CN109949036A - Secret protection endorsement method and device, verification method and device - Google Patents

Secret protection endorsement method and device, verification method and device Download PDF

Info

Publication number
CN109949036A
CN109949036A CN201910222102.0A CN201910222102A CN109949036A CN 109949036 A CN109949036 A CN 109949036A CN 201910222102 A CN201910222102 A CN 201910222102A CN 109949036 A CN109949036 A CN 109949036A
Authority
CN
China
Prior art keywords
signature
variable
user
public key
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910222102.0A
Other languages
Chinese (zh)
Inventor
易海博
聂哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Polytechnic
Original Assignee
Shenzhen Polytechnic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Polytechnic filed Critical Shenzhen Polytechnic
Priority to CN201910222102.0A priority Critical patent/CN109949036A/en
Publication of CN109949036A publication Critical patent/CN109949036A/en
Withdrawn legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of secret protection endorsement method and devices, verification method and device.The secret protection endorsement method includes that n user forms user group, and one of user signs to message;Each user has private key for user and client public key;Generate n the first signature variables;The second signature variable is obtained according to the client public key of all users in the first signature variable and user group;The first signature variable additional variable is obtained according to the private key for user of the second signature variable and the user that signs;The first signature variable, the first signature variable additional variable and one second signature variable composition signature.The embodiment of the present invention solves safety problem of the user privacy information under quantum computer attack.

Description

Secret protection endorsement method and device, verification method and device
Technical field
The present invention relates to digital signature technology fields;More particularly to secret protection endorsement method, secret protection signature apparatus, Secret protection signature verification method, secret protection signature verification device.
Background technique
Block chain technology is the base support technology of bit coin, first appear deliver in middle acute hearing article " bit coin: A kind of electronic cash system of point-to-point type " in, he be described in detail how to establish it is a set of it is completely new, decentralization, be not required to Want the block chain technology of the point-to-point trade system of foundation of trust.
The developed countries such as the U.S., European Union, Japan are actively promoting the research of block chain technical know-how, standard formulation, application The related works such as landing.Many block chains alliance, such as R3 alliance, HyperLedger are set up simultaneously in the world, it is intended to push away The theory and application study of dynamic block chain technology.Block chain technology be more considered after mainframe computer, personal computer, The 5th after internet and mobile social activity overturns formula calculation, is on mankind's credit evolutionary history after blood relation's credit, your gold Belong to the 4th milestone after credit and Central Bank's paper credit.The block chain technology of broad sense is expected to thoroughly remold human society work Dynamic form brings deep change for fields such as finance, science and technology, culture and politics.
The application of block chain has extended to the multiple fields such as social management, Internet of Things, medical treatment & health and intelligence manufacture at present, And 22 block chain focus on the application fields such as supply chain finance, Internet of Things.
But being constantly progressive with quantum calculation science, quantum computer has been increasingly becoming based on public key cryptography structure The potential grave danger for the block chain built.American computer scholar Peter Shor demonstrates quantum computer can be multinomial Big integer factorization and discrete logarithm problem are solved in the formula time.According to investigations, the safety of the public key algorithm more than 90% Property based on the mainstreams public key cryptography such as big integer factorization and discrete logarithm problem, including currently used RSA, elliptic curve. So quantum computer has the ability to break through using RSA and elliptic curve as most public key cryptographies of representative.
Block chain, which relies primarily on elliptic curve public key cryptographic algorithm and generates digital signature, safely trades, the most frequently used at present The Encryption Algorithm such as ECDSA, RSA and DSA theoretically cannot all bear the attack of quantum computer.It can be seen that quantum meter Calculation machine will generate serious threat to public key cryptography system used by current block chain;In addition, in block chain, bit coin Etc. systems be that anonymity is realized by way of assumed name.Anonymity refers to the assumed name for having onrelevant, so-called onrelevant Property, just refer to the angle from attacker, arbitrarily interacting twice between user and system can not be associated.In bit In coin, although the All Activity of bit coin is all to pass through in plain text in the effect for also functioning to protection privacy of user to a certain degree Mode disclose and be recorded on distributed account book, anyone can know therefore the details of each address transaction is handed over Easy details will reveal the privacy of user once connecting with real identification.
In conclusion in terms of privacy of user protection and under the attack of quantum computer, existing block catenary system With very big security risk, and hinder the extensive use of block chain technology.
Summary of the invention
Therefore, the embodiment of the present invention provides a kind of secret protection endorsement method and device, secret protection signature verification method And device, effectively solve the problems, such as privacy of user safety under quantum computer attack.
On the one hand, secret protection endorsement method provided in an embodiment of the present invention, this method comprises: n user forms user Group, one of user sign to message;Each user has private key for user and client public key;Generate n first Signature variable;The second signature variable is obtained according to the client public key of all users in the first signature variable and user group;Root The first signature variable additional variable is obtained according to the private key for user of the second signature variable and the user that signs;First signature Variable, the first signature variable additional variable and one second signature variable composition signature.
The embodiment of the present disclosure, is provided with multiple users in a user group, and when signature, user uses the private key of oneself It signs with the public key of users all in user group to message, to improve the anonymity of signature user, protects signature The privacy of user;Simultaneously because public key of the signature process using total user in user group, therefore the signature is verified When, need the public key of total user in user group to verify signature, and derive that private key is that a NP difficulty is asked from public key Topic, so that the signature cannot be cracked in finite time by modern computer and quantum computer;The method increase signatures Confidentiality, can not tamper, non-repudiation, improve the integrality of signature.
In one embodiment of the invention, the method for obtaining the second signature variable is: institute in user group is useful Family is divided into two parts, first part t+1, t+2 ..., n user, second part 1,2 ..., t user;The t user is institute State signature user;In first part, according to the client public key of users all in user group and the first signature variable, t+1 is obtained A second signature variable;According to the client public key of users all in user group and the second signature variable, next second label are obtained Name variable, until obtaining n-th second signature variables;In second part, according to the client public key of users all in user group, First signature variable and n-th second signature variables obtain the 1st second signature variable;According to users' all in user group Client public key and the second signature variable, obtain next second signature variable, until obtaining t-th second signature variables.
User group is divided into two groups, and according to a upper user's based on the user to be signed by the embodiment of the present disclosure Public key calculates next signing messages, so that signing messages forms cyclic structure;The association between signing messages is increased, So that the integrality of signature is good.
In one embodiment of the invention, the process for obtaining the second signature variable includes more using multivariable Item formula value finding function, character string convergent function and character string spread function.
In one embodiment of the invention, the process for obtaining the additional variable of the first signature variable includes in use Heart mapping transformation function and linear affine transforming function transformation function.
In one embodiment of the invention, the n first signature variable is the n stochastic variable generated.
The embodiment of the present disclosure further increases the complexity of signing messages by the way that stochastic variable is arranged, and operation of signing Various functions are used in the process, and further improve signature cracks difficulty.
On the other hand, a kind of secret protection signature verification device provided in an embodiment of the present invention, comprising: user management mould Block, for storing the user group with n user;Private key and public key generation module generate private key for user and use for each user Family public key;Signature generation module generates n first signature variable, useful according to institute in the first signature variable and user group The client public key at family obtains the second signature variable;According to the use of the second signature variable and the user that signs Family private key obtains the first signature variable additional variable;The first signature variable, the first signature variable additional variable and one A second signature variable composition signature.
In one embodiment of the invention, the signature generation module includes multivariable polynomial evaluation module, is provided Multivariable polynomial value finding function;Character string restrains module, provides character string convergent function;Character string expansion module, provides word Symbol string spread function;Centralizing mapping conversion module provides centralizing mapping transforming function transformation function;Linear affine conversion module provides linear Affine transformation function;First signature variable generating module, for generating n first signature variable at random;Second signature variable is raw At module, multivariable polynomial value finding function, character string convergent function and character string spread function are called, to first label The client public key of all users carries out operation in name variable and user group, obtains the second signature variable;First signature variable operation Module, by calling centralizing mapping transforming function transformation function and linear affine transforming function transformation function to the use of the second signature variable and the user that signs Family private key carries out operation, obtains the first signature variable additional variable;Signature output module, by the first signature variable supplement Variable, the first signature variable and one second signature variable composition signature, and export the signature.
The embodiment of the present disclosure provides the signature apparatus to match with above-mentioned endorsement method, real by setting functional module Now with function corresponding in endorsement method so that the device can physically realize above-mentioned endorsement method.
In another aspect, a kind of secret protection signature verification method provided in an embodiment of the present invention, comprising: obtain signature, institute Stating signature is the signature obtained by the upper secret protection endorsement method;According to the first signature variable and use in signature The client public key of all users calculates the second all signature variables in the group of family;Verifying signature in second signature variable be It is no equal with calculated second signature variable;Verification result be it is yes, then it is described signature be true.
In one embodiment of the invention, the process for calculating the second all signature variables is: according to signature In the second signature variable, the client public key of all users calculates its next bit second in the first signature variable and user group Signature variable successively calculates last position second signature variable;According to last position second sign variable, first signature become The client public key of all users calculates first second signature variable in amount and user group;Verify described calculated first Whether position signature variable is equal with the second signature variable in signature.
The embodiment of the present disclosure, the verification method is corresponding with above-mentioned endorsement method, uses the use of users all in user group Signed data in family public key and signature generates the verify data for verifying the second signature variable in signature, determines to be verified Whether data and the second signature variable in signature are equal, to realize the verifying to signature, signature-verification process is unique
In another aspect, a kind of secret protection signature verification device provided in an embodiment of the present invention, including signature obtain module, Obtain the signature obtained by secret protection endorsement method as described above;Second signature variable restores computing module, according to label The second signature variable, the first signature variable and client public key in name restore to calculate the second all signature variables;Signature is tested Module is demonstrate,proved, whether equal with the second signature variable in signature verifies calculated second signature variable;If it is, verifying Correctly.
The embodiment of the present disclosure provides the signature verification device to match with above-mentioned signature verification method, by the way that function is arranged Can module realize with function corresponding in signature verification method so that the device can physically realization on State signature verification method.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not The disclosure can be limited.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, making required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, right For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings His attached drawing.
Fig. 1 is a kind of flow diagram for secret protection endorsement method that the embodiment of the present disclosure provides;
Fig. 2 is a kind of flow diagram for secret protection signature verification method that the embodiment of the present disclosure provides;
Fig. 3 is the relationship of signature variable and client public key in a kind of secret protection endorsement method of embodiment of the present disclosure offer Structural schematic diagram;
Fig. 4 is a kind of structural schematic diagram for secret protection signature apparatus that the embodiment of the present disclosure provides;
Fig. 5 is the structural formula of signature generation module 203 in a kind of secret protection signature apparatus of embodiment of the present disclosure offer Schematic diagram;
Fig. 6 is the structure of operation calling module 203-2 in a kind of secret protection signature apparatus of embodiment of the present disclosure offer Schematic diagram;
Fig. 7 is a kind of structural schematic diagram for secret protection signature verification device that the embodiment of the present disclosure provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its His embodiment, shall fall within the protection scope of the present invention.
[first embodiment]
As shown in Figure 1, the first embodiment of the present invention provides a kind of secret protection endorsement method, in a number of users For in the user group of n, wherein t-th of user signs to message m, the signature process the following steps are included:
It 101, is each user's distributing user private key and client public key in user group.Wherein private key for user is vk, user group The private key for user of interior t-th of user be vkt, for example, in user group the 3rd user private key for user vk3;Client public key is bki (i=1,2 ..., n), wherein i indicates i-th of user.
Private key for user is private key, and client public key is disclosed key in user group.
102, the first signature variable equal with number of users is generated.Wherein the first signature variable is the change generated at random Amount generates n first signature variable by the way of generating random number, is expressed as s0,s1,...,st-1,st+1,st+2,..., sn
It in first signature variable of above-mentioned generation, is numbered until n from 0, wherein unknown first signature variable st; It would therefore be desirable to calculate the first signature variable s according to others the first signature variablet
Calculating stDuring, the user first using all users in known first signature variable and user group is public Key calculates the second signature variable, and detailed process is as shown in 103 and 104.
103, the second signature variable is calculated according to the client public key of all users in the first signature variable and user group.Such as figure Shown in 3, connects according to user's ending in user group and line up ring-type, the client public key of all users is also according to corresponding in user group Sequentially form ring-type, the client public key bk of the 1st user1With the client public key bk of nth usernIt is adjacent;Simultaneously by above-mentioned n A first signature variable is opposite respectively at client public key according to numbering, wherein the use of the first corresponding t-th of user of signature variable S0 Family public key.
Therefore in conclusion being that boundary calculates the second signature variable by two parts content with t-th of user.
First part: the number for being greater than t calculates the second signature variable rt+1,rt+2,...rn
First second signature variable r is calculated firstt+1, using following formula (1):
Function P in formula (1)1() is character string convergent function, and the function is by Hash operation, interception character string and connection The operations such as character string composition.Function P1The input length of () is 28 bytes, and input includes message m, all users in user group Client public key and first signature variable;Calculating rt+1In first signature variable be S0;Function P1The output length of () is 56 Byte, output are y;Function P1The finite field that () uses is GF (28)。
Function P1The calculating process of () are as follows: calculating m first | bk1|bk2|...|bkn|siCryptographic Hash h, then enable h ' etc. The 40 byte character string before h;Function P1The output y=S of ()i|h′。
M is calculated using SHA-512 algorithm in the present embodiment | bk1|bk2|...|bkn|siCryptographic Hash h.
FunctionMultivariable polynomial value finding function is called, which is made of multivariable polynomial evaluation operation.FunctionThe finite field used is GF (28);FunctionInput length be 56 bytes, input be x1,x2,...,x56;FunctionOutput be 28 bytes, output be y;The function includes 28 multivariable polynomial Its Middle φ,γ is the public key for participating in operation, is the coefficient of multivariable polynomial, φ,γ is raw by private-public key generation module At.
Multivariable polynomial value finding functionOperation, need to substitute into x1,x2,...,x56, solve 28 it is changeable Polynomial value is measured, i.e. composition output.
R is calculated in the present embodimentT+1The input used is the public key and function P of t-th of user1The output of (), will be above-mentioned defeated Enter to substitute intoIn obtain its output to need the r that solvesT+1
For rt+2,rt+3,...rnIt is calculated using formula (2):
Wherein i=r+2, r+3 ..., n.
In formula (2)Function and P1() function is above-mentioned to explain in detail it.
P in formula (2)2() function is character string spread function, is made of Hash operation and interception string operation. P2The finite field that () function uses is GF (28);P2The input length of () function is 28 bytes, and input is ri-1;P2() function Output length be 56 bytes, output be y.
The P2The calculating process of () function is: calculating r firsti-1Cryptographic Hash h;H ' is enabled to be equal to the preceding 56 byte word of h Symbol string;Export y=h '.
Second part: the number for being less than or equal to t calculates the second signature variable r1,r2,...rt
First second signature variable r is calculated first1, using following formula (3):
In formula (3)Function and P1() function is above-mentioned to explain in detail it.Wherein rn is first The last one calculated second signature variable in part.
For r2,r3,...rtPart is calculated using formula as above (2).
It is above to complete the second signature variable r1,r2,...,rnEvaluation.
104, s is calculated according to the private key for user of t-th of usertValue;stFor the first label variable additional variable.
R can be calculated in the calculation formula for being primarily based on second part in above-mentioned 103t
And it is obtained calculating r below according to formula (2)t+1Calculating formula:
R is calculated according to formula in first part (1)t+1Process it is available
Above-mentioned formula is converted to obtain:
Value first on the right side of calculation equation:
Then calculation equation P1(m,bk1,bk2,...,bkn,st(the vk of)=L °Ft, cons), wherein reflected centered on function F () Transforming function transformation function is penetrated, function L () is linear affine transforming function transformation function, and the private key for user vk of t-th of user is introduced in the equationt
The finite field that function F () is used is GF (28);The input length of function F () is 28 bytes, and input is y;Letter The output of number F () is 56 bytes, and output is O1,O2,...,O28,V1,V2,...,V28, wherein O1,O2,...,O28It is to have Confinement GF (28) 28 oily variables, V1,V2,...,V28It is finite field gf (28) 28 vinegar variables;Function F () includes 28 A multivariable polynomial: ∑ αijOiVj+∑βiOi+∑χijViVj+∑δiVi+ε;The private key that function F () participates in operation is α, β, χ,δ,ε,V1,V2,...,V28, wherein α, β, χ, δ, ε are the coefficients of multivariable polynomial.
Function F (O)=y calculating process is: generating variable V at random1,V2,...,V28, and substitute into F (O)=y; F(O) =y is converted into about O1,O2,...,O28System of linear equations;The system of linear equations is solved, O is obtained1,O2,...,O28; Then O is exported1,O2,...,O28,V1,V2,...,V28
The finite field gf (2 that function L () is used8);Its input is x, and input length is 56 bytes;Its output is y, output Length is 56 bytes;The private key that function L () participates in operation is A, B, and wherein A is the matrix of 56*56, B be length be 56 to Amount;The fortune formula of function L () is L:y=Ax+B.
The calculating process of function L () is: being based on finite field gf (28) matrix-vector multiplication calculate A '=Ax;Based on having Confinement GF (28) vectorial addition calculate y=A '+B.
S is finally obtained by above-mentioned calculating processtValue.
105, generating t-th of user is (r to the signature of message m1,s1,s2,...,sn)。
Based on the secret protection endorsement method that the corresponding embodiment of above-mentioned Fig. 1 provides, this method be can be applied in network In some user a certain data and/or message are broadcasted in some particular group.For example, in block chain technology, area Block in block chain is organized by a specific network user to be generated, some user of network user group is when generating the block Sign simultaneously to the block, other P2P network users when obtaining the block information, need to the signature of the block into Row verifying, and while verifying, it can't know that the block is the signature which user carries out.The present embodiment is with area The signature of block is illustrated in block chain, is not represented the disclosure and is confined to this.Secret protection signer provided in this embodiment Method, the present embodiment illustrate and implementation process is as follows:
In a network, a certain specific user forms a user group, and the user of the user group can generate block, and Block forms block catenary system.User in the specific user group interconnects, and meeting when block chain increases new block Into user group, all user's broadcast, other users need to verify new block, user when obtaining new block When user in group verifies new block, the information of the user to sign to new block can not be known, protect The privacy of signer.For in the non-particular group of users user or user group in other users this is cracked with illegal way Sign block, equally can not or signer information, simultaneously because the verifying of the signature needs in user group all use The public key at family verifies signature, and the signature for being can not be by modern computer and quantum computer in finite time It is cracked.
In the user group with 44 users, each user all has a pair of of private key for user and client public key, wherein Private key is vki, public key bki, wherein i indicates the cis-position number of user, and wherein client public key is well known to user in user group Key, private key for user are only key known to individual subscriber.When the 10th user generates a new block M in user group, The user needs to sign to new block M, and detailed process is:
Firstly generate 44 first signature variable s0,s1,s2...,s9,s11,s12,...,s44
The second signature variable r is calculated according to the client public key of users all in user group and the first signature variablei(1≤i≤ 44)。
For r11,r12,...,r44Part calculates first
Then r is calculated12,r13,...,r44Part, using above-mentioned formula (2)
According to previous first Signature variable and the second signature variable calculate the signature variable of the latter second.Such as it calculatesWherein M is new block.
R is calculated by the above process11,r12,...,r44
For r1,r2,...,r10Part calculates first
Then r is calculated2,r3...,r10, equally use above-mentioned formula (2).
Finally obtain the second all signature variable r1,r2,...,r44
It is calculated according to the client public key of all users in the second all signature variables, the first signature variable and user group S10
104 content according to a first embodiment of the present invention, available following equation:
The right of calculation equation first enables Cons is calculated.
Introduce the private key for user of the 10th user, L °F of (vk of constructor10, cons), and enable P1(M,bk1, bk2,...,bk44,s10(the vk of)=L °F10,cons)。
The first signature variable additional variable s is calculated10.And the signature of the 10th user block new to this is (r1,s1,s2,...,sn)。
[second embodiment]
Referring to fig. 2, the second embodiment of the present invention provides a kind of secret protection signature verification method, the verification method Corresponding with the endorsement method in the first embodiment of the present disclosure, the signature for generating to above-mentioned endorsement method is verified.This The implementation process of the signature verification method of open embodiment is as follows:
106, the signature that verifier verifies message m is (r1,s1,s2,...,sn).The signature passes through above-mentioned 101 to 105 Process obtains.
107, for r2,r3,...,rnIt is calculated using following formula (4):
According to formula (4), r2According to r1It is calculated, r3According to r2It is calculated, r4According to r3It is calculated, with such It pushes away, until calculating rn
Function P in formula (4)1(), function P2() and functionIt has been carried out in the first embodiment of the present invention It is discussed in detail.
108, above-mentioned that r is calculatedn, it is annular in shape from 1 to n since the signature is ring signatures.rnFor being calculated r′1, the r '1For verifying the r in signature1.Detailed process is:
R ' is calculated using formula (5)1:
109, according to above-mentioned calculated result, r ' is verified1=1It is whether true.If set up, illustrates that verifying is correct, show this Signature (the r1,s1,s2,...,sn) be message m signature;Otherwise, which is false, should refuse the signature.
Based on the secret protection signature verification method that the corresponding embodiment of above-mentioned Fig. 2 provides, for above-mentioned block chain block The embodiment of signature, the embodiment of the present disclosure are for the verification process of the signature of above-mentioned 10th user:
According to the signature (r1,s1,s2,...,sn) and user group in all users client public key calculate r2,r3,..., rn, calculated using formula (4), calculated first
It is then based on r2 and r3 is calculated, r44 is successively calculated.
R ' is finally calculated according to r441, calculating formula are as follows:
Finally verify r '1=r1It is whether true.If set up, sign (r1,s1,s2,...,sn) be new block M label Name;Otherwise the signature is false, refuses the signature.
It is signed based on secret protection endorsement method described in the corresponding embodiment of above-mentioned Fig. 1 and Fig. 2 and secret protection Verification method, the embodiment of the present disclosure also provide a kind of computer readable storage medium, deposit for example, non-transitory is computer-readable Storage media can be read-only memory (English: Read Only Memory, ROM), random access memory (English: Random Access Memory, RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..Calculating is stored on the storage medium Machine instruction is protected for executing secret protection endorsement method described in the corresponding embodiment of above-mentioned Fig. 1 and/or Fig. 2 and privacy Signature verification method is protected, details are not described herein again.
[3rd embodiment]
Referring to fig. 4, third embodiment of the invention provides a kind of secret protection signature apparatus, which includes: private Key and public key generation module 201, user management module 202 and signature generation module 203.
Private key and public key generation module 201, for generating the private key for user and client public key of all users in user group, Also generating in signature generation module 203 simultaneously needs public key to be used in calculating process.Its private key generated is α, β, χ, δ, ε, V, A, B, the process for generating private key is finite field gf (28) generating random number process;Its public key generated is φ,γ is raw Process at public key is by private key cc, β, χ, δ, ε, and V is substituted into function F () and calculated, and by private key A, B substitution function L () is fallen into a trap It calculates, public key φ,The calculating of γ is based on
User management module 202, for managing all users in user group comprising the behaviour such as increase, reduction of user Make;Manage user and its client public key and private key for user.
Signature generation module 203, it is private using the client public key of users all in user group, and the user of signature user Key signs to the message to be signed.
In one embodiment, as shown in figure 5, signature generation module 203 includes:
First signature variable generating module 203-1, for generating the first signature variable at random, the first signature variable, which combines, to be used Family public key calculates the second signature variable.Wherein the first signature variable and the second signature variable belong to a part of information of signature.
Multivariable polynomial evaluation module 203-3, including multivariable polynomial evaluation operation, provide multivariable polynomial and ask Value function
Character string restrains module 203-4, including Hash operation, interception character string and concatenation character string operation, provides character String convergent function P1()。
Character string expansion module 203-5, including Hash operation and character string intercept operation, provide character string spread function P2()。
Centralizing mapping conversion module 203-6, including polygon amount equation group coefficient evaluation and solution system of linear equations operation, mention For centralizing mapping transforming function transformation function F ().
Linear affine conversion module 203-7, including matrix-vector multiplication and vectorial addition operation provide linear affine transformation Function L ().
Operation calling module 203-2, by calling multivariable polynomial value finding functionCharacter string convergent function P1 (), character string spread function P2(), centralizing mapping transforming function transformation function F () and linear affine transforming function transformation function L () sign to first The the first signature variable and client public key that variable generating module 203-1 is obtained carry out operation, finally obtain signature.
In one embodiment, as shown in fig. 6, operation calling module 203-2 includes:
Second signature variable computing module 203-2-1, by calling multivariable polynomial value finding functionCharacter closed string Hold back function P1() and character string spread function P2(), the first signature variable that the first signature variable generating module 203-1 is obtained Operation is carried out with client public key, obtains the second signature variable.
First signature variable computing module 203-2-2, by calling centralizing mapping transforming function transformation function F () and linear affine to convert Function L () carries out operation to the second signature variable, obtains the first signature variable additional variable, which becomes Amount becomes for supplementing t-th first signatures lacked in the first signature variable that the first signature variable generating module generates at random Amount, wherein t indicates signature user.
Sign output module 203-2-3, and the first signature variable computing module 203-2-2 the first signature being calculated is become One in the first signature variable and the second signature variable that amount additional variable, the first signature variable generating module generate at random Composition signature, and export the signature.
[fourth embodiment]
Referring to Fig. 7, the fourth embodiment of the present invention provides a kind of secret protection signature verification device, signature verification dress Setting 30 includes: that signature obtains the signature variable recovery computing module 302 of module 301, second and verifying output module 303.
Signature obtains module 301, obtains signature, which is the secret protection signature that first embodiment of the invention provides The signature that method obtains.
Second signature variable restores computing module 302, according to the signing messages of signature, client public key by all second Signature variable recovery is calculated, which calls multivariable polynomial value finding functionCharacter string convergent function P1 () and character string spread function P2();The second signature variable being calculated.
The signing messages wherein signed, one second signature variable having including it and the first signature variable;The module Calculating process be detailed in the embodiment of above-mentioned verification method.
Verify output module 303, verifying signature in second signature variable be calculated the second signature variable whether phase Deng;If equal, verifying is correct, which is very, to be otherwise vacation, refuse the signature.
The above-mentioned integrated unit being realized in the form of SFU software functional unit, can store computer-readable at one In storage medium.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a calculating Machine equipment (can be personal computer, server or the network equipment etc.) executes the part of each embodiment method of the present invention Step.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, abbreviation ROM), Random access memory (Random Access Memory, abbreviation RAM), magnetic or disk etc. are various to can store program The medium of code.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;To the greatest extent Present invention has been described in detail with reference to the aforementioned embodiments for pipe, those skilled in the art should understand that: it is still It is possible to modify the technical solutions described in the foregoing embodiments, or part of technical characteristic is equally replaced It changes;And these are modified or replaceed, the essence for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution Mind and range.

Claims (10)

1. a kind of secret protection endorsement method, including user group, user group includes n user, and one of user is that signature is used Family, signature user sign to message;It is characterised by comprising:
Each user has private key for user and client public key;
Generate n first signature variable;
The second signature variable is obtained according to the client public key of all users in the first signature variable and user group;
The first signature variable additional variable is obtained according to the private key for user of the second signature variable and the signature user;
The first signature variable, the first signature variable additional variable and one second signature variable composition signature.
2. secret protection endorsement method as described in claim 1, which is characterized in that described to obtain the second signature variable Method is:
All users in the user group are divided into two parts, first part t+1, t+2 ..., n user, second part 1, 2 ..., t user;
The t user is the signature user;
In first part, according to the client public key of all users in the user group and the first signature variable, t+1 the is obtained Two signature variables;
According to the client public key of all users in the user group and the second signature variable, obtains next second signature and become Amount, until obtaining n-th second signature variables;
In second part, according to the client public key of all users, the first signature variable and n-th second signatures in the user group Variable obtains the 1st second signature variable;
According to the client public key of all users in the user group and the second signature variable, next second signature variable is obtained, Until obtaining t-th second signature variables.
3. secret protection endorsement method as described in claim 1, which is characterized in that described to obtain the second signature variable Process includes using multivariable polynomial value finding function, character string convergent function and character string spread function.
4. secret protection endorsement method as described in claim 1, which is characterized in that described to obtain the first signature variable The process of additional variable includes using centralizing mapping transforming function transformation function and linear affine transforming function transformation function.
5. secret protection endorsement method as described in claim 1, which is characterized in that the n the first signature variable be n with Machine variable.
6. a kind of secret protection signature apparatus characterized by comprising
User management module, for storing the user group with n user;
Private key and public key generation module generate private key for user and client public key for each user;
Signature generation module generates n first signature variable, according to all users in the first signature variable and user group Client public key obtains the second signature variable;First is obtained according to the private key for user of the second signature variable and the user that signs Signature variable additional variable;The first signature variable, the first signature variable additional variable and one second signature variable composition Signature.
7. secret protection signature apparatus as claimed in claim 6, which is characterized in that
The signature generation module includes:
Multivariable polynomial evaluation module, provides multivariable polynomial value finding function;
Character string restrains module, provides character string convergent function;
Character string expansion module provides character string spread function;
Centralizing mapping conversion module provides centralizing mapping transforming function transformation function;
Linear affine conversion module provides linear affine transforming function transformation function;
First signature variable generating module, for generating n first signature variable at random;
Second signature variable generating module calls multivariable polynomial value finding function, character string convergent function and character string extension Function carries out operation to the client public key of all users in the first signature variable and user group, obtains the second signature variable;
First signature variable computing module, by calling centralizing mapping transforming function transformation function and linear affine transforming function transformation function to sign to second Variable and the private key for user of signature user carry out operation, obtain the first signature variable additional variable;
Signature output module becomes the first signature variable additional variable, the first signature variable and one second signature Amount composition signature, and export the signature.
8. a kind of secret protection signature verification method characterized by comprising
Signature is obtained, the signature is the label obtained by secret protection endorsement method described in claim 1-5 any one Name;
According in the signature the first signature variable and user group in the client public key of all users calculate all second Signature variable;
Whether the second signature variable in verifying signature is equal with calculated second signature variable;
Verification result be it is yes, then it is described signature be true.
9. secret protection signature verification method as claimed in claim 8, which is characterized in that described to calculate the second all label The process of name variable is:
According in signature the second signature variable, the client public key of all users calculates it in the first signature variable and user group The signature variable of next bit second successively calculates last position second signature variable;
The is calculated according to the client public key of all users in last the second signature variable, the first signature variable and user group One second signature variable;
Whether equal with the second signature variable in signature verify calculated first signature variable.
10. secret protection signature verification device characterized by comprising
Signature obtains module, obtains and changes the label that endorsement method obtains by secret protection described in claim 1-5 any one Name;
Second signature variable restores computing module, according to the second signature variable, the first signature variable and the client public key in signature Restore to calculate the second all signature variables;
Whether equal with the second signature variable in signature signature verification module verifies calculated second signature variable;If It is that then verifying is correct.
CN201910222102.0A 2019-03-22 2019-03-22 Secret protection endorsement method and device, verification method and device Withdrawn CN109949036A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910222102.0A CN109949036A (en) 2019-03-22 2019-03-22 Secret protection endorsement method and device, verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910222102.0A CN109949036A (en) 2019-03-22 2019-03-22 Secret protection endorsement method and device, verification method and device

Publications (1)

Publication Number Publication Date
CN109949036A true CN109949036A (en) 2019-06-28

Family

ID=67010730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910222102.0A Withdrawn CN109949036A (en) 2019-03-22 2019-03-22 Secret protection endorsement method and device, verification method and device

Country Status (1)

Country Link
CN (1) CN109949036A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493009A (en) * 2019-09-23 2019-11-22 百度在线网络技术(北京)有限公司 The generation method and verification method of signature, device, equipment and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493009A (en) * 2019-09-23 2019-11-22 百度在线网络技术(北京)有限公司 The generation method and verification method of signature, device, equipment and medium

Similar Documents

Publication Publication Date Title
US11438144B2 (en) Computer-implemented systems and methods for performing computational tasks across a group operating in a trust-less or dealer-free manner
Yang et al. Fuzzy identity based signature with applications to biometric authentication
CN103414569B (en) A kind of method of the public key cryptography setting up attack resistance
Feng et al. Private key generation from on‐line handwritten signatures
JP2020532168A (en) A computer-implemented method of generating a threshold vault
US20200228317A1 (en) System and method for information protection
EP3134994B1 (en) Method of obfuscating data
CN109660345A (en) Anti- quantum calculation block chain method of commerce and system based on unsymmetrical key pool server
CN109919611A (en) Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server
CN106909852B (en) Intelligent contract encryption method and device based on triple md5 encryption algorithms
Johnson et al. The elliptic curve digital signature algorithm
CN104184588A (en) Undetachable digital signature method based on identity
CN108712409A (en) A kind of e bill transaction system based on privately owned block chain
CN107070896B (en) Safe and efficient block chain network customized login method and safe reinforcement system
Tian et al. Cloud data integrity verification scheme for associated tags
Ullah et al. Threat modeling—How to visualize attacks on IOTA?
Aliyu et al. Vigenere cipher: trends, review and possible modifications
Kazmirchuk et al. The Improvement of digital signature algorithm based on elliptic curve cryptography
Purwono et al. Blockchain technology
CN109660344A (en) Anti- quantum calculation block chain method of commerce and system based on unsymmetrical key pond route device
CN109687961A (en) Anti- quantum calculation block chain method of commerce and system based on pool of symmetric keys route device
CN109949036A (en) Secret protection endorsement method and device, verification method and device
CN110837659B (en) Renewable digital signature method for private key with label and application of renewable digital signature method in PoS block chain protocol
Kamal et al. A Proposed hash algorithm to use for blockchain base transaction flow system
CN110912702B (en) Block chain asset management method based on hidden social relationship

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190628