CN114362921B - Improved two-round multiple chameleon hash function calculation method and system - Google Patents

Improved two-round multiple chameleon hash function calculation method and system Download PDF

Info

Publication number
CN114362921B
CN114362921B CN202111667420.1A CN202111667420A CN114362921B CN 114362921 B CN114362921 B CN 114362921B CN 202111667420 A CN202111667420 A CN 202111667420A CN 114362921 B CN114362921 B CN 114362921B
Authority
CN
China
Prior art keywords
aggregator
hash
calculates
public key
hash function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111667420.1A
Other languages
Chinese (zh)
Other versions
CN114362921A (en
Inventor
王伟兵
魏金雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN202111667420.1A priority Critical patent/CN114362921B/en
Publication of CN114362921A publication Critical patent/CN114362921A/en
Application granted granted Critical
Publication of CN114362921B publication Critical patent/CN114362921B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an improved two-round multiple chameleon hash function calculation method and system, which belong to the technical field of block chains and cryptography, wherein the method comprises the steps of firstly, carrying out safety setting and distributed key generation, and preparing basic data for the calculation of the multiple chameleon hash function; then hash calculation is carried out by using the aggregation public key, and the result is (C, m, r, s): a hash value, a message and two random numbers respectively; and then carrying out distributed collision searching: each party P i selects v random numbers and calculates a commitment (r' i,1,…,r′i,v) to send to the aggregator; the aggregator calculates v random numbers (r' 1,...,r′v) and sends the v random numbers to each party; each party calculates a global random number r ', collision share s ' i, and sends s ' i to the aggregator; the aggregator computes hash collisions (r ', s'). The invention can not broadcast the message any more among all parties, but send the message to the aggregator, thus the communication burden can be obviously reduced.

