the user verifies the aggregated electronic signatures, which reduces the calculation of temporary variables and overcomes the problem of current The problem of low verification efficiency caused by the need to calculate temporary variables in the prior art makes the present invention improve the verification efficiency of electronic signatures.

附图说明Description of drawings

附图1为本发明的流程图。Figure 1 is a flow chart of the present invention.

具体实施方式Detailed ways

下面结合附图1对本发明做进一步的描述。The present invention will be further described below in conjunction with FIG. 1 .

步骤1,生成密码系统参数。Step 1, generate password system parameters.

密钥生成中心根据密码系统安全参数z选取一个大素数i,其中z<264且i>2zThe key generation center selects a large prime number i according to the security parameter z of the cryptographic system, where z<2 64 and i>2 z .

密钥生成中心构造两个i阶的加法循环群G1和G2,在G1中随机选取一个生成元。The key generation center constructs two additive cyclic groups G 1 and G 2 of order i, and randomly selects a generator in G 1 .

密钥生成中心分别构造第一个哈希函数H1:{0,1}*→G1;第二个哈希函数H2:{0,1}*→G1;第三个哈希函数H3:{0,1}*→Zq *;第四个哈希函数H4:{0,1}l→G1The key generation center respectively constructs the first hash function H 1 : {0,1} * →G 1 ; the second hash function H 2 : {0,1} * →G 1 ; the third hash function H 3 : {0,1} * →Z q * ; the fourth hash function H 4 : {0,1} l →G 1 .

密钥生成中心在q阶的剩余类群Zq中随机选取一个密码系统的主密钥。The key generation center randomly selects the master key of a cryptosystem in the remaining class Z q of order q.

将密码系统的主密钥和加法循环群生成元的积,作为密码系统的主公钥。The product of the master key of the cryptosystem and the generator of the additive cyclic group is taken as the master public key of the cryptosystem.

数据拥有者在密码系统信息库中选取拟电子签名的消息集合。The data owner selects a set of messages to be electronically signed in the cryptographic system information base.

步骤2,生成数据拥有者的密钥。Step 2, generate the key of the data owner.

数据拥有者向密钥生成中心提交身份信息ID。The data owner submits the identity information ID to the key generation center.

利用下式,密钥生成中心生成数据拥有者的密钥:Using the following formula, the key generation center generates the key of the data owner:

t=s*H1(ID)t=s*H 1 (ID)

其中,t表示数据拥有者的密钥,s表示密码系统的主密钥,*表示相乘操作,ID表示数据拥有者的身份信息,H1(·)表示密钥生成中心构造的第一个哈希函数。Among them, t represents the key of the data owner, s represents the master key of the cryptographic system, * represents the multiplication operation, ID represents the identity information of the data owner, and H 1 (·) represents the first one constructed by the key generation center. hash function.

密钥生成中心将数据拥有者的密钥通过安全信道发送给数据拥有者。The key generation center sends the data owner's key to the data owner through a secure channel.

步骤3,生成数据拥有者的私钥和公钥。Step 3, generate the private key and public key of the data owner.

数据拥有者在q阶的剩余类群中随机选取一个私钥。The data owner randomly selects a private key among the remaining groups of order q.

数据拥有者的私钥与加法循环群G1的生成元相乘,将其乘积作为数据拥有者的公钥。The private key of the data owner is multiplied by the generator of the additive cyclic group G 1 , and the product is used as the public key of the data owner.

步骤4,数据拥有者对每一个拟电子签名的消息进行电子签名。Step 4, the data owner electronically signs each message to be electronically signed.

数据拥有者在消息集合中随机选取一个消息。The data owner randomly selects a message in the message set.

数据拥有者在q阶的剩余类群Zq中选取一个随机数。The data owner selects a random number among the remaining groups Z q of order q.

将随机数与加法循环群G1的生成元相乘的积,作为电子签名的第一部分。The product of multiplying the random number by the generator of the additive cyclic group G 1 is used as the first part of the electronic signature.

数据拥有者使用密钥生成中心构造的第二个哈希函数,对主公钥进行哈希操作,将哈希值作为电子签名的第二部分。The data owner uses the second hash function constructed by the key generation center to perform a hash operation on the master public key, and uses the hash value as the second part of the electronic signature.

数据拥有者使用密钥生成中心构造的第三个哈希函数,对所选的敏感的消息进行哈希操作,将哈希值作为电子签名的第三部分。The data owner uses the third hash function constructed by the key generation center to perform a hash operation on the selected sensitive message, and uses the hash value as the third part of the electronic signature.

利用下式,计算电子签名的第四部分:Calculate the fourth part of the electronic signature using the following formula:

V=t+r*f+h*x*(H4(Q)+W)+r*H4(Q)V=t+r*f+h*x*(H 4 (Q)+W)+r*H 4 (Q)

其中,V表示电子签名的第四部分,t表示数据拥有者的密钥,+表示相加操作,r表示数据拥有者选取的随机数,*表示相乘操作,f表示数据拥有者的公钥,h表示电子签名的第三个部分,x表示数据拥有者的私钥,Q表示密钥生成中心随机选取长度为l的比特串,H4(·)表示密钥生成中心构造的第四个哈希函数,W表示电子签名的第二个部分。Among them, V represents the fourth part of the electronic signature, t represents the key of the data owner, + represents the addition operation, r represents the random number selected by the data owner, * represents the multiplication operation, and f represents the public key of the data owner , h represents the third part of the electronic signature, x represents the private key of the data owner, Q represents the random selection of a bit string of length l by the key generation center, and H 4 (·) represents the fourth part constructed by the key generation center Hash function, W represents the second part of the electronic signature.

判断是否选取完消息集合中所有的消息,若是,则执行步骤5,否则,执行步骤4。It is judged whether all the messages in the message set have been selected, if so, go to step 5, otherwise, go to step 4.

步骤5,数据拥有者对电子签名进行聚合。Step 5, the data owner aggregates the electronic signature.

将消息集合中所有消息电子签名的第一部分相加之和,作为第一个电子签名;Add the sum of the first parts of the electronic signatures of all messages in the message set as the first electronic signature;

将消息集合中所有消息电子签名的第四部分相加之和,作为第二个电子签名;Add the fourth part of the electronic signatures of all messages in the message collection as the second electronic signature;

步骤6,数据拥有者分别将消息集合、固定长度的第一个电子签名、固定长度的第二个电子签名发送给用户。Step 6: The data owner sends the message set, the first electronic signature with a fixed length, and the second electronic signature with a fixed length to the user, respectively.

步骤7,判断下式是否成立,若是,则执行步骤8,否则,执行步骤9:Step 7, determine whether the following formula is established, if so, go to step 8, otherwise, go to step 9:

Figure BDA0001602065780000061
Figure BDA0001602065780000061

其中,e(·)表示双线性映射,T表示第二个电子签名,P表示加法循环群的生成元,U表示第一个电子签名,+表示相加操作,n表示消息集合中消息的个数,

Figure BDA0001602065780000062
表示求和操作,QID表示数据拥有者身份信息的哈希值,Ppub表示密码系统的主公钥,*表示相乘操作,h表示电子签名的第三部分,f表示数据拥有者的公钥,Q表示密钥生成中心随机选取的比特串,W表示电子签名的第二部分。Among them, e( ) represents the bilinear map, T represents the second electronic signature, P represents the generator of the additive cyclic group, U represents the first electronic signature, + represents the addition operation, and n represents the number of messages in the message set. number,
Figure BDA0001602065780000062
Represents the sum operation, Q ID represents the hash value of the identity information of the data owner, P pub represents the master public key of the cryptographic system, * represents the multiplication operation, h represents the third part of the electronic signature, and f represents the public key of the data owner. key, Q represents the bit string randomly selected by the key generation center, and W represents the second part of the electronic signature.

步骤8,用户存储所接收的消息集合后执行步骤10。Step 8, the user executes Step 10 after storing the received message set.

步骤9,用户放弃所接收的消息集合后执行步骤10。Step 9: Step 10 is executed after the user abandons the received message set.

步骤10,结束签名。Step 10, end signing.

Claims (2)

1.一种固定签名长度的聚合电子签名方法,其特征在于,采用哈希函数处理电子签名过程中一些敏感的信息,采用聚合方式固定电子签名的长度,该方法的具体步骤包括如下:1. the aggregation electronic signature method of a fixed signature length, is characterized in that, adopts hash function to process some sensitive information in the electronic signature process, adopts aggregation mode to fix the length of electronic signature, and the concrete steps of this method comprise as follows: (1)生成密码系统参数:(1) Generate password system parameters: (1a)密钥生成中心根据密码系统安全参数z选取一个大素数i,其中z<264且i>2z(1a) The key generation center selects a large prime number i according to the security parameter z of the cryptographic system, wherein z < 264 and i>2z; (1b)密钥生成中心构造两个i阶的加法循环群G1和G2,在G1中随机选取一个生成元;(1b) The key generation center constructs two additive cyclic groups G 1 and G 2 of order i, and randomly selects a generator in G 1 ; (1c)密钥生成中心分别构造第一个哈希函数H1:{0,1}*→G1;第二个哈希函数H2:{0,1}*→G1;第三个哈希函数H3:{0,1}*→Zq *;第四个哈希函数H4:{0,1}l→G1(1c) The key generation center respectively constructs the first hash function H 1 : {0,1} * →G 1 ; the second hash function H 2 : {0,1} * →G 1 ; the third hash function H 2 : {0,1}*→G 1 ; Hash function H 3 : {0,1} * →Z q * ; the fourth hash function H 4 : {0,1} l →G 1 ; (1d)密钥生成中心在q阶的剩余类群Zq中随机选取一个密码系统的主密钥;(1d) The key generation center randomly selects the master key of a cryptosystem in the remaining class Z q of order q; (1e)将密码系统的主密钥和加法循环群生成元的积,作为密码系统的主公钥;(1e) Use the product of the master key of the cryptosystem and the generator of the additive cyclic group as the master public key of the cryptosystem; (1f)数据拥有者在密码系统信息库中选取拟电子签名的消息集合;(1f) The data owner selects the set of messages to be electronically signed in the cryptographic system information database; (2)生成数据拥有者的密钥:(2) Generate the key of the data owner: (2a)数据拥有者向密钥生成中心提交身份信息ID;(2a) The data owner submits the identity information ID to the key generation center; (2b)利用密钥计算公式,密钥生成中心生成数据拥有者的密钥;(2b) using the key calculation formula, the key generation center generates the key of the data owner; (2c)通过安全信道,密钥生成中心将数据拥有者的密钥发送给数据拥有者;(2c) Through the secure channel, the key generation center sends the data owner's key to the data owner; (3)生成数据拥有者的私钥和公钥:(3) Generate the private key and public key of the data owner: (3a)数据拥有者在q阶的剩余类群Zq中选取一个随机数作为私钥;(3a) The data owner selects a random number from the remaining group Z q of order q as the private key; (3b)将私钥与加法循环群G1的生成元相乘的积,作为数据拥有者的公钥;(3b) The product of multiplying the private key by the generator of the additive cyclic group G 1 is taken as the public key of the data owner; (4)数据拥有者对每一个拟电子签名的消息进行电子签名:(4) The data owner electronically signs each message to be electronically signed: (4a)数据拥有者在消息集合中随机选取一个消息;(4a) The data owner randomly selects a message in the message set; (4b)数据拥有者在q阶的剩余类群Zq中选取一个随机数;(4b) The data owner selects a random number from the remaining group Z q of order q; (4c)将随机数与加法循环群G1的生成元相乘的积,作为电子签名的第一部分;(4c) The product of multiplying the random number by the generator of the additive cyclic group G 1 is used as the first part of the electronic signature; (4d)数据拥有者使用密钥生成中心构造的第二个哈希函数,对主公钥进行哈希操作,将哈希值作为电子签名的第二部分;(4d) The data owner uses the second hash function constructed by the key generation center to perform a hash operation on the master public key, and uses the hash value as the second part of the electronic signature; (4e)数据拥有者使用密钥生成中心构造的第三个哈希函数,对所选的敏感的消息进行哈希操作,将哈希值作为电子签名的第三部分;(4e) The data owner uses the third hash function constructed by the key generation center to perform a hash operation on the selected sensitive message, and use the hash value as the third part of the electronic signature; (4f)利用下述电子签名计算公式,计算电子签名的第四部分:(4f) Calculate the fourth part of the electronic signature using the following electronic signature calculation formula: V=t+r*f+h*x*(H4(Q)+W)+r*H4(Q)V=t+r*f+h*x*(H 4 (Q)+W)+r*H 4 (Q) 其中,V表示电子签名的第四部分,t表示数据拥有者的密钥,+表示相加操作,r表示数据拥有者选取的随机数,*表示相乘操作,f表示数据拥有者的公钥,h表示电子签名的第三个部分,x表示数据拥有者的私钥,Q表示密钥生成中心随机选取长度为l的比特串,H4(·)表示密钥生成中心构造的第四个哈希函数,W表示电子签名的第二个部分;Among them, V represents the fourth part of the electronic signature, t represents the key of the data owner, + represents the addition operation, r represents the random number selected by the data owner, * represents the multiplication operation, and f represents the public key of the data owner , h represents the third part of the electronic signature, x represents the private key of the data owner, Q represents the random selection of a bit string of length l by the key generation center, and H 4 (·) represents the fourth part constructed by the key generation center Hash function, W represents the second part of the electronic signature; (4g)判断是否选取完消息集合中所有的消息,若是,则执行步骤(5),否则,执行步骤(4a);(4g) judge whether to select all messages in the message set, if so, execute step (5), otherwise, execute step (4a); (5)数据拥有者对电子签名进行聚合:(5) The data owner aggregates the electronic signature: (5a)将消息集合中所有消息电子签名的第一部分相加之和,作为第一个电子签名;(5a) The sum of the first parts of the electronic signatures of all messages in the message set is taken as the first electronic signature; (5b)将消息集合中所有消息电子签名的第四部分相加之和,作为第二个电子签名;(5b) The sum of the fourth parts of the electronic signatures of all messages in the message set is added as the second electronic signature; (6)数据拥有者分别将消息集合、固定长度的第一个电子签名、固定长度的第二个电子签名发送给用户;(6) The data owner sends the message set, the first electronic signature of fixed length, and the second electronic signature of fixed length to the user respectively; (7)判断验证签名等式是否成立,若是,则执行步骤(8),否则,执行步骤(9);(7) judge whether the verification signature equation is established, if yes, then execute step (8), otherwise, execute step (9); 所述的验证签名等式如下:The described verification signature equation is as follows:
Figure FDA0002427982040000021
Figure FDA0002427982040000021
 其中,e(·)表示双线性映射,T表示第二个电子签名,P表示加法循环群的生成元,U表示第一个电子签名,n表示消息集合中消息的个数,
Figure FDA0002427982040000022
表示求和操作,QID表示数据拥有者身份信息的哈希值,Ppub表示密码系统的主公钥;Among them, e( ) represents the bilinear map, T represents the second electronic signature, P represents the generator of the additive cyclic group, U represents the first electronic signature, and n represents the number of messages in the message set,
Figure FDA0002427982040000022
Represents the sum operation, Q ID represents the hash value of the data owner's identity information, and P pub represents the master public key of the cryptographic system; (8)用户存储所接收的消息集合后执行步骤(10);(8) Step (10) is performed after the user stores the received message set; (9)用户放弃所接收的消息集合后执行步骤(10);(9) Step (10) is performed after the user abandons the received message set; (10)结束签名。(10) End signature. 2.根据权利要求1所述的固定签名长度的聚合电子签名方法,其特征在于:步骤(2b)中所述的密钥计算公式如下:2. the aggregated electronic signature method of fixed signature length according to claim 1, is characterized in that: the key calculation formula described in the step (2b) is as follows: t=s*H1(ID)t=s*H 1 (ID) 其中,t表示数据拥有者的密钥,s表示密码系统的主密钥,ID表示数据拥有者的身份信息,H1(·)表示密钥生成中心构造的第一个哈希函数。Among them, t represents the key of the data owner, s represents the master key of the cryptosystem, ID represents the identity information of the data owner, and H 1 (·) represents the first hash function constructed by the key generation center.
CN201810229044.XA 2018-03-20 2018-03-20 Aggregation electronic signature method with fixed signature length Active CN108494561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810229044.XA CN108494561B (en) 2018-03-20 2018-03-20 Aggregation electronic signature method with fixed signature length

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810229044.XA CN108494561B (en) 2018-03-20 2018-03-20 Aggregation electronic signature method with fixed signature length

Publications (2)

Publication Number Publication Date
CN108494561A CN108494561A (en) 2018-09-04
CN108494561B true CN108494561B (en) 2020-06-30

Family

ID=63318674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810229044.XA Active CN108494561B (en) 2018-03-20 2018-03-20 Aggregation electronic signature method with fixed signature length

Country Status (1)

Country Link
CN (1) CN108494561B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995443B (en) * 2019-12-02 2022-03-25 联想(北京)有限公司 Data processing method and device
CN112560070B (en) * 2020-12-28 2024-03-22 杭州趣链科技有限公司 Data sharing method with auditing function
CN114189339B (en) * 2021-12-07 2024-01-26 贵州亨达集团信息安全技术有限公司 Certificate-free aggregation signature method and system supporting parallel key isolation
CN117421782B (en) * 2023-10-11 2024-06-07 浙江星汉信息技术股份有限公司 File signature, integrity detection and tracking method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
无证书聚合签名方案的攻击与改进;杜红珍;《中山大学学报(自然科学版)》;20170131;第56卷(第1期);参见第77-83页 *

Also Published As

Publication number Publication date
CN108494561A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
CN106059766B (en) A kind of car networking condition method for secret protection and system based on no certificate batch verifying
US10263773B2 (en) Method for updating a public key
CN108494561B (en) Aggregation electronic signature method with fixed signature length
CN104158661B (en) A kind of close building method of One-off public key label based on fuzzy identity
CN102420691B (en) Certificate-based forward security signature method and system thereof
CN103259662B (en) A kind of new allograph based on Integer Decomposition problem and verification method
CN110489982B (en) Smart power grid data aggregation and encryption method with forward security
Liu et al. Server-aided anonymous attribute-based authentication in cloud computing
CN107979840A (en) A kind of the car networking V2I Verification Systems and method of Key-insulated safety
CN101977110A (en) Group signature method based on elliptic curve
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
CN105025474B (en) Lightweight digital signature method for wireless sensor network
CN103117860A (en) Certificateless blind ring signature method
Zhang et al. An efficient certificateless generalized signcryption scheme
CN104954390A (en) Cloud storage integrity detection method for recovering lost secret keys and system applying cloud storage integrity detection method
CN107493165A (en) A kind of car networking certification and cryptographic key negotiation method with strong anonymity
CN103095697A (en) Multiple signature generation and verification system and method thereof
Yin et al. A New Provable Secure Certificateless Aggregate Signcryption Scheme.
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
CN103312707B (en) The Cloud Server auxiliary verification method of attribute base signature
CN114785510A (en) Verifiable lightweight privacy protection federal learning system and method
CN109257181A (en) Without the blind label decryption method of elliptic curve under certificate environment
Ren et al. Provably secure aggregate signcryption scheme
Wu et al. Cryptanalysis and improvement of a new certificateless signature scheme in the standard model
Liu et al. Certificate-based sequential aggregate signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant