[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116132070A - Heterogeneous aggregation signature method and equipment - Google Patents

Heterogeneous aggregation signature method and equipment Download PDF

Info

Publication number
CN116132070A
CN116132070A CN202310371650.6A CN202310371650A CN116132070A CN 116132070 A CN116132070 A CN 116132070A CN 202310371650 A CN202310371650 A CN 202310371650A CN 116132070 A CN116132070 A CN 116132070A
Authority
CN
China
Prior art keywords
signature
terminal
verification
key
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310371650.6A
Other languages
Chinese (zh)
Other versions
CN116132070B (en
Inventor
金禹樵
潘光绪
邵黎明
李培
李青
王小康
潘相宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Second Research Institute of CAAC
Original Assignee
Second Research Institute of CAAC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Second Research Institute of CAAC filed Critical Second Research Institute of CAAC
Priority to CN202310371650.6A priority Critical patent/CN116132070B/en
Publication of CN116132070A publication Critical patent/CN116132070A/en
Application granted granted Critical
Publication of CN116132070B publication Critical patent/CN116132070B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a heterogeneous aggregation signature method and equipment, wherein the method comprises the following steps: the signature terminal calculates a feature code S according to the public key system to which the signature terminal belongs i From the slave
Figure ZY_1
R is selected randomly i Calculating R i =r i P, signature sequence (ID i ,m i ,R i ,S i ,T i ) Sending the verification result to a verification center; wherein ID i The identity information is signature terminal identity information; m is m i Is a message to be encrypted; t (T) i Is a time stamp; verification center verifies equation
Figure ZY_2
If so, the signature verification of n user terminals is passed; otherwise, the verification is not passed. The invention supports the signing and authentication service of a plurality of signers from different cryptosystems, and the verifier only needs to initialize system parameters once and verify the aggregate signature once, thereby reducing the verificationThe system initialization overhead and signature verification overhead of the signer can simultaneously provide authentication services for a plurality of signers of different cryptographic systems.

Description

Heterogeneous aggregation signature method and equipment
Technical Field
The invention relates to the technical field of information security data processing, in particular to a heterogeneous aggregation signature method and equipment.
Background
Aggregate signatures are an important way of signing cryptography. An aggregate signature protocol allows any number of users to send their respective digital signatures to the same verifier over a public, unsecured channel. The verifier can aggregate the signatures of any plurality of users, and can verify whether the signatures of all the users are legal or not only by carrying out a signature verification algorithm once, and the aggregated signature can greatly improve the signature verification efficiency.
The existing public key cryptosystem is divided into three types: 1. the public key system based on the certificate adopts a certificate mechanism to realize the secure correspondence between the identity of the user and the key of the user, and generally adopts public key infrastructure (Public Key Infrastructure: PKI) technology. 2. An Identity-based public key system (Identity-Based Cryptography: IBC) in which the private key of the user is computationally generated by a trusted third party (key generation center: KGC) in the system using an Identity private key generation algorithm; 3. based on a public key hierarchy (Certificateless Public Key Cryptography, CLC) without certificates, the user private key in this mechanism is determined by two secret factors: one is a key related to the identity of the user extracted from the key generation center, and the other is a key generated by the user himself. From one secret element the other cannot be calculated, i.e. the key generation center cannot calculate the partial key of the user nor the partial key generated by the key generation center. Thus, the certificateless cryptographic system has no key escrow (key escrow) function.
If all participants of the cryptographic protocol belong to the same cryptographic system, the protocol belongs to an isomorphic cryptographic protocol. Otherwise, the protocol belongs to a heterogeneous cryptographic protocol.
Currently, an aggregate signature protocol based on an isomorphic cryptographic protocol is mature, and mainly comprises the following steps:
in 2008, wen and Ma [ y.wen, j.ma, an aggregate signature scheme with constant pairing operations, 2008 International Conference on Computer Science and Software Engineering, 2008, pp. 830-833 ] proposed an aggregate signature protocol that required only a fixed number of bilinear pairs. This protocol allows any number of PKI users to sign, and the verifier can aggregate and verify all users' signatures at once. But this method is only applicable to PKI.
In 2019, yang et al [ X.yang, R.Liu, M.Wang and G.Chen, identity-based aggregate signature scheme in vehicle ad-hoc network, 2019 4th International Conference on Mechanical, control and Computer Engineering, 2019, pp., 1046-1049 ] proposed an aggregate signature protocol suitable for use in the Internet of vehicles. The protocol allows users of any multiple IBCs to sign, and a verifier can aggregate and verify the signatures of all users at once. But this method is only applicable to IBC.
2021, kar et al [ J.Kar, X.Liu and F.Li, CL-ASS: an efficient and low-cost certificateless aggregate signature scheme for wireless sensor networks, journal of Information Security and Applications, 2021, 61, p. 102905 ] proposed an aggregate signature protocol suitable for wireless sensor networks. The protocol allows users of any multiple CLCs to sign, and the verifier can aggregate and verify the signatures of all users at once. But this method is only applicable to CLCs.
Disclosure of Invention
In order to solve the technical problems, the invention aims to provide a method for enabling one verifier to verify the legitimacy of any plurality of user signatures from different password systems, thereby reducing the system initialization overhead and signature verification overhead of the verifier and providing signature and authentication services for users from different password systems.
In order to achieve the above object, the present invention provides a technical solution comprising:
the heterogeneous aggregation signature method is applied to a signature terminal and comprises the following steps:
the public system parameters spp= { p, G,G T , P, Q,
Figure SMS_1
, H 0 , H 1 , H 2 -a }; wherein p is a large prime number; g is the p-order addition cyclic group; g T Is a p factorial cyclic group;
Figure SMS_2
is a bilinear map; h 0 ,H 1 And H 2 Respectively, are hash functions of collision resistance, and H 0 From {0,1} * Mapping to {0,1} n ,H 1 From {0,1} * Mapping to G, H 2 From {0,1} * Mapping to
Figure SMS_3
;{0,1} * A binary sequence of arbitrary bit length;
Figure SMS_4
a p-order integer domain obtained for removing zero elements; p and Q are G generator;
the signature terminal calculates a feature code S according to the public key system to which the signature terminal belongs i From the slave
Figure SMS_5
R is selected randomly i Calculating R i = r i P, signature sequence (ID i , m i , R i , S i , T i ) Sending the verification result to a verification center; wherein ID i The identity information is signature terminal identity information; m is m i Is a message to be encrypted; t (T) i Is a time stamp;
for signature terminal A belonging to certificate-based public key system, its feature code S a And slave(s)
Figure SMS_6
The first private key sk selected randomly in the list a Related to; for signature terminal B belonging to identity-based public key system, its signature S b With a master key s provided by a private key generating center 1 Related to; for signature terminal C belonging to public key system without certificate, its characteristic code S c With a second private key psk provided by a key generation center c And master key s 2 From
Figure SMS_7
A randomly selected third private key usk c Related to; wherein a, b, c are the number of signature terminals A, B, C, respectively, and
Figure SMS_8
in some preferred embodiments, the signature S a The acquisition method of (1) comprises the following steps: s is S a = (r a + h a sk a ) Q, where r a
Figure SMS_9
Figure SMS_10
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal a slave
Figure SMS_11
Is selected randomly and sk a = x a ;R a = r a P。
In some preferred embodiments, the signature S b The acquisition method of (1) comprises the following steps:
Figure SMS_12
wherein r is b
Figure SMS_13
Figure SMS_14
;h b = H 2 (ID b , m i , T i , R b );
Figure SMS_15
Is that
Figure SMS_16
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P。
In some preferred embodiments, the signature S c The acquisition method of (1) comprises the following steps: s is S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q, wherein psk c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure SMS_17
Figure SMS_18
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C slave
Figure SMS_19
Is a randomly selected private key and usk c = x c
The heterogeneous aggregation signature method is applied to a verification center and comprises the following steps:
acquiring signature sequence (ID) transmitted by signature terminal i , m i , R i , S i , T i ) Calculation of
Figure SMS_20
Based on signature codes of each type of signature terminalSeparately calculate
Figure SMS_21
Figure SMS_22
And
Figure SMS_23
verification equation
Figure SMS_24
If so, the signature verification of n user terminals is passed; otherwise, the verification is not passed.
In some preferred embodiments, the signature S of the signature terminal A belonging to a certificate-based public key hierarchy is obtained a ,S a = (r a + h a sk a ) Q is a group; wherein r is a
Figure SMS_25
Figure SMS_26
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal a slave
Figure SMS_27
Is selected randomly and sk a = x a ;R a = r a P;
Acquiring a signature code S of a signature terminal B belonging to an identity-based public key system b
Figure SMS_28
The method comprises the steps of carrying out a first treatment on the surface of the Wherein r is b
Figure SMS_29
Figure SMS_30
;h b = H 2 (ID b , m i , T i , R b );
Figure SMS_31
Is that
Figure SMS_32
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P;
Acquiring a signature S belonging to a signature terminal C based on a public key system without certificates c ,S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q is a group; wherein psk is c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure SMS_33
Figure SMS_34
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C slave
Figure SMS_35
Is a randomly selected private key and usk c = x c
In some preferred embodiments, the signature S is a Feature code S b And feature code S c Substituting the obtained product into the verification equation, and obtaining after simplification:
Figure SMS_36
wherein pk is a For the first private key sk a Corresponding public key and pk a = x a P;upk c For the third private key usk c Corresponding public key and upk c = x c P;
Will be
Figure SMS_37
The verification code is set as the signature terminal A; will be
Figure SMS_38
Verification code CA set as signature terminal B b The method comprises the steps of carrying out a first treatment on the surface of the Will respectively
Figure SMS_39
And
Figure SMS_40
verification code CA set as signature terminal C c2 And CA c1
The above verification equation may be converted into:
Figure SMS_41
a terminal device, comprising: a memory, a processor, a communication interface; wherein the memory has executable code stored thereon that, when executed by the processor, causes the processor to perform the aggregate signature method as described above.
An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has executable code stored thereon that, when executed by the processor, causes the processor to perform the heterogeneous aggregate signature method as described above.
Has the beneficial effects of.
The invention supports the signing and authentication service of a plurality of signers from different cipher systems, and the verifier only needs to initialize system parameters once and aggregate signature verification once, thereby reducing the system initialization cost and signature verification cost of the verifier and simultaneously providing authentication service for a plurality of signers of different cipher systems.
Drawings
FIG. 1 is a flow chart of the method for executing the signature terminal as the execution subject in the preferred embodiment of the invention;
FIG. 2 is a flow chart of the execution subject as the verification center in the preferred embodiment of the invention;
Detailed Description
The present invention will be further described with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent. In the description of the present invention, it should be understood that the terms "upper," "lower," "front," "rear," "left," "right," "top," "bottom," "inner," "outer," and the like indicate or are based on the orientation or positional relationship shown in the drawings, merely to facilitate description of the present invention and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention.
The heterogeneous aggregation signature method provided by the embodiment of the invention can be executed by an electronic device, and the electronic device can be a terminal device such as a PC (personal computer), a notebook computer, a smart phone and the like. As shown in fig. 1, the present embodiment provides a heterogeneous aggregation signature method, an execution body of which may be a signature terminal, and it should be understood that the signature terminal may be implemented as software, or a combination of software and hardware, and specifically, the heterogeneous aggregation signature method may include:
101. the public system parameters spp= { p, G,G T , P, Q,
Figure SMS_42
, H 0 , H 1 , H 2 -a }; wherein p is a large prime number; g is the p-order addition cyclic group; g T Is a p factorial cyclic group;
Figure SMS_43
is a bilinear map; h 0 ,H 1 And H 2 Respectively, are hash functions of collision resistance, and H 0 From {0,1} * Mapping to {0,1} n ,H 1 From {0,1} * Mapping to G, H 2 From {0,1} * Mapping to
Figure SMS_44
;{0,1} * A binary sequence of arbitrary bit length;
Figure SMS_45
a p-order integer domain obtained for removing zero elements; p and Q are G generator; it should be appreciated that the disclosure of the system parameter spp may be broadcast by any of the subscribing terminals to the participants within the network, or may be disclosed by a verification center or other trusted third party. The signature terminals respectively apply for registration to the public key system and initialize the system according to the system parameter spp.
102. The signature terminal calculates a feature code S according to the public key system to which the signature terminal belongs i From the slave
Figure SMS_46
R is selected randomly i Calculating R i = r i P, signature sequence (ID i , m i , R i , S i , T i ) Sending the verification result to a verification center; wherein ID i The identity information is signature terminal identity information; m is m i Is a message to be encrypted; t (T) i Is a time stamp; wherein, (R) i , S i ) Is a signature. For heterogeneous cryptosystem, the signature code S of the belonged signature terminal i In a different manner, in particular, for signature terminals a belonging to the certificate-based Public Key Infrastructure (PKI), the signature code S a And slave(s)
Figure SMS_47
The first private key sk selected randomly in the list a Related to; for signature terminals B belonging to an identity-based public key system (IBC), a signature code S b With a master key s provided by a private key generating center 1 Related to; for signature terminals C belonging to a certificate-free public key system (CLC), a signature code S thereof c With a second private key psk provided by a key generation center c And master key s 2 From
Figure SMS_48
A randomly selected third private key usk c Related to; wherein the method comprises the steps ofa. b, c are the number of signature terminals A, B, C, respectively, and
Figure SMS_49
. It should be appreciated that the signature S i The signature terminal is designed according to the subsequent verification requirement by integrating the characteristics of the public key system of the signature terminal, and the purpose is that the verification center does not need to initialize the authentication system parameters for different public key systems respectively when carrying out the aggregation signature authentication, but verifies the legality of the signature according to the identity information and the information of all signers, thereby reducing the system initialization overhead and the signature authentication overhead of the verification center and providing authentication services for users from different password systems. Obviously, when the signature terminal communicates with the public key system service provider, the method further comprises the step of verifying the respective identity and the validity of the secret key and/or the public key, and when the verification fails, the aggregation signature process is canceled, and as the content of the part is not the focus of the invention, the person skilled in the art can design according to the conventional method of the prior art, and the invention is not limited further.
The following presents a feature code S in some preferred embodiments i Specific acquisition method for specifically describing feature code S i Is not limited to the feature code S i The only method of acquisition.
102a, feature code S a The acquisition method of (1) comprises the following steps: s is S a = (r a + h a sk a ) Q, where r a
Figure SMS_50
Figure SMS_51
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal a slave
Figure SMS_52
Is selected randomly and sk a = x a ;R a = r a P。
102b, feature code S b The acquisition method of (1) comprises the following steps:
Figure SMS_53
wherein r is b
Figure SMS_54
Figure SMS_55
;h b = H 2 (ID b , m i , T i , R b );
Figure SMS_56
Is that
Figure SMS_57
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P。
102c, feature code S c The acquisition method of (1) comprises the following steps: s is S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q, wherein psk c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure SMS_58
Figure SMS_59
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C slave
Figure SMS_60
Is a randomly selected private key and usk c = x c
The design thought of the feature code is as follows: under such design, the last two summands of the CLC feature code are identical to the form of the PKI feature code; the first two summand forms of the IBC feature code and the CLC feature code are the same. Three types of feature code aggregation can be performed in this way.
The heterogeneous aggregation signature method provided by the other embodiment of the present invention may be performed by an electronic device, which may be a terminal device such as a PC, a notebook, a smart phone, etc. As shown in fig. 2, the present embodiment provides a heterogeneous aggregation signature method, the execution subject of which may be a verification center, it being understood that the verification center may be implemented as software, or a combination of software and hardware, and specifically, the heterogeneous aggregation signature method may include:
201. acquiring signature sequence (ID) transmitted by signature terminal i , m i , R i , S i , T i ) Calculation of
Figure SMS_61
Respectively calculating according to the feature codes of each type of signature terminal
Figure SMS_62
Figure SMS_63
And
Figure SMS_64
verification equation
Figure SMS_65
If so, the signature verification of n user terminals is passed; otherwise, the verification is not passed.
The feature codes of the signature terminals are determined according to the characteristics of the public key system to which the signature terminals belong, and in some preferred embodiments, the feature codes correspond to the feature code acquisition method of the other embodiment, and this embodiment provides an example of acquiring the feature codes by the verification center:
obtaining a signature belonging to a certificate-based public key systemFeature code S of name terminal A a ,S a = (r a + h a sk a ) Q is a group; wherein r is a
Figure SMS_66
Figure SMS_67
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal a slave
Figure SMS_68
Is selected randomly and sk a = x a ;R a = r a P。
Acquiring a signature code S of a signature terminal B belonging to an identity-based public key system b
Figure SMS_69
The method comprises the steps of carrying out a first treatment on the surface of the Wherein r is b
Figure SMS_70
Figure SMS_71
;h b = H 2 (ID b , m i , T i , R b );
Figure SMS_72
Is that
Figure SMS_73
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P;
Acquiring a signature S belonging to a signature terminal C based on a public key system without certificates c ,S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q is a group; wherein psk is c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure SMS_74
Figure SMS_75
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C slave
Figure SMS_76
Is a randomly selected private key and usk c = x c
It should be understood that when the feature value superposition value of each type of signature terminal is calculated one by one, the steps are more complicated, and the requirement on calculation force is higher, so in some preferred embodiments, the verification process can be more efficient by reasonably setting the feature formula in the formula to the verification code corresponding to each public key system. The method specifically comprises the following steps:
the feature code S obtained by the previous steps a Feature code S b And feature code S c Substituting into the verification equation and simplifying:
Figure SMS_77
wherein pk is a For the first private key sk a Corresponding public key and pk a = x a P;upk c For the third private key usk c Corresponding public key and upk c = x c P;
Will be
Figure SMS_78
The verification code is set as the signature terminal A; will be
Figure SMS_79
Verification code CA set as signature terminal B b The method comprises the steps of carrying out a first treatment on the surface of the Will respectively
Figure SMS_80
And
Figure SMS_81
verification code CA set as signature terminal C c2 And CA c1
The above verification equation may be converted into:
Figure SMS_82
in addition, the embodiment of the invention also provides a terminal device, which is characterized by comprising: a memory, a processor, a communication interface; wherein the memory has executable code stored thereon which, when executed by the processor, causes the processor to perform the aggregate signature method as described above applied to a signature terminal.
The embodiment of the invention also provides a terminal device, which is characterized by comprising: a memory, a processor, a communication interface; wherein the memory has executable code stored thereon which, when executed by the processor, causes the processor to perform the aggregate signature method as described above for use in a verification center.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (9)

1. The heterogeneous aggregation signature method is characterized by being applied to a signature terminal and comprising the following steps of:
obtaining public System parameters spp= { p, G T , P, Q,
Figure QLYQS_1
, H 0 , H 1 , H 2 -a }; wherein p is a large prime number; g is the p-order addition cyclic group; g T Is a p factorial cyclic group;
Figure QLYQS_2
Is a bilinear map; h 0 ,H 1 And H 2 Respectively, are hash functions of collision resistance, and H 0 From {0,1} * Mapping to {0,1} n ,H 1 From {0,1} * Mapping to G, H 2 From {0,1} * Mapping to +.>
Figure QLYQS_3
;{0,1} * A binary sequence of arbitrary bit length;
Figure QLYQS_4
A p-order integer domain obtained for removing zero elements; p and Q are G generator;
the signature terminal calculates a feature code S according to the public key system to which the signature terminal belongs i From the slave
Figure QLYQS_5
R is selected randomly i Calculating R i = r i P, signature sequence (ID i , m i , R i , S i , T i ) Sending the verification result to a verification center; wherein ID i The identity information is signature terminal identity information; m is m i Is a message to be encrypted; t (T) i Is a time stamp;
for signature terminal A belonging to certificate-based public key system, its feature code S a And slave(s)
Figure QLYQS_6
The first private key sk selected randomly in the list a Related to; for signature terminal B belonging to identity-based public key system, its signature S b With a master key s provided by a private key generating center 1 Related to; for signature terminal C belonging to public key system without certificate, its characteristic code S c With a second private key psk provided by a key generation center c And master key s 2 From->
Figure QLYQS_7
A randomly selected third private key usk c Related to; wherein a, b, c are the number of signature terminals A, B, C, respectively, and +.>
Figure QLYQS_8
2. The heterogeneous aggregated signature method of claim 1, wherein:
the feature code S a The acquisition method of (1) comprises the following steps: s is S a = (r a + h a sk a ) Q, where r a
Figure QLYQS_9
Figure QLYQS_10
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal A from->
Figure QLYQS_11
Is selected randomly and sk a = x a ;R a = r a P。
3. The heterogeneous aggregated signature method of claim 1, wherein:
the feature code S b The acquisition method of (1) comprises the following steps:
Figure QLYQS_12
wherein r is b
Figure QLYQS_13
Figure QLYQS_14
;h b = H 2 (ID b , m i , T i , R b );
Figure QLYQS_15
Is->
Figure QLYQS_16
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P。
4. The heterogeneous aggregated signature method of claim 1, wherein:
the feature code S c The acquisition method of (1) comprises the following steps: s is S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q, wherein psk c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure QLYQS_17
Figure QLYQS_18
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C from->
Figure QLYQS_19
Is a randomly selected private key and usk c = x c
5. The heterogeneous aggregation signature method is characterized by being applied to a verification center and comprising the following steps of:
acquiring signature sequence (ID) transmitted by signature terminal i , m i , R i , S i , T i ) Calculation of
Figure QLYQS_20
Respectively calculating according to the feature codes of each type of signature terminal
Figure QLYQS_21
Figure QLYQS_22
And->
Figure QLYQS_23
Verification equation
Figure QLYQS_24
If so, the signature verification of n user terminals is passed; otherwise, the verification is not passed. />
6. The heterogeneous aggregated signature method of claim 5, further comprising:
acquiring signature code S of signature terminal A belonging to certificate-based public key system a ,S a = (r a + h a sk a ) Q is a group; wherein r is a
Figure QLYQS_25
;h a = H 2 (ID a , m i , T i , R a );sk a For signing terminal A from->
Figure QLYQS_26
Is selected randomly and sk a = x a ;R a = r a P;
Acquiring a signature code S of a signature terminal B belonging to an identity-based public key system b
Figure QLYQS_27
The method comprises the steps of carrying out a first treatment on the surface of the Wherein r is b
Figure QLYQS_28
Figure QLYQS_29
;h b = H 2 (ID b , m i , T i , R b );
Figure QLYQS_30
Is->
Figure QLYQS_31
;P pub1 Master key s provided for a private key generation center 1 Corresponding public key and P pub1 = s 1 P;R b = r b P;
Acquiring a signature S belonging to a signature terminal C based on a public key system without certificates c ,S c = psk c + h c r c P pub2 + (r c + h c usk c ) Q is a group; wherein psk is c = s 2 H 1 (ID c );h c = H 2 (ID c , m i , T i , R c );r c
Figure QLYQS_32
Figure QLYQS_33
;P pub2 For master key s provided with key generating center 2 Corresponding public key and P pub2 = s 2 P;R c = r c P is as follows; third private key usk c For signing terminal C from->
Figure QLYQS_34
Is a randomly selected private key and usk c = x c
7. The heterogeneous aggregated signature method of claim 6, further comprising:
will characteristic code S a Feature code S b And feature code S c Substituting the obtained product into the verification equation, and obtaining after simplification:
Figure QLYQS_35
wherein pk is a For the first private key sk a Corresponding public key and pk a = x a P;upk c For the third private key usk c Corresponding public key and upk c = x c P;
Will be
Figure QLYQS_36
Verification code CA set as signature terminal A a The method comprises the steps of carrying out a first treatment on the surface of the Will->
Figure QLYQS_37
Verification code CA set as signature terminal B b The method comprises the steps of carrying out a first treatment on the surface of the Will be->
Figure QLYQS_38
And->
Figure QLYQS_39
Verification code CA set as signature terminal C c2 And CA c1
The above verification equation may be converted into:
Figure QLYQS_40
8. a terminal device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the aggregate signature method of any of claims 1 to 4.
9. An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the heterogeneous aggregate signature method of any of claims 5 to 7.
CN202310371650.6A 2023-04-10 2023-04-10 Heterogeneous aggregation signature method and equipment Active CN116132070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310371650.6A CN116132070B (en) 2023-04-10 2023-04-10 Heterogeneous aggregation signature method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310371650.6A CN116132070B (en) 2023-04-10 2023-04-10 Heterogeneous aggregation signature method and equipment

Publications (2)

Publication Number Publication Date
CN116132070A true CN116132070A (en) 2023-05-16
CN116132070B CN116132070B (en) 2023-10-03

Family

ID=86297731

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310371650.6A Active CN116132070B (en) 2023-04-10 2023-04-10 Heterogeneous aggregation signature method and equipment

Country Status (1)

Country Link
CN (1) CN116132070B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN108989050A (en) * 2018-08-23 2018-12-11 电子科技大学 A kind of certificateless digital signature method
CN111245625A (en) * 2020-01-20 2020-06-05 陕西师范大学 Digital signature method without certificate aggregation
CN111342973A (en) * 2020-02-27 2020-06-26 中南民族大学 Safe bidirectional heterogeneous digital signature method between PKI and IBC
US20200228349A1 (en) * 2019-01-15 2020-07-16 0Chain, LLC Systems and methods of aggregate signing of digital signatures on multiple messages simultaneously using key splitting
CN113726504A (en) * 2021-07-13 2021-11-30 中国电力科学研究院有限公司 Power data signature aggregation method and system
CN114338001A (en) * 2021-11-12 2022-04-12 淮阴工学院 Efficient signcryption method suitable for Internet of things environment
KR20220080318A (en) * 2020-12-07 2022-06-14 순천향대학교 산학협력단 Certificateless aggregated arbitrated signature verification system and method for internet of thing environment
CN115834056A (en) * 2022-12-05 2023-03-21 信阳师范学院 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN108989050A (en) * 2018-08-23 2018-12-11 电子科技大学 A kind of certificateless digital signature method
US20200228349A1 (en) * 2019-01-15 2020-07-16 0Chain, LLC Systems and methods of aggregate signing of digital signatures on multiple messages simultaneously using key splitting
CN111245625A (en) * 2020-01-20 2020-06-05 陕西师范大学 Digital signature method without certificate aggregation
CN111342973A (en) * 2020-02-27 2020-06-26 中南民族大学 Safe bidirectional heterogeneous digital signature method between PKI and IBC
KR20220080318A (en) * 2020-12-07 2022-06-14 순천향대학교 산학협력단 Certificateless aggregated arbitrated signature verification system and method for internet of thing environment
CN113726504A (en) * 2021-07-13 2021-11-30 中国电力科学研究院有限公司 Power data signature aggregation method and system
CN114338001A (en) * 2021-11-12 2022-04-12 淮阴工学院 Efficient signcryption method suitable for Internet of things environment
CN115834056A (en) * 2022-12-05 2023-03-21 信阳师范学院 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张玉磊;王欢;马彦丽;刘文静;王彩芬;: "可证安全的传统公钥密码-无证书公钥密码异构聚合签密方案", 电子与信息学报, no. 05, pages 67 - 42 *
牛淑芬;牛灵;王彩芬;杨喜艳;贾向东;: "可实现隐私保护的多接收者异构聚合签密方案", 计算机工程与科学, no. 05, pages 45 - 52 *

Also Published As

Publication number Publication date
CN116132070B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
CN108809658B (en) SM 2-based identity base digital signature method and system
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107707360B (en) Heterogeneous polymerization signcryption method in Internet of things environment
CN110912708B (en) Ring signature generation method based on SM9 digital signature algorithm
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN110880977A (en) Safe and efficient SM9 ring signature generation and verification method
CN107864037A (en) SM9 Combination with Digital endorsement method and device
CN113572603A (en) Heterogeneous user authentication and key agreement method
CN108449326B (en) Authentication method and system for heterogeneous repudiation
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN114499887B (en) Signing key generation and related methods, systems, computer devices and storage media
CN116488800B (en) Heterogeneous aggregation signature system applied to signature terminal
CN111917550A (en) Certificateless cluster signature bilinear-free authentication method and system
CN115766028A (en) Certificateless collaborative signature method based on SM2
CN111669275B (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
CN106453253A (en) Efficient identity-based concealed signcryption method
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN116132070B (en) Heterogeneous aggregation signature method and equipment
CN112533213B (en) Key negotiation method, device, terminal and storage medium
CN114844643A (en) Method for acquiring adapter signature based on bilinear mapping and electronic equipment
CN114070570A (en) Safe communication method of power Internet of things
CN116647333A (en) Heterogeneous aggregation signature system applied to verification center
KR101042834B1 (en) A Self-Certified Signcryption Method for Mobile Communications
CN106571912B (en) A kind of two side's authentication methods towards electric system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant