[go: up one dir, main page]

CN102811125A - Certificateless multi-receiver signcryption method based on multivariate cryptosystem - Google Patents

Certificateless multi-receiver signcryption method based on multivariate cryptosystem Download PDF

Info

Publication number
CN102811125A
CN102811125A CN2012102924221A CN201210292422A CN102811125A CN 102811125 A CN102811125 A CN 102811125A CN 2012102924221 A CN2012102924221 A CN 2012102924221A CN 201210292422 A CN201210292422 A CN 201210292422A CN 102811125 A CN102811125 A CN 102811125A
Authority
CN
China
Prior art keywords
key
user
generation center
signcryption
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012102924221A
Other languages
Chinese (zh)
Other versions
CN102811125B (en
Inventor
李慧贤
陈绪宝
王楠
庞辽军
胡金顺
杨亚芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN201210292422.1A priority Critical patent/CN102811125B/en
Publication of CN102811125A publication Critical patent/CN102811125A/en
Application granted granted Critical
Publication of CN102811125B publication Critical patent/CN102811125B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a certificateless multi-receiver signcryption method with a multivariate-based cryptosystem. The certificateless multi-receiver signcryption method is used for solving the technical problem of poor security of an existing certificateless signcryption method. The technical scheme includes that the method includes: firstly, using a key generation center to generate system parameters, and selecting a secure multivariable encryption algorithm to generate keys; and enabling a user U to obtain system private keys of the key generation center and generate the private keys to user keys prior to that a user Alice with the identity IDA sends signcryption messages to a user group L={ID1, ID2,...,IDt}, and accepting or refusing ciphertext sigma by means of un-signcryption. By the aid of the multivariate-based cryptosystem, high security of anti-quantum computation is achieved, and the certificateless multi-receiver signcryption method is still high in security facing attack of a quantum computer. Compared with the background art, the certificateless multi-receiver signcryption method is small in computation and high in security, has the advantages of completeness, confidentiality, unforgeability, forward security, backward security, receiver privacy protection and the like and is capable of resisting existing known attack.

Description

基于多变量密码体制的无证书多接收者签密方法Certificateless multi-receiver signcryption method based on multivariate cryptosystem

技术领域 technical field

本发明属于信息安全技术领域,涉及一种无证书多接收者签密方法,特别是涉及一种基于多变量密码体制的无证书多接收者签密方法。The invention belongs to the technical field of information security, and relates to a multi-recipient signcryption method without certificates, in particular to a multi-recipient signcryption method without certificates based on a multivariable cryptographic system.

背景技术 Background technique

在广播通信应用中,保密和认证是最重要的两个问题,通常使用“先签名后加密”的方法对信息进行处理,但该方法所需要的代价是签名和加密所需的代价之和,效率较低。签密是一种同时实现加密和数字签名两项功能的重要密码学技术,集加密和数字签名于一体。签密提高了通信效率,降低了运算负担,是一种较为理想的数据信息安全传输方法。In broadcast communication applications, confidentiality and authentication are the two most important issues. Usually, the method of "sign first and then encrypt" is used to process information, but the cost required by this method is the sum of the cost required for signature and encryption. less efficient. Signcryption is an important cryptographic technology that realizes two functions of encryption and digital signature at the same time, and it integrates encryption and digital signature. Signcryption improves communication efficiency and reduces computing burden, and is an ideal method for secure data transmission.

文献“Selvi S S D,Vivek S S,Rangan C P.Cryptanalysis of Certicateless SigncryptionSchemes and an Efficient Construction without Pairing,Inscrypt2009,LNCE,Vol.6151,Spinger,pp:52-67,2010.”公开了一种无证书签密方法。该方法选用无证书密码体制,是传统公钥密码体制和基于身份的密码体制间的折中方案,既克服了传统密码体制CA(Certificate Authority)对证书管理的问题,又解决了基于身份密码体制固有的密钥托管问题,在电子商务,广播通信中得到广泛应用。使用有限域上的离散对数问题取代了椭圆曲线上的离散对数问题,因此,该方案不需要复杂的双线性对运算,进一步提高了计算效率。然而,随着量子计算机的发展,利用量子计算机可以在多项式时间内解决因式分解、离散对数等数学问题,进而威胁依赖上述数学问题的传统公钥密码的安全性。现有的几乎所有的无证书签密方案都是基于传统密码体制的,面对量子计算机的出现,现有的无证书签密体制在量子计算下将不再安全。因此,文献公开的方法存在以下缺陷:(1)在量子计算机攻击下,该方案将不在安全,攻击者通过求解离散对数问题,直接对密文进行分析,可以获取明文消息;(2)在以大素数为阶的有限域上的运算,计算量依旧较大,不适用于计算能力小的终端设备;(3)实现多接收者环境下的签密效率较低。The document "Selvi S S D, Vivek S S, Rangan C P. Cryptanalysis of Certicateless Signcryption Schemes and an Efficient Construction without Pairing, Inscrypt2009, LNCE, Vol.6151, Spinger, pp: 52-67, 2010." Certificate signcryption method. This method chooses the certificateless cryptosystem, which is a compromise between the traditional public key cryptosystem and the identity-based cryptosystem. Inherent key escrow problem, widely used in e-commerce, broadcast communication. The discrete logarithm problem on the elliptic curve is replaced by the discrete logarithm problem on the finite field. Therefore, the scheme does not require complex bilinear pairing operations, which further improves the computational efficiency. However, with the development of quantum computers, mathematical problems such as factorization and discrete logarithm can be solved in polynomial time by using quantum computers, which in turn threatens the security of traditional public key cryptography that relies on the above mathematical problems. Almost all existing certificateless signcryption schemes are based on traditional cryptographic systems. Facing the emergence of quantum computers, existing certificateless signcryption schemes will no longer be safe under quantum computing. Therefore, the method disclosed in the literature has the following defects: (1) Under the attack of quantum computer, the scheme will not be safe, the attacker can directly analyze the ciphertext by solving the discrete logarithm problem, and can obtain the plaintext message; (2) Operations on finite fields with large prime numbers as the order still have a large amount of calculation, which is not suitable for terminal devices with small computing power; (3) The efficiency of signcryption in a multi-receiver environment is low.

发明内容 Contents of the invention

为了克服现有的无证书签密方法安全性差的不足,本发明提供一种基于多变量密码体制的无证书多接收者签密方法。该方法采用基于多变量的密码体制,可以实现抗量子计算的高安全性,面对量子计算机的攻击,本发明依然保持安全性;且计算量小、效率高、安全性高,适用于智能卡等计算能力较小的终端设备;另外,本发明具有完备性、机密性、不可伪造性、前向安全性、后向安全性、保护接收者隐私等特点,能够抗击现有的已知攻击。In order to overcome the disadvantage of poor security of the existing certificateless signcryption method, the present invention provides a certificateless multi-receiver signcryption method based on a multivariable cryptographic system. The method adopts a cryptographic system based on multiple variables, which can realize high security against quantum computing. In the face of attacks by quantum computers, the present invention still maintains security; and the calculation amount is small, the efficiency is high, and the security is high, which is suitable for smart cards, etc. Terminal equipment with small computing power; in addition, the present invention has the characteristics of completeness, confidentiality, unforgeability, forward security, backward security, and protection of recipient privacy, and can resist existing known attacks.

本发明解决其技术问题所采用的技术方案是:一种基于多变量密码体制的无证书多接收者签密方法,其特点是包括以下步骤:The technical solution adopted by the present invention to solve the technical problem is: a multi-recipient signcryption method without certificates based on a multivariable cryptographic system, which is characterized in that it includes the following steps:

步骤一、密钥生成中心选择秘密正整数参数s,产生大素数p和正整数l;Step 1. The key generation center selects a secret positive integer parameter s to generate a large prime number p and a positive integer l;

选择阶为q的有限域G,其中q=plChoose a finite field G of order q, where q=p l ;

令Gn是有限域G的n次扩张;Let G n be n expansions of the finite field G;

令正整数g为多变量方程组中方程的个数;Let the positive integer g be the number of equations in the multivariate equation system;

选择H1:G×G×Gn→Gn,H2:G→Gn为密码学安全的抗碰撞单向不可逆哈希函数,生成系统参数{G,l,g,n,q,p,H1,H2};Select H 1 :G×G×G n →G n , H 2 :G→G n is a cryptographically secure anti-collision one-way irreversible hash function, and generate system parameters {G,l,g,n,q,p ,H 1 ,H 2 };

步骤二、密钥生成中心选择安全的多变量加密算法,其核心变换F为Gn→Gn上的可逆二次变换,并在Gn→Gn上随机选择两个可逆的仿射变换T和V,生成密钥生成中心的系统公钥

Figure BDA00002022576800021
(ο表示映射合成运算),系统私钥
Figure BDA00002022576800022
Step 2: The key generation center selects a safe multivariate encryption algorithm, its core transformation F is a reversible secondary transformation on G n → G n , and randomly selects two reversible affine transformations T on G n → G n and V, generate the system public key of the key generation center
Figure BDA00002022576800021
(ο means mapping synthesis operation), system private key
Figure BDA00002022576800022

密钥生成中心在Gn→Gn上随机选择两个可逆的仿射变换T0和V0,计算

Figure BDA00002022576800023
则系统部分公钥为
Figure BDA00002022576800024
系统部分私钥为
Figure BDA00002022576800025
最后,密钥生成中心通过秘密信道将系统部分私钥传递给合法用户,密钥生成中心公开自己的系统公钥。当有用户退出时,密钥生成中心需重新生成系统部分公钥和系统部分私钥;增加新用户则不需重新生成系统部分公钥和系统部分私钥。The key generation center randomly selects two reversible affine transformations T 0 and V 0 on G n → G n , and calculates
Figure BDA00002022576800023
Then the public key of the system part is
Figure BDA00002022576800024
The private key of the system part is
Figure BDA00002022576800025
Finally, the key generation center transmits part of the private key of the system to legitimate users through a secret channel, and the key generation center discloses its own system public key. When a user logs out, the key generation center needs to regenerate part of the system public key and part of the system private key; adding a new user does not need to regenerate part of the system public key and part of the system private key.

步骤三、用户U获取密钥生成中心的系统部分私钥,然后计算系统部分私钥,随机选择Gn→Gn上的仿射变换Tu和Vu,合成自己的私钥

Figure BDA00002022576800026
并计算自己的公钥
Figure BDA00002022576800027
生成用户U的公钥为Fu,用户U的私钥为
Figure BDA00002022576800028
Step 3: User U obtains the system part private key from the key generation center, then calculates the system part private key, randomly selects the affine transformation Tu and V u on G n → G n , and synthesizes his own private key
Figure BDA00002022576800026
and calculate its own public key
Figure BDA00002022576800027
Generate user U’s public key as Fu and user U’s private key as
Figure BDA00002022576800028

用户U将自己的公钥Fu传递给密钥生成中心,并且秘密保存自己的私钥

Figure BDA00002022576800029
User U passes his public key F u to the key generation center, and keeps his private key secretly
Figure BDA00002022576800029

步骤四、身份为IDA的用户Alice将签密消息m∈G发送给用户组L={ID1,ID2,...,IDt},首先通过向密钥生成中心查询得到用户组L的公钥信息,然后进行如下计算。Step 4: User Alice with identity ID A sends the signcryption message m∈G to user group L={ID 1 ,ID 2 ,...,ID t }, and first obtains user group L by querying the key generation center public key information, and then perform the following calculations.

选择随机数r∈Gn,r1∈Gn-1,将消息m和r1链接得到M=m||r1,并依次计算 X = E ( F ‾ , r ) , Y=H1(m,IDA,X), S = D ( F A - 1 , Y ) ; Select random number r∈G n , r 1 ∈G n-1 , link message m and r 1 to get M=m||r 1 , and calculate in turn x = E. ( f ‾ , r ) , Y=H 1 (m,ID A ,X), S = D. ( f A - 1 , Y ) ;

对于IDi,i=1,2,...,t,计算qi=H2(IDi), For ID i , i=1,2,...,t, calculate q i =H 2 (ID i ),

对于用户组L,将L和r1链接得到L1=L||r1,计算

Figure BDA00002022576800034
For user group L, link L and r 1 to get L 1 =L||r 1 , calculate
Figure BDA00002022576800034

最后生成密文σ={S,W1,W2,...,Wt,L′}。Finally, the ciphertext σ={S, W 1 , W 2 , . . . , W t , L′} is generated.

步骤五、Step five,

用户IDi,i=1,2,...,t,收到密文σ后,进行如下计算。User ID i , i=1, 2, ..., t, after receiving the ciphertext σ, perform the following calculations.

获取身份列表,

Figure BDA00002022576800035
L1的第一维元素即用户组身份列表L,提取IDi对应的密文信息{S,Wi};Get a list of identities,
Figure BDA00002022576800035
The first dimension element of L 1 is the user group identity list L, and the ciphertext information {S,W i } corresponding to ID i is extracted;

依次计算Y′=E(FA,S),qi=H2(IDi),

Figure BDA00002022576800036
Figure BDA00002022576800037
M′的第一维元素即消息m′;Calculate Y'=E(F A ,S) in turn, q i =H 2 (ID i ),
Figure BDA00002022576800036
Figure BDA00002022576800037
The first dimension element of M' is the message m';

验证等式Y′=H1(m′,IDA,X′)是否成立;若等式成立,则接受密文σ;否则拒绝密文σ,并输出⊥。Verify that the equation Y′=H 1 (m′,ID A ,X′) is true; if the equation is true, accept the ciphertext σ; otherwise reject the ciphertext σ, and output ⊥.

本发明的有益效果是:由于采用基于多变量的密码体制,实现了抗量子计算的高安全性,面对量子计算机的攻击,本发明依然保持安全性;相对于背景技术,本发明方法计算量小、效率高、安全性高,适用于智能卡等计算能力较小的终端设备;另外,本发明具有完备性、机密性、不可伪造性、前向安全性、后向安全性、保护接收者隐私等特点,能够抗击现有的已知攻击。The beneficial effects of the present invention are: due to the adoption of multi-variable cryptographic system, the high security against quantum computing is realized, and the present invention still maintains security in the face of quantum computer attacks; Small size, high efficiency, and high security, suitable for terminal devices with small computing capabilities such as smart cards; in addition, the present invention has completeness, confidentiality, unforgeability, forward security, backward security, and protects the privacy of the recipient And other characteristics, can resist the existing known attacks.

下面通过实施例对本发明作详细说明。The present invention will be described in detail below by way of examples.

具体实施方式 Detailed ways

实施例中变量及运算的符号说明。Symbolic descriptions of variables and operations in the examples.

Figure BDA00002022576800038
Figure BDA00002022576800038

本实例针对实际广播通信环境,实施基于多变量无证书多接收者签密的方法,该方法按照以下步骤实施:For the actual broadcast communication environment, this example implements a multi-variable non-certificate multi-receiver signcryption method, which is implemented according to the following steps:

步骤1.生成系统参数。Step 1. Generate system parameters.

1)密钥生成中心Key Generator Center(以下简称KGC)选择秘密正整数参数s,KGC产生大素数p和正整数l;1) The Key Generator Center (hereinafter referred to as KGC) selects the secret positive integer parameter s, and KGC generates a large prime number p and a positive integer l;

2)选择阶为q的有限域G,其中q=pl2) Choose a finite field G with order q, where q=p l ;

3)令Gn是有限域G的n次扩张;3) Let G n be the n expansion of the finite field G;

4)令正整数g为多变量方程组中方程的个数;4) Let the positive integer g be the number of equations in the multivariate equation system;

5)选择H1:G×G×Gn→Gn,H2:G→Gn为密码学安全的抗碰撞单向不可逆哈希函数。系统参数为{G,l,g,n,q,p,H1,H2}。5) Select H 1 :G×G×G n →G n , and H 2 :G→G n as a cryptographically secure anti-collision one-way irreversible hash function. The system parameters are {G, l, g, n, q, p, H 1 , H 2 }.

步骤2.部分密钥生成。Step 2. Partial key generation.

1)KGC选择安全的多变量加密算法MES,其核心变换F为Gn→Gn上的可逆二次变换,并在Gn→Gn上随机选择两个可逆的仿射变换T和V,则KGC的系统公钥为

Figure BDA00002022576800051
系统私钥为
Figure BDA00002022576800052
1) KGC chooses a safe multivariate encryption algorithm MES, its core transformation F is a reversible secondary transformation on G n → G n , and randomly selects two reversible affine transformations T and V on G n → G n , Then the system public key of KGC is
Figure BDA00002022576800051
The system private key is
Figure BDA00002022576800052

2)KGC在Gn→Gn上随机选择两个可逆的仿射变换T0和V0,计算

Figure BDA00002022576800053
则系统部分公钥为
Figure BDA00002022576800054
系统部分私钥为最后,KGC通过秘密信道将系统部分私钥传递给合法用户,KGC公开自己的系统公钥。注意:当有用户退出时,KGC需重新生成系统部分公钥和系统部分私钥;增加新用户则不需重新生成系统部分公钥和系统部分私钥。2) KGC randomly selects two reversible affine transformations T 0 and V 0 on G n → G n , and calculates
Figure BDA00002022576800053
Then the public key of the system part is
Figure BDA00002022576800054
The private key of the system part is Finally, KGC transmits part of the private key of the system to legitimate users through a secret channel, and KGC discloses its own system public key. Note: When a user logs out, KGC needs to regenerate part of the system public key and part of the system private key; adding a new user does not need to regenerate part of the system public key and part of the system private key.

步骤3.用户密钥生成。Step 3. User Key Generation.

1)用户U获取KGC的系统部分私钥,然后计算系统部分公钥,随机选择Gn→Gn上的仿射变换Tu和Vu,合成自己的私钥并计算自己的公钥

Figure BDA00002022576800057
用户U的公钥为Fu,用户U的私钥为
Figure BDA00002022576800058
1) User U obtains the system part private key of KGC, then calculates the system part public key, randomly selects the affine transformation T u and V u on G n → G n , and synthesizes his own private key and calculate its own public key
Figure BDA00002022576800057
The public key of user U is Fu , and the private key of user U is
Figure BDA00002022576800058

2)用户U将公钥Fu传递给KGC,并且秘密保存自己的私钥

Figure BDA00002022576800059
2) User U passes the public key Fu to KGC, and keeps his private key secretly
Figure BDA00002022576800059

步骤4.签密。Step 4. Signcryption.

身份为IDA的用户Alice,将签密消息m∈G发送给用户组L={ID1,ID2,…,IDt},首先通过向KGC查询得到用户组L的公钥信息,然后进行如下计算。User Alice with ID A sends the signcryption message m∈G to user group L={ID 1 ,ID 2 ,…,ID t }, first obtains the public key information of user group L by querying KGC, and then proceeds Calculated as follows.

1)选择随机数r∈Gn,r1∈Gn-1,链接消息m和r1得到M=m||r1,并依次计算 X = E ( F ‾ , r ) , Y=H1(m,IDA,X), S = D ( F A - 1 , Y ) . 1) Select random numbers r∈G n , r 1 ∈ G n-1 , link messages m and r 1 to get M=m||r 1 , and calculate in turn x = E. ( f ‾ , r ) , Y=H 1 (m,ID A ,X), S = D. ( f A - 1 , Y ) .

2)对于IDi,i=1,2,...,t,计算qi=H2(IDi),

Figure BDA000020225768000512
2) For ID i , i=1,2,...,t, calculate q i =H 2 (ID i ),
Figure BDA000020225768000512

3)对于用户组L,链接用户组L和r1得到L1=L||r1,计算

Figure BDA000020225768000513
3) For user group L, link user group L and r 1 to get L 1 =L||r 1 , calculate
Figure BDA000020225768000513

4)最后生成密文σ={S,W1,W2,...,Wt,L′}4) Finally generate ciphertext σ={S,W 1 ,W 2 ,...,W t ,L′}

步骤5.解签密。Step 5. Decrypt the signcryption.

身份为IDB的用户Bob,IDB∈L,收到密文σ后,进行如下计算。User Bob with ID B , ID B ∈ L, performs the following calculation after receiving the ciphertext σ.

1)获取身份列表,

Figure BDA000020225768000514
L1的第一维元素即用户身份列表L,提取Bob对应的密文信息{S,WB}。1) Get a list of identities,
Figure BDA000020225768000514
The first dimension element of L 1 is the user identity list L, and the ciphertext information {S, W B } corresponding to Bob is extracted.

2)依次计算Y′=E(FA,S),qB=H2(IDB),

Figure BDA00002022576800062
M′的第一维元素即消息m′;2) Calculate Y′=E(F A ,S) sequentially, q B =H 2 (ID B ),
Figure BDA00002022576800062
The first dimension element of M' is the message m';

3)验证等式Y′=H1(m′,IDA,X′)是否成立。若等式成立,则接受密文σ;否则拒绝,并输出⊥。3) Verify whether the equation Y′=H 1 (m′,ID A ,X′) holds true. If the equality holds, the ciphertext σ is accepted; otherwise, it is rejected and ⊥ is output.

Claims (1)

1.一种基于多变量密码体制的无证书多接收者签密方法,其特征在于包括以下步骤:1. A multi-recipient signcryption method without a certificate based on a multivariable cryptosystem, characterized in that it comprises the following steps: 步骤一、密钥生成中心选择秘密正整数参数s,产生大素数p和正整数l;Step 1. The key generation center selects a secret positive integer parameter s to generate a large prime number p and a positive integer l; 选择阶为q的有限域G,其中q=plChoose a finite field G of order q, where q=p l ; 令Gn是有限域G的n次扩张;Let G n be n expansions of the finite field G; 令正整数g为多变量方程组中方程的个数;Let the positive integer g be the number of equations in the multivariate equation system; 选择H1∶G×G×Gn→Gn,H2∶G→Gn为密码学安全的抗碰撞单向不可逆哈希函数,生成系统参数{G,l,g,n,q,p,H1,H2};Select H 1 : G×G×G n → G n , H 2 : G → G n as a cryptographically secure anti-collision one-way irreversible hash function, and generate system parameters {G, l, g, n, q, p , H 1 , H 2 }; 步骤二、密钥生成中心选择安全的多变量加密算法,其核心变换F为Gn→Gn上的可逆二次变换,并在Gn→Gn上随机选择两个可逆的仿射变换T和V,生成密钥生成中心的系统公钥
Figure FDA00002022576700011
系统私钥
Step 2: The key generation center selects a safe multivariate encryption algorithm, its core transformation F is a reversible secondary transformation on G n → G n , and randomly selects two reversible affine transformations T on G n → G n and V, generate the system public key of the key generation center
Figure FDA00002022576700011
system private key
密钥生成中心在Gn→Gn上随机选择两个可逆的仿射变换T0和V0,计算
Figure FDA00002022576700013
则系统部分公钥为系统部分私钥为最后,密钥生成中心通过秘密信道将系统部分私钥传递给合法用户,密钥生成中心公开自己的系统公钥;当有用户退出时,密钥生成中心需重新生成系统部分公钥和系统部分私钥;增加新用户则不需重新生成系统部分公钥和系统部分私钥;
The key generation center randomly selects two reversible affine transformations T 0 and V 0 on G n → G n , and calculates
Figure FDA00002022576700013
Then the public key of the system part is The private key of the system part is Finally, the key generation center passes the private key of the system part to legitimate users through a secret channel, and the key generation center discloses its own system public key; when a user exits, the key generation center needs to regenerate the system part public key and the system part Private key; adding a new user does not need to regenerate part of the system public key and part of the system private key;
步骤三、用户U获取密钥生成中心的系统部分私钥,然后计算系统部分私钥,随机选择Gn→Gn上的仿射变换Tu和Vu,合成自己的私钥
Figure FDA00002022576700016
并计算自己的公钥
Figure FDA00002022576700017
生成用户U的公钥为Fu,用户U的私钥为
Step 3: User U obtains the system partial private key from the key generation center, then calculates the system partial private key, randomly selects the affine transformation Tu and V u on G n → G n , and synthesizes his own private key
Figure FDA00002022576700016
and calculate its own public key
Figure FDA00002022576700017
Generate user U’s public key as Fu and user U’s private key as
用户U将自己的公钥Fu传递给密钥生成中心,并且秘密保存自己的私钥
Figure FDA00002022576700019
User U passes his public key F u to the key generation center, and keeps his private key secretly
Figure FDA00002022576700019
步骤四、身份为IDA的用户Alice将签密消息m∈G发送给用户组L={ID1,ID2,…,IDt},首先通过向密钥生成中心查询得到用户组L的公钥信息,然后进行如下计算;Step 4: User Alice with identity ID A sends the signcryption message m∈G to user group L={ID 1 , ID 2 ,…,ID t }, and first obtains the public key of user group L by querying the key generation center. Key information, and then perform the following calculations; 选择随机数r∈Gn,r1∈Gn-1,将消息m和r1链接得到M=m||r1,并依次计算 X = E ( F ‾ , r ) , Y=H1(m,IDA,X), S = D ( F A - 1 , Y ) ; Select a random number r∈G n , r 1 ∈Gn -1 , link the message m and r 1 to get M=m||r 1 , and calculate x = E. ( f ‾ , r ) , Y = H 1 (m, ID A , X), S = D. ( f A - 1 , Y ) ; 对于IDi,i=1,2,...,t,计算qi=H2(IDi),
Figure FDA000020225767000112
For ID i , i=1, 2, . . . , t, compute q i =H 2 (ID i ),
Figure FDA000020225767000112
对于用户组L,将L和r1链接得到L1=L||r1,计算
Figure FDA000020225767000113
For user group L, link L and r 1 to get L 1 =L||r 1 , calculate
Figure FDA000020225767000113
最后生成密文σ={S,W1,W2,...,Wt,L′};Finally generate ciphertext σ={S, W 1 , W 2 ,..., W t , L'}; 步骤五、用户IDi,i=1,2,...,t,收到密文σ后,进行如下计算;Step 5. User ID i , i=1, 2, ..., t, after receiving the ciphertext σ, perform the following calculations; 获取身份列表,
Figure FDA00002022576700021
L1的第一维元素即用户组身份列表L,提取IDi对应的密文信息{S,Wi};
Get a list of identities,
Figure FDA00002022576700021
The first dimension element of L 1 is the user group identity list L, and the ciphertext information {S, W i } corresponding to ID i is extracted;
依次计算Y′=E(FA,S),qi=H2(IDi),
Figure FDA00002022576700023
M′的第一维元素即消息m′;
Calculate Y'=E(F A , S) sequentially, q i =H 2 (ID i ),
Figure FDA00002022576700023
The first dimension element of M' is the message m';
验证等式Y′=H1(m′,IDA,X′)是否成立;若等式成立,则接受密文σ;否则拒绝密文σ,并输出⊥。Verify that the equation Y′=H 1 (m′, ID A , X′) is true; if the equation is true, accept the ciphertext σ; otherwise reject the ciphertext σ, and output ⊥.
CN201210292422.1A 2012-08-16 2012-08-16 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem Expired - Fee Related CN102811125B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210292422.1A CN102811125B (en) 2012-08-16 2012-08-16 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210292422.1A CN102811125B (en) 2012-08-16 2012-08-16 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem

Publications (2)

Publication Number Publication Date
CN102811125A true CN102811125A (en) 2012-12-05
CN102811125B CN102811125B (en) 2015-01-28

Family

ID=47234712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210292422.1A Expired - Fee Related CN102811125B (en) 2012-08-16 2012-08-16 Certificateless multi-receiver signcryption method with multivariate-based cryptosystem

Country Status (1)

Country Link
CN (1) CN102811125B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103260155A (en) * 2013-05-15 2013-08-21 兰州交通大学 Lightweight privacy-enhancing group message sending method
CN104410496A (en) * 2014-11-20 2015-03-11 重庆理工大学 Novel efficient multi-receiver key encapsulating method
CN104539425A (en) * 2014-12-25 2015-04-22 西北工业大学 Multi-receiver signcryption method based on multiple variables and multiple security properties
CN104734857A (en) * 2015-03-25 2015-06-24 南京邮电大学 Multi-receiver hybrid signcryption algorithm without bilinear pairings
CN105024994A (en) * 2015-05-29 2015-11-04 西北工业大学 Secure certificateless hybrid signcryption method without pairing
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN105871541A (en) * 2016-03-24 2016-08-17 张玉臣 Mediation based certificate-free encryption scheme
CN108510429A (en) * 2018-03-20 2018-09-07 华南师范大学 A kind of multivariable cryptographic algorithm parallelization accelerated method based on GPU
CN108768625A (en) * 2018-05-04 2018-11-06 西安电子科技大学 With pre- arbitration functions without certificate multi-receiver anonymity label decryption method
CN110190957A (en) * 2019-05-29 2019-08-30 西安邮电大学 Multi-variable broadcast multi-signature method based on certificateless
CN110517040A (en) * 2019-07-02 2019-11-29 如般量子科技有限公司 Anti- quantum calculation block chain secure transactions method, system and equipment based on group's unsymmetrical key pond
CN110708157A (en) * 2019-10-29 2020-01-17 南京邮电大学 Certificateless-based multi-receiver anonymous signcryption method
CN111541666A (en) * 2020-04-16 2020-08-14 西南交通大学 Certificateless cloud end data integrity auditing method with privacy protection function
CN111865571A (en) * 2020-05-29 2020-10-30 浙江工商大学 A Secure Encryption Method Based on MST Cryptosystem
CN114422158A (en) * 2020-10-12 2022-04-29 如般量子科技有限公司 Anti-quantum computing digital currency communication method and system based on ID cryptography

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret
CN101030856A (en) * 2006-07-19 2007-09-05 王李琰 Method for verifying SMS and transmitting reliability classification based on cipher technology mark
CN101119196A (en) * 2006-08-03 2008-02-06 西安电子科技大学 A two-way authentication method and system
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret
CN101030856A (en) * 2006-07-19 2007-09-05 王李琰 Method for verifying SMS and transmitting reliability classification based on cipher technology mark
CN101119196A (en) * 2006-08-03 2008-02-06 西安电子科技大学 A two-way authentication method and system
CN101166088A (en) * 2007-09-27 2008-04-23 航天信息股份有限公司 Encryption and decryption method based on user identity identifier

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103260155A (en) * 2013-05-15 2013-08-21 兰州交通大学 Lightweight privacy-enhancing group message sending method
CN103260155B (en) * 2013-05-15 2015-09-16 兰州交通大学 The group message transfer approach that a kind of lightweight privacy strengthens
CN104410496B (en) * 2014-11-20 2017-10-03 重庆理工大学 Multi-receiver key encapsulation method
CN104410496A (en) * 2014-11-20 2015-03-11 重庆理工大学 Novel efficient multi-receiver key encapsulating method
CN104539425A (en) * 2014-12-25 2015-04-22 西北工业大学 Multi-receiver signcryption method based on multiple variables and multiple security properties
CN104539425B (en) * 2014-12-25 2017-11-03 西北工业大学 Multi-receiver label decryption method based on multivariable, many security attributes
CN104734857A (en) * 2015-03-25 2015-06-24 南京邮电大学 Multi-receiver hybrid signcryption algorithm without bilinear pairings
CN104734857B (en) * 2015-03-25 2018-01-05 南京邮电大学 Close algorithm is signed in a kind of multi-receiver mixing of no Bilinear map
CN105024994A (en) * 2015-05-29 2015-11-04 西北工业大学 Secure certificateless hybrid signcryption method without pairing
CN105024994B (en) * 2015-05-29 2018-01-05 西北工业大学 Without the safety to computing label decryption method is mixed without certificate
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN105763528B (en) * 2015-10-13 2018-11-13 北方工业大学 The encryption device of diversity person's anonymity under a kind of mixed mechanism
CN105871541A (en) * 2016-03-24 2016-08-17 张玉臣 Mediation based certificate-free encryption scheme
CN108510429A (en) * 2018-03-20 2018-09-07 华南师范大学 A kind of multivariable cryptographic algorithm parallelization accelerated method based on GPU
CN108768625A (en) * 2018-05-04 2018-11-06 西安电子科技大学 With pre- arbitration functions without certificate multi-receiver anonymity label decryption method
CN110190957A (en) * 2019-05-29 2019-08-30 西安邮电大学 Multi-variable broadcast multi-signature method based on certificateless
CN110190957B (en) * 2019-05-29 2022-03-04 西安邮电大学 Certificateless multivariate broadcast multiple signature method
CN110517040A (en) * 2019-07-02 2019-11-29 如般量子科技有限公司 Anti- quantum calculation block chain secure transactions method, system and equipment based on group's unsymmetrical key pond
CN110708157A (en) * 2019-10-29 2020-01-17 南京邮电大学 Certificateless-based multi-receiver anonymous signcryption method
CN110708157B (en) * 2019-10-29 2023-06-27 南京邮电大学 Certificate-free multi-receiver anonymous signcryption method
CN111541666A (en) * 2020-04-16 2020-08-14 西南交通大学 Certificateless cloud end data integrity auditing method with privacy protection function
CN111541666B (en) * 2020-04-16 2021-03-16 西南交通大学 Certificateless cloud end data integrity auditing method with privacy protection function
CN111865571A (en) * 2020-05-29 2020-10-30 浙江工商大学 A Secure Encryption Method Based on MST Cryptosystem
CN114422158A (en) * 2020-10-12 2022-04-29 如般量子科技有限公司 Anti-quantum computing digital currency communication method and system based on ID cryptography
CN114422158B (en) * 2020-10-12 2024-04-09 如般量子科技有限公司 Anti-quantum computing digital currency communication method and system based on ID cryptography

Also Published As

Publication number Publication date
CN102811125B (en) 2015-01-28

Similar Documents

Publication Publication Date Title
CN102811125B (en) Certificateless multi-receiver signcryption method with multivariate-based cryptosystem
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
CN103200000B (en) Shared key method for building up under a kind of quantum computation environment
CN110830236B (en) Identity-based encryption method based on global hash
CN105245326B (en) A kind of smart grid security communication means based on combination pin
US20130073850A1 (en) Hybrid encryption schemes
Hassan et al. An efficient outsourced privacy preserving machine learning scheme with public verifiability
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN104393996B (en) A kind of label decryption method and system based on no certificate
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
CN107733648A (en) The RSA digital signature generation method and system of a kind of identity-based
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN102006166B (en) Ring signature method for anonymizing information based on multivariate polynomial
CN110113155A (en) One kind is efficiently without CertPubKey encryption method
CN104079412B (en) The threshold proxy signature method without credible PKG based on intelligent grid identity security
WO2017041669A1 (en) Password based key exchange from ring learning with er-rors
CN107070662A (en) Encryption Proxy Signature method based on obfuscation
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN117879833A (en) Digital signature generation method based on improved elliptic curve
Peng et al. Efficient distributed decryption scheme for IoT gateway-based applications
CN116781243A (en) Unintentional transmission method based on homomorphic encryption, medium and electronic equipment
Ren et al. Provably secure aggregate signcryption scheme
Qin et al. Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing
CN108055134A (en) Elliptic curve, which is counted, multiplies and matches the cooperated computing method and system of computing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150128

Termination date: 20150816

EXPY Termination of patent right or utility model