CN113438085B - Efficient attribute-based server auxiliary signature verification method and system - Google Patents

Efficient attribute-based server auxiliary signature verification method and system Download PDF

Info

Publication number
CN113438085B
CN113438085B CN202110702089.6A CN202110702089A CN113438085B CN 113438085 B CN113438085 B CN 113438085B CN 202110702089 A CN202110702089 A CN 202110702089A CN 113438085 B CN113438085 B CN 113438085B
Authority
CN
China
Prior art keywords
signature
attribute
verification
key
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110702089.6A
Other languages
Chinese (zh)
Other versions
CN113438085A (en
Inventor
李继国
陈宇
张亦辰
康曌哲
章如愿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN202110702089.6A priority Critical patent/CN113438085B/en
Publication of CN113438085A publication Critical patent/CN113438085A/en
Application granted granted Critical
Publication of CN113438085B publication Critical patent/CN113438085B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a signature verification method and a signature verification system assisted by a high-efficiency attribute-based server, wherein the signature verification system comprises the following steps: the attribute authorization terminal is used for generating a system master key and a public parameter; the system is also used for generating a private key and an access policy verification public key according to the system master key, the public parameter and the signature end attribute; the server verifies the public key according to the public parameters, converts the signature and calculates an intermediate signature; the signature end is used for calculating a signature according to the private key, the public parameter, the access strategy and the message; the verification terminal is used for converting the secret key, the message and the signature according to the public parameters, and calculating a conversion signature and an intermediate signature; and the method is also used for verifying the validity of the signature according to the public parameters, the intermediate signature, the access strategy, the conversion key. The invention effectively improves the access control and anonymous authentication efficiency of the resource-restricted equipment on the premise of ensuring the reliability.

Description

Efficient attribute-based server auxiliary signature verification method and system
Technical Field
The invention relates to the technical field of use safety of resource-constrained equipment, in particular to a method and a system for verifying an auxiliary signature of a high-efficiency attribute-based server.
Background
The attribute-based signature is a new cryptographic primitive, i.e. a valid signature can be generated only when the user's attributes meet the access policy and the signature does not reveal the identity information of the user. However, there are some attribute-based signatures based on a threshold policy, where the signature algorithm is limited by a threshold, and the access policy of the threshold cannot well perform accurate access control on the attributes of the user. In addition, since a certain number of pairing operations are required in the verification stage, the calculation overhead of the verification algorithm is increased, and a heavy calculation burden is caused for the verifier. Compared with exponential operation, pairing operation is time-consuming, so that the existing ABS scheme is not suitable for devices with limited resources, such as RFID, smart cards and the like.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method and a system for efficient attribute-based server-assisted signature verification, in which the server-assisted user performs a lot of computation overhead in the signature and verification algorithm, and the proposed scheme provides anonymity and non-counterfeitability. Furthermore, the proposed method reduces the computational overhead of the signer and verifier.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a signature method for a high-efficiency attribute-based server-assisted verification signature system comprises the following steps:
step S1: the attribute authorization terminal inputs a security parameter lambda and outputs a system master key MK and a public parameter params;
step S2: the attribute authorization terminal inputs MK, public parameter params and signature terminal attribute omega, and generates verification public key gpk and private key sk ω
Step S3: signature end input private key sk ω Public parameter params, access policy Γ, message M, output signature delta;
step S4: the verification end inputs public parameter params, conversion key tk, message M, signature delta and output conversion signature
Figure GDA0003168374450000021
Step S5: serviceThe device inputs public parameter params and converts signature
Figure GDA0003168374450000022
Verifying public key gpk, outputting an intermediate signature +.>
Figure GDA0003168374450000023
Step S6: the verification end inputs public parameter params and intermediate signature
Figure GDA0003168374450000024
The access policy Γ, the translation key tk, outputs 1 if the signature is valid, otherwise outputs 0.
Further, the step S1 specifically includes the following steps:
step S11: g 1 And G 2 For the multiplicative group of order p, G is G 1 Is a generator of (1). The attribute authorization terminal randomly selects a epsilon Z p Calculate g 1 =g a Wherein Z is p ={0,1,2,…,p-1};
Step S12: attribute authority random selection g 2 ,u′,u 1 ,…,u n ∈G 1 And z=e (g 1 ,g 2 ) Where master key mk=a. The disclosed parameters are: params= (p, G) 1 ,G 2 ,e,g,g 1 ,g 2 ,u′,u 1 ,…,u n ,Z);
Further, in the step S2, the method specifically includes the following steps:
step S21: attribute authority random selection
Figure GDA0003168374450000025
Calculation of a 2 =a-a 1 The method comprises the steps of carrying out a first treatment on the surface of the Then randomly select r E Z p Calculating to obtain->
Figure GDA0003168374450000026
Wherein->
Figure GDA0003168374450000027
Step S22: for each i E omega, the attribute authorization terminal randomly selects r i ∈Z pi ∈Z p Calculation of
Figure GDA0003168374450000028
The private key of the user is sk ω =(d i ,{d i0 ,d i1 } i∈ω );
Step S23: to generate the verification public key gpk for the attribute tree Γ, the attribute authority selects a d x =k x -polynomial q of order 1 x (. Cndot.) wherein k x Is a threshold value, q root (·)=a 1 Is the value of the root node, the other nodes are set to q x (0)=q parent(x) (index (x)). If a polynomial is calculated, a verification public key for the attribute tree Γ
Figure GDA0003168374450000029
Where i=att (x), x is the leaf node;
further, in the step S3, the method specifically includes the following steps:
step S31: the user has a private key sk about the attribute ω ω To generate a message m= {0,1} n Is chosen randomly by the user s e Z p Calculation of
Figure GDA0003168374450000031
Definitions->
Figure GDA0003168374450000032
For attributes on the attribute tree, with respect to arbitrary
Figure GDA0003168374450000033
The user randomly selects r' i ∈Z p Calculate->
Figure GDA0003168374450000034
Step S32: user output signature δ= (δ) 0 ,δ′ 0 ,{δ i0i1 } i∈ω );
Further, in the step S4, the calculation of the user signature specifically includes the following steps:
step S41: after the verification terminal receives the signature delta, randomly selecting t epsilon Z p As a conversion key tk, a conversion signature is calculated
Figure GDA0003168374450000035
Step S42: the verification end sends the conversion signature
Figure GDA0003168374450000036
To the server side.
Further, the step S5 specifically includes the following steps:
step S51: the attribute authority defines a recursive algorithm
Figure GDA0003168374450000037
To verify the signature, where x is the node about the tree. Let i=att (x), if x represents a leaf node, the server side obtains the conversion signature from the verification side
Figure GDA0003168374450000038
Calculation of
Figure GDA0003168374450000039
Step S52: if it is
Figure GDA00031683744500000310
Server side computing
Figure GDA00031683744500000311
/>
Step S53: if it is
Figure GDA00031683744500000312
Server endCalculate->
Figure GDA00031683744500000313
Step S54: if x is a non-leaf node, then the algorithm
Figure GDA0003168374450000041
Is performed as follows. Calculated as +.about.node z for all>
Figure GDA0003168374450000042
Where all nodes z are child nodes of node x. Let S x Represented as having arbitrary k x A set of child nodes z. Let i=index (z) be the index of node z, S' x ={index(z):z∈S x }. server side calculation:
Figure GDA0003168374450000043
server-side computing
Figure GDA0003168374450000044
Wherein T is root Is the value of the recursive algorithm of the root node. Then output->
Figure GDA0003168374450000045
The server sends an intermediate signature->
Figure GDA0003168374450000046
To the verification end.
Step S55: the server signs the intermediate signature
Figure GDA0003168374450000047
And sending the data to the verification terminal.
Step S6: the verification end inputs public parameter params and intermediate signature
Figure GDA0003168374450000048
Access policy Γ, transform key tk, output if signature is validAnd outputting 1, otherwise outputting 0.
Further, the step S6 specifically includes the following steps:
step S61: the verification terminal obtains the intermediate signature from the server terminal
Figure GDA0003168374450000049
And calculate +.>
Figure GDA00031683744500000410
Step S62: verification terminal verifies equation
Figure GDA00031683744500000411
Whether or not it is. If->
Figure GDA00031683744500000412
The signature is valid. Otherwise, the verification end refuses the signature.
An efficient attribute-based server-assisted verification signature system, comprising:
the attribute authorization terminal is used for generating a system master key MK and a public parameter params; the method is also used for generating a verification public key gpk and a private key sk according to a system master key MK, a public parameter params, an access policy gamma and a signature end attribute omega ω
A signature end for receiving the private key sk ω Public parameters params, access policy Γ, message M, calculating signature delta;
a server for verifying public key gpk according to public parameter params and converting signature
Figure GDA0003168374450000051
Calculate intermediate signature +.>
Figure GDA0003168374450000052
A verification terminal for calculating conversion signature according to public parameter params, conversion key tk, message M, signature delta
Figure GDA0003168374450000053
And middle labelName->
Figure GDA0003168374450000054
Also for intermediate signature +/based on public parameter params>
Figure GDA0003168374450000055
The access policy Γ, the translation key tk, verifies the validity of the signature.
Compared with the prior art, the invention has the following beneficial effects:
the invention is designed based on the attribute-based signature, the private key of the user is associated with a group of attributes, the access strategy is embedded in the signature, and if the attributes meet the access strategy, the user can generate an effective signature. The verifying end is confident that a particular signature is created by a set of possible users whose attributes match the access policy so that the identity information of the signer is not revealed. Therefore, the method and the system have strong practicability and wide application prospect in data authentication and privacy protection access control.
Drawings
FIG. 1 is a schematic block diagram of a system in an embodiment of the invention;
FIG. 2 is a schematic diagram of an attribute tree in an embodiment of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings and examples.
Referring to fig. 1, the present invention provides a high-efficiency attribute-based server-assisted verification signature system, comprising:
the attribute authorization terminal is used for generating a system master key MK and a public parameter params; and is also used for generating a verification public key gpk and a private key sk according to the system master key MK, the public parameter params and the signature end attribute omega ω Wherein the verification public key gpk is generated in relation to a specific attribute tree Γ, the attribute tree being denoted as an access policy;
a signature end for receiving the private key sk ω Public parameters params, access policy Γ, message M, calculating signature delta;
the server is used for verifying the public according to the public parameter paramsKey gpk, conversion signature
Figure GDA0003168374450000056
Calculate intermediate signature +.>
Figure GDA0003168374450000057
A verification terminal for calculating conversion signature according to public parameter params, conversion key tk, message M, signature delta
Figure GDA0003168374450000061
And intermediate signature->
Figure GDA0003168374450000062
Also for intermediate signature +/based on public parameter params>
Figure GDA0003168374450000063
The access policy Γ, the translation key tk, verifies the validity of the signature.
Referring to fig. 2, in the present implementation, the attribute tree: an attribute tree Γ is set as an access policy, wherein each non-leaf node is represented by a number of children and a threshold value. num (num) x Expressed as the number of child nodes, k x Representing a threshold value, where 0 < k x ≤num x . Each node represents a threshold value for the attribute, wherein the threshold value is represented as an AND gate (k x =num x ) AND OR gate (k) x =1). Each child node is from 1 to num x And performing marking index. The function index (x) responds to values associated with node x, where the index value is distributed only to the nodes of the attribute tree. The function parent (x) represents the parent node index value of node x. Each leaf node of the tree is represented as an attribute and the threshold value is defined as k x =1, the function att (x) represents the index of leaf node x.
The embodiment also provides a signature verification method assisted by the high-efficiency attribute-based server, which comprises the following steps:
step S1: the attribute authority inputs the security parameter lambda and outputs the system master key MK and the public parameter params.
In this embodiment, the step S1 specifically includes the following steps:
step S11: g 1 And G 2 For the multiplicative group of order p, G is G 1 Is a generator of (1). The attribute authorization terminal randomly selects a epsilon Z p Calculate g 1 =g a Wherein Z is p ={0,1,2,…,p-1};
Step S12: attribute authority random selection g 2 ,u′,u 1 ,…,u n ∈G 1 And z=e (g 1 ,g 2 ) Where master key mk=a. The disclosed parameters are: params= (p, G) 1 ,G 2 ,e,g,g 1 ,g 2 ,u′,u 1 ,…,u n ,Z);
Step S2: the attribute authorization terminal inputs MK, public parameter params, access strategy gamma and signature terminal attribute omega, and generates verification public key gpk and private key sk ω
In this embodiment, the attribute authority generates the user's private key sk using a set of attributes ω And verifying the public key gpk, which specifically comprises the following steps:
step S21: random selection for attribute authority
Figure GDA0003168374450000064
Calculation of a 2 =a-a 1 The method comprises the steps of carrying out a first treatment on the surface of the Then randomly select r E Z p Calculating to obtain->
Figure GDA0003168374450000065
Wherein->
Figure GDA0003168374450000066
Step S22: for each i E omega, the attribute authorization terminal randomly selects r i ∈Z pi ∈Z p Calculation of
Figure GDA0003168374450000071
The private key of the user is sk ω =(d i ,{d i0 ,d i1 } ω );/>
Step S23: to generate the verification public key gpk for a particular attribute tree Γ, the authorizing terminal selects one d x =k x -polynomial q of order 1 x (. Cndot.) wherein k x Is a threshold value, q root (·)=a 1 Is the value of the root node, the other nodes are set to q x (0)=q parent(x) (index (x)). If a polynomial is calculated, a verification public key for the attribute tree Γ
Figure GDA0003168374450000072
Where i=att (x), x is the leaf node;
step S3: signature end input private key sk ω The public parameter params, the access policy Γ, the message M, the output signature δ.
In this embodiment, the signature end uses the private key sk ω And attribute set omega, generating signature delta of message M, comprising the following steps:
step S31: the signing end has a private key sk about an attribute omega ω To generate a message m= {0,1} n Is signed, signature end randomly selects s epsilon Z p Calculation of
Figure GDA0003168374450000073
Definitions->
Figure GDA0003168374450000074
For the attribute associated with the attribute tree, about any +.>
Figure GDA0003168374450000075
Signature end randomly selects r' i ∈Z p Calculate->
Figure GDA0003168374450000076
Step S32: signature end outputs signature delta= (delta) 0 ,δ′ 0 ,{δ i0i1 } i∈ω );
Step S4: the verification end inputs public parameter params, conversion key tk, message M, signature delta and output conversion signature
Figure GDA0003168374450000077
In this embodiment, the step S4 specifically includes the following steps:
step S41: after the verification terminal receives the signature delta, randomly selecting t epsilon Z p As a conversion key tk, a conversion signature is calculated
Figure GDA0003168374450000078
Step S42: the verification end sends the conversion signature
Figure GDA0003168374450000079
To the server.
Step S5: the server inputs public parameter params and converts signature
Figure GDA00031683744500000710
Outputting an intermediate signature +.>
Figure GDA00031683744500000711
In this embodiment, the step S5 specifically includes the following steps:
step S51: the attribute authority defines a recursive algorithm
Figure GDA0003168374450000081
To verify the signature, where x is the node about the tree, let i=att (x), if x represents the leaf node, the server side obtains the conversion signature from the verification side +.>
Figure GDA0003168374450000082
Calculate->
Figure GDA0003168374450000083
Step S52: if it is
Figure GDA0003168374450000084
Server side computing
Figure GDA0003168374450000085
Step S53: if it is
Figure GDA0003168374450000086
Server side computation +.>
Figure GDA0003168374450000087
/>
Step S54: if x is a non-leaf node, then the algorithm
Figure GDA0003168374450000088
Is performed as follows. Calculated as +.about.node z for all>
Figure GDA0003168374450000089
Where all nodes z are child nodes of node x. Let S x Represented as having arbitrary k x A set of child nodes z. Let i=index (z) be the index of node z, S' x ={index(z):z∈S x }. And (3) calculating at a server side:
Figure GDA00031683744500000810
server-side computing
Figure GDA0003168374450000091
Wherein T is root Is the value of the recursive algorithm of the root node. Then output->
Figure GDA0003168374450000092
The server sends an intermediate signature->
Figure GDA0003168374450000093
To the verification end.
Step S55: the server signs the intermediate signature
Figure GDA0003168374450000094
And sending the data to the verification terminal.
Step S6: verifier inputs public parameter params, intermediate signature
Figure GDA0003168374450000095
The access policy Γ, the translation key tk, outputs 1 if the signature is valid, otherwise outputs 0.
Step S61: the verification end obtains the intermediate signature from the server
Figure GDA0003168374450000096
And calculate +.>
Figure GDA0003168374450000097
Step S62: verification terminal verifies equation
Figure GDA0003168374450000098
Whether or not it is. If->
Figure GDA0003168374450000099
The signature is valid. Otherwise, the verification end refuses the signature.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the invention in any way, and any person skilled in the art may make modifications or alterations to the disclosed technical content to the equivalent embodiments. However, any simple modification, equivalent variation and variation of the above embodiments according to the technical substance of the present invention still fall within the protection scope of the technical solution of the present invention.

Claims (3)

1. The high-efficiency attribute-based server assisted signature verification method is characterized by comprising the following steps of:
step S1: the attribute authorization terminal inputs a security parameter lambda and outputs a system master key MK and a public parameter params;
step S2: attribute authorization end input MK, public parameter pThe arams, the access policy Γ and the signature end attribute ω generate a verification public key gpk and a private key sk ω
Step S3: signature end input private key sk ω Public parameter params, access policy Γ, message M, output signature sigma; the attribute tree is represented as an access policy Γ;
step S4: the verification end inputs public parameter params, conversion key tk, message M, signature delta and output conversion signature
Figure FDA0004162862350000011
Step S5: the server inputs public parameter params and converts signature
Figure FDA0004162862350000012
Verifying public key gpk, outputting an intermediate signature +.>
Figure FDA0004162862350000013
Step S6: the verification end inputs public parameter params and intermediate signature
Figure FDA0004162862350000014
Accessing policy Γ, converting key tk, outputting 1 if signature is valid, otherwise outputting 0;
the step S1 specifically comprises the following steps:
step S11: set G 1 And G 2 For the multiplicative group of order p, G is G 1 The attribute authorization terminal randomly selects a E Z p Calculate g 1 =g a Wherein Z is p ={0,1,2,…,p-1};
Step S12: attribute authority random selection g 2 ,u',u 1 ,…,u n ∈G 1 And z=e (g 1 ,g 2 ) Where master key mk=a, the public parameters are: params= (p, G) 1 ,G 2 ,e,g,g 1 ,g 2 ,u',u 1 ,…,u n ,Z);
The step S2 specifically includes the following steps:
step S21: random selection for attribute authority
Figure FDA0004162862350000015
Calculation of a 2 =a-a 1 The method comprises the steps of carrying out a first treatment on the surface of the Then randomly select r E Z p Calculating to obtain->
Figure FDA0004162862350000016
Wherein->
Figure FDA0004162862350000017
Step S22: for each i E omega, the attribute authorization terminal randomly selects r i ∈Z p ,β i ∈Z p Calculation of
Figure FDA0004162862350000018
The private key of the user is sk ω =(d i ,{d i0 ,d i1 } i∈ω );
Step S23: the attribute authorization terminal selects a d x =k x -polynomial q of order 1 x (. Cndot.) wherein k x Is a threshold value, q root (·)=a 1 Is the value of the root node, the other nodes are set to q x (0)=q parent(x) (index (x)); if a polynomial is calculated, a verification public key for the attribute tree Γ
Figure FDA0004162862350000021
Where i=att (x), x is the leaf node;
in the step S3, the calculation of the user signature specifically includes the following steps:
step S31: the user has a private key sk about a signature end attribute omega ω To generate a message m= {0,1} n Is chosen randomly by the user s e Z p Calculation of
Figure FDA0004162862350000022
δ 0 '=g s Definitions->
Figure FDA0004162862350000023
For attributes related to the attribute tree, with respect to any
Figure FDA0004162862350000024
User randomly selects r i '∈Z p Calculate->
Figure FDA0004162862350000025
Step S32: user output signature δ= (δ) 0 ,δ' 0 ,{δ i0i1 } i∈ω );
The step S4 specifically includes the following steps:
step S41: after the verification terminal receives the signature delta, randomly selecting t epsilon Z p As a conversion key tk, a conversion signature is calculated
Figure FDA0004162862350000026
Step S42: the verification end sends the conversion signature
Figure FDA0004162862350000027
Feeding the server side;
the step S5 specifically includes the following steps:
step S51: the attribute authority defines a recursive algorithm
Figure FDA0004162862350000028
To verify the signature, where x is the node about the tree, let i=att (x), if x represents the leaf node, the server side obtains the conversion signature from the verification side +.>
Figure FDA0004162862350000029
Calculate->
Figure FDA00041628623500000210
Step S52: if it is
Figure FDA00041628623500000211
Server side computing
Figure FDA0004162862350000031
Step S53: if it is
Figure FDA0004162862350000032
Server side computation +.>
Figure FDA0004162862350000033
Step S54: if x is a non-leaf node, then the algorithm
Figure FDA0004162862350000034
Is performed as follows; calculated as +.about.node z for all>
Figure FDA0004162862350000035
Wherein all nodes z are child nodes of node x; let S x Represented as having arbitrary k x A sub-node z set; let i=index (z) be the index of node z, S' x ={index(z):z∈S x }. server side calculation:
Figure FDA0004162862350000036
server-side computing
Figure FDA0004162862350000037
Wherein T is root Is the value of the root node's recursive algorithm; then output
Figure FDA0004162862350000038
The server sends an intermediate signature->
Figure FDA00041628623500000311
To the verification end.
2. The method for assisting in verifying signatures by using a high-efficiency attribute-based server as set forth in claim 1, wherein the step S6 comprises the steps of:
step S61: the verification terminal obtains the intermediate signature from the server terminal
Figure FDA0004162862350000039
And calculate +.>
Figure FDA00041628623500000310
Step S62: verification terminal verifies equation
Figure FDA0004162862350000041
Whether or not to establish; if->
Figure FDA0004162862350000042
And if the signature is valid, the verification terminal refuses the signature.
3. A system for implementing the efficient attribute-based server-assisted signature verification method of claim 1 or 2, comprising:
the attribute authorization terminal is used for generating a system master key MK and a public parameter params; and is also used for generating a verification public key gpk and a private key sk according to the system master key MK, the public parameter params and the signature end attribute omega ω Wherein the verification public key gpk is generated based on a specific attribute tree, the attribute tree being denoted as an access policy Γ;
a signature end for receiving the private key sk ω Public parameters params, access policy Γ, message M, calculating signature delta;
a server for according to the public parametersParams, verify public key gpk, convert signature
Figure FDA0004162862350000043
Calculate intermediate signature +.>
Figure FDA0004162862350000044
A verification terminal for calculating conversion signature according to public parameter params, conversion key tk, message M, signature delta
Figure FDA0004162862350000045
And intermediate signature->
Figure FDA0004162862350000046
Also for intermediate signature +/based on public parameter params>
Figure FDA0004162862350000047
The access policy Γ, the translation key tk, verifies the validity of the signature. />
CN202110702089.6A 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system Active CN113438085B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110702089.6A CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110702089.6A CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Publications (2)

Publication Number Publication Date
CN113438085A CN113438085A (en) 2021-09-24
CN113438085B true CN113438085B (en) 2023-05-19

Family

ID=77753780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110702089.6A Active CN113438085B (en) 2021-06-24 2021-06-24 Efficient attribute-based server auxiliary signature verification method and system

Country Status (1)

Country Link
CN (1) CN113438085B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174239B (en) * 2022-07-14 2023-05-05 福建师范大学 Traceable and forward secure attribute-based signature system and method with fixed length

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more
WO2019214942A1 (en) * 2018-05-10 2019-11-14 Telecom Italia S.P.A. Protecting signaling messages in hop-by-hop network communication link
CN111404685A (en) * 2020-04-17 2020-07-10 山东确信信息产业股份有限公司 Attribute-based signature method and system
JP2020149003A (en) * 2019-03-15 2020-09-17 三菱電機株式会社 Signing device, verification device, method for signing, method for verification, signing program, and verification program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019214942A1 (en) * 2018-05-10 2019-11-14 Telecom Italia S.P.A. Protecting signaling messages in hop-by-hop network communication link
JP2020149003A (en) * 2019-03-15 2020-09-17 三菱電機株式会社 Signing device, verification device, method for signing, method for verification, signing program, and verification program
CN110113156A (en) * 2019-04-30 2019-08-09 福建师范大学 A kind of traceable layering authorizes ciphertext policy ABE base authentication method more
CN111404685A (en) * 2020-04-17 2020-07-10 山东确信信息产业股份有限公司 Attribute-based signature method and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds;Sana Belguith 等;《Journal of Parallel and Distributed Computing》;全文 *
Server-Aided Attribute-Based Signature With Revocation for Resource-Constrained Industrial-Internet-of-Things Devices;Hui Cui;《IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS》;第第14卷卷(第第8期期);全文 *
高效的属性基远程证明方案(英文);张亦辰 等;《INFORMATION SECURITY》;全文 *

Also Published As

Publication number Publication date
CN113438085A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
CN107948143B (en) Identity-based privacy protection integrity detection method and system in cloud storage
Chase et al. Algebraic MACs and keyed-verification anonymous credentials
US9882890B2 (en) Reissue of cryptographic credentials
CN106130716B (en) Key exchange system and method based on authentication information
CN110113156B (en) Traceable hierarchical multi-authorization ciphertext policy attribute-based authentication method
CN106341232A (en) Anonymous entity identification method based on password
CN115174104A (en) Attribute-based online/offline signature method and system based on secret SM9
CN113536378A (en) Traceable attribute-based cleanable signature method and system
CN113438085B (en) Efficient attribute-based server auxiliary signature verification method and system
WO2016072057A1 (en) Encrypted text matching system, method, and storage medium
CN113919008A (en) Traceable attribute-based signature method and system with fixed signature length
CN111404685B (en) Attribute-based signature method and system
Li et al. A forward-secure certificate-based signature scheme
CN113630254B (en) ECDSA-based generalized assignment verifier signature proving method and system
CN116318736A (en) Two-level threshold signature method and device for hierarchical management
CN110661816A (en) Cross-domain authentication method based on block chain and electronic equipment
CN113708927B (en) General assignment verifier signature proving system based on SM2 digital signature
CN115865330A (en) Method and medium for supervising on-chain information modification based on block chain
CN115174239B (en) Traceable and forward secure attribute-based signature system and method with fixed length
CN114172654B (en) Distributed attribute-based server assisted signature system and method
CN111711524A (en) Certificate-based lightweight outsourcing data auditing method
JP2012516604A (en) Method, apparatus, computer program, and data processing system for providing a cryptographic accumulator indicating a collection of data items in a data processing system (validation of data items in a data processing system)
Tsai et al. A Secure Group Signature Scheme.
CN114189340B (en) Attribute-based signature method based on prime order group
CN113761592B (en) Fuzzy identity-based data integrity detection method in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant