CN115174101A - Method and system for generating disclainable ring signature based on SM2 algorithm - Google Patents

Method and system for generating disclainable ring signature based on SM2 algorithm Download PDF

Info

Publication number
CN115174101A
CN115174101A CN202210719552.2A CN202210719552A CN115174101A CN 115174101 A CN115174101 A CN 115174101A CN 202210719552 A CN202210719552 A CN 202210719552A CN 115174101 A CN115174101 A CN 115174101A
Authority
CN
China
Prior art keywords
signature
prover
user
ring signature
verifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210719552.2A
Other languages
Chinese (zh)
Other versions
CN115174101B (en
Inventor
包子健
何德彪
冯琦
许芷岩
贾小英
罗敏
黄欣沂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202210719552.2A priority Critical patent/CN115174101B/en
Publication of CN115174101A publication Critical patent/CN115174101A/en
Application granted granted Critical
Publication of CN115174101B publication Critical patent/CN115174101B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system for generating a disclainable ring signature based on an SM2 algorithm.A user can prove that the user is a signer of a signature or disclaims that the user is the signer of the signature to other third-party verifiers after a ring signature is generated. The invention has the advantages of high safety, perfect function and the like, and can provide the functions of affirming and denying the signature on the basis of ensuring the function of the conventional ring signature. Can be applied to a plurality of application fields such as digital currency, electronic voting and the like.

Description

Method and system for generating disclainable ring signature based on SM2 algorithm
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for generating a disclainable ring signature based on an SM2 algorithm.
Background
Digital signature is an important cryptographic scheme, and a message digital signature is generated through certain cryptographic operation to replace a written signature or a seal. The digital signature is an important tool for realizing authentication, can verify the identity of a message sender to prevent the sender from repudiation and the message receiver from counterfeiting, and can also verify the integrity of the message to resist the counterfeiting attack of a third party. The method is mainly used for identifying the identity of a signer and the legality of information, and is a cryptographic technology which is most commonly used, mature in technology and strongest in operability in network communication, electronic commerce and electronic government affairs at present.
The ring signature scheme proposed by Rivest et al allows a signer to sign mail in an anonymous fashion. In a ring signature scheme, a signer who wants to sign a document anonymously first selects the public keys of some entities (signers) and then generates a signature, where one or more signers are assured to sign the document. However, in some cases, this scheme allows signers to offload responsibility from others.
The above problems can be solved by denying that the ring signature does not require the role of a group administrator in the group signature. After a ring signature is generated, the user can prove to other third party verifiers that it is the signer of the signature, or deny that it is the signer of the signature.
SM2 is an elliptic curve public key cryptography algorithm issued by the national cryptology authority in 12 months 2010 (see "SM 2 elliptic curve public key cryptography algorithm" specification). Digital signature, key exchange and data encryption can be realized based on the algorithm.
After a ring signature is generated, a user can prove that the ring signature is a signer of the signature to other third-party verifiers or deny that the ring signature is the signer of the signature.
Disclosure of Invention
The technical problem of the invention is mainly solved by the following technical scheme:
a repudiation ring signature generation method based on SM2 algorithm is characterized in that after a ring signature is generated, a user can prove to other third party verifiers that the user is a signer of the ring signature through an established proof confirmation protocol or a repudiation protocol, or repudiate that the user is the signer of the ring signature.
In the above method, a proof confirmation protocol is established at the time of proof, the proof confirmation protocol being generated by a prover P, i.e. a user A who generates a ring signature i And verifier V, who needs to prove that the ring signature was generated by him, specifically:
verifier random selection
Figure BDA0003709905770000021
Calculating C = a · W + b · G, and sending C to the prover;
random prover selection
Figure BDA0003709905770000022
Calculating K = a · W + (b + r) · G,
Figure BDA0003709905770000023
and sending (K, L) to the verifier;
the verifier sends a, b to the prover; the prover verifies whether C = a · W + b · G is true, and if true, the next step is carried out; otherwise, quitting the verification;
the prover sends r to the verifier, who computes K = a · W + (b + r) · G,
Figure BDA0003709905770000024
if yes, the signature is confirmed to be signed by the prover.
In the above method, when denied, a denial protocol is established, which is verified by the prover, i.e. user A who does not generate a ring signature j J ≠ i, with the verifier who needs to prove that the ring signature was not generated by it; let k be a value negotiated by two parties together, the prover has a probability deception verifier of 1/k, and the probability of deception is reduced by performing multiple rounds of denial protocols, specifically:
verifier random selection
Figure BDA0003709905770000025
Calculating C 1 =a·W+b·G,C 2 =a·S+b·P j Sending C 1 ,C 2 Giving a prover;
the prover finds that a satisfies equation d j ·C 1 -C 2 =a·(d j W-S); random prover selection
Figure BDA0003709905770000026
Transmission t = H 1 (a, r) to a verifier;
the verifier sends a, b to the prover; prover verification C 1 =a·W+b·G,C 2 =a·S+b·P j Whether the result is true or not, if yes, the next step is carried out; otherwise, quitting the verification;
the prover sends r to the verifier, who computes t = H 1 (a, r) if true, then the signature is deemed not signed by the prover;
in the above method, k is set to 1024, and the protocol is executed 2 times, so that the probability of spoofing is less than 2 -100
In the above method, the ring signature generation includes:
initializing a system: generating system parameters based on an elliptic curve equation;
and (3) key generation: generating a public and private key pair of a user based on system parameters;
signing: generating a repudiation ring signature value based on the generated system parameter, a private key of the user, and the message;
and (3) verification: the validity of the signature is verified based on the generated system parameters, the list of public keys, the message, and the signature value.
In the method and system, the safety parameter 1 is given at the beginning n And, furthermore,
selecting a finite field
Figure BDA0003709905770000031
Generating an elliptic Curve equation y 2 =x 3 + ax + b mod p, the points satisfying the equation forming an Abel group
Figure BDA0003709905770000032
Randomly selecting a generator
Figure BDA0003709905770000033
The order is q;
outputting system parameters
Figure BDA0003709905770000034
In the above-described method, the key generation, the system parameter PP is given, and,
user A i Random selection
Figure BDA0003709905770000035
As a self private key;
computing the public key P i =d i ·G;
Outputting public and private key pair (P) i ,d i )。
In the method, the system parameter PP and the user A are given when signing i Private key d of i A message m, and,
user A i Randomly selecting (n-1) public keys of users, and adding the public key P of the users i Form a list
Figure BDA0003709905770000036
Random selection
Figure BDA0003709905770000037
Compute message digest W = H 2 (m||t);
Calculation of S = d i ·W;
Random selection
Figure BDA0003709905770000038
For j = i +1,.., n, 1.,i-1, user A i Random selection
Figure BDA0003709905770000039
Calculating T j =s j ·G+(s j +c j )·P j ,Y j =s j ·W+(s j +c j ) S, calculating
Figure BDA00037099057700000310
Calculating s i =((1+d i ) -1 ·(k i -c i ·d i ))mod q;
Is outputted at
Figure BDA00037099057700000313
The above disclainable ring signature value σ = (t, S, c) on message m 1 ,s 1 ,s 2 ,...,s n )。
In the method, the system parameter PP and the public key list are given during verification
Figure BDA00037099057700000311
Message m ', signature value σ ' = (t ', S ', c ' 1 ,s′ 1 ,s′ 2 ,...,s′ n ),
If it is
Figure BDA00037099057700000312
The verification is not passed;
compute message digest W' = H 2 (m′||t′);
Calculating T 'for i =1,2,. And n, in turn' j =s′ j ·G+(s′ j +c′ j )·P j ,Y′ j =s′ j ·W′+(s′ j +c′ j ) S', calculating
Figure BDA0003709905770000041
Verify equation c' 1 =c′ n+1 Whether or not, if soIf yes, the sigma' is a legal signature; otherwise, the signature is invalid.
A system configured to enable a user to prove to other third party verifiers, via the system, that the user is a signer of a ring signature or to deny that the user is a signer of the ring signature after a ring signature has been generated.
Therefore, the invention has the following advantages: the ring of the invention provides 2 additional functions of confirmation and denial on the basis of the conventional ring signature, perfects the functionality of the ring signature under the condition of not introducing a trusted third party, and can be applied to the fields of digital currency, electronic voting and the like.
Drawings
FIG. 1 is a schematic diagram of the signature and verification algorithm of the present invention.
FIG. 2 is a schematic diagram of the validation algorithm of the present invention.
FIG. 3 is a schematic diagram of the denial algorithm of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
The embodiment is as follows:
the parameters involved in the present invention are defined as follows:
Figure BDA0003709905770000042
the order is a group of elliptic curves of prime number q, the elements being points on the elliptic curves.
G: circulation group
Figure BDA0003709905770000043
A generator of (2).
q: circulation group
Figure BDA0003709905770000044
Of (2).
Figure BDA0003709905770000045
From integers1,2, q-1.
mod q: and (5) performing modulo q operation.
H 1 : a cryptographic hash function is applied to the code,
Figure BDA0003709905770000046
H 2 : a cryptographic hash function is applied to the cryptographic data stream,
Figure BDA0003709905770000047
m: a message value.
σ: signature value
L |: bit string concatenation
Figure BDA0003709905770000051
A prime field containing p elements.
A i : the ith user.
d i : user A i The private key of (2).
P i : user A i Of the public key of (c).
Figure BDA0003709905770000052
Public key list, equal to { P 1 ,P 2 ,...,P i ,...,P n }。
σ=(t,S,c 1 ,s 1 ,s 2 ,...,s n ): the ring signature value may be denied.
a, b: an intermediate variable.
The invention provides a denial ring signature scheme based on SM2 algorithm, and the specific scheme flow is as follows: the scheme comprises 6 stages: system initialization (Setup), key generation (KeyGen), signature (Sign), verification (Verify), confirmation (Confirm), and denial (disable).
1) Initializing a system: given a safety parameter 1 n The following steps are executed:
a) Selecting a finite field
Figure BDA0003709905770000053
Generating an elliptic Curve equation y 2 =x 3 + ax + b mod p, the points that satisfy the equation forming an Abelian group
Figure BDA0003709905770000054
b) Randomly selecting a generator
Figure BDA0003709905770000055
The order is q.
c) Outputting system parameters
Figure BDA0003709905770000056
2) And (3) generating a key: given the system parameters PP, a user A i The following steps are carried out:
a) Random selection
Figure BDA0003709905770000057
As the own private key.
b) Computing the public key P i =d i ·G.
c) Outputting public and private key pair (P) i ,d i ).
3) Signature: given system parameters PP and user A i Private key d of i Message m, user A i The following steps are carried out:
a) User A i Randomly selecting (n-1) public keys of users, and adding the public key P of the users i To form a list
Figure BDA0003709905770000058
b) Random selection
Figure BDA0003709905770000059
Compute message digest W = H 2 (m||t).
c) Calculation of S = d i ·W.
d) Random selection
Figure BDA00037099057700000510
e) For j = i +1 i Random selection
Figure BDA0003709905770000061
Calculating T j =s j ·G+(s j +c j )·P j ,Y j =s j ·W+(s j +c j ) S, calculating
Figure BDA0003709905770000062
f) Calculating s i =((1+d i ) -1 ·(k i -c i ·d i ))mod q.
g) Is output at
Figure BDA0003709905770000063
The non-repudiation ring signature value σ = (t, S, c) on the message m 1 ,s 1 ,s 2 ,...,s n ).
4) And (3) verification: given system parameters PP, public key list
Figure BDA0003709905770000064
Message m ', signature value σ ' = (t ', S ', c ' 1 ,s′ 1 ,s′ 2 ,...,s′ n ) The verifier performs the following steps:
a) If it is
Figure BDA0003709905770000065
The authentication is not passed.
b) Compute message digest W' = H 2 (m′||t′).
c) Calculating T 'for i =1,2,. And n, in turn' j =s′ j ·G+(s′ j +c′ j )·P j ,Y′ j =s′ j ·W′+(s′ j +c′ j ) S', calculating
Figure BDA00037099057700000611
d) Verify equation c' 1 =c′ n+1 If yes, the sigma' is a legal signature; otherwise, the signature is invalid.
5) And (3) confirmation: the confirmation protocol is defined by a prover (abbreviated as P, user A who generates a ring signature i ) And a verifier (abbreviated V) who needs to prove that the ring signature was generated by it.
a) V → P: verifier random selection
Figure BDA0003709905770000066
Calculate C = a · W + b · G, send C to prover.
b) P → V: random prover selection
Figure BDA0003709905770000067
Calculating K = a · W + (b + r) · G,
Figure BDA0003709905770000068
and transmits (K, L) to the verifier.
c) V → P: the verifier sends a, b to the prover, the prover verifies whether C = a · W + b · G is true, and if true, the next step is carried out; otherwise, quitting the verification.
d) P → V: the prover sends r to the verifier, who computes K = a · W + (b + r) · G,
Figure BDA0003709905770000069
if yes, the signature is confirmed to be signed by the prover.
6) Denying: denial of protocol by prover (user A who does not generate a ring signature) j Let k be a value negotiated between the two parties together, the prover has a probability of spoofing the verifier of 1/k, but we can reduce the probability of spoofing by doing a multi-round denial protocol -100 .
a) V → P: the verifier randomly selects a to be in [1, k ]],
Figure BDA00037099057700000610
Calculating C 1 =a·W+b·G,C 2 =a·S+b·P j Sending C 1 ,C 2 And (4) giving a prover.
b) P → V: the prover finds that a satisfies equation d j ·C 1 -C 2 =a·(d j W-S) random selection by prover
Figure BDA0003709905770000071
Transmission t = H 1 And (a, r) to the verifier.
c) V → P: verifier sends a, b prover verification C to prover 1 =a·W+b·G,C 2 =a·S+b·P j Whether the result is true or not, if so, carrying out the next step; otherwise, quitting the verification.
d) P → V: the prover sends r to the verifier, who computes t = H 1 And (a, r) if the signature is not signed by the prover, and if the signature is not signed by the prover.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments, or alternatives may be employed, by those skilled in the art, without departing from the spirit or ambit of the invention as defined in the appended claims.

Claims (10)

1. A repudiation ring signature generation method based on SM2 algorithm is characterized in that after a ring signature is generated, a user can prove to other third party verifiers that the user is a signer of the ring signature or deny that the user is the signer of the ring signature through an established proof confirmation protocol or a denial protocol.
2. The method of claim 1, wherein the generation of the disclaimer ring signature based on SM2 algorithm is characterized in that, when proving,establishing a proof-confirmation protocol, which is generated by the prover P, i.e. the user A who generated the ring signature i And verifier V, who needs to prove that the ring signature was generated by him, specifically:
the verifier randomly selects a and selects a to obtain a,
Figure FDA0003709905760000011
calculating C = a · W + b · G, and sending C to the prover;
random prover selection
Figure FDA0003709905760000012
Calculating K = a · W + (b + r) · G,
Figure FDA0003709905760000013
and transmitting (K, L) to the verifier;
the verifier sends a, b to the prover; the prover verifies whether C = a · W + b · G is true, and if true, the next step is carried out; otherwise, quitting the verification;
the prover sends r to the verifier, who computes K = a · W + (b + r) · G,
Figure FDA0003709905760000016
if yes, the signature is confirmed to be signed by the prover.
3. A method for generating a non-repudiatable ring signature based on SM2 algorithm as claimed in claim 1, characterized in that when repudiating, a repudiation protocol is established, which is defined by the prover as user a who does not generate a ring signature j J ≠ i, and a verifier that needs to prove that the ring signature was not generated by it; let k be a value negotiated by two parties, the prover has a probability spoofing verifier of 1/k, and the probability of spoofing is reduced by performing multiple rounds of repudiation protocols, specifically:
the verifier randomly selects a to be in [1, k ]],
Figure FDA0003709905760000014
Calculating C 1 =a·W+b·G,C 2 =a·S+b·P j Sending C 1 ,C 2 Giving a prover;
the prover finds that a satisfies equation d j ·C 1 -C 2 =a·(d j W-S); random prover selection
Figure FDA0003709905760000015
Transmission t = H 1 (a, r) to a verifier;
the verifier sends a, b to the prover; prover verification C 1 =a·W+b·G,C 2 =a·S+b·P j Whether the result is true or not, if yes, the next step is carried out; otherwise, quitting the verification;
the prover sends r to the verifier, who computes t = H 1 And (a, r) if the signature is not signed by the prover, and if the signature is not signed by the prover.
4. The SM2 algorithm-based non-repudiation ring signature generation method as claimed in claim 2, wherein k is set to 1024, and the protocol is executed 2 times so that the probability of spoofing is less than 2 -100
5. The method of claim 1, wherein the ring signature generation comprises:
initializing a system: generating system parameters based on an elliptic curve equation;
and (3) key generation: generating a public and private key pair of a user based on system parameters;
signing: generating a repudiation ring signature value based on the generated system parameter, a private key of the user, and the message;
and (3) verification: verifying the validity of the signature based on the generated system parameters, the public key list, the message, and the signature value.
6. The SM2 algorithm-based repudiation ring signature generator as claimed in claim 5Method, characterized in that, at system initialization, a safety parameter 1 is given n And, furthermore,
selecting a finite field
Figure FDA0003709905760000021
Generating an elliptic Curve equation y 2 =x 3 + ax + b mod p, the points satisfying the equation forming an Abel group
Figure FDA0003709905760000022
Randomly selecting a generator
Figure FDA0003709905760000023
The order is q;
outputting system parameters
Figure FDA0003709905760000024
7. The method of claim 5, wherein the system parameter PP is given to the key generation, and,
user A i Random selection
Figure FDA0003709905760000025
As its own private key;
computing the public key P i =d i ·G;
Outputting public and private key pair (P) i ,d i )。
8. The SM2 algorithm-based repudiation ring signature generation method as claimed in claim 5, wherein system parameters PP and user A are given during signature i Private key d of i A message m, and,
user A i Randomly selecting (n-1) public keys of users, and adding the public key P of the users i To form a list
Figure FDA0003709905760000026
Random selection
Figure FDA0003709905760000027
Compute message digest W = H 2 (m||t);
Calculation of S = d i ·W;
Random selection
Figure FDA0003709905760000028
For j = i +1 i Random selection
Figure FDA0003709905760000029
Calculating T j =s j ·G+(s j +c j )·P j ,Y j =s j ·W+(s j +c j ) S, calculating
Figure FDA00037099057600000210
Calculating s i =((1+d i ) -1 ·(k i -c i ·d i ))mod q;
Is output at
Figure FDA0003709905760000031
The above disclainable ring signature value σ = (t, S, c) on message m 1 ,s 1 ,s 2 ,...,s n )。
9. A method for generating a non-repudiation ring signature based on SM2 algorithm as claimed in claim 5, characterized in that the system parameters PP, the public key list are given during verification
Figure FDA0003709905760000032
Message m ', signature value σ ' = (t ', S ', c ' 1 ,s′ 1 ,s′ 2 ,...,s′ n ),
If it is
Figure FDA0003709905760000033
The verification is not passed;
compute message digest W' = H 2 (m′||t′);
For i =1,2,. And n, T is calculated in turn j ′=s′ j ·G+(s′ j +c′ j )·P j ,Y′ j =s′ j ·W′+(s′ j +c′ j ) S ', calculate c' j+1 =H 1 (L,t′,W′,S′,m′,T j ′,Y′ j );
Verify equation c' 1 =c′ n+1 If yes, the sigma' is a legal signature; otherwise, the signature is invalid.
10. A system configured to enable a user to prove to other third party verifiers, via the system, that the user is a signer of a ring signature or to deny that the user is a signer of the ring signature after a ring signature has been generated.
CN202210719552.2A 2022-06-23 2022-06-23 SM2 algorithm-based repudiation ring signature generation method and system Active CN115174101B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210719552.2A CN115174101B (en) 2022-06-23 2022-06-23 SM2 algorithm-based repudiation ring signature generation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210719552.2A CN115174101B (en) 2022-06-23 2022-06-23 SM2 algorithm-based repudiation ring signature generation method and system

Publications (2)

Publication Number Publication Date
CN115174101A true CN115174101A (en) 2022-10-11
CN115174101B CN115174101B (en) 2024-06-11

Family

ID=83488014

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210719552.2A Active CN115174101B (en) 2022-06-23 2022-06-23 SM2 algorithm-based repudiation ring signature generation method and system

Country Status (1)

Country Link
CN (1) CN115174101B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080133917A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Ring authentication method for concurrency environment
CN105187212A (en) * 2015-08-07 2015-12-23 河海大学 Schnorr ring signature scheme with specified verifiability
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN110912708A (en) * 2019-11-26 2020-03-24 武汉大学 Ring signature generation method based on SM9 digital signature algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080133917A1 (en) * 2006-12-04 2008-06-05 Electronics And Telecommunications Research Institute Ring authentication method for concurrency environment
CN105187212A (en) * 2015-08-07 2015-12-23 河海大学 Schnorr ring signature scheme with specified verifiability
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN110912708A (en) * 2019-11-26 2020-03-24 武汉大学 Ring signature generation method based on SM9 digital signature algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
濮光宁;侯整风;: "可选择关联和可转换的环签名方案研究", 井冈山大学学报(自然科学版), no. 01, 15 January 2020 (2020-01-15) *
邓伦治;: "可验证其他成员是非签名者的环签名", 贵州师范大学学报(自然科学版), no. 01, 15 February 2013 (2013-02-15) *

Also Published As

Publication number Publication date
CN115174101B (en) 2024-06-11

Similar Documents

Publication Publication Date Title
CN108809658B (en) SM 2-based identity base digital signature method and system
CN111342973B (en) Safe bidirectional heterogeneous digital signature method between PKI and IBC
CN108989050B (en) Certificateless digital signature method
US7853016B2 (en) Signature schemes using bilinear mappings
CN110138567B (en) ECDSA (electronic signature system) based collaborative signature method
CN110086599B (en) Hash calculation method and signcryption method based on homomorphic chameleon Hash function
CN113300856B (en) Heterogeneous mixed signcryption method capable of proving safety
CN113162773B (en) Heterogeneous blind signcryption method capable of guaranteeing safety
CN111245625B (en) Digital signature method without certificate aggregation
CN108449326B (en) Authentication method and system for heterogeneous repudiation
CN111654366A (en) Secure bidirectional heterogeneous strong-designation verifier signature method between PKI and IBC
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
CN115529134A (en) Identity-based proxy blind signature method on lattice
US7975142B2 (en) Ring authentication method for concurrency environment
CN109064170B (en) Group signature method without trusted center
CN112989436B (en) Multi-signature method based on block chain platform
Zhou et al. Three-round secret handshakes based on ElGamal and DSA
CN112383403A (en) Heterogeneous ring signature method
Bicakci et al. SAOTS: A new efficient server assisted signature scheme for pervasive computing
JP2004526387A (en) Ring-based signature scheme
CN115174101B (en) SM2 algorithm-based repudiation ring signature generation method and system
KR100525124B1 (en) Method for Verifying Digitally Signed Documents
CN115174053B (en) Signature generation method and device for repudiation ring authentication based on SM9 algorithm
CN112636918B (en) Efficient two-party collaborative signature method based on SM2
Goyal More efficient server assisted one time signatures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant