CN106533699B - Identity-based blind signature method on lower lattice of standard model - Google Patents
Identity-based blind signature method on lower lattice of standard model Download PDFInfo
- Publication number
- CN106533699B CN106533699B CN201710007487.XA CN201710007487A CN106533699B CN 106533699 B CN106533699 B CN 106533699B CN 201710007487 A CN201710007487 A CN 201710007487A CN 106533699 B CN106533699 B CN 106533699B
- Authority
- CN
- China
- Prior art keywords
- message
- signature
- algorithm
- identity
- signer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000005477 standard model Effects 0.000 title claims abstract description 12
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 34
- 238000005070 sampling Methods 0.000 claims abstract description 10
- 238000009795 derivation Methods 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 9
- 201000004569 Blindness Diseases 0.000 claims description 5
- 239000013598 vector Substances 0.000 claims description 4
- 239000011159 matrix material Substances 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an identity-based blind signature method on a standard model lower lattice, which comprises the following steps: 1) private key generator PKG trap door generation algorithm TrapGen (1)n) Generating a system public key A0And a system master key S0(ii) a 2) PKG utilizes the short lattice derivation algorithm BasisDel (A) according to the identity information id sent by the user0,H(id),S0S), wherein S is a Gaussian sampling parameter, and generating a private key S corresponding to the identity informationid(ii) a 3) Message owner uses sampling algorithm SampleD (a)0H(id)‑1S) blinding the message M and outputting a blinded message mu; 4) the signer uses the one-way trapdoor inversion algorithm SamplePre (a) on the blinded message mu received0H(id)‑1,Sidμ, s) and outputs a signature of the blinded message5) The message owner performs blind removal processing on e' to obtain the signature e of the message M, and any verifier can verify the correctness of the signature (M, e). The invention has the provable security under the standard model and can resist the attack of a quantum computer. The method directly uses the user identity as the public key, and the generated user private key and signature length are shorter.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a blind signature method based on identity on a lower lattice of a standard model.
background
The concept of blind signatures was first proposed by Chaum in 1982, a digital signature with special properties. The message owner obtains the legal signature of the message signer on the real message under the condition of not publicizing the real content of the message, and the blind signature has the property of protecting the privacy of the user, so that the blind signature has wide application in the fields of electronic cash, electronic election, careless transmission and the like. In a conventional Public key cryptosystem, PKI (Public key infrastructure) is mainly used to verify the correlation between a Public key and a user identity, and the certificate management process in this way requires high computational and storage costs.
Shamir proposed Identity-Based cryptography concepts in 1985, and proposed the first Identity-Based Signature Scheme (IBS). In the IBS scheme, the identity information of a user is used as a public Key, and a private Key is obtained by calculation of a trusted Key generation center PKG (private Key generator), so that a public Key certificate is not needed, the calculation overhead and the implementation cost of a cryptographic algorithm are reduced, and the management burden of the public Key certificate in a PKI system is removed.
Combining blind signatures and identity-based cryptography, Zhang and Kim proposed an identity-based blind signature scheme in 2003 using bilinear pairings. At present, many researchers continue to research identity-based blind signature schemes, but the security of most schemes is based on the number theory problem, but on the premise that a quantum computer is applied, the difficult problem based on the number theory assumption can be solved in polynomial time. Therefore, designing a signature scheme capable of resisting quantum attacks is a problem to be solved in the field.
The lattice-based public key cryptosystem is one of a few classical public key cryptosystems which cannot be broken by a quantum computer, and the lattice-based public key cryptosystem has other excellent characteristics, such as safety, simplicity, high efficiency and the like as the average condition and the worst condition, so that the lattice-based public key cryptosystem has attracted close attention of cryptologists at home and abroad in recent years. Ajtai pioneered in 1996 that the difficulty of the Small Integer Solution (SIS) problem in the average case is equivalent to the difficulty of a class of lattice difficulty problems in the worst case. The work lays a foundation for development of a lattice-based public key cryptosystem.
In 2008, Gentry and Peikert and the like propose a one-way trap door function with pre-image sampling based on SIS problem, and accordingly, an identity-based encryption scheme which can be proved to be safe under a random prediction model and a signature scheme which can be proved to be safe under the random prediction model are constructed. In 2010, Markus Rucker designed a first lattice-based 3-round blind signature scheme by using an original image sampling function, but the scheme has the problem of signature failure. Agrawal and Boneh et al proposed a new short lattice basis derivation algorithm at the 2010 meikuai conference without increasing the lattice dimensions and constructed an identity-based encryption scheme on a hierarchical lattice under the first standard model using this algorithm. Wang et al proposed an identity-based blind signature scheme on a grid under a random predictive model in 2012, and there is no identity-based blind signature scheme on a grid that can be certified as safe under a standard model at present.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a provable security lattice identity-based blind signature method under a standard model, in which a blind signature scheme established by the method directly uses a user identity as a public key, has provable security under the standard model, and can resist attacks of a quantum computer.
In order to achieve the purpose, the invention adopts the following technical scheme: the scheme mainly comprises the following steps: the method comprises the following steps of a private key generation center, a message owner, a message signer and a message verifier, and comprises the following specific implementation steps:
Parameter Generation Algorithm Setup (1)n): the private key generator PKG (private key generator) takes the security parameter n as input and runs the trap door generation algorithm TrapGen (1)n) And generating a system master key MK and a system public parameter PP. The public parameter PP is published and MK is saved.
Key generation algorithm Extract (PP, id, MK): the system outputs the private key S of the signer by using a short lattice derivation algorithm BasisDel according to the received identity information id of the signer and through a master key MK and a public parameter PP of the systemid。
Signature Algorithm Sign (PP, SK)idμ): message blinding: the message owner C blinds the message M using a sampling algorithm SampleD, μ is the blinded message and sends μ to the signer S. Signature on blinded messages: after the signer receives mu, SK is usedidAnd signing mu by using a one-way trapdoor inversion algorithm SamplePre, outputting a signature e ' of the blinded message and verifying whether e ' meets the requirement, if not, outputting the signature e ' of the blinded messageif it is satisfied, it is re-selected and stored locally (μ, e') and then sent to the message owner C. Message blindness removal: and after receiving the signature, the message owner C performs blind removal operation to obtain the signature e of the M.
Verification algorithm Verify (PP, id, M, e): by inputting the public parameter PP and the user identity id, any verifier can verify the correctness of (M, e) by a certain calculation.
The invention has the following advantages and positive effects:
(1) Has high safety
The invention is a blind signature scheme with high security. Not only can the security be reduced to the difficult problem of solving Small Integer Solutions (SIS), but also the provable security under the standard model is provided.
(2) The execution efficiency is high
The method mainly and directly uses the user identity as the public key, removes the operation and management burden of the public key certificate in the PKI system, only uses simple linear operation (modular multiplication and modular addition), and has obviously higher calculation efficiency compared with the blind signature scheme based on the identity in all number theory. The method uses a new lattice-based derivation algorithm to ensure that the dimension is unchanged, so that the efficiency is improved.
drawings
FIG. 1 is a flow chart of a standard model context identity-based blind signature method
Detailed Description
Let n be a safety parameter and n be an integer greater than zero, q be a prime number and q be greater than or equal to 2, m be greater than or equal to 5n lg q,Is a hash function that is collision resistant. The specific implementation steps of the scheme are as follows:
Parameter Generation Algorithm Setup (1)n): the private key generator PKG (private key generator) takes the security parameter n as input and runs the trap door generation algorithm TrapGen (1)n) Generating a matrixAnd corresponding short radicals Is a system master key, A0Is the system public key. Suppose that the message M is a bit string {0,1} of arbitrary d bits lengthdComposition, then d uncorrelated vectors are randomly selectedPublic parameter PP of publishing system<A0,C1,C2,…Cd>The master key MK ═ S0。
Key generation algorithm Extract (PP, id, MK): the system passes through the own master key S according to the received identity information id of the signer0And a common parameter PP, using the lattice-based derivation algorithm BasisDel (A)0,H(id),S0S) private key S of the signeridIn which S isidIs lattice Λ⊥(A0H(id)-1) S is a gaussian sampling parameter.
Signature Algorithm Sign (PP, SK)idμ): the message is blinded, and the message owner C randomly and uniformly selects t to be equal to D ═ t to R | | | t | | > 1/s and uses a sampling algorithm SampleD (A)0H(id)-1S) outputs a vector u, which is calculated as:Mu is a blinded message and mu is sent to the signer S. The signer S, after receiving the blinded message mu from the message owner C, uses the one-way trapdoor inversion algorithm SamplePre (a)0H(id)-1,Sidμ, s) signature μ, outputting a signature of the blinded messageSigner S verificationAnd e' ≠ 0, if not satisfied, then re-signs and locallystore (μ, e ') and then send (μ, e') to the message owner C. And (3) eliminating blindness of the message, and after the message owner C receives the signature, carrying out the following operation of eliminating blindness: e ═ t-1(e' -u), e is the signature of message M.
Verification algorithm Verify (PP, id, M, e): any verifier can verify the correctness of (M, e) by the following calculation:
(1) Verify e ≠ 0 andIf (2) verification is satisfied, rejecting the system.
(2) authenticationif satisfied, introduce, otherwise reject.
The foregoing is a detailed description of the invention, and the scope of the invention is not limited thereto, and any person skilled in the art will understand the principle of the invention, and that various changes, modifications or substitutions can be made in the embodiment without departing from the principle of the invention, and the invention is also intended to be covered by the scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (1)
1. An identity-based blind signature method on a lattice under a standard model is characterized in that a short lattice basis derivation algorithm is combined with a one-way trapdoor function with primary image sampling to construct an identity-based blind signature scheme; the method comprises a private key generation center PKG, a message owner, a signer and a verifier, and comprises the following specific implementation steps:
Parameter Generation Algorithm Setup (1)n): the private key generator PKG runs the trapdoor generation algorithm TrApGen (1) with the security parameter n as inputn) Generating a matrixAnd corresponding short radicals Is a system master key, A0Is a system public key, n is an integer larger than zero, q is a prime number and q is more than or equal to 2, m is more than or equal to 5nlgq, H:Is a collision-resistant hash function; suppose that the message M is a bit string {0,1} of arbitrary d bits lengthdComposition, then d uncorrelated vectors are randomly selectedPublic parameter PP of publishing system<A0,C1,C2,…,Cd>Master secret key MK ═ S0;
key generation algorithm Extract (PP, id, MK): the system passes its own master secret key S according to the received identity information id of the signer0And a common parameter PP, using the short lattice derivation algorithm BasisDel (A)0,H(id),S0S) where S is a Gaussian sampling parameter, the private key S of the signer is outputid,SidIs lattice Λ⊥(A0H(id)-1) A group of (a);
signature Algorithm Sign (PP, SK)idμ): message blinding: the message owner C randomly and uniformly selects t e D ═ t e | | | t | ≧ 1/s }, and a sampling algorithm SampleD (A) is used0H(id)-1s) outputs a vector u, which is calculated as:Mu is a blinded message and is sent to the signer S; signature on blinded messages: the signer S, after receiving the blinded message mu from the message owner C, uses the one-way trapdoor inversion algorithm SamplePre (a)0H(id)-1,Sidμ, s) signature μ, outputting a signature of the blinded messageSigner S verificationAnd e '≠ 0, if not, rerun the algorithm SamplePre and store it locally (μ, e'), and then send the signature to the message owner C; message blindness removal: after the message owner C receives the signature, the following blinding operation is performed: e ═ t-1(e' -u), e is the signature of message M;
Verification algorithm Verify (PP, id, M, e): any verifier V can verify the correctness of (M, e) by calculating:
(1) Verify e ≠ 0 andIf the verification is satisfied, carrying out (2) verification, and if the verification is not satisfied, rejecting;
(2) AuthenticationIf yes, accepting, and if not, rejecting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710007487.XA CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710007487.XA CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106533699A CN106533699A (en) | 2017-03-22 |
| CN106533699B true CN106533699B (en) | 2019-12-17 |
Family
ID=58335247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710007487.XA Expired - Fee Related CN106533699B (en) | 2017-01-05 | 2017-01-05 | Identity-based blind signature method on lower lattice of standard model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106533699B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107425955B (en) * | 2017-06-23 | 2020-10-09 | 河南理工大学 | High-efficiency fixable-dimension trap door derived lattice upper identity base hierarchical encryption method |
| CN110048854B (en) * | 2019-04-23 | 2021-11-30 | 西安邮电大学 | Multivariate-based post-quantum blind signature method |
| CN110166251B (en) * | 2019-05-17 | 2020-12-04 | 成都信息工程大学 | Semi-quantum group signature method and system based on quantum walking |
| CN110175473B (en) * | 2019-05-22 | 2022-12-27 | 西安电子科技大学 | Digital signature method based on lattice difficulty problem |
| CN111030809B (en) * | 2019-11-28 | 2023-04-21 | 南京邮电大学 | Attribute-based signature system on lattice capable of supporting LSSS matrix |
| CN112769575B (en) * | 2020-12-28 | 2021-11-26 | 中国科学院信息工程研究所 | Blind signature method based on rank distance coding |
| CN113225190B (en) * | 2021-02-08 | 2024-05-03 | 数字兵符(福州)科技有限公司 | Quantum security digital signature method using new difficult problem |
| CN113507366B (en) * | 2021-05-21 | 2024-04-26 | 北方工业大学 | Grid-based searchable log blind signature scheme |
| CN117014133A (en) * | 2022-04-28 | 2023-11-07 | 华为技术有限公司 | Quantum-resistant blind signature method, user equipment, signature device and signature verification device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158661A (en) * | 2014-07-23 | 2014-11-19 | 中国人民武装警察部队工程大学 | Disposable public key encryption structuring method based on fuzzy identity |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
-
2017
- 2017-01-05 CN CN201710007487.XA patent/CN106533699B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158661A (en) * | 2014-07-23 | 2014-11-19 | 中国人民武装警察部队工程大学 | Disposable public key encryption structuring method based on fuzzy identity |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
Non-Patent Citations (2)
| Title |
|---|
| 基于格的盲签名方案;王凤和;《武汉大学学报 信息科学版》;20100531;第35卷(第5期);第550-552页 * |
| 标准模型下基于身份代理盲签名方案;陈明;《计算机工程与应用》;20151231;第51卷(第19期);第103-108页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106533699A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106533699B (en) | Identity-based blind signature method on lower lattice of standard model | |
| CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
| Hohenberger et al. | Short and stateless signatures from the RSA assumption | |
| KR101493212B1 (en) | Method and system for id-based encryption and decryption | |
| Liang et al. | A CCA-secure identity-based conditional proxy re-encryption without random oracles | |
| CN106936584B (en) | Method for constructing certificateless public key cryptosystem | |
| Yeo et al. | Comments on" analysis and improvement of a secure and efficient handover authentication based on bilinear pairing functions" | |
| CN107332665B (en) | Partial blind signature method based on identity on lattice | |
| Savu | Signcryption scheme based on schnorr digital signature | |
| Shankar et al. | Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward‐Curve Digital Signature Algorithm | |
| Ramasamy et al. | Digital Signature Scheme with Message Recovery Using Knapsack-based ECC. | |
| Gao et al. | Chameleon hash without key exposure based on Schnorr signature | |
| Hyla et al. | Implicit and explicit certificates-based encryption scheme | |
| Zheng et al. | Threshold attribute‐based signcryption and its application to authenticated key agreement | |
| Karati et al. | Efficient and provably secure random oracle‐free adaptive identity‐based encryption with short‐signature scheme | |
| Zhang et al. | Provably secure and subliminal-free variant of schnorr signature | |
| Cui et al. | A new certificateless signcryption scheme without bilinear pairing | |
| Calderon et al. | Rethinking verifiably encrypted signatures: a gap in functionality and potential solutions | |
| Colaco et al. | A random oriented identity based encryption process | |
| Wang | Signer‐admissible strong designated verifier signature from bilinear pairings | |
| Vivek et al. | A special purpose proxy re-signature scheme | |
| Islam et al. | Design of an efficient ID-based short designated verifier proxy signature scheme | |
| Li | Efficient identity based ring signature scheme in prime order group | |
| Zheng et al. | Threshold Attribute-Based Signcryption in Standard Model | |
| Zhang et al. | Novel efficient certificateless aggregate signatures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191217 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |