[go: up one dir, main page]

CN109831312B - Connectable ring signature method, device, equipment and storage medium - Google Patents

Connectable ring signature method, device, equipment and storage medium Download PDF

Info

Publication number
CN109831312B
CN109831312B CN201910243182.8A CN201910243182A CN109831312B CN 109831312 B CN109831312 B CN 109831312B CN 201910243182 A CN201910243182 A CN 201910243182A CN 109831312 B CN109831312 B CN 109831312B
Authority
CN
China
Prior art keywords
formula
vector
label
public
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910243182.8A
Other languages
Chinese (zh)
Other versions
CN109831312A (en
Inventor
张鹏
任浩
喻建平
申屠青春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201910243182.8A priority Critical patent/CN109831312B/en
Publication of CN109831312A publication Critical patent/CN109831312A/en
Application granted granted Critical
Publication of CN109831312B publication Critical patent/CN109831312B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供一种可连接环签名方法、装置、设备以及存储介质,方法包括:获取安全参数和待加密信息;根据安全参数生成系统参数,其中,系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;根据系统参数生成公私钥对集合;其中,公私钥对集合包括公私钥对,公私钥对包括公钥和与公钥匹配的私钥;根据待加密信息、系统参数以及公私钥对集合确定符合预设结构的签名;其中,预设结构包括第一标签、签名元素、多幂以及内积论证;内积论证为第一向量的内积论证,第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量。本方法在没有降低安全性的前提上,将签名的通信复杂度缩小为O(log2(n)),降低了存储和通信成本。

Figure 201910243182

The present invention provides a connectable ring signature method, device, device and storage medium. The method includes: acquiring security parameters and information to be encrypted; generating system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second Hash function, first generator and second generator; generate a public-private key pair set according to system parameters; wherein, the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key; according to The set of information to be encrypted, system parameters, and public-private key pairs determines a signature that conforms to a preset structure; the preset structure includes a first label, signature elements, multiple powers, and an inner product argument; the inner product argument is the inner product argument of the first vector , the first vector includes a third label, a multi-power, a challenge, a first random sub-vector, and a second random sub-vector. This method reduces the communication complexity of the signature to O(log 2 (n)) without reducing the security, and reduces the storage and communication costs.

Figure 201910243182

Description

可连接环签名方法、装置、设备以及存储介质Connectable ring signature method, apparatus, device, and storage medium

技术领域technical field

本发明涉及数字签名技术领域,尤其涉及一种可连接环签名方法、装置、设备以及存储介质。The present invention relates to the technical field of digital signatures, and in particular, to a connectable ring signature method, apparatus, device and storage medium.

背景技术Background technique

可连接环签名是一种基于环签名的技术,它可以在保证用户身份不被泄漏的情况下对消息进行签名,并增加了可连接性,这使得恶意用户的重复签名会被发现。基于上述特性,可连接环签名被用于加密货币中,在实现交易匿名的同时,还可以抵抗双重支付。Connectable ring signature is a ring signature-based technology that can sign messages without revealing the user's identity, and increases connectability, which allows duplicate signatures of malicious users to be discovered. Based on the above characteristics, connectable ring signatures are used in cryptocurrencies to achieve transaction anonymity while resisting double spending.

然而,在不使用双线性对的情况下,现有的可连接环签名的通信复杂度均为O(n),导致签名的长度会随着用户的增加而线性增加,进而增加存储和通信成本。However, without the use of bilinear pairings, the communication complexity of the existing connectable ring signatures is O(n), which leads to a linear increase in the length of the signature with the increase of users, which in turn increases storage and communication. cost.

发明内容SUMMARY OF THE INVENTION

本发明提供一种可连接环签名方法、装置、设备以及存储介质,以解决由于现有的可连接环签名长度会随着用户的增加而线性增加,导致存储和通信成本增加的技术问题。The present invention provides a connectable ring signature method, device, device and storage medium to solve the technical problem of increased storage and communication costs as the length of the existing connectable ring signature increases linearly with the increase of users.

第一方面,本发明提供一种可连接环签名方法,所述方法包括:In a first aspect, the present invention provides a connectable ring signature method, the method comprising:

获取安全参数和待加密信息;Obtain security parameters and information to be encrypted;

根据所述安全参数生成系统参数,其中,所述系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;Generate system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator;

根据所述系统参数生成公私钥对集合;其中,所述公私钥对集合包括公私钥对,所述公私钥对包括公钥和与所述公钥匹配的私钥;Generate a public-private key pair set according to the system parameters; wherein, the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key;

根据所述待加密信息、所述系统参数以及所述公私钥对集合确定符合预设结构的签名;其中,所述预设结构包括第一标签、签名元素、多幂以及内积论证;所述内积论证为第一向量的内积论证,所述第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量。According to the to-be-encrypted information, the system parameters, and the set of public-private key pairs, a signature conforming to a preset structure is determined; wherein the preset structure includes a first label, signature elements, multiple powers, and inner product arguments; the An inner product argument is an inner product argument for a first vector that includes a third label, a multiplicity of powers, a challenge, a first random sub-vector, and a second random sub-vector.

在本发明提供的一种可连接环签名方法中,根据安全参数生成系统参数,根据系统参数生成公私钥对集合,再根据待加密信息、系统参数以及公私钥对集合确定签名,使得签名包括第一标签、签名元素、多幂以及内积论证,在没有降低安全性的前提上,将签名的通信复杂度缩小为O(log2(n)),降低了存储和通信成本。In a connectable ring signature method provided by the present invention, system parameters are generated according to security parameters, a set of public and private key pairs is generated according to the system parameters, and a signature is determined according to the information to be encrypted, the system parameters and the set of public and private key pairs, so that the signature includes the first One label, signature element, multiple powers, and inner product arguments reduce the communication complexity of the signature to O(log 2 (n)) without reducing security, reducing storage and communication costs.

可选地,所述第一标签具体为:Optionally, the first label is specifically:

Figure BDA0002010292070000021
Figure BDA0002010292070000021

其中,hj为第j个哈希公钥,hj=HG(pkj),skj表示第j个私钥,HG表示第一哈希函数,pkj表示第j个私钥对应的公钥。Among them, h j is the j-th hash public key, h j =H G (pk j ), sk j represents the j-th private key, H G represents the first hash function, and pk j represents the j-th private key corresponding to 's public key.

可选地,所述签名元素具体为:Optionally, the signature element is specifically:

r=α-cjskj r=α-c j sk j

其中,α为随机数,

Figure BDA0002010292070000022
c′表示挑战,c′=HZ(L,d),HZ表示第二哈希函数,
Figure BDA0002010292070000023
g表示第一生成元,d表示第二标签,d=HZ(pk1,pk2,...,pkn,t,m),n表示公私钥对集合中公私钥对的数量,c1,c2,...,cj-1,cj+1,...,cn分别表示n-1个随机数,m表示输入消息。where α is a random number,
Figure BDA0002010292070000022
c' represents the challenge, c'=H Z (L, d), H Z represents the second hash function,
Figure BDA0002010292070000023
g represents the first generator, d represents the second label, d=H Z (pk 1 , pk 2 , ..., pk n , t, m), n represents the number of public-private key pairs in the set of public-private key pairs, c 1 , c 2 , ..., c j-1 , c j+1 , ..., c n respectively represent n-1 random numbers, and m represents the input message.

可选地,所述多幂具体为:Optionally, the multiple powers are specifically:

Figure BDA0002010292070000024
Figure BDA0002010292070000024

其中,P表示多幂。Among them, P represents multiple powers.

可选地,所述第一向量具体为:Optionally, the first vector is specifically:

W=(pki dhi,P,c′,C,E)W=(pk i d hi , P, c', C, E)

其中,W为第一向量,pki dhi表示第三标签,C表示第一随机子向量,C=(c1,c2,...,cj-1,cj,cj+1,...,cn),E表示第二随机子向量,E=(1,1,...,1)。Wherein, W is the first vector, p i d hi is the third label, C is the first random sub-vector, C=(c 1 , c 2 ,..., c j-1 , c j , c j+ 1 , . . . , cn ), E represents the second random sub- vector , E=(1, 1, . . . , 1).

下面对可连接环签名装置进行介绍,其实现原理和技术效果与上述方法原理和技术效果类似,此处不再赘述。The connectable ring signature device will be introduced below, and its implementation principle and technical effect are similar to those of the above-mentioned method, and will not be repeated here.

第二方面,本发明提供一种可连接环签名装置,所述装置包括:In a second aspect, the present invention provides a connectable ring signature device, the device comprising:

获取模块,用于获取安全参数和待加密信息;The acquisition module is used to acquire security parameters and information to be encrypted;

生成模块,用于根据所述安全参数生成系统参数,其中,所述系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;a generating module, configured to generate system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator;

所述生成模块还用于根据所述系统参数生成公私钥对集合;其中,所述公私钥对集合包括公私钥对,所述公私钥对包括公钥和与所述公钥匹配的私钥;The generating module is further configured to generate a public-private key pair set according to the system parameter; wherein the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key;

确定模块,用于对所述待加密信息利用所述系统参数以及所述公私钥对集合确定符合预设结构的签名;其中,所述预设结构包括第一标签、签名元素、多幂以及内积论证;所述内积论证为第一向量的内积论证,所述第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量。A determination module, configured to use the system parameters and the set of public-private key pairs to determine a signature conforming to a preset structure for the information to be encrypted; wherein the preset structure includes a first label, a signature element, a multi-power and an internal Product argument; the inner product argument is an inner product argument of a first vector, and the first vector includes a third label, a multi-power, a challenge, a first random sub-vector, and a second random sub-vector.

可选地,所述第一标签具体为:Optionally, the first label is specifically:

Figure BDA0002010292070000031
Figure BDA0002010292070000031

其中,hj为第j个哈希公钥,hj=HG(pkj),skj表示第j个私钥,HG表示第一哈希函数,pkj表示第j个私钥对应的公钥。Among them, h j is the j-th hash public key, h j =H G (pk j ), sk j represents the j-th private key, H G represents the first hash function, and pk j represents the j-th private key corresponding to 's public key.

可选地,所述签名元素具体为:Optionally, the signature element is specifically:

r=α-cjskj r=α-c j sk j

其中,α为随机数,

Figure BDA0002010292070000032
c′表示挑战,c′=HZ(L,d),HZ表示第二哈希函数,
Figure BDA0002010292070000033
g表示第一生成元,d表示第二标签,d=HZ(pk1,pk2,...,pkn,t,m),n表示公私钥对集合中公私钥对的数量,c1,c2,...,cj-1,cj+1,...,cn分别表示n-1个随机数,m表示输入消息。where α is a random number,
Figure BDA0002010292070000032
c' represents the challenge, c'=H Z (L, d), H Z represents the second hash function,
Figure BDA0002010292070000033
g represents the first generator, d represents the second label, d=H Z (pk 1 , pk 2 , ..., pk n , t, m), n represents the number of public-private key pairs in the set of public-private key pairs, c 1 , c 2 , ..., c j-1 , c j+1 , ... , c n respectively represent n-1 random numbers, and m represents the input message.

第三方面,本发明提供一种电子设备,包括:至少一个处理器和存储器;In a third aspect, the present invention provides an electronic device, comprising: at least one processor and a memory;

其中,所述存储器存储计算机执行指令;wherein, the memory stores computer-executed instructions;

所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行第一方面以及可选方案涉及的可连接环签名方法。The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the connectable ring signature method involved in the first aspect and the optional solution.

第四方面,本发明提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现第一方面以及可选方案涉及的可连接环签名方法。In a fourth aspect, the present invention provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the first aspect and the optional solution are implemented. Linkable ring signature method.

本发明提供一种可连接环签名方法、装置、设备以及存储介质,在本发明提供的可连接环签名方法中,根据待加密信息、系统参数以及公私钥对集合确定签名,使得签名包括第一标签、签名元素、多幂以及内积论证,在没有降低安全性的前提上,将签名的通信复杂度缩小为O(log2(n)),降低了存储和通信成本。本发明提供的可连接环签名方法应用于电子投票、数字货币、身份认证等领域,可以大大缩小上述领域通信数据。The present invention provides a connectable ring signature method, device, equipment and storage medium. In the connectable ring signature method provided by the present invention, the signature is determined according to the information to be encrypted, the system parameter and the set of public and private key pairs, so that the signature includes the first Labels, signature elements, multiple powers, and inner product arguments reduce the communication complexity of signatures to O(log 2 (n)) without reducing security, reducing storage and communication costs. The connectable ring signature method provided by the present invention is applied to the fields of electronic voting, digital currency, identity authentication and the like, and can greatly reduce the communication data in the above fields.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

图1为本发明根据一示例性实施例示出的可连接环签名方法的流程示意图;FIG. 1 is a schematic flowchart of a connectable ring signature method according to an exemplary embodiment of the present invention;

图2为本发明根据一示例性实施例示出的可连接环签名装置的结构示意图;2 is a schematic structural diagram of a connectable ring signature device according to an exemplary embodiment of the present invention;

图3为本发明根据一示例性实施例示出的电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

本发明提供一种可连接环签名方法、装置、设备以及存储介质,以解决由于现有的可连接环签名长度会随着用户的增加而线性增加,导致存储和通信成本增加的技术问题。The present invention provides a connectable ring signature method, device, device and storage medium to solve the technical problem of increased storage and communication costs as the length of the existing connectable ring signature increases linearly with the increase of users.

图1为本发明根据一示例性实施例示出的可连接环签名方法的流程示意图。如图1所示,本实施例提供的可连接环签名方法包括如下步骤:FIG. 1 is a schematic flowchart of a connectable ring signature method according to an exemplary embodiment of the present invention. As shown in FIG. 1 , the connectable ring signature method provided by this embodiment includes the following steps:

S101、获取安全参数和待加密信息。S101. Obtain security parameters and information to be encrypted.

更具体地,待加密信息和安全参数均为用户输入,用户根据待加密信息的保密程度、加密要求等因素确定安全参数。本实施例中不限于待加密信息的保密程度、加密要求等因素,也可以为其他影响待加密信息加密过程的因素。More specifically, the information to be encrypted and the security parameters are both input by the user, and the user determines the security parameters according to factors such as the degree of confidentiality of the information to be encrypted, encryption requirements and other factors. This embodiment is not limited to factors such as the degree of confidentiality of the information to be encrypted, encryption requirements, and other factors, and may also be other factors that affect the encryption process of the information to be encrypted.

S102、根据安全参数生成系统参数。S102. Generate system parameters according to the security parameters.

更具体地,根据安全参数生成系统参数,其中,系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元。安全参数生成系统参数的方式为现有技术中常用的方式。More specifically, the system parameters are generated according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator. The way of generating the system parameters by the security parameters is a common way in the prior art.

例如:用户输入安全参数λ,输出系统参数pm。系统参数pm包含:第一哈希函数HG,第二哈希函数HZ,第一生成元g和第二生成元h。For example: the user inputs the security parameter λ and outputs the system parameter pm. The system parameter pm includes: a first hash function H G , a second hash function H Z , a first generator g and a second generator h.

S103、根据系统参数生成公私钥对集合。S103. Generate a set of public and private key pairs according to system parameters.

更具体地,根据系统参数生成公私钥对集合,其中,公私钥对集合包括多多组公私钥对,每一个公私钥对包括公钥和与公钥匹配的私钥。根据系统参数生成公私钥对的方式为现有技术中常用的方式。More specifically, a set of public-private key pairs is generated according to system parameters, wherein the set of public-private key pairs includes multiple groups of public-private key pairs, and each public-private key pair includes a public key and a private key matching the public key. The way of generating the public-private key pair according to the system parameters is the way commonly used in the prior art.

例如:根据系统参数pm生成公钥pki和私钥ski。其中,1≤i≤n并公开公钥pkiFor example: generate the public key pk i and the private key ski according to the system parameter pm. Among them, 1≤i≤n and public key pk i is published.

S104、根据待加密信息、系统参数以及公私钥对集合确定符合预设结构的签名。S104. Determine a signature conforming to a preset structure according to the information to be encrypted, the system parameter, and the set of public-private key pairs.

更具体地,预设结构包括第一标签、签名元素、多幂以及内积论证;内积论证为第一向量的内积论证,第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量。More specifically, the preset structure includes a first label, a signature element, multiple powers, and an inner product argument; the inner product argument is an inner product argument for a first vector, and the first vector includes a third label, multiple powers, challenges, and a first random. sub-vector and a second random sub-vector.

在本实施例中,根据如下步骤获得符合预设结构的签名:In this embodiment, the signature conforming to the preset structure is obtained according to the following steps:

S201、通过n次第一哈希函数计算n个哈希公钥,具体根据公式(1)获得哈希公钥。S201. Calculate n hash public keys by using the first hash function n times, and specifically obtain the hash public keys according to formula (1).

hi=HG(pki) (1)h i =H G (pk i ) (1)

其中,hi表示第i个哈希公钥,HG表示第一哈希函数,pki表示第i个公钥,ski表示第i个公钥pki对应的私钥。Among them, hi represents the ith public key hash, H G represents the first hash function, pk i represents the ith public key, and ski represents the private key corresponding to the ith public key pk i .

S202、根据哈希公钥和私钥计算第一标签t,具体根据公式(2)获得第一标签。S202: Calculate the first label t according to the hashed public key and the private key, and specifically obtain the first label according to formula (2).

Figure BDA0002010292070000051
Figure BDA0002010292070000051

其中,t表示第一标签,hj表示第j个哈希公钥,skj表示第j个公钥pkj对应的私钥。Among them, t represents the first tag, h j represents the j-th hash public key, and sk j represents the private key corresponding to the j-th public key pk j .

S203、根据第二哈希函数、n个公钥、第一标签t以及待加密消息生成第二标签,具体根据公式(3)获得第二标签。S203. Generate a second label according to the second hash function, n public keys, the first label t, and the message to be encrypted, and specifically obtain the second label according to formula (3).

d=HZ(pk1,pk2,,..,pkn,t,m) (3)d=H Z (pk 1 , pk 2 , , . . , pk n , t, m) (3)

其中,pki表示第i个公钥,t表示第一标签,m表示待加密消息,HZ表示第二哈希函数,d表示第二标签。Wherein, p i represents the ith public key, t represents the first tag, m represents the message to be encrypted, H Z represents the second hash function, and d represents the second tag.

S204、根据哈希公钥、第一标签、第二哈希函数、系统参数以及公钥生成承诺,具体根据公式(4)获得承诺。S204. Generate a commitment according to the hash public key, the first tag, the second hash function, the system parameters, and the public key, and specifically obtain the commitment according to formula (4).

Figure BDA0002010292070000052
Figure BDA0002010292070000052

其中,L表示承诺,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,α表示随机数,pki表示第i个公钥,hi表示第i个哈希公钥,ci表示第i个随机数。Among them, L represents the commitment, g represents the first generator in the system parameters, d represents the second label, t represents the first label, α represents the random number, p i represents the ith public key, and hi represents the ith hash The public key, ci represents the ith random number.

S205、根据第二标签和承诺生成挑战,具体根据公式(5)获得挑战。S205. Generate a challenge according to the second label and the commitment, and specifically obtain the challenge according to formula (5).

c′=HZ(L,d) (5)c′=H Z (L, d) (5)

其中,c′表示挑战,L表示承诺,d表示第二标签,HZ表示第二哈希函数。Among them, c' represents the challenge, L represents the commitment, d represents the second label, and H Z represents the second hash function.

S206、生成第一随机子向量,具体根据公式(6)获得第一随机子向量。S206. Generate a first random sub-vector, and specifically obtain the first random sub-vector according to formula (6).

C=(c1,c2,...,cj-1,cj,cj+1,...,cn) (6)C=(c 1 , c 2 , ..., c j-1 , c j , c j+1 , ..., c n ) (6)

其中,C表示第一随机子向量,

Figure BDA0002010292070000061
为分别表示n-1个随机数。where C represents the first random sub-vector,
Figure BDA0002010292070000061
to represent n-1 random numbers respectively.

S207、计算签名元素,具体根据公式(7)计算签名元素。S207 , calculating the signature element, specifically calculating the signature element according to formula (7).

r=α-cjskj (7)r=α-c j sk j (7)

其中,r表示签名元素,α表示随机数,

Figure BDA0002010292070000062
c1,c2,...,cj-1,cj+1,...,cn为分别表示n-1个随机数,skj表示第j个私钥。Among them, r represents the signature element, α represents the random number,
Figure BDA0002010292070000062
c 1 , c 2 , ..., c j-1 , c j+1 , ..., c n respectively represent n-1 random numbers, and sk j represents the jth private key.

S208、计算多幂,具体根据公式(8)计算多幂。S208: Calculate the multi-power, and specifically calculate the multi-power according to formula (8).

Figure BDA0002010292070000063
Figure BDA0002010292070000063

其中,P表示多幂,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,r表示签名元素,L表示承诺。Among them, P represents multiple powers, g represents the first generator in the system parameters, d represents the second label, t represents the first label, r represents the signature element, and L represents the commitment.

S209、生成第二随机子向量,具体根据公式(9)生成第二随机子向量。S209 , generating a second random sub-vector, specifically generating a second random sub-vector according to formula (9).

E=(1,1,...1) (9)E=(1,1,...1) (9)

其中,E为n维向量。Among them, E is an n-dimensional vector.

S210、计算第一向量的内积论证。S210. Calculate the inner product argument of the first vector.

其中,第一向量具体如公式(10)所示:The first vector is specifically shown in formula (10):

W=(pki ahi,P,c′,C,E) (10)W=(pk i a hi , P, c', C, E) (10)

其中,W为第一向量,pki dhi表示第三标签,C表示第一随机子向量,E表示第二随机子向量,pki表示第i个公钥,d表示第二标签。Among them, W is the first vector, pk i d hi represents the third label, C represents the first random sub-vector, E represents the second random sub-vector, p i represents the ith public key, and d represents the second label.

在利用现有的内积论证算法计算第一向量的内积论证π,After calculating the inner product argument π of the first vector using the existing inner product argument algorithm,

S211、输出签名σ=(t,r,P,π)。S211. Output the signature σ=(t, r, P, π).

其中,t表示第一标签,r表示签名元素,P表示多幂,π表示第一向量W的内积论证。Among them, t represents the first label, r represents the signature element, P represents the multiple power, and π represents the inner product argument of the first vector W.

其中,论证的大小为2log2n+1。相应地,签名的大小为2log2n+4。where the size of the argument is 2log 2 n+1. Accordingly, the size of the signature is 2log 2 n+4.

下面对接收到签名进行验证并进行连接处理,根据签名σ,n个公钥pk1,pk2,...,pkn以及待加密消息m,进行以下计算:Next, the received signature is verified and connected, and the following calculation is performed according to the signature σ, n public keys pk 1 , pk 2 , . . . , pk n and the message m to be encrypted:

S301、通过n次第一哈希函数计算n个哈希公钥,即根据公式hi=HG(pki)计算n个哈希公钥。S301. Calculate n hash public keys by using the first hash function n times, that is, calculate n hash public keys according to the formula h i =H G (pk i ).

S302、通过第二哈希函数计算第二标签,即根据公式d=HZ(pk1,pk2,...,pkn,t,m)计算第二标签。S302. Calculate the second label by using the second hash function, that is, calculate the second label according to the formula d=H Z (pk 1 , pk 2 , . . . , pk n , t, m).

S303、计算承诺,即根据公式

Figure BDA0002010292070000071
计算承诺。S303. Calculate the commitment, that is, according to the formula
Figure BDA0002010292070000071
Calculate commitment.

S304、通过第二哈希函数计算挑战,即根据公式c=HZ(L,d)计算挑战。S304. Calculate the challenge through the second hash function, that is, calculate the challenge according to the formula c=H Z (L, d).

S305、利用现有的内积论证算法,通过(pki dhi,P,c)验证内积论证π是否正确。如果正确,接受签名;否则拒绝。S305 , using the existing inner product argumentation algorithm, verify whether the inner product argument π is correct through (pk i d hi , P, c). If correct, accept the signature; otherwise reject.

对两个签名σ1,σ2进行连接处理,验证两个签名σ1,σ2中的第一标签t1,t2是否相等,如果相等,连接两个签名;否则不连接。Perform connection processing on the two signatures σ 1 , σ 2 , verify whether the first labels t 1 , t 2 in the two signatures σ 1 , σ 2 are equal, if they are equal, connect the two signatures; otherwise, do not connect.

在本实施例提供的方法中,根据待加密信息、系统参数以及公私钥对集合确定签名,使得签名包括第一标签、签名元素、多幂以及内积论证,在没有降低安全性的前提上,将签名的通信复杂度缩小为O(log2(n)),降低了存储和通信成本。In the method provided by this embodiment, the signature is determined according to the information to be encrypted, the system parameters, and the set of public-private key pairs, so that the signature includes the first label, the signature element, the multi-power and the inner product argument. On the premise of not reducing the security, Reduces the communication complexity of the signature to O(log 2 (n)), reducing storage and communication costs.

本发明提供一种对比实施例,在对比实施例中,对待加密信息采用如下步骤进行加密处理:The present invention provides a comparative example. In the comparative example, the following steps are used to encrypt the information to be encrypted:

S401、S401的步骤同图1所示实施例中S101的步骤相同。The steps of S401 and S401 are the same as the steps of S101 in the embodiment shown in FIG. 1 .

S402、S402的步骤同图1所示实施例中S102的步骤相同。The steps of S402 and S402 are the same as the steps of S102 in the embodiment shown in FIG. 1 .

S403、生成签名。S403. Generate a signature.

具体为,输入消息m,n个公钥pk1,pk2,...,pkn,一个私钥sk。其中,私钥sk所对应的公钥为pkj。进行以下计算:Specifically, input message m, n public keys pk 1 , pk 2 , . . . , pk n , and a private key sk. The public key corresponding to the private key sk is pk j . Do the following calculations:

S501、计算标签t=HG(g)skS501. Calculate the label t=H G (g) sk .

S502、生成一个随机数α,作为第一随机数。S502. Generate a random number α as the first random number.

S503、生成n-1个随机数c1,c2,...,cj-1,cj+1,...,cn,作为第一向量。S503. Generate n-1 random numbers c 1 , c 2 , . . . , c j-1 , c j+1 , . . . , c n as a first vector.

S504、计算承诺

Figure BDA0002010292070000072
S504. Calculation commitment
Figure BDA0002010292070000072

S505、通过第二哈希函数计算挑战

Figure BDA0002010292070000081
S505. Calculate the challenge through the second hash function
Figure BDA0002010292070000081

S506、计算

Figure BDA0002010292070000082
将cj补充进入第一向量。S506. Calculation
Figure BDA0002010292070000082
Supplement c j into the first vector.

S507、计算签名元素r=α-cjsk。S507. Calculate the signature element r=α-c j sk.

S508、输出签名σ=(t,r,c1,c2,...,cn)。S508, output the signature σ=(t, r, c 1 , c 2 , . . . , c n ).

并对签名进行验证:根据签名σ,n个公钥pk1,pk2,...,pkn以及消息m进行以下计算:And the signature is verified: according to the signature σ, the n public keys pk 1 , pk 2 , ..., pk n and the message m are calculated as follows:

S601、计算承诺

Figure BDA0002010292070000083
S601. Calculation commitment
Figure BDA0002010292070000083

S602、通过第二哈希函数计算挑战

Figure BDA0002010292070000084
并验证
Figure BDA0002010292070000085
是否等于c。如果相等,接受签名;否则拒绝。S602. Calculate the challenge through the second hash function
Figure BDA0002010292070000084
and verify
Figure BDA0002010292070000085
is equal to c. If equal, accept the signature; otherwise reject.

对两个签名σ1,σ2进行连接处理:验证两个签名σ1,σ2中的第一标签t1,t2是否相等,如果相等,连接两个签名;否则不连接。Perform connection processing on two signatures σ 1 , σ 2 : verify whether the first labels t 1 , t 2 in the two signatures σ 1 , σ 2 are equal, if they are equal, connect the two signatures; otherwise, do not connect.

在对比实施例中,输出签名σ=(t,r,c1,c2,...,cn)的大小为n+2。签名的大小随着环成员的增加而线性增加。然而,在本发明提供的可连接环签名方法中,签名的大小为2log2n+4,随着环环成员的数量呈对数增长,在环成员足够多的情况下,本发明提供的可连接环签名方法极大缩小了签名的长度且没有降低安全性。敌手无法在环成员中找到可连接环签名的实际签名者,也不能伪造出一个有效的可连接环签名,具有匿名性和不可伪造性。In the comparative example, the size of the output signature σ=(t, r, c 1 , c 2 , . . . , c n ) is n+2. The size of the signature increases linearly with ring membership. However, in the connectable ring signature method provided by the present invention, the size of the signature is 2log 2 n+4, and the number of ring members grows logarithmically. The concatenated ring signature method greatly reduces the length of the signature without compromising security. The adversary cannot find the actual signer of the connectable ring signature among the ring members, and cannot forge a valid connectable ring signature, which is anonymous and unforgeable.

图2为本发明根据一示例性实施例示出的可连接环签名装置的结构示意图。如图2所示,本实施例提供的可连接环签名装置700包括:FIG. 2 is a schematic structural diagram of a connectable ring signature device according to an exemplary embodiment of the present invention. As shown in FIG. 2 , the connectable ring signature device 700 provided in this embodiment includes:

获取模块701,用于获取安全参数和待加密信息;an acquisition module 701, used to acquire security parameters and information to be encrypted;

生成模块702,用于根据所述安全参数生成系统参数,其中,所述系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;A generating module 702, configured to generate system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator;

所述生成模块702还用于根据所述系统参数生成公私钥对集合;其中,所述公私钥对集合包括公私钥对,所述公私钥对包括公钥和与所述公钥匹配的私钥;The generating module 702 is further configured to generate a public-private key pair set according to the system parameters; wherein the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key ;

确定模块703,用于对所述待加密信息利用所述系统参数以及所述公私钥对集合确定符合预设结构的签名;其中,所述预设结构包括第一标签、签名元素、多幂以及内积论证;所述内积论证为第一向量的内积论证,所述第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量。A determination module 703, configured to use the system parameters and the set of public-private key pairs to determine a signature conforming to a preset structure for the information to be encrypted; wherein the preset structure includes a first label, a signature element, a multi-power, and Inner product argument; the inner product argument is an inner product argument of a first vector, and the first vector includes a third label, a multi-power, a challenge, a first random sub-vector, and a second random sub-vector.

可选地,所述第一标签具体为:Optionally, the first label is specifically:

Figure BDA0002010292070000091
Figure BDA0002010292070000091

其中,hj为第j个哈希公钥,hj=HG(pkj),skj表示第j个私钥,HG表示第一哈希函数,pkj表示第j个私钥对应的公钥。Among them, h j is the j-th hash public key, h j =H G (pk j ), sk j represents the j-th private key, H G represents the first hash function, and pk j represents the j-th private key corresponding to 's public key.

可选地,所述签名元素具体为:Optionally, the signature element is specifically:

r=α-cjskj r=α-c j sk j

其中,α为随机数,

Figure BDA0002010292070000092
c′表示挑战,c′=HZ(L,d),HZ表示第二哈希函数,
Figure BDA0002010292070000093
g表示第一生成元,d表示第二标签,d=HZ(pk1,pk2,...,pkn,t,m),n表示公私钥对集合中公私钥对的数量,c1,c2,...,cj-1,cj+1,...,cn分别表示n-1个随机数,m表示输入消息。where α is a random number,
Figure BDA0002010292070000092
c' represents the challenge, c'=H Z (L, d), H Z represents the second hash function,
Figure BDA0002010292070000093
g represents the first generator, d represents the second label, d=H Z (pk 1 , pk 2 , ..., pk n , t, m), n represents the number of public-private key pairs in the set of public-private key pairs, c 1 , c 2 , ..., c j-1 , c j+1 , ..., c n respectively represent n-1 random numbers, and m represents the input message.

总之,本申请提供的可连接环签名装置可用于执行上述可连接环签名方法,其内容和效果可参考方法部分,本申请对此不再赘述。In a word, the connectable ring signature device provided in this application can be used to execute the above connectable ring signature method, and the content and effect thereof can refer to the method section, which will not be repeated in this application.

图3为本发明根据一示例性实施例示出的电子设备的结构示意图。如图3所示,本实施例的电子设备800包括:处理器801以及存储器802,其中,FIG. 3 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present invention. As shown in FIG. 3, the electronic device 800 in this embodiment includes: a processor 801 and a memory 802, wherein,

存储器802,用于存储计算机执行指令;a memory 802 for storing computer-executed instructions;

处理器801,用于执行存储器存储的计算机执行指令,以实现上述实施例中接收设备所执行的各个步骤。具体可以参见前述方法实施例中的相关描述。The processor 801 is configured to execute computer-executed instructions stored in the memory, so as to implement various steps performed by the receiving device in the above-mentioned embodiments. For details, refer to the relevant descriptions in the foregoing method embodiments.

可选的,存储器802既可以是独立的,也可以跟处理器801集成在一起。Optionally, the memory 802 may be independent or integrated with the processor 801 .

当存储器802独立设置时,该电子设备800还包括总线803,用于连接存储器802和处理器801。When the memory 802 is set independently, the electronic device 800 further includes a bus 803 for connecting the memory 802 and the processor 801 .

本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如上所述的可连接环签名方法。Embodiments of the present invention further provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the processor executes the computer-executable instructions, the above-mentioned connectable ring signature method is implemented.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. scope.

Claims (4)

1.一种可连接环签名方法,其特征在于,所述方法包括:1. A connectable ring signature method, wherein the method comprises: 获取安全参数和待加密信息;Obtain security parameters and information to be encrypted; 根据所述安全参数生成系统参数,其中,所述系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;Generate system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator; 根据所述系统参数生成公私钥对集合;其中,所述公私钥对集合包括公私钥对,所述公私钥对包括公钥和与所述公钥匹配的私钥;Generate a public-private key pair set according to the system parameters; wherein, the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key; 根据所述待加密信息、所述系统参数以及所述公私钥对集合确定符合预设结构的签名;其中,所述预设结构包括第一标签、签名元素、多幂以及内积论证;所述内积论证为第一向量的内积论证,所述第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量;According to the to-be-encrypted information, the system parameters, and the set of public-private key pairs, a signature conforming to a preset structure is determined; wherein, the preset structure includes a first label, signature elements, multiple powers, and inner product arguments; the The inner product argument is an inner product argument of a first vector including a third label, a multi-power, a challenge, a first random sub-vector, and a second random sub-vector; 其中,所述根据所述待加密信息、所述系统参数以及所述公私钥对集合确定符合预设结构的签名包括:Wherein, determining the signature conforming to the preset structure according to the information to be encrypted, the system parameter and the set of public-private key pairs includes: 通过n次第一哈希函数计算n个哈希公钥,利用到的公式(1)如下:The n hash public keys are calculated by the first hash function n times, and the formula (1) used is as follows: hi=HG(pki) (1)h i =H G (pk i ) (1) 在公式(1)中,hi表示第i个哈希公钥,HG表示第一哈希函数,pki表示第i个公钥,ski表示第i个公钥pki对应的私钥;In formula (1), hi represents the ith public key hash, H G represents the first hash function, pk i represents the ith public key, and ski represents the private key corresponding to the ith public key pk i ; 根据哈希公钥和私钥计算第一标签t,利用到的公式(2)如下:The first label t is calculated according to the hash public key and private key, and the formula (2) used is as follows:
Figure FDA0003342149480000011
Figure FDA0003342149480000011
 在公式(2)中,t表示第一标签,hj表示第j个哈希公钥,skj表示第j个公钥pkj对应的私钥;In formula (2), t represents the first tag, h j represents the jth hash public key, and sk j represents the private key corresponding to the jth public key pk j ; 根据第二哈希函数、n个公钥、第一标签t以及待加密消息生成第二标签,利用到的公式(3)如下:The second label is generated according to the second hash function, n public keys, the first label t and the message to be encrypted, and the formula (3) used is as follows: d=Hz(pk1,pk2,...,pkn,t,m) (3)d=H z (pk 1 ,pk 2 ,...,pk n ,t,m) (3) 在公式(3)中,pki表示第i个公钥,t表示第一标签,m表示待加密消息,HZ表示第二哈希函数,d表示第二标签;In formula (3), pk i represents the ith public key, t represents the first tag, m represents the message to be encrypted, H Z represents the second hash function, and d represents the second tag; 根据哈希公钥、第一标签、第二哈希函数、系统参数以及公钥生成承诺,利用到的公式(4)如下:According to the hash public key, the first tag, the second hash function, the system parameters and the public key to generate the commitment, the formula (4) used is as follows:
Figure FDA0003342149480000021
Figure FDA0003342149480000021
 在公式(4)中,L表示承诺,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,α表示随机数,pki表示第i个公钥,hi表示第i个哈希公钥,ci表示第i个随机数;In formula (4), L represents commitment, g represents the first generator in the system parameters, d represents the second label, t represents the first label, α represents a random number, p i represents the ith public key, and hi represents The i-th hash public key, c i represents the i-th random number; 根据第二标签和承诺生成挑战,利用到的公式(5)如下:The challenge is generated according to the second label and commitment, and the utilized formula (5) is as follows: c′=HZ(L,d) (5)c′=H Z (L,d) (5) 在公式(5)中,c′表示挑战,L表示承诺,d表示第二标签,HZ表示第二哈希函数;In formula (5), c′ represents the challenge, L represents the commitment, d represents the second label, and H Z represents the second hash function; 生成第一随机子向量,利用到的公式(6)如下:To generate the first random sub-vector, the formula (6) used is as follows: C=(c1,c2,...,cj-1,cj,cj+1,...,cn) (6)C=(c 1 ,c 2 ,...,c j-1 ,c j ,c j+1 ,...,c n ) (6) 在公式(6)中,C表示第一随机子向量,
Figure FDA0003342149480000022
c1,c2,...,cj-1,cj+1,...,cn为分别表示n-1个随机数;In formula (6), C represents the first random sub-vector,
Figure FDA0003342149480000022
c 1 ,c 2 ,...,c j-1 ,c j+1 ,...,c n represent n-1 random numbers respectively; 计算签名元素,利用到的公式(7)如下:To calculate the signature element, the formula (7) used is as follows: r=α-cjskj (7)r=α-c j sk j (7) 在公式(7)中,r表示签名元素,α表示随机数,
Figure FDA0003342149480000023
c1,c2,...,cj-1,cj+1,...,cn为分别表示n-1个随机数,skj表示第j个私钥;In formula (7), r represents the signature element, α represents a random number,
Figure FDA0003342149480000023
c 1 ,c 2 ,...,c j-1 ,c j+1 ,...,cn are n -1 random numbers, respectively, and sk j is the jth private key; 计算多幂,利用到的公式(8)如下:To calculate multiple powers, the formula (8) used is as follows:
Figure FDA0003342149480000024
Figure FDA0003342149480000024
 在公式(8)中,P表示多幂,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,r表示签名元素,L表示承诺;In formula (8), P represents multiple powers, g represents the first generator in the system parameters, d represents the second label, t represents the first label, r represents the signature element, and L represents the commitment; 生成第二随机子向量,利用到的公式(9)如下:To generate the second random sub-vector, the formula (9) used is as follows: E=(1,1,...1) (9)E=(1,1,...1) (9) 在公式(9)中,E为第二随机子向量;In formula (9), E is the second random sub-vector; 计算第一向量,利用到的公式(10)如下:To calculate the first vector, the formula (10) used is as follows: W=(pki dhi,P,c′,C,E) (10)W=(pk i d h i ,P,c′,C,E) (10) 在公式(10)中,W为第一向量,pki dhi表示第三标签,C表示第一随机子向量,E表示第二随机子向量,pki表示第i个公钥,d表示第二标签;In formula (10), W is the first vector, p i d h i is the third label, C is the first random sub-vector, E is the second random sub-vector, p i is the i-th public key, and d is the second label; 计算第一向量的内积论证π;Calculate the inner product argument π of the first vector; 输出签名σ=(t,r,P,π);output signature σ=(t,r,P,π); 其中,t表示第一标签,r表示签名元素,P表示多幂,π表示第一向量W的内积论证,所述论证的大小为2log2n+1,所述签名的大小为2log2n+4。Among them, t represents the first label, r represents the signature element, P represents the multiple power, and π represents the inner product argument of the first vector W, the size of the argument is 2log 2 n+1, and the size of the signature is 2log 2 n +4. 2.一种可连接环签名装置,其特征在于,所述装置包括:2. A connectable ring signature device, wherein the device comprises: 获取模块,用于获取安全参数和待加密信息;The acquisition module is used to acquire security parameters and information to be encrypted; 生成模块,用于根据所述安全参数生成系统参数,其中,所述系统参数包括:第一哈希函数、第二哈希函数、第一生成元以及第二生成元;a generating module, configured to generate system parameters according to the security parameters, wherein the system parameters include: a first hash function, a second hash function, a first generator, and a second generator; 所述生成模块还用于根据所述系统参数生成公私钥对集合;其中,所述公私钥对集合包括公私钥对,所述公私钥对包括公钥和与所述公钥匹配的私钥;The generating module is further configured to generate a public-private key pair set according to the system parameter; wherein the public-private key pair set includes a public-private key pair, and the public-private key pair includes a public key and a private key matching the public key; 确定模块,用于根据所述待加密信息、所述系统参数以及所述公私钥对集合确定符合预设结构的签名;其中,所述预设结构包括第一标签、签名元素、多幂以及内积论证;所述内积论证为第一向量的内积论证,所述第一向量包括第三标签、多幂、挑战、第一随机子向量以及第二随机子向量;A determination module, configured to determine a signature conforming to a preset structure according to the information to be encrypted, the system parameters and the set of public-private key pairs; wherein the preset structure includes a first label, a signature element, a multi-power and an internal Product argument; the inner product argument is an inner product argument of a first vector, and the first vector includes a third label, a multi-power, a challenge, a first random sub-vector, and a second random sub-vector; 所述确定模块具体用于通过n次第一哈希函数计算n个哈希公钥,利用到的公式(1)如下:The determining module is specifically used to calculate n hash public keys through n first hash functions, and the formula (1) used is as follows: hi=HG(pki) (1)h i =H G (pk i ) (1) 在公式(1)中,hi表示第i个哈希公钥,HG表示第一哈希函数,pki表示第i个公钥,ski表示第i个公钥pki对应的私钥;In formula (1), hi represents the ith public key hash, H G represents the first hash function, pk i represents the ith public key, and ski represents the private key corresponding to the ith public key pk i ; 根据哈希公钥和私钥计算第一标签t,利用到的公式(2)如下:The first label t is calculated according to the hash public key and private key, and the formula (2) used is as follows:
Figure FDA0003342149480000031
Figure FDA0003342149480000031
 在公式(2)中,t表示第一标签,hj表示第j个哈希公钥,skj表示第j个公钥pkj对应的私钥;In formula (2), t represents the first tag, h j represents the jth hash public key, and sk j represents the private key corresponding to the jth public key pk j ; 根据第二哈希函数、n个公钥、第一标签t以及待加密消息生成第二标签,利用到的公式(3)如下:The second label is generated according to the second hash function, n public keys, the first label t and the message to be encrypted, and the formula (3) used is as follows: d=HZ(pk1,pk2,...,pkn,t,m) (3)d=H Z (pk 1 ,pk 2 ,...,pk n ,t,m) (3) 在公式(3)中,pki表示第i个公钥,t表示第一标签,m表示待加密消息,HZ表示第二哈希函数,d表示第二标签;In formula (3), pk i represents the ith public key, t represents the first tag, m represents the message to be encrypted, H Z represents the second hash function, and d represents the second tag; 根据哈希公钥、第一标签、第二哈希函数、系统参数以及公钥生成承诺,利用到的公式(4)如下:According to the hash public key, the first tag, the second hash function, the system parameters and the public key to generate the commitment, the formula (4) used is as follows:
Figure FDA0003342149480000041
Figure FDA0003342149480000041
 在公式(4)中,L表示承诺,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,α表示随机数,pki表示第i个公钥,hi表示第i个哈希公钥,ci表示第i个随机数;In formula (4), L represents commitment, g represents the first generator in the system parameters, d represents the second label, t represents the first label, α represents a random number, p i represents the ith public key, and hi represents The i-th hash public key, c i represents the i-th random number; 根据第二标签和承诺生成挑战,利用到的公式(5)如下:The challenge is generated according to the second label and commitment, and the utilized formula (5) is as follows: c′=HZ(L,d) (5)c′=H Z (L,d) (5) 在公式(5)中,c′表示挑战,L表示承诺,d表示第二标签,HZ表示第二哈希函数;In formula (5), c′ represents the challenge, L represents the commitment, d represents the second label, and H Z represents the second hash function; 生成第一随机子向量,利用到的公式(6)如下:To generate the first random sub-vector, the formula (6) used is as follows: C=(c1,c2,...,cj-1,cj,cj+1,...,cn) (6)C=(c 1 ,c 2 ,...,c j-1 ,c j ,c j+1 ,...,c n ) (6) 在公式(6)中,C表示第一随机子向量,
Figure FDA0003342149480000042
c1,c2,...,cj-1,cj+1,...,cn为分别表示n-1个随机数;In formula (6), C represents the first random sub-vector,
Figure FDA0003342149480000042
c 1 ,c 2 ,...,c j-1 ,c j+1 ,...,c n represent n-1 random numbers respectively; 计算签名元素,利用到的公式(7)如下:To calculate the signature element, the formula (7) used is as follows: r=α-cjskj (7)r=α-c j sk j (7) 在公式(7)中,r表示签名元素,α表示随机数,
Figure FDA0003342149480000043
c1,c2,...,cj-1,cj+1,...,cn为分别表示n-1个随机数,skj表示第j个私钥;In formula (7), r represents the signature element, α represents a random number,
Figure FDA0003342149480000043
c 1 ,c 2 ,...,c j-1 ,c j+1 ,...,c n represent n-1 random numbers respectively, and sk j represents the jth private key; 计算多幂,利用到的公式(8)如下:To calculate multiple powers, the formula (8) used is as follows:
Figure FDA0003342149480000044
Figure FDA0003342149480000044
 在公式(8)中,P表示多幂,g表示系统参数中第一生成元,d表示第二标签,t表示第一标签,r表示签名元素,L表示承诺;In formula (8), P represents multiple powers, g represents the first generator in the system parameters, d represents the second label, t represents the first label, r represents the signature element, and L represents the commitment; 生成第二随机子向量,利用到的公式(9)如下:To generate the second random sub-vector, the formula (9) used is as follows: E=(1,1,...1) (9)E=(1,1,...1) (9) 在公式(9)中,E为第二随机子向量;In formula (9), E is the second random sub-vector; 计算第一向量,利用到的公式(10)如下:To calculate the first vector, the formula (10) used is as follows: W=(pki dhi,P,c′,C,E) (10)W=(pk i d h i ,P,c′,C,E) (10) 在公式(10)中,W为第一向量,pki dhi表示第三标签,C表示第一随机子向量,E表示第二随机子向量,pki表示第i个公钥,d表示第二标签;In formula (10), W is the first vector, p i d h i is the third label, C is the first random sub-vector, E is the second random sub-vector, p i is the ith public key, and d is the second label; 计算第一向量的内积论证π;Calculate the inner product argument π of the first vector; 输出签名σ=(t,r,P,π);output signature σ=(t,r,P,π); 其中,t表示第一标签,r表示签名元素,P表示多幂,π表示第一向量W的内积论证,所述论证的大小为2log2n+1,所述签名的大小为2log2n+4。Among them, t represents the first label, r represents the signature element, P represents the multiple power, and π represents the inner product argument of the first vector W, the size of the argument is 2log 2 n+1, and the size of the signature is 2log 2 n +4. 3.一种电子设备,其特征在于,包括:至少一个处理器和存储器;3. An electronic device, comprising: at least one processor and a memory; 其中,所述存储器存储计算机执行指令;wherein, the memory stores computer-executed instructions; 所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如权利要求1所述的可连接环签名方法。The at least one processor executes computer-executable instructions stored in the memory to cause the at least one processor to perform the connectable ring signature method of claim 1 . 4.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如权利要求1所述的可连接环签名方法。4. A computer-readable storage medium, wherein the computer-readable storage medium stores computer-executable instructions, and when a processor executes the computer-executable instructions, the connectable ring according to claim 1 is implemented. signature method.
CN201910243182.8A 2019-03-28 2019-03-28 Connectable ring signature method, device, equipment and storage medium Active CN109831312B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910243182.8A CN109831312B (en) 2019-03-28 2019-03-28 Connectable ring signature method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910243182.8A CN109831312B (en) 2019-03-28 2019-03-28 Connectable ring signature method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109831312A CN109831312A (en) 2019-05-31
CN109831312B true CN109831312B (en) 2022-04-19

Family

ID=66873020

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910243182.8A Active CN109831312B (en) 2019-03-28 2019-03-28 Connectable ring signature method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109831312B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400773B (en) * 2020-03-12 2022-09-09 深圳大学 Digital signature method, digital signature device, system and storage medium
CN111935163B (en) * 2020-08-14 2022-08-09 支付宝(杭州)信息技术有限公司 Data joint processing method and device for protecting privacy
CN114070556B (en) * 2021-11-15 2023-07-25 成都卫士通信息产业股份有限公司 Threshold ring signature method and device, electronic equipment and readable storage medium
CN115733619B (en) * 2022-11-14 2024-12-20 建信金融科技有限责任公司 Hash processing method, device, equipment and storage medium for digital signature

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1521390A1 (en) * 2003-10-01 2005-04-06 Hewlett-Packard Development Company, L.P. Digital signature method and apparatus
CN102017510A (en) * 2007-10-23 2011-04-13 丁素芬 Method and structure for self-sealed joint proof-of-knowledge and Diffie-Hellman key-exchange protocols
CN109257184A (en) * 2018-11-08 2019-01-22 西安电子科技大学 Linkable Ring Signature Method Based on Anonymous Broadcast Encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483523A (en) * 2002-04-15 2009-07-15 株式会社Ntt都科摩 Signature schemes using bilinear mappings

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1521390A1 (en) * 2003-10-01 2005-04-06 Hewlett-Packard Development Company, L.P. Digital signature method and apparatus
CN102017510A (en) * 2007-10-23 2011-04-13 丁素芬 Method and structure for self-sealed joint proof-of-knowledge and Diffie-Hellman key-exchange protocols
CN109257184A (en) * 2018-11-08 2019-01-22 西安电子科技大学 Linkable Ring Signature Method Based on Anonymous Broadcast Encryption

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"关联环签名及其在电子投票中的应用研究";熊丹;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160115;全文 *
Joseph K. Liu ; Man Ho Au ; Willy Susilo ; Jianying Zhou."Linkable Ring Signature with Unconditional Anonymity".《IEEE Transactions on Knowledge and Data Engineering》.2013, *
Ren, Hao ; Zhang, Peng ; Shentu, Qingchun." Compact Ring Signature in the Standard Model for Blockchain".《14th International Conference on Information Security Practice and Experience (ISPEC) 》.2018, *

Also Published As

Publication number Publication date
CN109831312A (en) 2019-05-31

Similar Documents

Publication Publication Date Title
CN109831312B (en) Connectable ring signature method, device, equipment and storage medium
He et al. Enhanced three-factor security protocol for consumer USB mass storage devices
US9571268B2 (en) Method and system for homomorphicly randomizing an input
Wang et al. Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards
Tong et al. Verifiable fuzzy multi-keyword search over encrypted data with adaptive security
CN112152792A (en) MTS-based mutually authenticated remote attestation
Xiao et al. A lightweight authentication scheme for telecare medical information system
US20070269040A1 (en) Cryptographic Protocol for Commonly Controlled Devices
JP5224481B2 (en) Password authentication method
JP2022546470A (en) Decentralized techniques for validation of data in transport layer security and other contexts
EP2168299A1 (en) Method of compressing a cryptographic value
US20110035595A1 (en) Codeword-enhanced peer-to-peer authentication
CN111475690B (en) Character string matching method and device, data detection method and server
Choi et al. Security enhanced multi-factor biometric authentication scheme using bio-hash function
Giri et al. A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer usb mass storage devices
CN113556225A (en) Efficient PSI (program specific information) method based on Hash and key exchange
CN104901812B (en) A kind of RFID system safety certifying method of ECC combinations lightweight Hash functions
Meshram et al. An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric
CN110602190B (en) Block chain consensus method, block chain node and storage device
Dowlatshah et al. A secure and robust smart card-based remote user authentication scheme
WO2020191700A1 (en) Linkable ring signature method, device, apparatus, and storage medium
Liu et al. Security of analysis mutual authentication and key exchange for low power wireless communicationsi
CN116633537A (en) Key agreement method, system and medium based on dual servers and multiple authentication factors
Kou et al. Efficient hierarchical multi-server authentication protocol for mobile cloud computing
WO2023093278A1 (en) Digital signature thresholding method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant