CN112511311A - Encryption threshold signature method based on confusion technology - Google Patents

Abstract

The application provides an encryption threshold signature method based on a confusion technology, which comprises the steps of generating a public parameter p and a private key slice sk of a member according to a Setup algorithm_i(ii) a Generating an encrypted public key pk of a recipient according to an encryption key generation algorithm_eAnd the decryption private key sk_e(ii) a Slicing the private key sk according to a obfuscation algorithm_iPerforming obfuscation processing to obtain obfuscated signature private key

According to the obfuscated signature private key

Generating ciphertext after carrying out message signature on message m to be sent

And will encrypt the text

And sending the information to the information receiver. The method and the device have the advantages that the obfuscation technology is adopted, so that the threshold signer obfuscates the private key fragments, the problem that the private key fragments are easy to attack and cause leakage in the prior art is solved, the private key fragments of the signer are effectively protected, and the security of the private key fragments is greatly improved.

Description

Encryption threshold signature method based on confusion technology

Technical Field

The application relates to the technical field of threshold cryptography, in particular to an encryption threshold signature method based on an obfuscation technology.

Background

In a (k, n) threshold signature scheme, a valid signature may only be generated when the number of participants is equal to or greater than a threshold value k. The threshold signature has the characteristics of power dispersion, risk sharing and the like. In order to meet different application requirements, threshold group signatures suitable for the mobile internet, threshold ring signatures for realizing block chain technology, threshold proxy signatures for solving the problem of ship ad hoc network authentication and the like are provided. However, the security of the threshold cryptosystem is established on the premise that the private key is safe, and once the private key is leaked, the system has a large potential safety hazard. For example, in a white-box attack environment, an attacker can easily obtain key information by observing or executing cryptographic software, and thus it is necessary to protect private information, particularly key information, therein.

Disclosure of Invention

In view of this, the encryption threshold signature method based on the obfuscation technology of the present application aims to effectively protect the key of the threshold signature.

In order to achieve the purpose, the technical scheme adopted by the application is as follows:

an encryption threshold signature method based on obfuscation technology is applied to a cryptosystem based on obfuscation technology, and the method comprises the following steps:

step 1: the third trusted party generates the public parameter p and the private key slice sk of the member according to the Setup algorithm_i；

Step 2: the information receiver obtains respective encrypted public key pk through an encryption key generation algorithm (KG)_eAnd the decryption private key sk_e；

And step 3: the signer splits the private key sk according to a obfuscation algorithm (Obf)_iPerforming obfuscation processing to obtain obfuscated signature private key

And 4, step 4: the user can sign the private key according to the obfuscated signature

Generating ciphertext after message signature of message m to be sent

And will encrypt the text

And sending the information to the information receiver.

Optionally, in step 1, the trusted third party generates the public parameter p and the private key slice sk of the member according to the Setup algorithm_iThe expression of (a) is:

p＝{q,G,G_T,e,g,g₁,g₂,u′,U,VK}；

sk＝(sk₁,sk₂,…sk_n)；

f(x)＝a₀+a₁x+…+a_k-1x^k-1；

VK＝(g^f(1),g^f(2),…,g^f(n))；

vk_i＝g^f(i)；

where p is a common parameter, G is an addition cyclic group, G_TIs a multiplication cycle group, q is G and G_TE is a bilinear map, G is a generator of G and is obtained by p analysis, a₀,a₁,…,a_kIs Z_qRandom element of (i), U ═ U₁,u₂,…u_n)，g₂,u′,u₁,u₂,…u_nIs a randomly selected element in G,

k is a threshold value, n is the number of participants, Z_qThe class ring is left modulo q.

Optionally, the encryption key generation algorithm (KG) in step 2 is specifically:

at Z_qRandomly selecting parameters a and b to obtain an encryption private key sk_e(a, b) and an encrypted public key pk_e＝(pk_e1,pk_e2)＝(g^a,g^b)。

Optionally, in the step 3, the signer divides the private key into the pieces sk according to the obfuscation algorithm (Obf)_iPerforming obfuscation processing to obtain obfuscated signature private key

The method specifically comprises the following steps:

the signer performs the encryption algorithm Enc (pk) by running_e,sk_i) To obtain

Wherein

Enc is an encryption algorithm, C_iIs to sk_iIs encrypted, i ∈ {1,2, …, n };

computing

Order to

Wherein x_i1,x_i2Is Z_qOf (a) the randomly selected parameters of (b),

is the obfuscated signature private key.

Optionally, in the step 4, the user uses the obfuscated private signature key

Carries out the process of the message m to be sentGenerating cipher text after message signing

The method specifically comprises the following steps:

judging whether the message m is empty, if so, outputting (p, pk)_e) Otherwise, the following steps are carried out:

obtaining a binary-form bit string m of a parsed message m₁…m_n∈{0,1}ⁿ、pk_e＝(pk_e1,pk_e2) And

wherein m is₁…m_n∈{0,1}ⁿRepresents a 0,1 bit string of length n;

generating an encrypted ciphertext after performing message signing, specifically comprising:

(a) partial signature: random selection of r_i′∈Z_qCalculating partial signatures

Is marked as

Verification equation

Whether the signature is established or not, if so, the signature is valid; otherwise, the signature is invalid; wherein e represents a group G_TPi is a continuous multiplication sign,

is made by fragmenting the obfuscated private key

A calculated partial signature;

(b) and (3) synthesizing a signature: inputting k valid partial signatures

Where the set F is the set {1,2, …, n }And | Φ | ═ k, calculate

Outputting composite signatures

Is marked as

Wherein | Φ | represents the number of elements in the set Φ;

(c) for ciphertext

Re-randomization, calculation

Random selection of Z_qOf (b) element x'₁,x′₂,y′₁,y′₂According to

Calculating by running a rerrandomisation algorithm to obtain

And

output of

Wherein

And

and carrying out re-randomization treatment on the synthesized signature in the form of the ciphertext, wherein the sigma is a continuous plus symbol.

The beneficial effect of this application is:

1. because the application adopts the obfuscation technology, the threshold signer performs obfuscation processing on the private key fragment, the problem that the private key fragment is easy to attack and cause leakage in the prior art is solved, the private key fragment of the signer is effectively protected, and the security of the private key fragment is greatly improved;

2. the confidentiality effect is good: according to the method and the device, under the condition that an attacker breaks through the encrypted threshold signature after operation confusion, the attacker cannot obtain the private key fragment of the threshold signer, so that the communication safety is further improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.

Fig. 1 is a flowchart of an encryption threshold signature method based on obfuscation technology according to the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments.

As shown in fig. 1, an encryption threshold signature method based on obfuscation technology is applied to a cryptographic system based on obfuscation technology, and the method includes:

s101: the trusted third party generates the public parameter p and the private key slice sk of the member according to the Setup algorithm_i(ii) a Wherein said public parameter p is public, private key shard sk_iIs confidential;

the specific expression is as follows:

p＝{q,G,G_T,e,g,g₁,g₂,u′,U,VK}；

sk＝(sk₁,sk₂,…sk_n)；

f(x)＝a₀+a₁x+…+a_k-1x^k-1；

VK＝(g^f(1),g^f(2),…,g^f(n))；

vk_i＝g^f(i)；

where p is a common parameter, G is an addition cyclic group, G_TIs a multiplication cycle group, q is G and G_TE is a bilinear map, G is a generator of G and is obtained by p analysis, a₀,a₁,…,a_kIs Z_qRandom element of (i), U ═ U₁,u₂,…u_n)，g₂,u′,u₁,u₂,…u_nIs a randomly selected element in G,

k is a threshold value, n is the number of participants, Z_qThe class ring is left modulo q.

S102: the information receiver obtains respective encrypted public key pk through an encryption key generation algorithm (KG)_eAnd the decryption private key sk_e；

Specifically, the encrypted public key pk of the receiver is generated according to an encryption key generation algorithm (KG)_eAnd the decryption private key sk_eThe method comprises the following steps:

at Z_qRandomly selecting parameters a and b to obtain an encryption private key sk_e(a, b) and an encrypted public key pk_e＝(pk_e1,pk_e2)＝(g^a,g^b)。

S103: the signer splits the private key sk according to a obfuscation algorithm (Obf)_iPerforming obfuscation processing to obtain obfuscated signature private key

The method specifically comprises the following steps:

the signer performs the encryption algorithm Enc (pk) by running_e,sk_i) To obtain

Wherein

Enc is an encryption algorithm, C_iIs to sk_iIs encrypted, i ∈ {1,2, …, n };

computing

Order to

Wherein x_i1,x_i2Is Z_qOf (a) the randomly selected parameters of (b),

is the obfuscated signature private key.

S104: the user can sign the private key according to the obfuscated signature

Generating ciphertext after carrying out message signature on message m to be sent

And will encrypt the text

And sending the information to the information receiver.

Specifically, the secret key is obtained according to the obfuscated signature

Generating ciphertext after carrying out message signature on message m to be sent

The method comprises the following steps:

judging whether the message m is empty, if so, outputting (p, pk)_e) Otherwise, the following steps are carried out:

obtaining a binary-form bit string m of a parsed message m₁…m_n∈{0,1}ⁿ、pk_e＝(pk_e1,pk_e2) And

wherein m is₁…m_n∈{0,1}ⁿRepresents a 0,1 bit string of length n;

generating an encrypted ciphertext after performing message signing, specifically comprising:

(a) partial signature: r 'is randomly selected'_i∈Z_qCalculating partial signatures

Is marked as

Verification equation

Whether the signature is established or not, if so, the signature is valid; otherwise, the signature is invalid; wherein e represents a group G_TPi is a continuous multiplication sign,

is made by fragmenting the obfuscated private key

A calculated partial signature;

(b) and (3) synthesizing a signature: inputting k valid partial signatures

Where the set F is a subset of the set {1,2, …, n }, and | Φ | ═ k, are calculated

Outputting composite signatures

Is marked as

Wherein | Φ | represents the number of elements in the set Φ;

(c) for ciphertext

Re-randomization, calculation

Random selection of Z_qOf (b) element x'₁,x′₂,y′₁,y′₂According to

Calculating by running a rerrandomisation algorithm to obtain

And

output of

Wherein

And

and carrying out re-randomization treatment on the synthesized signature in the form of the ciphertext, wherein the sigma is a continuous plus symbol.

According to the method and the device, the obfuscation technology is adopted, the threshold signer obfuscates the private key fragments, the problem that the private key fragments are easy to attack and cause leakage in the prior art is solved, the private key fragments of the signer are effectively protected, and the security of the private key fragments is greatly improved.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (5)

1. An encryption threshold signature method based on an obfuscation technology is applied to a cryptosystem based on the obfuscation technology, and is characterized by comprising the following steps:

step 1: the third trusted party generates the public parameter p and the private key slice sk of the member according to the Setup algorithm_i；

Step 2: the information receiver obtains respective encrypted public key pk through an encryption key generation algorithm (KG)_eAnd the decryption private key sk_e；

And step 3: the signer divides the private key into slices sk according to a confusion algorithm_iPerforming obfuscation processing to obtain obfuscated signature private key

And 4, step 4: the user can sign the private key according to the obfuscated signature

Generating ciphertext after carrying out message signature on message m to be sent

And will encrypt the text

And sending the information to the information receiver.

2. A ciphering threshold signature method based on a obfuscation technique as claimed in claim 1, wherein the third trusted party in step 1Generating public parameter p and private key slice sk of member according to Setup algorithm_iThe expression of (a) is:

p＝{q,G,G_T,e,g,g₁,g₂,u′,U,VK}；

sk＝(sk₁,sk₂,…sk_n)；

f(x)＝a₀+a₁x+…+a_k-1x^k-1；

VK＝(g^f(1),g^f(2),…,g^f(n))；

vk_i＝g^f(i)；

where p is a common parameter, G is an addition cyclic group, G_TIs a multiplication cycle group, q is G and G_TE is a bilinear map, G is a generator of G and is obtained by p analysis, a₀,a₁,…,a_kIs Z_qRandom element of (i), U ═ U₁,u₂,…u_n)，g₂,u′,u₁,u₂,…u_nIs a randomly selected element in G,

k is a threshold value, n is the number of participants, Z_qThe class ring is left modulo q.

3. The obfuscation-based encryption threshold signature method of claim 2, wherein the encryption key generation algorithm (KG) in step 2 is specifically:

at Z_qRandomly selecting parameters a and b to obtain an encryption private key sk_e(a, b) and an encrypted public key pk_e＝(pk_e1,pk_e2)＝(g^a,g^b)。

4. A ciphering threshold signature method based on a obfuscation technique as claimed in claim 3, wherein said steps areIn step 3, the signer divides the private key into the sks according to the confusion algorithm_iPerforming obfuscation processing to obtain obfuscated signature private key

The method specifically comprises the following steps:

the signer performs the encryption algorithm Enc (pk) by running_e,sk_i) To obtain

Wherein

Enc is an encryption algorithm, C_iIs to sk_iIs encrypted, i ∈ {1,2, …, n };

computing

Order to

Wherein x_i1,x_i2Is Z_qOf (a) the randomly selected parameters of (b),

is the obfuscated signature private key.

5. An encryption threshold signature method based on obfuscation technique as claimed in claim 4 wherein in step 4 the user is able to sign the private key based on the obfuscated signature

Generating ciphertext after carrying out message signature on message m to be sent

The method specifically comprises the following steps:

judging whether the message m is empty, if so, outputting (p, pk)_e) Otherwise, the following steps are carried out:

obtaining a binary-form bit string m of a parsed message m₁…m_n∈{0,1}ⁿ、pk_e＝(pk_e1,pk_e2) And

wherein m is₁…m_n∈{0,1}ⁿRepresents a 0,1 bit string of length n;

generating an encrypted ciphertext after performing message signing, specifically comprising:

(a) partial signature: random selection of r_i′∈Z_qCalculating partial signatures

Is marked as

Verification equation

Whether the signature is established or not, if so, the signature is valid; otherwise, the signature is invalid; wherein e represents a group G_TPi is a continuous multiplication sign,

is made by fragmenting the obfuscated private key

A calculated partial signature;

(b) and (3) synthesizing a signature: inputting k valid partial signatures

Where the set Φ is a subset of the set {1,2, …, n }, and | Φ | ═ k, are calculated

Outputting composite signatures

Is marked as

Wherein | Φ | represents the number of elements in the set Φ;

(c) for ciphertext

Re-randomization, calculation

Random selection of Z_qOf (b) element x'₁,x′₂,y′₁,y′₂According to pk_e,c₁,c₂,

Calculating by running a rerrandomisation algorithm to obtain

And

output of

Wherein

And

and carrying out re-randomization treatment on the synthesized signature in the form of the ciphertext, wherein the sigma is a continuous plus symbol.

Images