Description

Improved two-round multiple chameleon hash function calculation method and system
Technical Field
The invention relates to the technical field of blockchain and cryptography, in particular to an improved two-round multiple chameleon hash function calculation method and system.
Background
The chameleon hash function (chameleon hash function), also known as trapdoor hash function, was first developed by Krawczyk and Rabin. By "chameleon" is meant that the owner of trapdoor information can change the input of the function at will without changing the output of the function. In the chameleon hash function, a person who grasps trapdoor information can easily calculate a randomly input collision, and a person who does not grasp trapdoor information cannot calculate the collision.
The application also provides that the two rounds of multiple chameleon hash function algorithm is certainly effective, and the adopted communication model is also common safe multiparty calculation, threshold signature and multiple signature are widely adopted. However, as the number of participants increases, the number of communication messages will increase as the square of the number of participants, which is prone to message flooding and blocking communications or reducing communications efficiency, and threatens the usability of the overall protocol.
The general secure multiparty computation and threshold signature all use a broadcast model. In actual operation, however, the broadcast model can only be used in a scenario with fewer participants, who are more likely to cause message flooding.
Disclosure of Invention
The technical task of the invention is to provide an improved two-round multiple chameleon hash function calculation method and system aiming at the defects, and a centralized aggregator role is introduced, so that messages are not broadcasted between all parties, but are sent to an aggregator, and the communication burden can be remarkably reduced.
The technical scheme adopted for solving the technical problems is as follows:
An improved two-round multiple chameleon hash function calculation method comprises the steps of firstly, carrying out safety setting and distributed key generation, and preparing basic data for the calculation of the multiple chameleon hash function;
Then hash calculation is carried out by using the aggregation public key, and the result is (C, m, r, s): a hash value, a message and two random numbers respectively;
And then carrying out distributed collision searching:
1) Each party P i selects v random numbers and calculates a commitment (r' i,1,…,r′i,v) to send to the aggregator, wherein v is more than or equal to 2;
2) The aggregator carries out linear combination on n x v random number promises, calculates v random numbers (r' 1,...,r′v) and sends the v random numbers to each party;
3) Each party calculates a global random number r ' using the received (r ' 1,...,r′v), calculates a collision share s ' i using r ' and the local secret share, and sends s ' i to the aggregator;
4) The aggregator calculates the hash collision (r ', s') using the n received hash collision shares s 'i and (r' 1,...,r′v), 1.ltoreq.i.ltoreq.n.
The method introduces the role of an aggregator. In a general two-round multiple chameleon hash algorithm, broadcasting communication is used among all parties, and when many parties participate, message flooding is easy to generate, so that the calculation efficiency is reduced. In the method, an aggregator role is newly introduced, and each party does not broadcast the calculated intermediate result (random number share and collision share) any more, but directly sends the intermediate result to the aggregator, so that the number of messages exchanged by each party is in a linear relation with the number of participants, rather than in a square relation, and the communication complexity is greatly reduced.
The two rounds of multi-chameleon hash function algorithm adopts a broadcast model like the common safe multiparty calculation and threshold signature. In actual operation, however, the broadcast model can only be used in a scenario with fewer participants, who are more likely to cause message flooding. A "centralized" aggregator role can be introduced in which messages are not broadcast between parties, but are sent to the aggregator, and the communication burden can be significantly reduced. It should be noted that the aggregator must be not trusted, i.e. executing the protocol cannot reveal secret information of the parties to the aggregator.
Further, the implementation process of the method is as follows:
S1, safety setting;
s2, generating a distributed key and aggregating the distributed key with a public key;
S3, calculating a hash value: inputting m, outputting C, r and s;
S4, checking hash values: detection of
S5, searching for distributed collision.
Preferably, the security arrangement comprises:
Designating a safe prime number p of bit length K, p=2q+1, where Q is also prime, and one generator g of the quadratic residue subgroup Q p of Z * p, i.e., g has the order Q;
h, a hash function against collision, mapping bit strings of arbitrary length to a fixed length string H: {0,1} - {0,1} T, T is a pre-selected security parameter, then H (x 1,...,xn) represents a hash of n inputs in series;
v, the number of random numbers sent by each party in the first round;
Assuming that n participants hold trapdoor information together, they should have the same security settings, i.e., p, q, g, H () above should be disclosed among the n participants;
the aggregator is denoted by P 0 and does not need to generate a random number or hold a share of the private key.
Preferably, the distributed key generation,
Each parameter party P i (i is more than or equal to 1 and less than or equal to n) selects a random number x i in [1, q-1] as own private key share, and calculatesAs a public key share, broadcast y i; all participants receive the public key shares of others and calculate an aggregate public key:
Where y i is the public key share of n participants, a i=H(<L>,yi),<L>={y1,...,yn is the ordered public key set of all participants, so that a i will depend only on the public key shares of the participants, all participants and external users can calculate and check the validity of the aggregated public key;
Called the aggregated public key, a i is the public key aggregation coefficient of P i;
the aggregator P 0 is also in broadcast range, also receives the public key share and calculates the aggregated public key Public key aggregation is a computation that occurs at low frequency and requires little communication efficiency, so broadcast communication is still employed.
Preferably, the hash value is calculated as follows:
Order the The input is message m, randomly and consistently selects a random value pair (r, s) ∈z q×Zq, and calculates:
e=h (m, r) and c=hash (m, r, s) =r (y egs mod p) mod q,
The total output is (C, m, r, s);
The checking for hash values is as follows:
Taking (C, m, r, s), calculating e=h (m, r) first, then calculating C' =hash (m, r, s) =r (y egs mod p) mod q, and checking If the equation is satisfied, the hash value is checked and calculated.
Preferably, let the participant be P 1, the calculation logic of other participants is similar, if each party receives the same input hash value C and new message m' to be collided, the specific process of distributed collision search is as follows:
1) P 1 selects v random numbers k 1,j E [1, q-1] where j E {1, calculation of v }
Issuing v random number commitments (r' 1,1,...,r′1,v) to the aggregator; v is a security parameter determined in the security setting, in general v=2 is sufficiently secure;
2) The aggregator receives (r' 1,1,...,r′1,v),...,(r′n,1,...,r′n,v) from the parties, calculates v by e { 1.. Aggregate them and output as (r' 1,...,r′v); the aggregator sends (r' 1,...,r′v) to the parties;
3) Each party receives (r' 1,...,r′v) from the aggregator, calculates
Then calculate
Wherein a 1 is the public key aggregation coefficient of P 1, x 1 is the private key share of P 1, and e ', r ' and m ' are the same;
S 1 'is sent to the aggregator, and other participants respectively send s 2',...,sn' to the aggregator;
4) Finally, after the aggregator receives s 1′,s2′,...,sn' from other parties, it calculates
The aggregator also calculates r 'using equation ① so that the aggregator calculates the Hash collision (r', s ') and satisfies c=hash (m, r, s) =hash (m', r ', s').
Let C denote the output of the chameleon Hash on the input triplet (m, r, s), the collision lookup being the calculation of the collision (r ', s ') by the known Hash C and the new message m ', n participants by a customized multi-party calculation protocol, such that Hash (m, r, s) =hash (m ', r ', s '), i.e. c=c '. C and m ' are deterministic inputs, and r ' and s ' are required to be calculated.
The chameleon hash function is also known as trapdoor hash function, and only those who know trapdoors can calculate collisions (referred to herein as r 'and s' that satisfy the equation). In the multiple chameleon hash protocol trapdoor information is commonly held by n participants, and only co-operation can find collisions (r ', s').
Further, the process of checking the correctness is as follows:
The objective of the multiparty collaborative calculation is to find r ', s', let c=r '(y e′gs' mod p) mod q,
Substitution intoThe method comprises the following steps:
Substitution into Obtaining the formula (1):
splitting the equation (y e′gs′ mod p) mod q into input combinations for each party:
Substitution into The method comprises the following steps:
Substitution into The method comprises the following steps:
Substitution into The method comprises the following steps:
due to g a+b=gagb:
and applying the exchange law and the combination law to obtain:
I.e.
Substitution intoThe method comprises the following steps:
I.e.
Substitution intoObtaining the formula (2):
substituting formula (2) into formula (1) can be seen as:
By applying the exchange law and the combination law, the following can be obtained:
C=C。
The invention also claims an improved two-round multi-chameleon hash function computing system which comprises a security setting module, a distributed key generating module, a hash value computing module, a hash value checking module and a distributed collision searching module,
The system realizes the improved two-round multiple chameleon hash function calculation method.
The invention also claims an improved two-round multi-chameleon hash function calculation device, which comprises: at least one memory and at least one processor;
The at least one memory for storing a machine readable program;
The at least one processor is configured to invoke the machine-readable program to perform the improved two-round multiple chameleon hash function calculation method described above.
The present invention also claims a computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the improved two-round multiple chameleon hash function calculation method described above.
Compared with the prior art, the improved two-round multi-chameleon hash function calculation method and system have the following beneficial effects:
The method reduces the number of communication messages by introducing an aggregator role, optimizes the relation between the number of messages exchanged by multiple parties and the number of participants to increase from the square number increase of the number of parameter participants to the linear increase according to the number of the participants.
And moreover, a new communication model introduced into an aggregator has good compatibility with an endorsement mechanism of some alliance chains, and is easier to fuse with a blockchain technology. In some federation chain consensus mechanisms, blockchain clients request endorsement signatures from each endorsement node, a natural aggregator.
Drawings
Fig. 1 is a flowchart illustrating an implementation of an improved two-round multiple chameleon hash function calculation method according to an embodiment of the present invention.
Detailed Description
The invention will be further described with reference to the drawings and the specific examples.
An improved two-round multiple chameleon hash function calculation method comprises the steps of firstly, carrying out safety setting and distributed key generation, and preparing basic data for the calculation of the multiple chameleon hash function;
Then hash calculation is carried out by using the aggregation public key, and the result is (C, m, r, s): a hash value, a message and two random numbers respectively;
And then carrying out distributed collision searching:
1) Each party P i selects v (v is more than or equal to 2) random numbers, calculates a commitment (r' i,1,…,r′i,v) and sends the commitment to the aggregator;
2) The aggregator carries out linear combination on n x v random number promises, calculates v random numbers (r' 1,...,r′v) and sends the v random numbers to each party;
3) Each party calculates a global random number r ' using the received (r ' 1,...,r′v), calculates a collision share s ' i using r ' and the local secret share, and sends s ' i to the aggregator;
4) The aggregator calculates the hash collision (r ', s') using the n received hash collision shares s 'i and (r' 1,...,r′v), 1.ltoreq.i.ltoreq.n.
In the method, a 1-to-n communication model suitable for multi-chameleon hash is provided, and the role of an aggregator is utilized to avoid message broadcasting. The random number (r '1,...,r′v) and the hash collision s' are computed by the aggregator, rather than by the parties as is common in distributed protocols such as threshold signatures, multiple signatures, etc.
The method introduces the role of an aggregator. In a general two-round multiple chameleon hash algorithm, broadcasting communication is used among all parties, and when many parties participate, message flooding is easy to generate, so that the calculation efficiency is reduced. In the method, an aggregator role is newly introduced, and each party does not broadcast the calculated intermediate result (random number share and collision share) any more, but directly sends the intermediate result to the aggregator, so that the number of messages exchanged by each party is in a linear relation with the number of participants, rather than in a square relation, and the communication complexity is greatly reduced.
The two rounds of multi-chameleon hash function algorithm adopts a broadcast model like the common safe multiparty calculation and threshold signature. In actual operation, however, the broadcast model can only be used in a scenario with fewer participants, who are more likely to cause message flooding. A "centralized" aggregator role can be introduced in which messages are not broadcast between parties, but are sent to the aggregator, and the communication burden can be significantly reduced. It should be noted that the aggregator must be not trusted, i.e. executing the protocol cannot reveal secret information of the parties to the aggregator.
As shown in fig. 1, the implementation process of the method is as follows:
S1, safety setting;
s2, generating a distributed key and aggregating the distributed key with a public key;
S3, calculating a hash value: inputting m, outputting C, r and s;
S4, checking hash values: detection of
S5, distributed collision searching:
Each direction aggregator sends v random number commitments (r' i,1,…,r′i,v);
The aggregator aggregates the n x v random numbers into v random numbers (r' 1,...,r′v) and sends the v random numbers to each party;
Each party calculates collision s 'i by using the received random number promise and the local private key share and sends the collision s' i to the aggregator;
the aggregator calculates the hash collisions r ', s' using the n collision shares.
The method comprises the following steps:
1. And (3) safety setting:
Designating a safe prime number p of bit length K, p=2q+1, where Q is also prime, and one generator g of the quadratic residue subgroup Q p of Z * p, i.e., g has the order Q;
H, a hash function against collision, mapping bit strings of arbitrary length to a fixed length string H: {0,1} - {0,1} T, T is a pre-selected security parameter, then H (x 1,...,xn) below represents a hash of n inputs in series;
v, the number of random numbers (nonces) sent by each party in the first round, as MuSig < 2 > proves, v=2 is sufficient;
Assuming that n participants hold trapdoor information together, they should have the same security settings, i.e., p, q, g, H () above should be disclosed among the n participants;
the aggregator is denoted by P 0 and does not need to generate a random number or hold a share of the private key.
2. Distributed key generation:
Each parameter party P i (i is more than or equal to 1 and less than or equal to n) selects a random number x i in [1, q-1] as own private key share, and calculates As a public key share, broadcast y i; all participants receive the public key shares of others and calculate an aggregate public key:
Where y i is the public key share of n participants, a i=H(<L>,yi),<L>={y1,...,yn is the ordered public key set of all participants, so that a i will depend only on the public key shares of the participants, all participants and external users can calculate and check the validity of the aggregated public key;
Called the aggregated public key, a i is the public key aggregation coefficient of P i;
the aggregator P 0 is also in broadcast range, also receives the public key share and calculates the aggregated public key Public key aggregation is a computation that occurs at low frequency and requires little communication efficiency, so broadcast communication is still employed.
3. And (3) calculating a hash value:
Order the The input is message m, randomly and consistently selects a random value pair (r, s) ∈z q×Zq, and calculates:
e=h (m, r); and c=hash (m, r, s) =r (y egs mod p) mod q,
The total output is (C, m, r, s), which is a hash value, a message and two random numbers, respectively;
4. Hash value checking:
Taking (C, m, r, s), calculating e=h (m, r) first, and then calculating C' =hash (m, r, s) =r (y egs mod p) mod q; checking calculation If the equation is satisfied, the hash value is checked and calculated.
5. Distributed collision lookup:
Let C denote the output of the chameleon Hash on the input triplet (m, r, s), the collision lookup being the calculation of the collision (r ', s ') by the known Hash C and the new message m ', n participants by a customized multi-party calculation protocol, such that Hash (m, r, s) =hash (m ', r ', s '), i.e. c=c '. C and m ' are deterministic inputs, and r ' and s ' are required to be calculated.
The chameleon hash function is also known as trapdoor hash function, and only those who know trapdoors can calculate collisions (referred to herein as r 'and s' that satisfy the equation). In the multiple chameleon hash protocol trapdoor information is commonly held by n participants, and only co-operation can find collisions (r ', s').
Taking party P 1 as an example, the computational logic of the other parties is similar, assuming that if each party receives the same input hash value C and new message m' for which the collision is to be calculated.
1) P 1 selects v random numbers k1, j ε [1, q-1] where j ε {1, …, v }, calculate
Issuing v random number commitments (r' 1,1,…,r′1,v) to the aggregator; v is a security parameter determined in the security setting, in general v=2 is sufficiently secure;
2) The aggregator receives (r' 1,1,…,r′1,v),…,(r′n,1,…,r′n,v) from the parties, calculates v by e { 1.. Aggregate them and output as (r' 1,...,r′v); the aggregator sends (r' 1,...,r′v) to the parties;
3) Each party receives (r' 1,...,r′v) from the aggregator, calculates
Then calculate
Wherein a 1 is the public key aggregation coefficient of P 1, x 1 is the private key share of P 1, and e ', r ' and m ' are the same;
S 1 'is sent to the aggregator, and other participants respectively send s 2′,...,sn' to the aggregator;
4) Finally, after the aggregator receives s 1′,s2′,…,sn' from other parties, it calculates
The aggregator also calculates r 'using equation ① so that the aggregator calculates the Hash collision (r', s ') and satisfies c=hash (m, r, s) =hash (m', r ', s').
Checking accuracy:
the objective of multiparty collaborative computing is to find r ', s' such that c=r '(y e′gs' mod p) mod q, that is:
splitting the equation (y e′gs' mod p) mod q into input combinations for each participant:
substituting formula (2) into formula (1) can be seen as:
The two rounds of multiple chameleon hash function algorithm is certainly effective, and the adopted communication model is also widely adopted by general safe multiparty calculation, threshold signature and multiple signature. However, as the number of participants increases, the number of communication messages will increase as the square of the number of participants, which is prone to message flooding and blocking communications or reducing communications efficiency, and threatens the usability of the overall protocol.
The method improves the multi-chameleon Hash collision calculation protocol, improves a communication model, does not use a broadcast communication model any more, introduces an aggregator role, does not broadcast messages among all parties, and sends the messages to an aggregator, wherein the increase of the messages under the model and the number of the participants are in a linear relation, so that the communication pressure can be greatly reduced. In addition, the new communication model has good compatibility with the endorsement mechanism of some alliance chains, and is easier to fuse with the blockchain technology.
The embodiment of the invention also provides an improved two-round multi-chameleon hash function computing system which comprises a security setting module, a distributed key generating module, a hash value computing module, a hash value checking module and a distributed collision searching module,
The system realizes the improved two-round multi-chameleon hash function calculation method in the embodiment of the invention.
The embodiment of the invention also provides an improved two-wheel multi-chameleon hash function calculation device, which comprises: at least one memory and at least one processor;
The at least one memory for storing a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the improved two-round multiple chameleon hash function calculation method described in the above embodiments of the present invention.
The embodiment of the invention also provides a computer readable medium, wherein the computer readable medium is stored with computer instructions, and when the computer instructions are executed by a processor, the processor is caused to execute the improved two-round multiple chameleon hash function calculation method in the embodiment of the invention. Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of storage media for providing program code include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs, DVD+RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion unit connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion unit is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
While the invention has been illustrated and described in detail in the drawings and in the preferred embodiments, the invention is not limited to the disclosed embodiments, and it will be appreciated by those skilled in the art that the code audits of the various embodiments described above may be combined to produce further embodiments of the invention, which are also within the scope of the invention.

Claims (9)

1. An improved two-round multiple chameleon hash function calculation method is characterized in that firstly, safety setting and distributed key generation are carried out, and basic data are prepared for the calculation of the multiple chameleon hash function;
Then hash calculation is carried out by using the aggregation public key, and the result is (C, m, r, s): a hash value, a message and two random numbers respectively;
And then carrying out distributed collision searching:
1) Each party P i selects v random numbers and calculates a commitment (r' i,1,...,r'i,v) to send to the aggregator, wherein v is more than or equal to 2;
2) The aggregator carries out linear combination on n x v random number promises, calculates v random numbers (r' 1,...,r'v) and sends the v random numbers to each party;
3) Each party calculates a global random number r ' using the received (r ' 1,...,r'v), calculates a collision share s ' i using r ' and the local secret share, and sends s ' i to the aggregator;
4) The aggregator calculates the hash collision (r ', s') by using the n received hash collision shares s 'i and (r' 1,...,r'v), wherein i is more than or equal to 1 and less than or equal to n;
Assuming that the participant is P 1, if each party receives the same input hash value C and the new message m' to be collided, the specific process of distributed collision searching is as follows:
1) P 1 selecting v random numbers k 1,j E [1, q-1] where j E {1, …, v }, calculate
Issuing v random number commitments (r' 1,1,...,r'1,v) to the aggregator; v is a security parameter determined in the security setting;
2) The aggregator receives (r' 1,1,...,r'1,v),...,(r'n,1,...,r'n,v) from the parties, calculates v by e { 1.. Aggregate them and output as (r' 1,...,r'v); the aggregator sends (r' 1,...,r'v) to the parties;
3) Each party receives (r' 1,...,r'v) from the aggregator, calculates
Then calculate
e’=H(m’,r’)
Wherein a 1 is the public key aggregation coefficient of P 1, x 1 is the private key share of P 1, and e ', r ' and m ' are the same;
S 1 'is sent to the aggregator, and other participants respectively send s 2',...,sn' to the aggregator;
4) Finally, after the aggregator receives s 1',s2',...,sn' from other parties, it calculates mod q;
The aggregator also calculates r 'using equation ① so that the aggregator calculates the Hash collision (r', s ') and satisfies c=hash (m, r, s) =hash (m', r ', s').
2. The improved two-round multiple chameleon hash function calculation method according to claim 1, which is characterized in that the method is realized as follows:
S1, safety setting;
s2, generating a distributed key and aggregating the distributed key with a public key;
S3, calculating a hash value: inputting m, outputting C, r and s;
S4, checking hash values: detection of
S5, searching for distributed collision.
3. An improved two-round multiple chameleon hash function calculation method according to claim 1 or 2, characterized in that said security setting comprises:
Designating a safe prime number p of bit length κ, p=2q+1, where Q is also prime, and one generator g of the quadratic residue subgroup Q p of Z * p, i.e. g has the order Q;
h, a hash function for collision resistance, wherein a bit string with any length is mapped to a character string H with fixed length, wherein {0,1} - {0,1} τ, τ is a safety parameter selected in advance, and H (x 1,...,xn) represents hash after n inputs are connected in series;
v, the number of random numbers sent by each party in the first round;
Assuming that n participants hold trapdoor information together, they should have the same security settings, i.e., p, q, g, H () above should be disclosed among the n participants;
the aggregator is denoted by P 0 and does not need to generate a random number or hold a share of the private key.
4. An improved two-round multiple chameleon hash function calculation method in accordance with claim 3, wherein said distributed key generation,
Each parameter party P i (i is more than or equal to 1 and less than or equal to n) selects a random number x i in [1, q-1] as own private key share, and calculatesAs a public key share, broadcast y i; all participants receive the public key shares of others and calculate an aggregate public key:
Where y i is the public key share of n participants, a i=H(<L>,yi),<L>={y1,...,yn is the ordered public key set of all participants, so that a i will depend only on the public key shares of the participants, all participants and external users can calculate and check the validity of the aggregated public key;
Called the aggregated public key, a i is the public key aggregation coefficient of P i;
the aggregator P 0 is also in broadcast range, also receives the public key share and calculates the aggregated public key Public key aggregation is a computation that occurs at low frequency and requires little communication efficiency, so broadcast communication is still employed.
5. The improved two-round multiple chameleon hash function calculation method of claim 4, wherein the hash value calculation method comprises the following steps:
Order the The input is message m, randomly and consistently selects a random value pair (r, s) ∈z q×Zq, and calculates:
e=h (m, r) and c=hash (m, r, s) =r (y egs mod p) mod q,
The total output is (C, m, r, s);
The checking for hash values is as follows:
Taking (C, m, r, s), calculating e=h (m, r) first, then calculating C' =hash (m, r, s) =r (y egs mod p) mod q, and checking If the equation is satisfied, the hash value is checked and calculated.
6. The improved two-round multiple chameleon hash function calculation method of claim 1, wherein the process of checking correctness comprises the following steps:
The objective of the multiparty collaborative calculation is to find r ', s ', let c=r ' (y e′gs′ mod p) mod q,
Substitution intoThe method comprises the following steps:
Substitution into Obtaining the formula (1):
splitting the equation (y e′gs′ mod p) mod q into input combinations for each party:
Substitution into The method comprises the following steps:
Substitution into The method comprises the following steps:
Substitution into The method comprises the following steps:
due to g a+b=gagb:
and applying the exchange law and the combination law to obtain:
Substitution into The method comprises the following steps:
I.e.
Substitution intoObtaining the formula (2):
substituting formula (2) into formula (1) can be seen as:
By applying the exchange law and the combination law, the following can be obtained:
C=C。
7. An improved two-round multiple chameleon hash function computing system is characterized by comprising a security setting module, a distributed key generating module, a hash value computing module, a hash value checking module and a distributed collision searching module,
The system implements the improved two-round multiple chameleon hash function calculation method of any one of claims 1 to 6.
8. An improved two-round multiple chameleon hash function computing device, comprising: at least one memory and at least one processor;
The at least one memory for storing a machine readable program;
the at least one processor configured to invoke the machine readable program to perform the improved two-round multiple chameleon hash function calculation method of any of claims 1 to 6.
9. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the improved two-round multiple chameleon hash function calculation method of any of claims 1 to 6.
CN202111667420.1A 2021-12-31 2021-12-31 Improved two-round multiple chameleon hash function calculation method and system Active CN114362921B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111667420.1A CN114362921B (en) 2021-12-31 2021-12-31 Improved two-round multiple chameleon hash function calculation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111667420.1A CN114362921B (en) 2021-12-31 2021-12-31 Improved two-round multiple chameleon hash function calculation method and system

Publications (2)

Publication Number Publication Date
CN114362921A CN114362921A (en) 2022-04-15
CN114362921B true CN114362921B (en) 2024-04-30

Family

ID=81106126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111667420.1A Active CN114362921B (en) 2021-12-31 2021-12-31 Improved two-round multiple chameleon hash function calculation method and system

Country Status (1)

Country Link
CN (1) CN114362921B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061850A (en) * 2019-04-24 2019-07-26 电子科技大学 The collision calculation method and editable block chain building method of chameleon hash function
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN112468302A (en) * 2020-10-23 2021-03-09 湖南天河国云科技有限公司 Editable blockchain based on verifiable multiparty secret sharing
CN112804272A (en) * 2021-04-15 2021-05-14 北京安码科技有限公司 Conflict calculation method of chameleon hash function and cuttable block chain account book structure
CN113268542A (en) * 2021-05-10 2021-08-17 西安交通大学 Block chain rewriting method and system based on multi-party authorization

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10296248B2 (en) * 2017-09-01 2019-05-21 Accenture Global Solutions Limited Turn-control rewritable blockchain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061850A (en) * 2019-04-24 2019-07-26 电子科技大学 The collision calculation method and editable block chain building method of chameleon hash function
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN112468302A (en) * 2020-10-23 2021-03-09 湖南天河国云科技有限公司 Editable blockchain based on verifiable multiparty secret sharing
CN112804272A (en) * 2021-04-15 2021-05-14 北京安码科技有限公司 Conflict calculation method of chameleon hash function and cuttable block chain account book structure
CN113268542A (en) * 2021-05-10 2021-08-17 西安交通大学 Block chain rewriting method and system based on multi-party authorization

Also Published As

Publication number Publication date
CN114362921A (en) 2022-04-15

Similar Documents

Publication Publication Date Title
CN110719159B (en) Multi-party privacy set intersection method for resisting malicious adversaries
Mahimkar et al. SecureDAV: A secure data aggregation and verification protocol for sensor networks
Borisov et al. DP5: A private presence service
Baek et al. Public key encryption with keyword search revisited
US8462944B2 (en) Method of public key generation
Ibrahim Securecoin: a robust secure and efficient protocol for anonymous bitcoin ecosystem.
CN107248909A (en) It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN103563288B (en) Single-round password-based key exchange protocols
Alsharif et al. EPIC: Efficient privacy-preserving scheme with EtoE data integrity and authenticity for AMI networks
Li et al. Providing hop-by-hop authentication and source privacy in wireless sensor networks
WO2004100496B1 (en) Ends - messaging protocol that recovers and has backward security
CN111416710B (en) Certificateless searchable encryption method and system applied to multiple receiving ends
CN115051791B (en) Efficient three-party privacy set intersection method and system based on key agreement
CN108337092B (en) Method and system for performing collective authentication in a communication network
CN111342962A (en) Method and system for verifying ciphertext message range
CN104113420A (en) Identity based aggregate signcryption method
CN108924103A (en) The on-line/off-line of identity-based towards cloud storage can search for encryption method
CN115834056A (en) Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices
Luo et al. A security communication model based on certificateless online/offline signcryption for Internet of Things
US20220172180A1 (en) Method for Storing Transaction that Represents Asset Transfer to Distributed Network and Program for Same
CN114117470A (en) Information searching method, system and device based on multiple chameleon hash functions
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
Rezaeibagha et al. Secure and privacy-preserved data collection for IoT wireless sensors
CN114337990B (en) Two-round multiple chameleon hash function calculation method and system
Hwang et al. Robust stream‐cipher mode of authenticated encryption for secure communication in wireless sensor network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant