[go: up one dir, main page]

CN104579661A - Identity-based electronic signature implementation method and device - Google Patents

Identity-based electronic signature implementation method and device Download PDF

Info

Publication number
CN104579661A
CN104579661A CN201310495661.1A CN201310495661A CN104579661A CN 104579661 A CN104579661 A CN 104579661A CN 201310495661 A CN201310495661 A CN 201310495661A CN 104579661 A CN104579661 A CN 104579661A
Authority
CN
China
Prior art keywords
signature
user
electronic signature
calculate
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310495661.1A
Other languages
Chinese (zh)
Other versions
CN104579661B (en
Inventor
张庆胜
郭宝安
徐树民
孟小虎
罗世新
苏斌
王永宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201310495661.1A priority Critical patent/CN104579661B/en
Publication of CN104579661A publication Critical patent/CN104579661A/en
Application granted granted Critical
Publication of CN104579661B publication Critical patent/CN104579661B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an identity-based electronic signature implementation method and an identity-based electronic signature implementation device. The method mainly comprises the four steps of generating public system parameters; generating a public and private key pair of a user; performing electronic signature operation on a message by utilizing a private key of a signer; performing checking operation on a signature of the message according to the public system parameters and a public key of the signer. The device mainly comprises a system parameter generation module, a user private key generation module, a signature module and a signature checking module. According to the embodiment of the invention, the length of a digital signature of an electronic document is only the abscissa of an elliptic curve point and is shorter than that of a signature message according to an existing identity-based signature method, the running throughput of a system is increased, and the method and the device are suitable for a bandwidth-limited communication environment, so that an identity-based password technology can be effectively applied to the electronic signature.

Description

The implementation method of the Electronic Signature of identity-based and device
Technical field
The present invention relates to Electronic Signature technical field, particularly relate to a kind of implementation method and device of Electronic Signature of identity-based.
Background technology
Along with widely using of public-key cryptographic keys technology, digital signature technology becomes the important guarantee of the authenticity of network data transmission, integrality and non-repudiation.In traditional papery office process, signed and stamped mode is adopted to confirm file content or audit.Image and the private key for user of signature or seal binds, formation E-seal, utilizes E-seal to implement digital signing operations to electronic document, to realize the effective integration of signature or seal image and digital signature.
Shamir proposed a kind of new cryptographic system in 1984---and the public-key cryptosystem of identity-based, its key property is under this cryptographic system, and PKI can be arbitrary string.So we can using the identity information of a certain entity directly as its PKI, thus got around the binding issue of PKI and its holder's identity, this can greatly simplify conventional P KI(PublicKeyInfrastructure, PKIX) in CA(Certification Authority, certification authority) complex management that user certificate is carried out.
The bright spot of identity-based encryption schemes system is exactly directly utilize the identity information of user as the PKI of user, anyone directly can utilize the direct encrypting plaintext of the identity information of user like this, eliminate the authenticating step of PKI, also eliminate the loaded down with trivial details management of CA to public key certificate.Since Shamir proposed the thought of Identity-based encryption in 1984, until calendar year 2001, real practical system is just developed by Boneh and Franklin and Cocks.Boneh and Franklin proposes the encipherment scheme of the approved safe of first identity-based, and their scheme is based on BDHC(Bilinear Diffie-HellmanComputational) problem.Be under the hypothesis of difficulty in BDHC problem, demonstrating the program is select ciphertext safety (being namely Semantic Security under adaptive chosen ciphertext attack).
Since the initiative work of Boneh and Franklin, nearly all identity-based encryption schemes system, all based on Bilinear Pairing, is now described the concept of Bilinear Pairing:
Bilinear Pairing: set G1 and G2 to be the circled addition groups of rank as q, the generator of G1 is the generator of P1, G2 be P2, GT is the circulation multiplicative group with phase same order q, and wherein q is the Big prime of at least 160 bits.Suppose that the discrete logarithm problem in these three groups of G1, G2 and GT is all difficult problem.Bilinear Pairing be one from set G 1× G 2to a mapping of set GT, be expressed as ê: G 1× G 2→ G t, this mapping has following character:
Bilinearity: for any g1 ∈ G 1, g2 ∈ G 2with arbitrary integer a, b ∈ Zp*, there is ê (g 1 a, g 2 b)=ê (g 1, g 2) ab;
Non-degeneracy: there is g1 ∈ G 1, g2 ∈ G 2make ê (g 1, g 2) ≠ 1;
Computability: to arbitrary g1 ∈ G 1, g2 ∈ G 2, ê (g can be calculated rapidly 1, g 2) value.
Identity-based encryption schemes system has a PKG(Prviate Key Generator, private key for user generating center), PKG manages all users, and provides online service to user.Submit to identity information to carry out the user of private key inquiry for each to PKG, first this PKG is responsible for carrying out certification to user, and after user authentication passes through, PKG is that user generates the private key corresponding with identity information, and provides private key through safe lane to user.
When receiving the E-seal of user A for certain electronic document, user B can utilize the identity information ID of A ato the direct off-line verification of signing messages, and without the need to as the public key certificate first being obtained user A in traditional PKI by CA, and the PKI of user A could be utilized to verify signature information after the legitimacy of authentication certificate and validity.
In order to be applied in Electronic Signature by ID-based cryptosystem technology, the domestic experts and scholars of having have carried out Beneficial, and more representational have:
Li Gang, Gu Yong follows the document 1 delivered at " computer application and software " 2009 6 monthly magazines (the 26th volume the 6th phase): " the E-seal design and implimentation of identity-based ";
The document 2 that Liu Hongwei is delivered at " computer engineering and design " 2008 4 monthly magazines (the 29th volume the 7th phase): " identity-based digital signature Research on Design ";
The shortcoming of the scheme of above-mentioned document 1 and document 2 is that signing messages is long, and if the signing messages length in document 1 is 4n, the signing messages length of document 2 is 2n, and wherein n is finite field F pposition long, like this under resource-constrained background, use being just the greatly limited property of the scheme of above-mentioned document 1 and document 2.
Summary of the invention
The embodiment provides a kind of implementation method of Electronic Signature of identity-based, to realize effectively ID-ased cryptography technology being applied in Electronic Signature.
The invention provides following scheme:
An implementation method for the Electronic Signature of identity-based, comprising:
Selected safety elliptic curve, definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein, a, b are the parameter of setting, and p, q are the Big prime of setting, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, for q rank circled addition group G 1and G 2, and circulation multiplicative group G t, definition bilinear map ê: G 1× G 2→ G t, wherein P 1g 1generator, P 2g 2generator;
H 1: { 0,1} *→ G 1, be a unilateral hash function, a random length 0,1 character string maps to G 1a point of upper elliptic curve;
it is an One-way Hash function;
The secret master key s of private key for user generating center PKG, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
PKG sets the cycle T ime that private key for user upgrades, and using word on seal as user ID ID, user ID and update time is connected, by H 1hash is asked to obtain client public key Q iD:
Q ID=H 1(ID||Time)∈G 1
According to client public key Q iDcalculate the private key of personal user
d ID=s Q ID∈G 1
Described method also comprises:
Stamped signature user selects random number r ∈ Z q *, calculate U=rP 2, described Z q *represent the integer in 1 ~ (q-1) scope, described U issues by stamped signature user;
Calculate h=H 2(m), described m is the electronic document needing to do Electronic Signature;
Calculate T=d iD/ (r+h), described d iDfor the private key of described stamped signature user;
Described digital signature information as the digital signature to electronic document m, is embedded in the official seal image of described stamped signature user and obtains Electronic Signature by described stamped signature user by the abscissa x of T, is set in described electronic document m by described Electronic Signature.
Described method also comprises:
After reception user receives described electronic document m, from the Electronic Signature described electronic document m, extract digital signature x;
Described reception user calculates g 1=ê (Q iD, P pub), calculate h=H 2m (), calculates the some T ' on curve according to abscissa x, calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
An implement device for the Electronic Signature of identity-based, comprising:
System parameters generation module, for selected safety elliptic curve, definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein, a, b are the parameter of setting, and p, q are the Big prime of setting, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, for q rank circled addition group G 1and G 2, and circulation multiplicative group GT, definition bilinear map ê: G 1× G 2→ G t, wherein P 1g 1generator, P 2g 2generator;
H 1: { 0,1} *→ G 1, be a unilateral hash function, a random length 0,1 character string maps to G 1a point of upper elliptic curve;
it is an One-way Hash function;
The secret master key s of private key for user generating center PKG, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
Described device also comprises:
Private key for user generation module, for being set the cycle T ime that private key for user upgrades by PKG, using word on seal as user ID ID, is connected user ID and update time, by H 1hash is asked to obtain client public key Q iD:
Q ID=H 1(ID||Time)∈G 1
According to client public key Q iDcalculate the private key of personal user
d ID=s Q ID∈G 1
Described device also comprises:
Stamped signature module, for selecting random number r ∈ Z by stamped signature user q *, calculate U=rP 2, described Z q *represent the integer in 1 ~ (q-1) scope, described U issues by stamped signature user;
Calculate h=H 2(m), described m is the electronic document needing to do Electronic Signature;
Calculate T=d iD/ (r+h), described d iDfor the private key of described stamped signature user;
Using the abscissa x of T as the digital signature to electronic document m, described digital signature information is embedded in the official seal image of described stamped signature user and obtains Electronic Signature, described Electronic Signature is set in described electronic document m.
Described device also comprises:
Test chapter module, after receiving described electronic document m by reception user, from the Electronic Signature described electronic document m, extract digital signature x;
Calculate g 1=ê (Q iD, P pub), calculate h=H 2m (), calculates the some T ' on curve according to abscissa x, calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
The technical scheme provided as can be seen from the embodiment of the invention described above, the length of the digital signature of the electronic document in the embodiment of the present invention is only the abscissa of elliptic curve point, be shorter than the signature information length of existing identity-based signature method, add the throughput of system cloud gray model, be suitable for the communication environment of Bandwidth-Constrained, thus achieve and effectively ID-based cryptosystem technology is applied in Electronic Signature.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The process chart of the implementation method of a kind of identity-based Electronic Signature that Fig. 1 provides for the embodiment of the present invention one;
The structural representation of the implement device 200 of the Electronic Signature of a kind of identity-based that Fig. 2 provides for the embodiment of the present invention two, in figure, system parameters generation module 210, private key for user generation module 220, stamped signature module 230, tests chapter module 240.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing for several specific embodiment, and each embodiment does not form the restriction to the embodiment of the present invention.
Electronic Signature, makes a general reference and allly Electronically to exist, be attached to e-file and with its logic association, in order to identification e-file signatory identity, the integrality of file can be ensured, and represents that signatory agrees to the content that e-file states the fact.Electronic Signature is a kind of form of expression of electronic signature, utilize image processing techniques operation of electronic signature to be converted into affix one's seal with paper document and operate identical visual effect, utilize electronic signature technology to ensure the authenticity and integrity of electronic information and the non-repudiation of signer simultaneously.
Embodiment one
The handling process that this embodiment offers a kind of implementation method of Electronic Signature of identity-based as shown in Figure 1, comprises following treatment step:
Step S110, generation also delivery system parameter.
Selected safety elliptic curve.Definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein p is a Big prime, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, be a Big prime, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, select the hash function H of safety 1and H 2.
G 1and G 2for E (F p) on q rank circled addition group, for q rank circled addition group G 1and G 2, and circulation multiplicative group G t, definition bilinear map ê: G 1× G 2→ G t.Wherein P 1g 1generator, P 2g 2generator.
H 1: { 0,1} *→ G 1, H 1be a unilateral hash function, simultaneously this function is safe, and it is representing that 0,1 character string maps of a random length of subscriber identity information is to G 1a point of upper elliptic curve E.
close SM3 and SHA-256 of current state is this type of secure hash function.H 2also be an One-way Hash function, it is also safe, it 0 of a random length, 1 character string maps arrives be a finite field, its element comprises and is more than or equal to 1 and all integers being less than or equal to p-1.
PKG chooses random number s as master key, preserves master key s, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
Exemplary, the embodiment of the present invention selects the BN(Barreto-Naehrig Curves of the applicable pairing computing of 256 bits) curve, parameter of curve is:
p=82434016654303721335979903895059482290473195976274097109073614432113582445043
q=82434016654303721335979903895059482290186082729184549321130475026491214041389
cf=82434016654303721335979903895059482290760309223363644897016753837735950848697
Generator P 1and P 2be respectively:
P 1:(1,2)
P 2:([35420530238889438404312183663866901625841844378917696917599232645378695835887,70757011310422602381698514071812716140231309101461259201005676988363160802702],49617093586502984492196035998262522147253206535684763462252780072872583036811,57788542054694434958167445267937712443623204301592355323940829573624035858700])
Master key s(maintains secrecy) and common parameter P pubbe respectively:
s:7756851799859271770659627899150600541371975756718058009081939427119871874481
P pub:([5010521210418998152314445187834278425375145002982646941207027287351530800206,19892274520276352126014579995917406029781992155848970349129619303569629987328],2289442668584886323100784904626988439585191643240663002686388182645927346262,71581844932169397456792025274839044580908693792888753994326463955304226961854])
G 1e (F p): y 2=x 3circled addition group on+3
G 2be on circled addition group, wherein ξ=-8+8i,
G tbe on circulation multiplicative group;
on, wherein ê is Ate pairing
H 1: { 0,1} *→ G 1specifically determine as follows:
1) { " ← " represents the meaning of assignment to given M ∈ for 0,1}*, setting i ← 0;
2) (x is set, b) ← sha-1 (i||M), here x is the abscissa calculated, b is the binary bit determining ordinate, sha-1 represents international standard hash algorithm, if the binary bits figure place of its result of calculation is n, then last binary bit is b, before n-1 binary bit be x.
3) according to equation y 2=f (x), and x abscissa, calculate two square root y value y 0and y 1, according to 2) in the binary bits value of b, determine G 1on some P m' (x, y b);
4) P is calculated m=cf*P m'.If P m≠ 0, namely export the G corresponding with M 1on some P m, otherwise turn 5).
5) variable i is added 1 certainly, turn 2);
H 2choose the SM3 hash algorithm that state is close.
Step S120, PKG generate the private key of stamped signature user.
PKG sets the cycle T ime that private key for user upgrades, and as being set as " year ", private key just upgrades per year, is set as " moon ", and private key just monthly upgrades.
Using word on seal as user ID ID, as " Aerospace Information Corporate Limited Company ", user ID and update time are connected, then pass through H 1hash is asked to obtain client public key Q iD, as:
Q ID=H 1(ID||Time)∈G 1
Above in formula || represent the meaning connected
According to client public key Q iDcalculate private key for user:
d ID=s Q ID∈G 1
Step S130, stamped signature user generate the digital signature of electronic document m, digital signature information are embedded in the official seal image of oneself and obtain Electronic Signature, are set in described electronic document m by described Electronic Signature.
User oneself selects random number r ∈ Z q *described Z q *represent the integer in 1 ~ (q-1) scope, described q is the Big prime of setting.User calculates U=r P 2, U is distributed to other users by the mode of broadcast.
Calculate h=H 2(m);
Calculate T=d iD/ (r+h);
Using the abscissa x of T as the digital signature to electronic document m, digital signature information is embedded in the official seal image of stamped signature user and obtains Electronic Signature by stamped signature user, described Electronic Signature is set in described electronic document m, more described electronic document m is sent.
Step S140, the Electronic Signature of other users to described electronic document m test chapter operation.
Receive electronic document m, and extract digital signature x from the Electronic Signature electronic document m;
Calculate g 1=ê (Q iD, P pub);
Calculate h=H 2(m);
The point T ' on curve is calculated according to abscissa x;
Calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
Prove:
According to the equation y of curve E 2=f (x)=x 3+ ax+b known (x, y) and (x ,-y) they are the points on curve, thus:
T '=T or T '=-T, gets T '=T, then:
g 2=ê(T',U+hP 2)=ê(T,U+hP 2)=ê(T,rP 2+hP 2)=ê(d ID/(r+h),(r+h)P 2)
=ê(d ID,P 2)=ê(sQ ID,P 2)=ê(Q ID,sP 2)=ê(Q ID,P pub)=g 1
Or get T '=-T, then:
G 2=ê (T', U+hP 2)=ê (-T, U+hP 2)=g 1 -1card is finished.
Embodiment two
This embodiment offers a kind of implement device 200 of Electronic Signature of identity-based, its specific implementation structure as shown in Figure 2, specifically can comprise following module:
System parameters generation module 210, for selected safety elliptic curve, definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein, a, b are the parameter of setting, and p, q are the Big prime of setting, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, for q rank circled addition group G 1and G 2, and circulation multiplicative group G t, definition bilinear map ê: G 1× G 2→ G t, wherein P 1g 1generator, P 2g 2generator;
H 1: { 0,1} *→ G 1, be a unilateral hash function, a random length 0,1 character string maps to G 1a point of upper elliptic curve;
an One-way Hash function, described in be a finite field, its element comprises and is more than or equal to 1 and all integers being less than or equal to p-1;
The secret master key s of PKG, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
Private key for user generation module 220, for being set the cycle T ime that private key for user upgrades by PKG, using word on seal as user ID ID, is connected user ID and update time, by H 1hash is asked to obtain client public key Q iD:
Q ID=H 1(ID||Time)∈G 1
According to client public key Q iDcalculate the private key of personal user
d ID=s Q ID∈G 1
Stamped signature module 230, for selecting random number r ∈ Z by stamped signature user q *, calculate U=rP 2, described Z q *represent the integer in 1 ~ (q-1) scope, described U issues by stamped signature user;
Calculate h=H 2(m), described m is the electronic document needing to do Electronic Signature;
Calculate T=d iD/ (r+h), described d iDfor the private key of described stamped signature user;
Using the abscissa x of T as the digital signature to electronic document m, described digital signature information is embedded in the official seal image of described stamped signature user and obtains Electronic Signature, described Electronic Signature is set in described electronic document m.
Test chapter module 240, after receiving described electronic document m by reception user, from the Electronic Signature described electronic document m, extract digital signature x;
Calculate g 1=ê (Q iD, P pub), calculate h=H 2m (), calculates the some T ' on curve according to abscissa x, calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
Carry out the detailed process of the Electronic Signature of identity-based with the device of the embodiment of the present invention and preceding method embodiment similar, repeat no more herein.
In sum, the length of the digital signature of the electronic document in the embodiment of the present invention is only the abscissa of elliptic curve point, be shorter than the signature information length of existing identity-based signature method, add the throughput of system cloud gray model, be suitable for the communication environment of Bandwidth-Constrained, thus achieve and effectively ID-ased cryptography technology is applied in Electronic Signature.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Apparatus and system embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (8)

1. an implementation method for the Electronic Signature of identity-based, is characterized in that, comprising:
Selected safety elliptic curve, definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein, a, b are the parameter of setting, and p, q are the Big prime of setting, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, for q rank circled addition group G 1and G 2, and circulation multiplicative group G t, definition bilinear map ê: G 1× G 2→ G t, wherein P 1g 1generator, P 2g 2generator;
H 1: { 0,1} *→ G 1, be a unilateral hash function, a random length 0,1 character string maps to G 1a point of upper elliptic curve;
it is an One-way Hash function;
The secret master key s of private key for user generating center PKG, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
2. the implementation method of the Electronic Signature of identity-based according to claim 1, is characterized in that, described method also comprises:
PKG sets the cycle T ime that private key for user upgrades, and using word on seal as user ID ID, user ID and update time is connected, by H 1hash is asked to obtain client public key Q iD:
Q ID=H 1(ID||Time)∈G 1
According to client public key Q iDcalculate the private key of personal user
d ID=s Q ID∈G 1
3. the implementation method of the Electronic Signature of identity-based according to claim 2, is characterized in that, described method also comprises:
Stamped signature user selects random number r ∈ Z q *, calculate U=rP 2, described Z q *represent the integer in 1 ~ (q-1) scope, described U issues by stamped signature user;
Calculate h=H 2(m), described m is the electronic document needing to do Electronic Signature;
Calculate T=d iD/ (r+h), described d iDfor the private key of described stamped signature user;
Described digital signature information as the digital signature to electronic document m, is embedded in the official seal image of described stamped signature user and obtains Electronic Signature by described stamped signature user by the abscissa x of T, is set in described electronic document m by described Electronic Signature.
4. the implementation method of the Electronic Signature of identity-based according to claim 3, is characterized in that, described method also comprises:
After reception user receives described electronic document m, from the Electronic Signature described electronic document m, extract digital signature x;
Described reception user calculates g 1=ê (Q iD, P pub), calculate h=H 2m (), calculates the some T ' on curve according to abscissa x, calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
5. an implement device for the Electronic Signature of identity-based, is characterized in that, comprising:
System parameters generation module, for selected safety elliptic curve, definition finite field F pthe equation of upper elliptic curve E: y 2=x 3+ ax+b, wherein, a, b are the parameter of setting, and p, q are the Big prime of setting, the rank #E (F of curve E p)=cf*q, wherein cf is cofactor, and q is generator P 1rank, q>2 191, curve E (F p) be k relative to the embedding number of times of q, require p k>2 1536, for q rank circled addition group G 1and G 2, and circulation multiplicative group G t, definition bilinear map ê: G 1× G 2→ G t, wherein P 1g 1generator, P 2g 2generator;
H 1: { 0,1} *→ G 1, be a unilateral hash function, a random length 0,1 character string maps to G 1a point of upper elliptic curve;
it is an One-way Hash function;
The secret master key s of private key for user generating center PKG, open system parameters { p, q, E, k, G 1, P 1, G 2, P 2, P pub, G t, ê, H 1, H 2, wherein P pub=s*P 2∈ G 2.
6. the implement device of the Electronic Signature of identity-based according to claim 5, is characterized in that, described device also comprises:
Private key for user generation module, for being set the cycle T ime that private key for user upgrades by PKG, using word on seal as user ID ID, is connected user ID and update time, by H 1hash is asked to obtain client public key Q iD:
Q ID=H 1(ID||Time)∈G 1
According to client public key Q iDcalculate the private key of personal user
d ID=s Q ID∈G 1
7. the implement device of the Electronic Signature of identity-based according to claim 6, is characterized in that, described device also comprises:
Stamped signature module, for selecting random number r ∈ Z by stamped signature user q *, calculate U=rP2, described Z q *represent the integer in 1 ~ (q-1) scope, described U issues by stamped signature user;
Calculate h=H 2(m), described m is the electronic document needing to do Electronic Signature;
Calculate T=d iD/ (r+h), described d iDfor the private key of described stamped signature user;
Using the abscissa x of T as the digital signature to electronic document m, described digital signature information is embedded in the official seal image of described stamped signature user and obtains Electronic Signature, described Electronic Signature is set in described electronic document m.
8. the implement device of the Electronic Signature of identity-based according to claim 7, is characterized in that, described device also comprises:
Test chapter module, after receiving described electronic document m by reception user, from the Electronic Signature described electronic document m, extract digital signature x;
Calculate g 1=ê (Q iD, P pub), calculate h=H 2m (), calculates the some T ' on curve according to abscissa x, calculate g 2=ê (T', U+hP 2);
If g 2=g 1or g 2=g 1 -1, then determine that the Electronic Signature of described electronic document m is correct; Otherwise, determine that the Electronic Signature of described electronic document m is incorrect.
CN201310495661.1A 2013-10-21 2013-10-21 The implementation method and device of the Electronic Signature of identity-based Active CN104579661B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310495661.1A CN104579661B (en) 2013-10-21 2013-10-21 The implementation method and device of the Electronic Signature of identity-based

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310495661.1A CN104579661B (en) 2013-10-21 2013-10-21 The implementation method and device of the Electronic Signature of identity-based

Publications (2)

Publication Number Publication Date
CN104579661A true CN104579661A (en) 2015-04-29
CN104579661B CN104579661B (en) 2018-05-01

Family

ID=53094945

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310495661.1A Active CN104579661B (en) 2013-10-21 2013-10-21 The implementation method and device of the Electronic Signature of identity-based

Country Status (1)

Country Link
CN (1) CN104579661B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104788A (en) * 2017-04-18 2017-08-29 深圳奥联信息安全技术有限公司 The ciphering signature method and apparatus of terminal and its non-repudiation
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal
CN109391473A (en) * 2017-08-04 2019-02-26 方正国际软件(北京)有限公司 A kind of method, apparatus and storage medium of Electronic Signature
CN111428216A (en) * 2020-04-12 2020-07-17 中信银行股份有限公司 Method, device, storage medium and electronic equipment for identifying client identity based on electronic protocol

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1921384A (en) * 2006-09-12 2007-02-28 上海交通大学 Public key infrastructure system, local safety apparatus and operation method
EP1993086A1 (en) * 2006-01-11 2008-11-19 Mitsubishi Electric Corporation Elliptical curve encryption parameter generation device, elliptical curve encryption calculation device, elliptical curve encryption parameter generation program, and elliptical curve encryption calculation program
CN101741543A (en) * 2008-11-11 2010-06-16 索尼株式会社 Information processing apparatus, information processing method, and program
CN102227759A (en) * 2008-11-28 2011-10-26 国立大学法人冈山大学 Scalar Multiplier and Scalar Multiplication Program
CN102308326A (en) * 2008-08-29 2012-01-04 国立大学法人冈山大学 Pairing calculation device, pairing calculation method, and pairing calculation program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1993086A1 (en) * 2006-01-11 2008-11-19 Mitsubishi Electric Corporation Elliptical curve encryption parameter generation device, elliptical curve encryption calculation device, elliptical curve encryption parameter generation program, and elliptical curve encryption calculation program
CN1921384A (en) * 2006-09-12 2007-02-28 上海交通大学 Public key infrastructure system, local safety apparatus and operation method
CN102308326A (en) * 2008-08-29 2012-01-04 国立大学法人冈山大学 Pairing calculation device, pairing calculation method, and pairing calculation program
CN101741543A (en) * 2008-11-11 2010-06-16 索尼株式会社 Information processing apparatus, information processing method, and program
CN102227759A (en) * 2008-11-28 2011-10-26 国立大学法人冈山大学 Scalar Multiplier and Scalar Multiplication Program

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张庆胜 等: "《快速椭圆曲线签名验证算法》", 《计算机工程与设计》 *
张方国 等: "《椭圆曲线在密码中的应用:过去,现在,将来》", 《山东大学学报(理学版)》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104788A (en) * 2017-04-18 2017-08-29 深圳奥联信息安全技术有限公司 The ciphering signature method and apparatus of terminal and its non-repudiation
CN109391473A (en) * 2017-08-04 2019-02-26 方正国际软件(北京)有限公司 A kind of method, apparatus and storage medium of Electronic Signature
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal
CN108206831B (en) * 2017-12-29 2021-06-29 北京书生电子技术有限公司 Electronic seal realization method, server, client and readable storage medium
CN111428216A (en) * 2020-04-12 2020-07-17 中信银行股份有限公司 Method, device, storage medium and electronic equipment for identifying client identity based on electronic protocol

Also Published As

Publication number Publication date
CN104579661B (en) 2018-05-01

Similar Documents

Publication Publication Date Title
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN108173639B (en) A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
Zhang et al. An efficient RSA-based certificateless signature scheme
CN107733648B (en) An identity-based RSA digital signature generation method and system
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN104767612B (en) It is a kind of from the label decryption method without certificate environment to PKIX environment
CN101471776A (en) Method for preventing PKG forgery signature based on user identification
CN104639315A (en) Dual-authentication method and device based on identity passwords and fingerprint identification
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN104821880A (en) Certificate-free generalized proxy signcryption method
KR20030008182A (en) Method of id-based blind signature by using bilinear parings
CN104079412B (en) The threshold proxy signature method without credible PKG based on intelligent grid identity security
CN108880796A (en) It is a kind of for server efficiently based on the outsourcing decryption method of encryption attribute algorithm
KR20030008183A (en) Method of id-based ring signature by using bilinear parings
CN106936584B (en) Method for constructing certificateless public key cryptosystem
CN111654366B (en) Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC
CN104639322A (en) Attribute-Based Encryption with Certificates
CN104767611A (en) A Signcryption Method from Public Key Infrastructure Environment to Certificateless Environment
CN103780386A (en) Blind signature method based on identity and device thereof
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
CN105141419A (en) Attribute-based signature method and attribute-based signature system in large attribute universe
CN117611162A (en) Transaction authentication method and device based on elliptic curve cryptography algorithm
CN104579661A (en) Identity-based electronic signature implementation method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant