[go: up one dir, main page]

CN114611078A - A transparent method and system for implicit certificate - Google Patents

A transparent method and system for implicit certificate Download PDF

Info

Publication number
CN114611078A
CN114611078A CN202011409117.7A CN202011409117A CN114611078A CN 114611078 A CN114611078 A CN 114611078A CN 202011409117 A CN202011409117 A CN 202011409117A CN 114611078 A CN114611078 A CN 114611078A
Authority
CN
China
Prior art keywords
certificate
private key
public
user
reconstruction value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011409117.7A
Other languages
Chinese (zh)
Inventor
王琼霄
黄婉玲
林璟锵
王伟
万会庆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN202011409117.7A priority Critical patent/CN114611078A/en
Publication of CN114611078A publication Critical patent/CN114611078A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and a system for transparentizing an implicit certificate, which support to submit the implicit certificate to a plurality of certificate transparentizing public log servers and are compatible with implicit certificate verification which does not support certificate transparentizing. The invention does not bring new signature and signature verification expenses while transparentizing the implicit certificate, does not need to respectively verify whether the implicit certificate is submitted to a single public log server, and can verify whether the implicit certificate is submitted to a plurality of public log servers while verifying whether the implicit certificate is valid.

Description

一种隐式证书的透明化方法及系统A transparent method and system for implicit certificate

技术领域technical field

本发明属于身份认证技术领域,具体地说,特别涉及一种隐式证书的透明化方法及系统。The invention belongs to the technical field of identity authentication, and in particular, particularly relates to a transparent method and system for an implicit certificate.

背景技术Background technique

随着工业物联网的发展,物联网中设备的身份认证以及数据的保密传输需要得到保障。对于计算能力和存储空间都有限的物联网节点来说使用显示证书比如X.509证书带来的开销太大,而隐式证书体积更小验证速度更快,更适用于在资源受限的环境中用于身份认证。在传统显示证书中,公钥和数字签名是不同的数据,在隐式证书中,公钥和数字签名合二为一用公钥重构值表示。比较典型的隐式证书认证方案是ECQV(Elliptic CurveQu-Vanstone),它的数学基础是椭圆曲线理论。With the development of the Industrial Internet of Things, the identity authentication of devices in the Internet of Things and the confidential transmission of data need to be guaranteed. For IoT nodes with limited computing power and storage space, the overhead of using explicit certificates such as X.509 certificates is too high, while implicit certificates are smaller in size and have faster verification speed and are more suitable for resource-constrained environments. used for identity authentication. In the traditional explicit certificate, the public key and the digital signature are different data. In the implicit certificate, the public key and the digital signature are combined into one and represented by the public key reconstruction value. A typical implicit certificate authentication scheme is ECQV (Elliptic CurveQu-Vanstone), whose mathematical basis is elliptic curve theory.

证书认证中心(CA,Certificate Authority)在公钥基础设施中是被广泛信任的实体,它通过签发证书绑定证书主体的身份信息与公钥。数字证书中的身份信息是经过证书认证中心严格审核保证其真实性的。证书认证中心对证书信息的严格审核和对签名密钥的安全管理是公钥基础设施体系安全运行的基础。Certificate Authority (CA, Certificate Authority) is a widely trusted entity in the public key infrastructure. It binds the identity information and public key of the certificate subject by issuing certificates. The identity information in the digital certificate is strictly reviewed by the certificate certification center to ensure its authenticity. The strict review of certificate information and the safe management of signature keys by the certificate certification center are the basis for the safe operation of the public key infrastructure system.

然而,已经发生的一些CA机构的误操作事件和对CA机构的攻击事件表明,CA机构可能签发“虚假证书”。虚假证书可以被验证通过,但是证书中密钥的实际持有者并非证书宣称的订户。“虚假证书”可以被敌手用来发动身份冒用攻击,侵入服务器和用户之间的通信,破坏站点和用户的数据安全。更严重的是,由于CA机构是被所有人共同信任的,任何一个颁发虚假证书的CA机构被攻击成功都会对整个公钥基础设施系统造成威胁。However, some misoperations and attacks on CAs that have occurred show that CAs may issue "false certificates". A fake certificate can be verified, but the actual holder of the key in the certificate is not the subscriber claimed by the certificate. "Fake certificates" can be used by adversaries to launch identity spoofing attacks, intrude into communications between servers and users, and compromise site and user data security. More seriously, since the CA is trusted by everyone, any CA that issues a fake certificate is successfully attacked, which will pose a threat to the entire public key infrastructure system.

为了缓解上述由于发布虚假证书造成的可能的攻击,业界提出了证书透明化方案。证书透明化方案中,所有合法的证书是对所有人都公开可见的。CA机构将自己签发的证书提交到一个公开日志服务器,公开日志服务器通过在证书内容中添加一个自己的签名来证明证书已经提交到公开日志服务器。在资源受限的环境中,证书中公开日志服务器的签名带来的开销太大,并且多个公开日志服务器将带来多个签名,有必要设计一种隐式证书的透明化方法,降低公开日志服务器的签名带来的开销。In order to mitigate the above possible attacks caused by issuing false certificates, the industry has proposed a certificate transparency scheme. In a certificate transparency scheme, all valid certificates are publicly visible to everyone. The CA agency submits the certificate issued by itself to a public log server, and the public log server proves that the certificate has been submitted to the public log server by adding its own signature to the content of the certificate. In a resource-constrained environment, the overhead of exposing the signature of the log server in the certificate is too high, and multiple public log servers will bring multiple signatures. It is necessary to design a transparent method for implicit certificates to reduce the exposure The overhead of the log server's signature.

发明内容SUMMARY OF THE INVENTION

为解决上述问题,本发明提供了一种隐式证书的透明化方法,借助隐式证书中将数字签名与公钥合二为一为公钥重构值的思想,减少证书透明化公开日志服务器签名带来的空间开销与计算开销。In order to solve the above problems, the present invention provides a transparent method for an implicit certificate. With the help of the idea of combining a digital signature and a public key into a public key reconstruction value in the implicit certificate, the certificate transparency and public log server are reduced. The space overhead and computational overhead brought by the signature.

本发明的技术内容包括:The technical content of the present invention includes:

一种透明化的隐式证书生成方法,适用于用户、证书认证中心、w个证书透明化日志服务器组成的系统,w≥1,所述证书认证中心生成公私钥对(qca,Qca),各证书透明化日志服务器生成公私钥对

Figure BDA0002816003940000021
其步骤包括:A transparent implicit certificate generation method, suitable for a system composed of a user, a certificate authentication center, and w certificate transparency log servers, where w≥1, the certificate authentication center generates a public-private key pair (q ca , Q ca ) , each certificate transparency log server generates a public-private key pair
Figure BDA0002816003940000021
Its steps include:

1)证书认证中心根据生成的临时公钥Pca与接收的临时公钥Pu、临时公钥

Figure BDA0002816003940000022
生成并广播公钥重构值Rct,其中临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)及临时公私钥对
Figure BDA0002816003940000023
是由证书认证中心、用户及各证书透明化日志服务器分别生成,1≤i≤w;1) According to the generated temporary public key P ca and the received temporary public key P u , the temporary public key
Figure BDA0002816003940000022
Generate and broadcast the public key reconstruction value R ct , wherein the temporary public-private key pair (k ca , P ca ), the temporary public-private key pair ( ku , P u ) and the temporary public-private key pair
Figure BDA0002816003940000023
It is generated by the certificate authentication center, the user and each certificate transparency log server, 1≤i≤w;

2)根据接收的用户信息与证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳及公钥重构值Rct生成用户证书Certu,并根据用户证书Certu和临时私钥kca生成私钥重构值rca,将用户证书Certu发送至各证书透明化日志服务器,以使各证书透明化日志服务器公开及存储用户证书Certu2) Generate the user certificate Cert u according to the received user information and the certificate transparency log server information, the timestamp of submitting the certificate to the certificate transparency log server, and the public key reconstruction value R ct , and generate the user certificate Cert u according to the user certificate Cert u and the temporary private key k ca generates a private key reconstruction value r ca , and sends the user certificate Cert u to each certificate transparency log server, so that each certificate transparency log server discloses and stores the user certificate Cert u ;

3)接收各证书透明化日志服务器返回的私钥重构值

Figure BDA00028160039400000210
根据各私钥重构值
Figure BDA00028160039400000211
与私钥重构值rca生成私钥重构值rct,并将用户证书Certu与私钥重构值rct发送至用户,以使用户获取用户证书Certu及生成支持证书透明化的公私钥对(qu,Qu);3) Receive the private key reconstruction value returned by each certificate transparency log server
Figure BDA00028160039400000210
Reconstruct the value from each private key
Figure BDA00028160039400000211
Generate the private key reconstruction value r ct with the private key reconstruction value r ca , and send the user certificate Cert u and the private key reconstruction value r ct to the user, so that the user can obtain the user certificate Cert u and generate a certificate that supports certificate transparency. public-private key pair ( qu , Qu );

其中,所述的公私钥对(qca,Qca)、公私钥对

Figure BDA0002816003940000024
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)与临时公私钥对
Figure BDA0002816003940000025
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure BDA0002816003940000024
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair ( ku , P u ) , and temporary public-private key pair
Figure BDA0002816003940000025
They are independently generated based on the same elliptic curve.

进一步地,椭圆曲线包括:椭圆曲线secp256k1。Further, the elliptic curve includes: elliptic curve secp256k1.

进一步地,公钥重构值

Figure BDA0002816003940000026
Further, the public key reconstructs the value
Figure BDA0002816003940000026

进一步地,通过以下步骤生成私钥重构值rcaFurther, the private key reconstruction value r ca is generated through the following steps:

1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function;

2)计算私钥重构值rca=e×kca+qca2) Calculate the private key reconstruction value r ca =e×k ca +q ca .

进一步地,通过以下步骤生成私钥重构值

Figure BDA0002816003940000027
Further, generate the private key reconstruction value through the following steps
Figure BDA0002816003940000027

1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function;

2)计算私钥重构值

Figure BDA0002816003940000028
2) Calculate the private key reconstruction value
Figure BDA0002816003940000028

进一步地,哈希函数包括:SHA-256。Further, the hash function includes: SHA-256.

进一步地,私钥重构值

Figure BDA0002816003940000029
Further, the private key reconstructs the value
Figure BDA0002816003940000029

进一步地,用户通过以下步骤生成支持证书透明化的公私钥对(qu,Qu):Further, the user generates a public-private key pair ( qu , Qu ) that supports certificate transparency through the following steps:

1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function;

2)计算支持证书透明化的私钥qu=e×ku+rct2) Calculate the private key qu = e× k u + r ct supporting certificate transparency;

3)计算支持证书透明化的公钥

Figure BDA0002816003940000031
3) Calculate the public key that supports certificate transparency
Figure BDA0002816003940000031

一种透明化的隐式证书生成系统,包括:A transparent implicit certificate generation system, including:

用户,用以生成临时公私钥对(ku,Pu);将临时公钥Pu发送至证书认证中心;接收证书认证中心生成的用户证书Certu与私钥重构值rca;生成支持证书透明化的公私钥对(qu,Qu);User, to generate a temporary public-private key pair (ku, Pu ); send the temporary public key Pu to the certificate authority; receive the user certificate Cert u and the private key reconstruction value r ca generated by the certificate authority; generate support Certificate transparency public-private key pair ( qu , Qu );

证书认证中心,用以生成公私钥对(qca,Qca)与临时公私钥对(kca,Pca);接收用户的临时公钥Pu、各证书透明化日志服务器的临时公钥

Figure BDA00028160039400000311
用户信息与各证书透明化日志服务器信息;根据临时公钥Pca、临时公钥Pu与临时公钥
Figure BDA00028160039400000312
根据用户证书Certu和临时私钥kca生成私钥重构值rca;根据用户信息、证书透明化日志服务器信息、时间戳及公钥重构值Rct生成用户证书Certu;生成私钥重构值rca;将用户证书Certu发送至各证书透明化日志服务器;接收各证书透明化日志服务器返回的私钥重构值
Figure BDA0002816003940000032
根据各私钥重构值
Figure BDA0002816003940000033
与私钥重构值rca生成私钥重构值rct;将用户证书Certu与私钥重构值rct发送至用户;The certificate authentication center is used to generate a public-private key pair (q ca , Q ca ) and a temporary public-private key pair ( k ca , P ca ); receive the temporary public key Pu of the user and the temporary public key of each certificate transparency log server
Figure BDA00028160039400000311
User information and each certificate transparency log server information; based on the temporary public key P ca , the temporary public key Pu and the temporary public key
Figure BDA00028160039400000312
Generate private key reconstruction value r ca according to user certificate Cert u and temporary private key k ca ; generate user certificate Cert u according to user information, certificate transparency log server information, timestamp and public key reconstruction value R ct ; generate private key Reconstructed value r ca ; send the user certificate Cert u to each certificate transparency log server; receive the private key reconstruction value returned by each certificate transparency log server
Figure BDA0002816003940000032
Reconstruct the value from each private key
Figure BDA0002816003940000033
Generate the private key reconstruction value rct with the private key reconstruction value r ca ; send the user certificate Cert u and the private key reconstruction value rct to the user;

w个证书透明化日志服务器,用以生成公私钥对

Figure BDA0002816003940000034
接收证书认证中心发送的用户证书Certu;将生成私钥重构值
Figure BDA0002816003940000035
返回至证书认证中心;将用户证书Certu公开并存储,w≥1;w certificate transparency log servers to generate public and private key pairs
Figure BDA0002816003940000034
Receive the user certificate Cert u sent by the certificate authority; the private key reconstruction value will be generated
Figure BDA0002816003940000035
Return to the certificate authentication center; expose and store the user certificate Cert u , w≥1;

其中,所述的公私钥对(qca,Qca)、公私钥对

Figure BDA0002816003940000036
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)与临时公私钥对
Figure BDA0002816003940000037
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure BDA0002816003940000036
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair ( ku , P u ) , and temporary public-private key pair
Figure BDA0002816003940000037
They are independently generated based on the same elliptic curve.

一种透明化的隐式证书生成方法,适用于用户、证书认证中心、w个证书透明化日志服务器组成的系统,w≥1,所述证书认证中心生成公私钥对(qca,Qca),各证书透明化日志服务器公私钥对

Figure BDA0002816003940000038
其步骤包括:A transparent implicit certificate generation method, suitable for a system composed of a user, a certificate authentication center, and w certificate transparency log servers, where w≥1, the certificate authentication center generates a public-private key pair (q ca , Q ca ) , the public and private key pairs of each certificate transparency log server
Figure BDA0002816003940000038
Its steps include:

1)证书认证中心根据生成的临时公钥Pca与接收的临时公钥Pu、临时公钥

Figure BDA0002816003940000039
生成并广播公钥重构值Rct,依据临时公钥Pca与接收的临时公钥P′u,生成并广播公钥重构值R′ct,其中临时公私钥对(kca,Pca)与临时公私钥对
Figure BDA00028160039400000310
是由证书认证中心与各证书透明化日志服务器分别独立生成,临时公私钥对(ku,Pu)与临时公私钥对(k′u,P′u)分别是由用户生成,1≤i≤w;1) According to the generated temporary public key P ca and the received temporary public key P u , the temporary public key
Figure BDA0002816003940000039
Generate and broadcast the public key reconstruction value R ct , according to the temporary public key P ca and the received temporary public key P' u , generate and broadcast the public key reconstruction value R' ct , where the temporary public and private key pair (k ca , P ca ) and the temporary public and private key pair
Figure BDA00028160039400000310
It is independently generated by the certificate certification center and each certificate transparency log server. The temporary public and private key pair (k u , P u ) and the temporary public and private key pair (k' u , P' u ) are respectively generated by the user, 1≤i ≤w;

2)根据接收的用户信息与证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳、公钥重构值Rct及公钥重构值R′ct生成用户证书Cert′u,生成私钥重构值rca,将用户证书Cert′u发送至各证书透明化日志服务器,以使各证书透明化日志服务器公开及存储用户证书Cert′u2) Generate the user certificate Cert' u according to the received user information and the certificate transparency log server information, the timestamp of submitting the certificate to the certificate transparency log server, the public key reconstruction value R ct and the public key reconstruction value R' ct , generating a private key reconstruction value r ca , and sending the user certificate Cert' u to each certificate transparency log server, so that each certificate transparency log server discloses and stores the user certificate Cert'u;

3)接收各证书透明化日志服务器返回的私钥重构值

Figure BDA0002816003940000041
根据各私钥重构值
Figure BDA0002816003940000042
与私钥重构值rca生成私钥重构值rct,并将用户证书Cert′u、私钥重构值rct与私钥重构值rca发送至用户,以使用户获取用户证书Cert′u及生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u);3) Receive the private key reconstruction value returned by each certificate transparency log server
Figure BDA0002816003940000041
Reconstruct the value from each private key
Figure BDA0002816003940000042
Generate the private key reconstruction value r ct with the private key reconstruction value r ca , and send the user certificate Cert′ u , the private key reconstruction value rc t and the private key reconstruction value r ca to the user, so that the user can obtain the user certificate Cert' u and generate a public-private key pair (q u , Qu ) that supports certificate transparency and a public-private key pair (q' u , Q' u ) that does not support certificate transparency;

其中,所述的公私钥对(qca,Qca)、公私钥对

Figure BDA0002816003940000043
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)、临时公私钥对(k′u,P′u)与临时公私钥对
Figure BDA0002816003940000044
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure BDA0002816003940000043
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair (ku , P u ), temporary public-private key pair (k′ u , P′ u ) and temporary public-private key pair
Figure BDA0002816003940000044
They are independently generated based on the same elliptic curve.

进一步地,公钥重构值R′ct=Pca+P′uFurther, the public key reconstruction value R' ct =P ca +P' u .

进一步地,用户通过以下步骤生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u):Further, the user generates a public-private key pair (q u , Qu ) that supports certificate transparency and a public-private key pair (q' u , Q' u ) that does not support certificate transparency through the following steps:

1)计算用户证书Certu的散列值e=H(Cert′u),其中H为哈希函数;1) Calculate the hash value e=H(Cert' u ) of the user certificate Cert u , where H is a hash function;

2)计算支持证书透明化的私钥qu=e×ku+rct2) Calculate the private key qu = e× k u + r ct supporting certificate transparency;

3)计算支持证书透明化的公钥

Figure BDA0002816003940000045
3) Calculate the public key that supports certificate transparency
Figure BDA0002816003940000045

4)计算不支持证书透明化的私钥q′u=e×k′u+rca4) Calculate the private key q′ u =e×k′ u +r ca that does not support certificate transparency;

5)计算不支持证书透明化的公钥Q′u=e×R′ct+Qca5) Calculate the public key Q' u =e×R' ct +Q ca that does not support certificate transparency.

进一步地,当用户证书持有者通过用证书对特定消息签名来验证身份时,将椭圆曲线签名(x,s,s′)发送给签名验证方进行身份验证;若签名验证方支持证书透明化验证,则验证椭圆曲线签名(x,s),若签名验证方不支持证书透明化验证,则验证椭圆曲线签名(x,s′);通过以下步骤生成椭圆曲线签名(x,s,s′):Further, when the user certificate holder verifies the identity by signing a specific message with the certificate, the elliptic curve signature (x, s, s') is sent to the signature verifier for identity verification; if the signature verifier supports certificate transparency Verification, then verify the elliptic curve signature (x, s), if the signature verifier does not support certificate transparency verification, then verify the elliptic curve signature (x, s'); generate the elliptic curve signature (x, s, s') through the following steps ):

1)基于椭圆曲线生成密钥对(k,P);1) Generate a key pair (k, P) based on the elliptic curve;

2)获取P点在椭圆曲线的x轴坐标,得到参数x;2) Obtain the x-axis coordinate of point P on the elliptic curve, and obtain the parameter x;

3)计算s=k-1(m+x×qu)mod n,其中m为待签名消息的散列值,n为椭圆曲线参数;3) Calculate s=k -1 (m+x×q u ) mod n, where m is the hash value of the message to be signed, and n is an elliptic curve parameter;

4)计算s′=k-1(m+x×q′u)mod n。4) Calculate s'=k -1 (m+x× q'u )mod n.

一种透明化的隐式证书生成系统,包括:A transparent implicit certificate generation system, including:

用户,用以生成临时公私钥对(ku,Pu)与临时公私钥对(k′u,P′u);将临时公钥Pu与临时公钥P′u发送至证书认证中心;接收证书认证中心生成的用户证书Cert′u、私钥重构值rct与私钥重构值rca;生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u);The user is used to generate a temporary public-private key pair (k u , P u ) and a temporary public-private key pair (k' u , P' u ); send the temporary public key Pu and the temporary public key P' u to the certificate authentication center; Receive the user certificate Cert' u , the private key reconstruction value rc and the private key reconstruction value r ca generated by the certificate authority ; The public-private key pair (q' u , Q' u );

证书认证中心,用以生成公私钥对(qca,Qca)与临时公私钥对(kca,Pca);接收用户的临时公钥Pu与临时公钥P′u、各证书透明化日志服务器的临时公钥

Figure BDA0002816003940000051
用户信息与各证书透明化日志服务器信息;根据用户信息、证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳、公钥重构值Rct及公钥重构值R′ct生成用户证书Cert′u;生成私钥重构值rca;将用户证书Cert′u发送至各证书透明化日志服务器;接收各证书透明化日志服务器返回的私钥重构值
Figure BDA0002816003940000052
根据各私钥重构值
Figure BDA0002816003940000053
与私钥重构值rca生成私钥重构值rct;将用户证书Certu、私钥重构值rct与私钥重构值rca发送至用户;The certificate certification center is used to generate a public-private key pair (q ca , Q ca ) and a temporary public-private key pair (k ca , P ca ); receive the user’s temporary public key Pu and temporary public key P′ u , each certificate is transparent Temporary public key of the log server
Figure BDA0002816003940000051
User information and each certificate transparency log server information; based on user information, certificate transparency log server information, time stamp of submitting the certificate to the certificate transparency log server, public key reconstruction value R ct and public key reconstruction value R′ ct Generate the user certificate Cert'u; generate the private key reconstruction value r ca ; send the user certificate Cert' u to each certificate transparency log server; receive the private key reconstruction value returned by each certificate transparency log server
Figure BDA0002816003940000052
Reconstruct the value from each private key
Figure BDA0002816003940000053
Generate the private key reconstruction value r ct with the private key reconstruction value r ca ; send the user certificate Cert u , the private key reconstruction value rc t and the private key reconstruction value r ca to the user;

w个证书透明化日志服务器,用以生成公私钥对

Figure BDA0002816003940000054
接收证书认证中心发送的用户证书Cert′u;将生成私钥重构值
Figure BDA0002816003940000055
返回至证书认证中心;将用户证书Cert′u公开并存储,w≥1;w certificate transparency log servers to generate public and private key pairs
Figure BDA0002816003940000054
Receive the user certificate Cert' u sent by the certificate authority; the private key reconstruction value will be generated
Figure BDA0002816003940000055
Return to the certificate authentication center; disclose and store the user certificate Cert' u , w≥1;

其中,所述的公私钥对(qca,Qca)、公私钥对

Figure BDA0002816003940000056
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)、临时公私钥对(k′u,P′u)与临时公私钥对
Figure BDA0002816003940000057
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure BDA0002816003940000056
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair (ku , P u ), temporary public-private key pair (k′ u , P′ u ) and temporary public-private key pair
Figure BDA0002816003940000057
They are independently generated based on the same elliptic curve.

与现有技术相比,本发明的优点包括:Compared with the prior art, the advantages of the present invention include:

1)在将隐式证书透明化的同时不用带来新的签名和签名验证开销;1) It does not bring new signature and signature verification overhead while making the implicit certificate transparent;

2)将隐式证书提交到多个证书透明化日志服务器后,不需要分别验证是否提交给单个证书透明化日志服务器,在验证隐式证书是否有效的同时即可验证是否提交给多个证书透明化日志服务器。2) After submitting the implicit certificate to multiple Certificate Transparency log servers, there is no need to verify whether it is submitted to a single Certificate Transparency log server, and it can be verified whether to submit to multiple Certificate Transparency while verifying whether the implicit certificate is valid. Log server.

附图说明Description of drawings

图1为本发明的隐式证书的透明化方法框架图。FIG. 1 is a frame diagram of a transparent method for an implicit certificate of the present invention.

图2为一实例中兼容不支持证书透明化的证书中主要内容示意图。FIG. 2 is a schematic diagram of the main contents of a certificate compatible with but not supporting certificate transparency in an example.

图3为一实例中用户请求证书认证中心颁发证书的流程示意图。FIG. 3 is a schematic flowchart of a user requesting a certificate authority to issue a certificate in an example.

图4为一实例中证书认证中心将用户证书提交到公开日志服务器的示意图。FIG. 4 is a schematic diagram of a certificate authentication center submitting a user certificate to a public log server in an example.

具体实施方式Detailed ways

为使本发明的上述目的,特征和优点能够更加明显易懂,下面通过具体实施例,对本发明做进一步说明。In order to make the above-mentioned objects, features and advantages of the present invention more clearly understood, the present invention will be further described below through specific embodiments.

一种隐式证书的透明化方法,如图1所示,应用于用户、证书认证中心和证书透明化日志服务器三者之间,包括以下步骤:An implicit certificate transparency method, as shown in Figure 1, is applied between the user, the certificate authentication center and the certificate transparency log server, including the following steps:

1)生成椭圆曲线参数(p,a,b,G,n,h);1) Generate elliptic curve parameters (p, a, b, G, n, h);

2)生成证书认证中心的私钥qca、公钥Qca,以及证书透明化日志服务器的私钥qlog、公钥Qlog2) Generate the private key q ca and the public key Q ca of the certificate certification center, and the private key q log and the public key Q log of the certificate transparency log server;

3)用户生成临时公私钥对(ku,Pu),申请证书时将用户信息和临时公钥Pu发送给证书认证中心;3) The user generates a temporary public and private key pair ( ku , Pu ), and sends the user information and the temporary public key Pu to the certificate certification center when applying for a certificate;

4)证书认证中心生成临时公私钥对(kca,Pca),证书透明化日志服务器生成临时公私钥对(klog,Plog)并且将临时公钥Plog发送给证书认证中心;4) The certificate authentication center generates a temporary public and private key pair (k ca , P ca ), and the certificate transparency log server generates a temporary public and private key pair (k log , P log ) and sends the temporary public key P log to the certificate authentication center;

5)证书认证中心根据用户的临时公钥Pu、自己的临时公钥Pca以及证书透明化日志服务器的临时公钥Plog,为用户证书生成公钥重构值Rct5) The certificate authentication center generates a public key reconstruction value R ct for the user certificate according to the user's temporary public key P u , its own temporary public key P ca and the temporary public key P log of the certificate transparency log server;

6)证书认证中心根据用户信息,证书透明化日志服务器的信息,证书认证中心将证书提交给证书透明化日志服务器的时间戳以及公钥重构值Rct生成用户证书Certu,并且为用户证书生成私钥重构值rca,其中证书透明化日志服务器的信息是事先存储于证书认证中心或者通过公开渠道获取;6) The certificate authentication center generates the user certificate Cert u according to the user information, the information of the certificate transparency log server, the time stamp when the certificate authentication center submits the certificate to the certificate transparency log server, and the public key reconstruction value R ct , and is the user certificate Generate the private key reconstruction value r ca , wherein the information of the certificate transparency log server is stored in the certificate authority in advance or obtained through public channels;

7)证书认证中心将签发的用户证书提交给证书透明化日志服务器,证书透明化日志服务器检查收到的用户证书后将用户证书上传到公开服务器,然后为用户证书生成私钥重构值rlog并发送给证书认证中心;7) The certificate certification center submits the signed user certificate to the certificate transparency log server, and the certificate transparency log server checks the received user certificate and uploads the user certificate to the public server, and then generates the private key reconstruction value r log for the user certificate and send it to the certificate authority;

8)证书认证中心根据私钥重构值rca和证书透明化日志服务器生成的私钥重构值rlog,生成私钥重构值rct和用户证书一起发送给用户。8) According to the private key reconstruction value r ca and the private key reconstruction value r log generated by the certificate transparency log server, the certificate authentication center generates the private key reconstruction value rc and sends it to the user together with the user certificate.

进一步地,本发明中所提到的所有公私钥对(包括临时公私钥)基于相同的椭圆曲线参数生成,并且使用相同的安全哈希函数。Further, all public and private key pairs (including temporary public and private keys) mentioned in the present invention are generated based on the same elliptic curve parameters, and use the same secure hash function.

进一步地,用户证书Certu中的时间戳为证书认证中心将用户证书提交给证书透明化日志服务器的时间。Further, the timestamp in the user certificate Cert u is the time when the certificate authentication center submits the user certificate to the certificate transparency log server.

进一步地,证书认证中心为用户证书生成公钥重构值的具体方法为,公钥重构值Rct=Pca+Pu+PlogFurther, the specific method for the certificate authentication center to generate the public key reconstruction value for the user certificate is, the public key reconstruction value R ct =P ca +P u +P log .

进一步地,证书认证中心为用户证书生成私钥重构值rca的具体方法为:Further, the specific method for the certificate authentication center to generate the private key reconstruction value r ca for the user certificate is:

1)使用哈希函数H计算出用户证书Certu的散列值e,即e=H(Certu);1) Use the hash function H to calculate the hash value e of the user certificate Cert u , that is, e=H(Cert u );

2)计算私钥重构值rca=e×kca+qca,其中kca表示证书认证中心生成的临时私钥。2) Calculate the private key reconstruction value r ca =e×k ca +q ca , where k ca represents the temporary private key generated by the certificate authority.

进一步地,证书透明化日志服务器为用户证书生成私钥重构值rlog的具体方法为:Further, the specific method for the certificate transparency log server to generate the private key reconstruction value r log for the user certificate is:

1)使用哈希函数H计算出用户证书Certu的散列值e,即e=H(Certu);1) Use the hash function H to calculate the hash value e of the user certificate Cert u , that is, e=H(Cert u );

2)计算私钥重构值rlog=e×klog+qlog,其中klog表示证书透明化日志服务器生成的临时私钥。2) Calculate the private key reconstruction value r log =e×k log +q log , where k log represents the temporary private key generated by the certificate transparency log server.

进一步地,证书认证中心根据rca和rlog生成私钥重构值rct的具体方法为rct=rca+rlogFurther, the specific method for the certificate authentication center to generate the private key reconstruction value rc according to r ca and r log is rc t =r ca +r log .

可选地,方法中的证书透明化日志服务器可以有多个,假设证书认证中心要讲用户证书提交给w个证书透明化日志服务器,则w个证书透明化日志服务器分别生成临时公私钥对

Figure BDA0002816003940000071
并将临时公钥
Figure BDA0002816003940000072
发送给证书认证中心,在收到证书认证中心提交的用户证书Certu后,分别为用户证书生成私钥重构值
Figure BDA0002816003940000073
并发送给证书认证中心。Optionally, there can be multiple certificate transparency log servers in the method. Assuming that the certificate authentication center wants to submit the user certificate to w certificate transparency log servers, the w certificate transparency log servers respectively generate temporary public and private key pairs.
Figure BDA0002816003940000071
and set the temporary public key
Figure BDA0002816003940000072
Send it to the certificate authority, after receiving the user certificate Cert u submitted by the certificate authority, generate the private key reconstruction value for the user certificate respectively
Figure BDA0002816003940000073
and send it to the certificate authority.

进一步地,证书认证中心为用户证书生成的公钥重构值

Figure BDA0002816003940000074
生成的私钥重构值
Figure BDA0002816003940000075
Further, the public key reconstruction value generated by the certificate authentication center for the user certificate
Figure BDA0002816003940000074
Generated private key reconstruction value
Figure BDA0002816003940000075

可选地,当用户证书需要兼容不支持证书透明化的证书验证方时,用户基于相同地椭圆曲线生成第二对临时公私钥对(k′u,P′u)并将P′u也发送给证书认证中心,证书认证中心为用户证书生成另一个公钥重构值R′=Pca+P′u并且将R′的值加入到用户证书内容中,证书认证中心还会将对应与R′的私钥重构值rca发送给用户,则用户将生成支持证书透明化的私钥qu和不支持证书透明化的私钥q′uOptionally, when the user certificate needs to be compatible with a certificate verifier that does not support certificate transparency, the user generates a second temporary public-private key pair (k' u , P' u ) based on the same elliptic curve and sends P' u as well. To the certificate authentication center, the certificate authentication center generates another public key reconstruction value R'=P ca +P' u for the user certificate and adds the value of R' to the content of the user certificate, and the certificate authentication center will also correspond to R ' and send the private key reconstruction value r ca to the user, then the user will generate a private key qu that supports certificate transparency and a private key q' u that does not support certificate transparency.

进一步地,其特征在于用户生成支持证书透明化的私钥qu与不支持证书透化的私钥q′u的具体方法为:Further, it is characterized in that the specific method for the user to generate the private key q u that supports certificate transparency and the private key q' u that does not support certificate transparency is:

1)使用哈希函数H计算出用户证书Certu的散列值e,即e=H(Certu);1) Use the hash function H to calculate the hash value e of the user certificate Cert u , that is, e=H(Cert u );

2)qu=e×ku+rct2) q u =e×k u +r ct ;

3)q′u=e×k′u+rca3) q′ u = e×k′ u +r ca .

进一步地,其特征在于生成用户支持证书透明化的公钥Qu与不支持证书透明化的公钥Q′u的具体方法为:Further, it is characterized in that the specific method for generating the public key Q u that supports certificate transparency and the public key Q' u that does not support certificate transparency is:

1)使用哈希函数H计算出用户证书Certu的散列值e,即e=H(Certu);1) Use the hash function H to calculate the hash value e of the user certificate Cert u , that is, e=H(Cert u );

2)

Figure BDA0002816003940000081
2)
Figure BDA0002816003940000081

3)Q′u=e×R′ct+Qca3) Q′ u = e×R′ ct + Q ca .

可选地,当用户证书持有者通过用证书对特定消息签名来验证身份时,若不知道签名验证方是否支持证书透明化,可以通过使用用户证书的两个私钥生成ECDSA签名(x,s,s′)发送给签名验证方进行身份验证,生成椭圆曲线(ECDSA)签名(x,s,s′)的具体方法如下:Optionally, when the user certificate holder verifies the identity by signing a specific message with the certificate, if it is unknown whether the signature verifier supports certificate transparency, the ECDSA signature can be generated by using the two private keys of the user certificate (x, s, s') are sent to the signature verifier for authentication, and the specific method for generating an elliptic curve (ECDSA) signature (x, s, s') is as follows:

1)生成一对椭圆曲线密钥对(k,P);1) Generate a pair of elliptic curve key pairs (k, P);

2)计算s=k-1(m+x×qu)mod n;2) Calculate s=k -1 (m+x×q u )mod n;

3)计算s′=k-1(m+x×q′u)mod n;3) Calculate s′=k −1 (m+x×q′ u )mod n;

其中m为待签名消息的散列值,n为椭圆曲线参数,x是P点的x轴坐标。Where m is the hash value of the message to be signed, n is the elliptic curve parameter, and x is the x-axis coordinate of point P.

进一步地,如果签名验证方支持证书透明化,则使用用户公钥Qu验证ECDSA签名(x,s),如果签名验证方不支持证书透明化,则使用用户公钥Q′u验证ECDSA签名(x,s′)。Further, if the signature verifier supports certificate transparency, use the user public key Q u to verify the ECDSA signature (x, s); if the signature verifier does not support certificate transparency, use the user public key Q'u to verify the ECDSA signature ( x, s').

本发明的能够兼容不支持证书透明化的证书,如图2所示,即存在两个公钥重构值Rct和R′,并且证书认证中心将用户证书提交给两个证书透明化日志服务器。在本实例中提到的公开日志服务器即指证书透明化服务器。本实例中采用椭圆曲线secp256k1,使用的哈希函数也应该为被广泛认为安全的哈希函数,在本例中采用SHA-256,在接下里的示例中用H表示。证书认证中心的公私钥对用(qca,Qca)表示,公开日志服务器1的公私钥对用(ql1,Ql1)表示,公开日志服务器2的公私钥对用(ql2,Ql2)表示,其中Qca=qcaG,Ql1=ql1G,Ql2=ql2G。证书认证中心为用户生成的证书内容用Certu表示,用户证书Certu的散列值e=H(Certu)。本实例中用CA表示证书认证中心,Log1表示公开日志服务器1,Log2表示公开日志服务器2。The present invention can be compatible with certificates that do not support certificate transparency, as shown in Figure 2, that is, there are two public key reconstruction values R ct and R', and the certificate authentication center submits the user certificate to the two certificate transparency log servers . The public log server mentioned in this example refers to the certificate transparency server. In this example, the elliptic curve secp256k1 is used, and the hash function used should also be a hash function that is widely regarded as secure. In this example, SHA-256 is used, and H is used in the following example. The public-private key pair of the certificate authority is represented by (q ca , Q ca ), the public-private key pair of the public log server 1 is represented by (q l1 , Q l1 ), and the public-private key pair of the public log server 2 is represented by (q l2 , Q l2 ) ), wherein Q ca =q ca G, Q l1 =q l1 G, Q l2 =q l2 G. The content of the certificate generated for the user by the certificate authentication center is represented by Cert u , and the hash value of the user certificate Cert u is e=H(Cert u ). In this example, CA represents the certificate authority, Log 1 represents the public log server 1, and Log 2 represents the public log server 2.

本实例的具体流程分为两部分叙述,分别如图3和图4所示。The specific flow of this example is described in two parts, as shown in Figure 3 and Figure 4 respectively.

如图3所示,用户生成自己的临时公私钥对(ku,Pu),(k′u,P′u),其中ku和k′u通过用户自己的随机数生成器生成,Pu=kuG,P′u=k′uG。用户将临时公钥Pu、P′u和证书中需要的身份信息发送给CA,请求颁发证书,并得到私钥重构值rct和rca。CA收到用户的证书请求后,对用户的证书请求信息进行审核,审核通过后,通过如图3所示的过程为用户生成证书Certu,和私钥重构值rct和rca并发送给用户。其中根据私钥重构值rct导出的用户私钥qu,对应的公钥导出方法为Qu=e×Rct+Qca+Ql1+Ql2,将这对公私钥应用在隐式证书的验证方法中即可同时验证用户证书被CA认可,且提交到了Log1和Log2。其中根据私钥重构址rca导出的用户私钥q′u,对应的公钥到处方法为Q′u=e×R′+Qca,这对公私钥就是与证书透明化无关的普通隐式证书的公私钥对。As shown in Figure 3, the user generates his own temporary public-private key pair (k u , P u ), (k' u , P' u ), where k u and k' u are generated by the user's own random number generator, P u = k u G, P' u = k' u G. The user sends the temporary public keys P u , P′ u and the identity information required in the certificate to the CA, requests the issuance of the certificate, and obtains the private key reconstruction values rc and r ca . After the CA receives the user's certificate request, it reviews the user's certificate request information. After the review is passed, it generates the certificate Cert u for the user through the process shown in Figure 3, and reconstructs the private key values rc and r ca and sends them to users. Among them, the user's private key qu derived from the private key reconstruction value r ct , the corresponding public key deriving method is Qu =e×R ct +Q ca +Q l1 +Q l2 , and this pair of public and private keys is applied to the implicit The certificate verification method can also verify that the user certificate is recognized by the CA and submitted to Log 1 and Log 2 . Among them, the user private key q' u derived from the private key reconstruction address r ca , the corresponding public key everywhere is Q' u =e×R'+Q ca , this pair of public and private keys is a common hidden key that has nothing to do with certificate transparency. The public-private key pair of the certificate.

如图4所示,CA生成用户证书并将用户证书提交到Log1和Log2的具体过程如下所示:As shown in Figure 4, the specific process for the CA to generate the user certificate and submit the user certificate to Log 1 and Log 2 is as follows:

(1)CA生成临时公私钥对(kca,Pca),其中kca由CA使用随机数生成器生成且Pca=kcaG,Log1生成临时公私钥对(kl1,Pl1),其中kl1由Log1使用随机数生成器生成且Pl1=kl1G,Log2生成临时公私钥对(kl2,Pl2),其中kl2由Log2使用随机数生成器生成且Pl2=kl2G;(1) CA generates a temporary public and private key pair (k ca , P ca ), where k ca is generated by CA using a random number generator and P ca =k ca G, Log1 generates a temporary public and private key pair (k l1 , P l1 ), Where k l1 is generated by Log 1 using a random number generator and P l1 =k l1 G, Log 2 generates a temporary public-private key pair (k l2 , P l2 ), where k l2 is generated by Log 2 using a random number generator and P l2 =k l2G ;

(2)CA向Log1和Log2请求得到公钥重构值,Log1和Log2将Pl1和Pl2发送给CA;(2) CA requests the public key reconstruction value from Log 1 and Log 2 , and Log 1 and Log 2 send P l1 and P l2 to CA;

(3)CA为用户生成公钥重构值Rct=Pca+Pu+Pl1+Pl2,另一个公钥重构值R′=Pca+Pu,然后将用户信息,公钥重构值Rct和R′,Log1和Log2的名称或ID,以及准备将证书提交给公开日志服务器的时间t,全部加入到证书内容中并生成用户证书Certu,然后直接将Certu和Pl1提交给Log1,将Certu和Pl2提交给Log2,提交给不同公开日志服务器的时间是相同的;(3) CA generates a public key reconstruction value R ct =P ca +P u +P l1 +P l2 for the user, another public key reconstruction value R′=P ca +P u , and then converts the user information, public key The reconstructed values R ct and R′, the names or IDs of Log 1 and Log 2 , and the time t when the certificate is ready to be submitted to the public log server, are all added to the certificate content and generate the user certificate Cert u , and then directly Cert u Submit Cert u and P l2 to Log 1 , submit Cert u and P l2 to Log 2 , and submit to different public log servers at the same time;

(4)CA对用户证书Certu哈希计算得到散列值e,然后生成私钥重构值rca=e×kca+qca(4) CA obtains the hash value e by hashing the user certificate Cert u , and then generates the private key reconstruction value r ca =e×k ca +q ca ;

(5)Log1在收到用户证书Certu和Pl1后,检查证书符合要求后,根据Pl1找到对应的kl1,然后计算Certu的散列值e,计算私钥重构值rl1=e×kl1+ql1,和证书标识一起发送给CA,然后就用户证书Certu公开在日志服务器中,同理,Log2执行相同的步骤生成私钥重构值rl2并将用户证书公开在自己的日志服务器中;(5) Log 1 After receiving the user certificates Cert u and P l1 , after checking that the certificates meet the requirements, find the corresponding k l1 according to P l1 , then calculate the hash value e of Cert u , and calculate the private key reconstruction value r l1 =e×k l1 +q l1 , send it to the CA together with the certificate identifier, and then expose the user certificate Cert u to the log server. Similarly, Log 2 performs the same steps to generate the private key reconstruction value r l2 and convert the user certificate Expose in your own log server;

(6)CA在收到Log1和Log2返回的rl1和rl2后,检查rl1G是否等于e×Pl1+Ql1,rl2G是否等于e×Pl2+Ql2,如果都相等则计算私钥重构值rct=rca+rl1+rl2(6) After receiving the r l1 and r l2 returned by Log 1 and Log 2 , the CA checks whether r l1 G is equal to e×P l1 +Q l1 and r l2 G is equal to e×P l2 +Q l2 , if both If they are equal, calculate the private key reconstruction value r ct =r ca +r l1 +r l2 ;

(7)最后CA将证书Certu,rca以及rct颁发给用户。(7) Finally, the CA issues the certificates Cert u , r ca and r ct to the user.

提供以上实施例仅仅是为了描述本发明的目的,而并非要限制本发明的范围。本发明的范围由所附权利要求限定。不脱离本发明的精神和原理而做出的各种等同替换和修改,均应涵盖在本发明的范围之内。The above embodiments are provided for the purpose of describing the present invention only, and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalent replacements and modifications made without departing from the spirit and principle of the present invention should be included within the scope of the present invention.

Claims (10)

1.一种透明化的隐式证书生成方法,适用于用户、证书认证中心、w个证书透明化日志服务器组成的系统,w≥1,所述证书认证中心生成公私钥对(qca,Qca),各证书透明化日志服务器生成公私钥对
Figure FDA0002816003930000011
其步骤包括:1. A transparent implicit certificate generation method, suitable for a system composed of a user, a certificate authentication center, and w certificate transparency log servers, where w≥1, the certificate authentication center generates a public-private key pair (q ca , Q ca ), each certificate transparency log server generates a public-private key pair
Figure FDA0002816003930000011
Its steps include: 1)证书认证中心根据生成的临时公钥Pca与接收的临时公钥Pu、临时公钥
Figure FDA0002816003930000012
生成并广播公钥重构值Rct,其中临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)及临时公私钥对
Figure FDA0002816003930000013
是由证书认证中心、用户及各证书透明化日志服务器分别生成,1≤i≤w;1) According to the generated temporary public key Pca and the received temporary public key P u , the temporary public key
Figure FDA0002816003930000012
Generate and broadcast the public key reconstruction value R ct , wherein the temporary public-private key pair (k ca , P ca ), the temporary public-private key pair ( ku , P u ) and the temporary public-private key pair
Figure FDA0002816003930000013
It is generated by the certificate authentication center, the user and each certificate transparency log server, 1≤i≤w; 2)根据接收的用户信息与证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳及公钥重构值Rct生成用户证书Certu,并根据用户证书Certu和临时私钥kca生成私钥重构值rca,将用户证书Certu发送至各证书透明化日志服务器,以使各证书透明化日志服务器公开及存储用户证书Certu2) Generate the user certificate Cert u according to the received user information and the certificate transparency log server information, the timestamp of submitting the certificate to the certificate transparency log server, and the public key reconstruction value R ct , and generate the user certificate Cert u according to the user certificate Cert u and the temporary private key k ca generates a private key reconstruction value r ca , and sends the user certificate Cert u to each certificate transparency log server, so that each certificate transparency log server discloses and stores the user certificate Cert u ; 3)接收各证书透明化日志服务器返回的私钥重构值
Figure FDA0002816003930000014
根据各私钥重构值
Figure FDA0002816003930000015
与私钥重构值rca生成私钥重构值rct,并将用户证书Certu与私钥重构值rct发送至用户,以使用户获取用户证书Certu及生成支持证书透明化的公私钥对(qu,Qu);3) Receive the private key reconstruction value returned by each certificate transparency log server
Figure FDA0002816003930000014
Reconstruct the value from each private key
Figure FDA0002816003930000015
Generate the private key reconstruction value r ct with the private key reconstruction value r ca , and send the user certificate Cert u and the private key reconstruction value r ct to the user, so that the user can obtain the user certificate Cert u and generate a certificate that supports certificate transparency. public-private key pair ( qu , Qu ); 其中,所述的公私钥对(qca,Qca)、公私钥对
Figure FDA0002816003930000016
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)与临时公私钥对
Figure FDA0002816003930000017
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure FDA0002816003930000016
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair ( ku , P u ) , and temporary public-private key pair
Figure FDA0002816003930000017
They are independently generated based on the same elliptic curve. 2.如权利要求1所述的方法,其特征在于,椭圆曲线包括:椭圆曲线secp256k1。2. The method of claim 1, wherein the elliptic curve comprises: an elliptic curve secp256k1. 3.如权利要求1所述的方法,其特征在于,公钥重构值
Figure FDA0002816003930000018
通过以下步骤生成私钥重构值rca3. The method of claim 1, wherein the public key reconstructs the value
Figure FDA0002816003930000018
Generate the private key reconstruction value r ca by the following steps: 1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function; 2)计算私钥重构值rca=e×kca+qca2) Calculate the private key reconstruction value r ca =e×k ca +q ca . 4.如权利要求1所述的方法,其特征在于,通过以下步骤生成私钥重构值
Figure FDA0002816003930000019
4. The method of claim 1, wherein the private key reconstruction value is generated by the following steps
Figure FDA0002816003930000019
 1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;哈希函数包括:SHA-256;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function; the hash function includes: SHA-256; 2)计算私钥重构值
Figure FDA0002816003930000021
2) Calculate the private key reconstruction value
Figure FDA0002816003930000021
 5.如权利要求1所述的方法,其特征在于,私钥重构值
Figure FDA0002816003930000022
用户通过以下步骤生成支持证书透明化的公私钥对(qu,Qu):5. The method of claim 1, wherein the private key reconstructs the value
Figure FDA0002816003930000022
The user generates a public-private key pair (q u , Qu ) that supports certificate transparency through the following steps: 1)计算用户证书Certu的散列值e=H(Certu),其中H为哈希函数;1) Calculate the hash value e=H(Cert u ) of the user certificate Cert u , where H is a hash function; 2)计算支持证书透明化的私钥qu=e×ku+rct2) Calculate the private key qu = e× k u + r ct supporting certificate transparency; 3)计算支持证书透明化的公钥
Figure FDA0002816003930000023
3) Calculate the public key that supports certificate transparency
Figure FDA0002816003930000023
 6.一种透明化的隐式证书生成系统,包括:6. A transparent implicit certificate generation system, comprising: 用户,用以生成临时公私钥对(ku,Pu);将临时公钥Pu发送至证书认证中心;接收证书认证中心生成的用户证书Certu与私钥重构值rca;生成支持证书透明化的公私钥对(qu,Qu);User, to generate a temporary public-private key pair (ku, Pu ); send the temporary public key Pu to the certificate authority; receive the user certificate Cert u and the private key reconstruction value r ca generated by the certificate authority; generate support Certificate transparency public-private key pair ( qu , Qu ); 证书认证中心,用以生成公私钥对(qca,Qca)与临时公私钥对(kca,Pca);接收用户的临时公钥Pu、各证书透明化日志服务器的临时公钥
Figure FDA0002816003930000024
用户信息与各证书透明化日志服务器信息;根据临时公钥Pca、临时公钥Pu与临时公钥
Figure FDA0002816003930000025
生成公钥重构值Rca;根据用户信息、证书透明化日志服务器信息、时间戳及公钥重构值Rct生成用户证书Certu;根据用户证书Certu和临时私钥kca生成私钥重构值rca;将用户证书Certu发送至各证书透明化日志服务器;接收各证书透明化日志服务器返回的私钥重构值
Figure FDA0002816003930000026
限据各私钥重构值
Figure FDA0002816003930000027
与私钥重构值rca生成私钥重构值rct;将用户证书Certu与私钥重构值rct发送至用户;The certificate authentication center is used to generate a public-private key pair (q ca , Q ca ) and a temporary public-private key pair ( k ca , P ca ); receive the user's temporary public key Pu and the temporary public key of each certificate transparency log server
Figure FDA0002816003930000024
User information and each certificate transparency log server information; based on the temporary public key P ca , the temporary public key Pu and the temporary public key
Figure FDA0002816003930000025
Generate public key reconstruction value R ca ; generate user certificate Cert u according to user information, certificate transparency log server information, timestamp and public key reconstruction value R ct ; generate private key according to user certificate Cert u and temporary private key k ca Reconstructed value r ca ; send the user certificate Cert u to each certificate transparency log server; receive the private key reconstruction value returned by each certificate transparency log server
Figure FDA0002816003930000026
Rebuild the value according to each private key
Figure FDA0002816003930000027
Generate the private key reconstruction value rct with the private key reconstruction value r ca ; send the user certificate Cert u and the private key reconstruction value rct to the user; w个证书透明化日志服务器,用以生成公私钥对
Figure FDA0002816003930000028
接收证书认证中心发送的用户证书Certu;将生成私钥重构值
Figure FDA0002816003930000029
返回至证书认证中心;将用户证书Certu公开并存储,w≥1;w certificate transparency log servers to generate public and private key pairs
Figure FDA0002816003930000028
Receive the user certificate Cert u sent by the certificate authority; the private key reconstruction value will be generated
Figure FDA0002816003930000029
Return to the certificate authentication center; expose and store the user certificate Cert u , w≥1; 其中,所述的公私钥对(qca,Qca)、公私钥对
Figure FDA00028160039300000210
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)与临时公私钥对
Figure FDA00028160039300000211
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure FDA00028160039300000210
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair ( ku , P u ) , and temporary public-private key pair
Figure FDA00028160039300000211
They are independently generated based on the same elliptic curve. 7.一种透明化的隐式证书生成方法,适用于用户、证书认证中心、w个证书透明化日志服务器组成的系统,w≥1,所述证书认证中心生成公私钥对(qca,Qca),各证书透明化日志服务器公私钥对
Figure FDA0002816003930000031
其步骤包括:7. A transparent implicit certificate generation method, suitable for a system composed of a user, a certificate authentication center, and w certificate transparency log servers, where w≥1, the certificate authentication center generates a public-private key pair (q ca , Q ca ), the public and private key pair of each certificate transparency log server
Figure FDA0002816003930000031
Its steps include: 1)证书认证中心根据生成的临时公钥Pca与接收的临时公钥Pu、临时公钥
Figure FDA0002816003930000032
生成并广播公钥重构值Rct,依据临时公钥Pca与接收的临时公钥P′u,生成并广播公钥重构值R′ct,其中临时公私钥对(kca,Pca)与临时公私钥对
Figure FDA0002816003930000033
是由证书认证中心与各证书透明化日志服务器分别独立生成,临时公私钥对(ku,Pu)与临时公私钥对(k′u,P′u)分别是由用户生成,1≤i≤w;1) According to the generated temporary public key Pca and the received temporary public key P u , the temporary public key
Figure FDA0002816003930000032
Generate and broadcast the public key reconstruction value R ct , according to the temporary public key P ca and the received temporary public key P' u , generate and broadcast the public key reconstruction value R' ct , where the temporary public and private key pair (k ca , P ca ) and the temporary public and private key pair
Figure FDA0002816003930000033
It is independently generated by the certificate certification center and each certificate transparency log server. The temporary public and private key pair (k u , P u ) and the temporary public and private key pair (k' u , P' u ) are respectively generated by the user, 1≤i ≤w; 2)根据接收的用户信息与证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳、公钥重构值Rct及公钥重构值R′ct生成用户证书Cert′u,并根据用户证书Certu和临时私钥kca生成私钥重构值rca,将用户证书Cert′u发送至各证书透明化日志服务器,以使各证书透明化日志服务器公开及存储用户证书Cert′u2) Generate the user certificate Cert' u according to the received user information and the certificate transparency log server information, the timestamp of submitting the certificate to the certificate transparency log server, the public key reconstruction value R ct and the public key reconstruction value R' ct , And generate the private key reconstruction value r ca according to the user certificate Cert u and the temporary private key k ca , and send the user certificate Cert' u to each certificate transparency log server, so that each certificate transparency log server discloses and stores the user certificate Cert ′ u ; 3)接收各证书透明化日志服务器返回的私钥重构值
Figure FDA0002816003930000034
根据各私钥重构值
Figure FDA0002816003930000035
与私钥重构值rca生成私钥重构值rct,并将用户证书Cert′u、私钥重构值rct与私钥重构值rca发送至用户,以使用户获取用户证书Cert′u及生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u);3) Receive the private key reconstruction value returned by each certificate transparency log server
Figure FDA0002816003930000034
Reconstruct the value from each private key
Figure FDA0002816003930000035
Generate the private key reconstruction value r ct with the private key reconstruction value r ca , and send the user certificate Cert′ u , the private key reconstruction value rc t and the private key reconstruction value r ca to the user, so that the user can obtain the user certificate Cert' u and generate a public-private key pair (q u , Qu ) that supports certificate transparency and a public-private key pair (q' u , Q' u ) that does not support certificate transparency; 其中,所述的公私钥对(qca,Qca)、公私钥对
Figure FDA0002816003930000036
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)、临时公私钥对(k′u,P′u)与临时公私钥对
Figure FDA0002816003930000037
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure FDA0002816003930000036
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair (ku , P u ), temporary public-private key pair (k′ u , P′ u ) and temporary public-private key pair
Figure FDA0002816003930000037
They are independently generated based on the same elliptic curve. 8.如权利要求7所述的方法,其特征在于,公钥重构值R′ct=Pca+P′u;用户通过以下步骤生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u):8. The method according to claim 7, characterized in that, the public key reconstruction value R' ct =P ca +P'u; the user generates a public-private key pair (qu , Qu u that supports certificate transparency through the following steps ) ) and a public-private key pair (q' u , Q' u ) that does not support certificate transparency: 1)计算用户证书Certu的散列值e=H(Cert′u),其中H为哈希函数;1) Calculate the hash value e=H(Cert' u ) of the user certificate Cert u , where H is a hash function; 2)计算支持证书透明化的私钥qu=e×ku+rct2) Calculate the private key qu = e× k u + r ct supporting certificate transparency; 3)计算支持证书透明化的公钥
Figure FDA0002816003930000041
3) Calculate the public key that supports certificate transparency
Figure FDA0002816003930000041
 4)计算不支持证书透明化的私钥q′u=e×k′u+rca4) Calculate the private key q′ u =e×k′ u +r ca that does not support certificate transparency; 5)计算不支持证书透明化的公钥Q′u=e×R′ct+Qca5) Calculate the public key Q' u =e×R' ct +Q ca that does not support certificate transparency. 9.如权利要求7所述的方法,其特征在于,当用户证书持有者通过用证书对特定消息签名来验证身份时,将椭圆曲线签名(x,s,s′)发送给签名验证方进行身份验证;若签名验证方支持证书透明化验证,则验证椭圆曲线签名(x,s),若签名验证方不支持证书透明化验证,则验证椭圆曲线签名(x,s′);通过以下步骤生成椭圆曲线签名(x,s,s′):9. The method of claim 7, wherein when the user certificate holder verifies the identity by signing a specific message with the certificate, the elliptic curve signature (x, s, s') is sent to the signature verifier Perform identity verification; if the signature verifier supports certificate transparency verification, verify the elliptic curve signature (x, s); if the signature verifier does not support certificate transparency verification, verify the elliptic curve signature (x, s'); pass the following Steps to generate elliptic curve signature (x, s, s'): 1)基于椭圆曲线生成密钥对(k,P);1) Generate a key pair (k, P) based on the elliptic curve; 2)获取P点在椭圆曲线的x轴坐标,得到参数x;2) Obtain the x-axis coordinate of point P on the elliptic curve, and obtain the parameter x; 3)计算s=k-1(m+x×qu)mod n,其中m为待签名消息的散列值,n为椭圆曲线参数;3) Calculate s=k -1 (m+x×q u ) mod n, where m is the hash value of the message to be signed, and n is an elliptic curve parameter; 4)计算s′=k-1(m+x×q′u)mod n。4) Calculate s'=k -1 (m+x× q'u )mod n. 10.一种透明化的隐式证书生成系统,包括:10. A transparent implicit certificate generation system, comprising: 用户,用以生成临时公私钥对(ku,Pu)与临时公私钥对(k′u,P′u);将临时公钥Pu与临时公钥P′u发送至证书认证中心;接收证书认证中心生成的用户证书Cert′u、私钥重构值rct与私钥重构值rca;生成支持证书透明化的公私钥对(qu,Qu)与不支持证书透明化的公私钥对(q′u,Q′u);The user is used to generate a temporary public-private key pair (k u , P u ) and a temporary public-private key pair (k' u , P' u ); send the temporary public key Pu and the temporary public key P' u to the certificate authentication center; Receive the user certificate Cert' u , the private key reconstruction value rc and the private key reconstruction value r ca generated by the certificate authority ; The public-private key pair (q' u , Q' u ); 证书认证中心,用以生成公私钥对(qca,Qca)与临时公私钥对(kca,Pta);接收用户的临时公钥Pu与临时公钥P′u、各证书透明化日志服务器的临时公钥
Figure FDA0002816003930000042
用户信息与各证书透明化日志服务器信息;根据用户信息、证书透明化日志服务器信息、提交证书给证书透明化日志服务器的时间戳、公钥重构值Rct及公钥重构值R′ct生成用户证书Cert′u;根据用户证书Certu和临时私钥kca生成私钥重构值rca;将用户证书Cert′u发送至各证书透明化日志服务器;接收各证书透明化日志服务器返回的私钥重构值
Figure FDA0002816003930000043
根据各私钥重构值
Figure FDA0002816003930000044
与私钥重构值rca生成私钥重构值rct;将用户证书Certu、私钥重构值rct与私钥重构值rca发送至用户;The certificate certification center is used to generate a public-private key pair (q ca , Q ca ) and a temporary public-private key pair (k ca , P ta ); receive the user's temporary public key P u and temporary public key P' u , each certificate is transparent Temporary public key of the log server
Figure FDA0002816003930000042
User information and each certificate transparency log server information; based on user information, certificate transparency log server information, time stamp of submitting the certificate to the certificate transparency log server, public key reconstruction value R ct and public key reconstruction value R′ ct Generate the user certificate Cert'u; generate the private key reconstruction value r ca according to the user certificate Cert u and the temporary private key k ca ; send the user certificate Cert' u to each certificate transparency log server; receive the return from each certificate transparency log server The private key reconstruction value of
Figure FDA0002816003930000043
Reconstruct the value from each private key
Figure FDA0002816003930000044
Generate the private key reconstruction value r ct with the private key reconstruction value r ca ; send the user certificate Cert u , the private key reconstruction value rc t and the private key reconstruction value r ca to the user; w个证书透明化日志服务器,用以生成公私钥对
Figure FDA0002816003930000051
接收证书认证中心发送的用户证书Cert′u;将生成私钥重构值
Figure FDA0002816003930000052
返回至证书认证中心;将用户证书Cert′u公开并存储,w≥1;w certificate transparency log servers to generate public and private key pairs
Figure FDA0002816003930000051
Receive the user certificate Cert' u sent by the certificate authority; the private key reconstruction value will be generated
Figure FDA0002816003930000052
Return to the certificate authentication center; disclose and store the user certificate Cert' u , w≥1; 其中,所述的公私钥对(qca,Qca)、公私钥对
Figure FDA0002816003930000053
临时公私钥对(kca,Pca)、临时公私钥对(ku,Pu)、临时公私钥对(k′u,P′u)与临时公私钥对
Figure FDA0002816003930000054
分别基于同一椭圆曲线独立生成。Among them, the public-private key pair (q ca , Q ca ), the public-private key pair
Figure FDA0002816003930000053
Temporary public-private key pair (k ca , P ca ), temporary public-private key pair (ku , P u ), temporary public-private key pair (k′ u , P′ u ) and temporary public-private key pair
Figure FDA0002816003930000054
They are independently generated based on the same elliptic curve.
CN202011409117.7A 2020-12-03 2020-12-03 A transparent method and system for implicit certificate Pending CN114611078A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011409117.7A CN114611078A (en) 2020-12-03 2020-12-03 A transparent method and system for implicit certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011409117.7A CN114611078A (en) 2020-12-03 2020-12-03 A transparent method and system for implicit certificate

Publications (1)

Publication Number Publication Date
CN114611078A true CN114611078A (en) 2022-06-10

Family

ID=81857079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011409117.7A Pending CN114611078A (en) 2020-12-03 2020-12-03 A transparent method and system for implicit certificate

Country Status (1)

Country Link
CN (1) CN114611078A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103733564A (en) * 2011-06-10 2014-04-16 塞尔蒂卡姆公司 Digital signatures with implicit certificate chains
CN106411528A (en) * 2016-10-17 2017-02-15 重庆邮电大学 Lightweight authentication key negotiation method based on implicit certificate
CN109978518A (en) * 2019-03-27 2019-07-05 数据通信科学技术研究所 A kind of implicit certificate distribution method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103733564A (en) * 2011-06-10 2014-04-16 塞尔蒂卡姆公司 Digital signatures with implicit certificate chains
CN106411528A (en) * 2016-10-17 2017-02-15 重庆邮电大学 Lightweight authentication key negotiation method based on implicit certificate
CN109978518A (en) * 2019-03-27 2019-07-05 数据通信科学技术研究所 A kind of implicit certificate distribution method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
赵敏等: "基于自签名隐式证书的认证密钥协商协议研究", 《计算机技术与发展》, vol. 27, no. 5, 31 May 2017 (2017-05-31) *
陈中林: "以用户为中心的超密集网络安全关键技术研究", 《中国知网博士电子期刊》, 31 May 2017 (2017-05-31) *

Similar Documents

Publication Publication Date Title
WO2021238527A1 (en) Digital signature generation method and apparatus, computer device, and storage medium
CN108551392B (en) A blind signature generation method and system based on SM9 digital signature
JP3522447B2 (en) Authentication exchange method and additional public electronic signature method
US9276749B2 (en) Distributed validation of digitally signed electronic documents
CN104811300B (en) The key updating method of cloud storage and the implementation method of cloud data accountability system
CN107483191B (en) A SM2 algorithm key segmentation signature system and method
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN106341232A (en) Anonymous entity identification method based on password
CN112435026B (en) Method and device for protecting file transaction information by using zero-knowledge proof and electronic equipment
Yoon et al. New ID-based proxy signature scheme with message recovery
CN111651745B (en) Application authorization signature method based on password equipment
CN115361233B (en) Block chain-based electronic document signing method, device, equipment and medium
CN109245897B (en) A node authentication method and device based on non-interactive zero-knowledge proof
US20220368539A1 (en) Computer implemented method and system for storing certified data on a blockchain
CN101488851B (en) Method and apparatus for signing identity verification certificate in trusted computing
CN108712259A (en) Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data
TW202118271A (en) Computer-implemented system and method for facilitating transactions associated with a blockchain using a network identifier for participating entities
CN113901424A (en) Method and device for selective disclosure of digital identity attributes
CN116346328A (en) A digital signature method, system, device and computer-readable storage medium
CN112332980A (en) A digital certificate issuance and verification method, device and storage medium
CN106533681B (en) A kind of attribute method of proof and system that support section is shown
CN108667619B (en) A white box implementation method and device for SM9 digital signature
WO2023184858A1 (en) Timestamp generation method and apparatus, and electronic device and storage medium
Yang et al. A minimal disclosure signature authentication scheme based on consortium blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination