CN115174104A - Attribute-based online/offline signature method and system based on secret SM9 - Google Patents

Attribute-based online/offline signature method and system based on secret SM9 Download PDF

Info

Publication number
CN115174104A
CN115174104A CN202210751705.1A CN202210751705A CN115174104A CN 115174104 A CN115174104 A CN 115174104A CN 202210751705 A CN202210751705 A CN 202210751705A CN 115174104 A CN115174104 A CN 115174104A
Authority
CN
China
Prior art keywords
signature
attribute
private key
public
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210751705.1A
Other languages
Chinese (zh)
Inventor
李继国
朱留富
黄欣沂
赖建昌
张亦辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN202210751705.1A priority Critical patent/CN115174104A/en
Publication of CN115174104A publication Critical patent/CN115174104A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an attribute-based online/offline signature method and system based on a secret SM9, wherein the system comprises an attribute authorization end, a signature end and a verification end; the attribute authorization terminal is used for authorizing the attribute according to the security parameters during signature
Figure DEST_PATH_IMAGE001
Generating a master private key
Figure DEST_PATH_IMAGE002
And disclose the parameters
Figure DEST_PATH_IMAGE004
(ii) a Also based on the master private key
Figure DEST_PATH_IMAGE006
Figure 646923DEST_PATH_IMAGE002
Disclosure of parameters
Figure DEST_PATH_IMAGE007
Signature side attribute set
Figure DEST_PATH_IMAGE009
Figure DEST_PATH_IMAGE010
And access structureAGenerating public and private key pair of signature end
Figure DEST_PATH_IMAGE011
(ii) a The signature end authorizes the public parameter generated by the end according to the attribute
Figure 845955DEST_PATH_IMAGE007
And private key of signature end
Figure DEST_PATH_IMAGE012
Generating an offline signature
Figure DEST_PATH_IMAGE013
(ii) a Also according to published parameters
Figure 766637DEST_PATH_IMAGE007
Signature end attribute set
Figure 630688DEST_PATH_IMAGE010
Off-line signature
Figure 117164DEST_PATH_IMAGE013
Private key of signature end
Figure 674047DEST_PATH_IMAGE012
And messages
Figure DEST_PATH_IMAGE014
Generating an on-line signature
Figure DEST_PATH_IMAGE015
(ii) a The verification end belongs toPublic parameter generated by sexual authorization terminal
Figure 816447DEST_PATH_IMAGE007
Public key of signature end
Figure DEST_PATH_IMAGE016
To the messageMAnd on-line signature generated by signature end
Figure 421872DEST_PATH_IMAGE015
To verify the validity of the signature; the invention can reduce the signature calculation cost of the lightweight equipment in the online stage and conforms to the marker signature standard of the secret SM 9.

Description

Attribute-based online/offline signature method and system based on secret SM9
Technical Field
The invention relates to the technical field of internet security, in particular to an attribute-based online/offline signature method and system based on a secret SM 9.
Background
The development and popularization of the technology of the internet of things enable modern living environment to be more friendly and convenient, and have important influence on life style of people. The Internet of things connects the electronic equipment with the Internet, and the Internet connection object can acquire and exchange data by using information sensing equipment such as an embedded sensor, a radio frequency identification device and a laser scanner. But because of adopting wireless network communication, the internet of things is more vulnerable to various attacks. Therefore, in order to protect the security of data in the internet of things, it is necessary to provide an identity authentication function before using the data. Attribute-based signatures (ABS) are an important solution to the above-mentioned problems, and play an important role in privacy protection, access control, and data authentication. However, in the ABS scheme, on the one hand, the lightweight device cannot bear a large number of exponential operations or pairing operations, and the computation cost of the lightweight device at the online signature stage needs to be reduced. On the other hand, in order to realize the development strategy of autonomous and controllable national network space security, a password scheme meeting the national password standard needs to be designed.
Disclosure of Invention
The invention provides an attribute-based online/offline signature method and system based on a secret SM9, which can reduce the signature calculation cost of a lightweight device in an online stage and meet the signature standard of the secret SM9 identifier.
The invention adopts the following technical scheme.
The attribute-based online/offline signature system based on the secret SM9 comprises an attribute authorization end, a signature end and a verification end;
the attribute authorization end generates a main private key msk and a public parameter params according to a security parameter lambda during signature; and according to the master private key msk, the public parameter params and the signature end attribute set omega j And accessing the structure A to generate a public and private key pair at the signature end
Figure BDA0003718477220000011
The signature end generates a public parameter params according to the attribute authorization end and a signature end private key
Figure BDA0003718477220000021
Generating an offline signature σ off (ii) a And according to the public parameter params and the signature end attribute set omega j Off-line signature σ off Private key of signature end
Figure BDA0003718477220000022
And a message M generating an online signature σ on
The verifying end generates a public parameter params and a public key of the signing end according to the attribute authorization end
Figure BDA0003718477220000023
On-line signature sigma generated for message M and signature end on To verify the validity of the signature.
The attribute-based online/offline signature method based on the secret SM9 is based on the attribute-based online/offline signature system based on the secret SM9, and comprises the following steps:
step S1: inputting a security parameter lambda to an attribute authorization terminal, and outputting a master private key msk and a public parameter params by the attribute authorization terminal;
step S2: inputting a master private key msk, a public parameter params and a signature end attribute set omega to an attribute authorization end j And an access structure A, wherein the attribute authorization end outputs a public and private key pair of the signature end
Figure BDA0003718477220000024
And step S3: the public parameter params and the private key of the signature end are input to the signature end
Figure BDA0003718477220000025
Signature end outputs off-line signature sigma off
And step S4: inputting public parameters params and signature end attribute set omega to the signature end j Off-line signature σ off Private key of signature end
Figure BDA0003718477220000026
And a message M, the signature end outputs an online signature sigma for the message M on
Step S5: the public parameter params and the public key of the signature end are input to the verification end
Figure BDA0003718477220000027
Message M and on-line signature σ on (ii) a If the signature of the message M is valid, the verification end outputs an accept; otherwise, the verifying end outputs reject.
The step S1 includes the steps of:
step S11: the attribute authorization end inputs a security parameter lambda to generate a bilinear pairing tuple BP = (G) 1 ,G 2 ,G T E, p), wherein e: g 1 ×G 2 →G T P is a large prime number, | p | = λ;
random selection G of attribute authorization terminal 1 Generating element P of 1 ,G 2 Generating element P of 2
The attribute authorization terminal selects a system attribute domain U = { att = 1 ,att 2 ,...,att u Therein of
Figure BDA0003718477220000031
1≤i≤u,u=|U|,
Figure BDA0003718477220000032
Attribute authority definition algorithm
Figure BDA0003718477220000033
Figure BDA0003718477220000034
Converting the attribute set omega into a binary identification ID ω In which
Figure BDA0003718477220000035
Figure BDA0003718477220000036
The definition is as follows: inputting an attribute set omega and a system attribute domain U; order ID ω [i]Indicating ID ω Position i of (a), if att i E.g. omega, let ID ω [i]=1; otherwise, let ID ω [i]=0; wherein i is more than or equal to 1 and less than or equal to U, and U = | U |. Finally, the algorithm outputs the ID ω
Step S12: attribute authorization end random selection
Figure BDA0003718477220000037
Calculating P pub =αP 2 ,g=e(P 1 ,P pub );
Step S13: two hash functions are selected by the attribute authorization terminal
Figure BDA0003718477220000038
Randomly selecting a 1-bit private key generation function identifier hid ∈ {0,1};
step S14: the attribute authorization end outputs a main private key msk = alpha and a public parameter
params=(BP,P 1 ,P 2 ,P pub ,g,U,hid,H 1 ,H 2 ) And (4) a formula I.
The step S2 specifically includes the following steps:
step S21: attribute authorization end input access policy A = { A = { (A) 1 ,A 2 ,...,A n Therein of
Figure BDA0003718477220000039
I is more than or equal to 1 and less than or equal to n, n = | A |, and algorithm
Figure BDA00037184772200000314
Signature end attribute set
Figure BDA00037184772200000310
A master private key msk and a public parameter params;
step S22: attribute authorization end utilization algorithm
Figure BDA00037184772200000311
Access policy a = { a = { (a) 1 ,A 2 ,...,A n } and signature side attribute set ω j Conversion to binary token sets
Figure BDA00037184772200000312
And binary identification
Figure BDA00037184772200000313
Step S23: attribute authorization end random selection
Figure BDA0003718477220000041
Calculating private key of signature end
Figure BDA0003718477220000042
Wherein
Figure BDA0003718477220000043
sk 2 =r s A formula III;
computing signature end public key
Figure BDA0003718477220000044
Step S24: attribute authorization end output signature end public and private key pair
Figure BDA0003718477220000045
The step S3 specifically includes the following steps:
step S31: the signature end inputs a public parameter params and a private key of the signature end
Figure BDA0003718477220000046
Step S32: signature end random selection
Figure BDA0003718477220000047
Calculate w = g r ,l=sk 2 ·(r-k)mod p,S=l·sk 1
Step S33: signature end outputs off-line signature sigma off =(r,k,w,S)。
The step S4 specifically includes the following steps:
step S41: the signature end inputs the public parameter params and off-line signature sigma off Private key of signing side
Figure BDA0003718477220000048
Signature end attribute set omega j And a message M;
step S42: signature end utilization algorithm
Figure BDA0003718477220000049
Signature end attribute set omega j Conversion into a binary identification
Figure BDA00037184772200000410
Step S43: and (3) signature end calculation: h = H 2 (M||w,p),τ=(r-h)(r-k) -1 mod p,
Figure BDA00037184772200000411
Step S44: signature end outputs online signature sigma on =(h,τ,y,S)。
The step S5 specifically includes the following steps:
step S51: verification end input message signature pair (M, sigma) on ) Public key of signature end
Figure BDA0003718477220000051
And the public parameter params;
step S52: verification end judgment equation
Figure BDA0003718477220000052
If the result is not true, the execution is terminated; otherwise, continuing to execute the following steps;
step S53: the verifying end calculates t = g h ,P=yP 2 +P pub β = e (τ · S, P), w' = β · t and h 2 =H 2 (M||w′,p);
Step S54: the verification end judges the equation: h is 2 If h is true. If yes, outputting accept, otherwise, outputting reject.
Compared with the prior art, the invention has the following beneficial effects:
1. the method is designed based on the commercial SM9 identification signature algorithm, and accords with the development strategy of national network space safety autonomous controllable.
2. The invention uses the online and offline signature technology to lead the signature end to be divided into the online stage and the offline stage, and reduces the calculation cost of the online stage by distributing the high calculation to the offline stage and only reserving some light-weight calculation to the online stage before unknown information.
3. The attribute-based signature scheme of the invention ensures that a user can generate an effective signature only when the attribute set of the signature end meets the access policy. Therefore, the method and the system have strong practicability and wide application prospect in data authentication and privacy protection access control.
Drawings
The invention is described in further detail below with reference to the following figures and detailed description:
FIG. 1 is a schematic diagram of the system architecture of the present invention.
Detailed Description
As shown in the figure, the attribute-based online/offline signature system based on the secret SM9 comprises an attribute authorization end, a signature end and a verification end;
the attribute authorization end generates a main private key msk and a public parameter params according to a security parameter lambda during signature; and according to the master private key msk, the public parameter params and the signature end attribute set omega j And accessing the structure A to generate a public and private key pair at the signature end
Figure BDA0003718477220000061
The signature end generates a public parameter params according to the attribute authorization end and a signature end private key
Figure BDA0003718477220000062
Generating an offline signature σ off (ii) a And according to the public parameter params and the signature end attribute set omega j Off-line signature σ off Private key of signature end
Figure BDA0003718477220000063
And a message M generating an online signature sigma on
The verifying end generates a public parameter params and a public key of the signing end according to the attribute authorization end
Figure BDA0003718477220000064
On-line signature sigma generated for message M and signature end on To verify the validity of the signature.
The attribute-based online/offline signature method based on the secret SM9 is based on the above attribute-based online/offline signature system based on the secret SM9, and the signature method comprises the following steps:
step S1: inputting a security parameter lambda to an attribute authorization end, and outputting a main private key msk and a public parameter params by the attribute authorization end;
step S2: inputting a master private key msk, a public parameter params and a signature end attribute set omega to an attribute authorization end j And an access structure A, wherein the attribute authorization end outputs a public and private key pair of the signature end
Figure BDA0003718477220000065
And step S3: the public parameter params and the private key of the signature end are input to the signature end
Figure BDA0003718477220000066
Signature end outputs off-line signature sigma off
And step S4: inputting public parameters params and signature end attribute set omega to the signature end j Off-line signature σ off Private key of signature end
Figure BDA0003718477220000067
And a message M, the signature end outputs an online signature sigma for the message M on
Step S5: the public parameter params and the public key of the signature end are input to the verification end
Figure BDA0003718477220000071
Message M and on-line signature σ on (ii) a If the signature of the message M is valid, the verification end outputs an accept; otherwise, the verifying end outputs reject.
The step S1 includes the steps of:
step S11: the attribute authorization end inputs a security parameter lambda to generate a bilinear pairing tuple BP = (G) 1 ,G 2 ,G T E, p), wherein e: g 1 ×G 2 →G T P is a large prime number, | p | = λ;
random selection G of attribute authorization terminal 1 Generating element P of 1 ,G 2 Generating element P of 2
The attribute authorization terminal selects a system attribute domain U = { att = 1 ,att 2 ,...,att u Therein of
Figure BDA0003718477220000072
1≤i≤u,u=|U|,
Figure BDA0003718477220000073
Attribute authorization end definition algorithm
Figure BDA0003718477220000074
Figure BDA0003718477220000075
Converting the attribute set omega into a binary identification ID ω Wherein
Figure BDA0003718477220000076
Figure BDA0003718477220000077
The definition is as follows: inputting an attribute set omega and a system attribute domain U; order ID ω [i]Indicating ID ω If att in the ith position of i E.g. omega, let ID ω [i]=1; otherwise, let ID ω [i]=0; wherein i is more than or equal to 1 and less than or equal to U, and U = | U |. Finally, the algorithm outputs the ID ω
Step S12: attribute authorization end random selection
Figure BDA0003718477220000078
Calculating P pub =αP 2 ,g=e(P 1 ,P pub );
Step S13: two hash functions are selected by the attribute authorization terminal
Figure BDA0003718477220000079
Randomly selecting a 1-bit private key generation function identifier hid ∈ {0,1};
step S14: the attribute authorization end outputs a main private key msk = alpha and a public parameter
params=(BP,P 1 ,P 2 ,P pub ,g,U,hid,H 1 ,H 2 ) And (4) a formula I.
The step S2 specifically includes the following steps:
step S21: attribute authorization end input access policy A = { A = { (A) 1 ,A 2 ,...,A n Therein of
Figure BDA00037184772200000710
I is more than or equal to 1 and less than or equal to n, n = | A |, and the algorithm
Figure BDA00037184772200000711
Signature end attribute set
Figure BDA00037184772200000712
A master private key msk and a public parameter params;
step S22: attribute authorization end utilization algorithm
Figure BDA0003718477220000081
Access policy a = { a = { a } 1 ,A 2 ,…,A n And signature end attribute set omega j Conversion to binary token set
Figure BDA0003718477220000082
And binary identification
Figure BDA0003718477220000083
Step S23: attribute authorization end random selection
Figure BDA0003718477220000084
Calculating private key of signature end
Figure BDA0003718477220000085
Wherein
Figure BDA0003718477220000086
sk 2 =r s A formula III;
computing signature end public key
Figure BDA0003718477220000087
Step S24: attribute authorization end output signature end public and private key pair
Figure BDA0003718477220000088
The step S3 specifically includes the following steps:
step S31: the signature end inputs a public parameter params and a private key of the signature end
Figure BDA0003718477220000089
Step S32: signature end random selection
Figure BDA00037184772200000810
Calculate w = g r ,l=sk 2 ·(r-k)mod p,S=l·sk 1
Step S33: signature end outputs off-line signature sigma off =(r,k,w,S)。
The step S4 specifically includes the following steps:
step S41: the signature end inputs a public parameter params and off-line signature sigma off Private key of signing side
Figure BDA00037184772200000811
Signature end attribute set omega j And a message M;
step S42: signature end utilization algorithm
Figure BDA0003718477220000091
Signature end attribute set omega j Conversion into a binary identification
Figure BDA0003718477220000092
Step S43: and (3) signature end calculation: h = H 2 (M||w,p),τ=(r-h)(r-k) -1 modp,
Figure BDA0003718477220000093
Step S44: signature end outputs online signature sigma on =(h,τ,y,S)。
The step S5 specifically includes the following steps:
step S51: verification end input message signature pair (M, sigma) on ) Public key of signature end
Figure BDA0003718477220000094
And the public parameter params;
step S52: verification end judgment equation
Figure BDA0003718477220000095
If the result is not true, the execution is terminated; otherwise, continuing to execute the following steps;
step S53: the verification end calculates t = g h ,P=yP 2 +P pub β = e (τ · S, P), w' = β · t and h 2 =H 2 (M||w′,p);
Step S54: the verification end judges the equation: h is 2 If h is true. If yes, outputting accept, otherwise, outputting reject.
Example (b):
the signature process in this example is as follows
1. Signature device sets attribute omega j Sending to attribute authority, the attribute authority calculates the public and private key pair of the signature device by the following algorithm
Figure BDA0003718477220000096
(1) Using algorithm
Figure BDA0003718477220000097
Access policy a = { a = { (a) 1 ,A 2 ,…,A n And signature device attribute set ω j Conversion to binary token set
Figure BDA0003718477220000098
And binary identification
Figure BDA0003718477220000099
(2) Random selection
Figure BDA0003718477220000101
Computing private key of signature end
Figure BDA0003718477220000102
Wherein the content of the first and second substances,
Figure BDA0003718477220000103
sk 2 =r s (ii) a Computing signature end public key
Figure BDA0003718477220000104
(3) Output signature end public and private key pair
Figure BDA0003718477220000105
2. The signature device obtains a public and private key pair
Figure BDA0003718477220000106
Then, an off-line signature σ is generated by the following algorithm off
(1) Random selection
Figure BDA0003718477220000107
Calculate w = g r ,l=sk 2 ·(r-k)mod p,S=l·sk 1
(2) Output of the offline signature σ off =(r,k,w,S)。
3. Signature apparatus in producing off-line signature sigma off Then, an online signature σ is generated by the following algorithm on
(1) Using algorithm
Figure BDA0003718477220000108
Signing a device attribute set omega j Conversion into a binary identification
Figure BDA0003718477220000109
(2) Calculating: h = H 2 (M||w,p),τ=(r-h)(r-k) -1 mod p,
Figure BDA00037184772200001010
(3) Output the online signature σ on =(h,τ,y,S)。
4. The verification device obtains the message signature pair (M, sigma) on ) Thereafter, the signature is verified to be valid by the following algorithm:
(1) Judgment equation
Figure BDA00037184772200001011
If the result is not true, the execution is terminated; otherwise, continuing to execute;
(2) Calculate t = g h ,P=yP 2 +P pub β = e (τ · S, P), w' = β · t and h 2 =H 2 (M||w′,p);
(3) Judging the equation: h is 2 If h is true. If yes, outputting accept, otherwise, outputting reject.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the invention. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.

Claims (7)

1. The attribute-based online/offline signature system based on the quotient SM9 is characterized in that: the system comprises an attribute authorization end, a signature end and a verification end;
the attribute authorization terminal generates a master private key msk and a public parameter params according to a security parameter lambda during signature; and according to the master private key msk, the public parameter params and the signature end attribute set omega j And access structure A, productPublic and private key pair of signature generation end
Figure FDA0003718477210000011
The signature end generates a public parameter params according to the attribute authorization end and a signature end private key
Figure FDA0003718477210000012
Generating an offline signature σ off (ii) a And according to the public parameter params and the signature end attribute set omega j Off-line signature σ off Private key of signature end
Figure FDA0003718477210000013
And a message M generating an online signature σ on
The verifying end generates a public parameter params and a public key of the signing end according to the attribute authorization end
Figure FDA0003718477210000014
On-line signature sigma generated for message M and signature end on To verify the validity of the signature.
2. The attribute-based online/offline signature method based on the secret SM9, the attribute-based online/offline signature system based on the secret SM9 as claimed in claim 1, is characterized in that: the signature method comprises the following steps:
step S1: inputting a security parameter lambda to an attribute authorization end, and outputting a main private key msk and a public parameter params by the attribute authorization end;
step S2: inputting a master private key msk, a public parameter params and a signature end attribute set omega to an attribute authorization end j And an access structure A, wherein the attribute authorization end outputs a public and private key pair of the signature end
Figure FDA0003718477210000015
And step S3: the public parameter params and the private key of the signature end are input to the signature end
Figure FDA0003718477210000016
Signature end outputs off-line signature sigma off
And step S4: inputting public parameters params and signature end attribute set omega to the signature end j Off-line signature σ off Private key of signature end
Figure FDA0003718477210000021
And a message M, the signature end outputs an online signature sigma for the message M on
Step S5: the public parameter params and the public key of the signature end are input to the verification end
Figure FDA0003718477210000022
Message M and on-line signature σ on (ii) a If the signature of the message M is valid, the verification end outputs an accept; otherwise, the verifying end outputs reject.
3. The attribute-based online/offline signature method based on the quotient secret SM9 as recited in claim 2, wherein: the step S1 includes the steps of:
step S11: the attribute authorization end inputs a security parameter lambda to generate a bilinear pairing tuple BP = (G) 1 ,G 2 ,G T E, p), wherein e: g 1 ×G 2 →G T P is a large prime number, | p | = λ;
random selection G of attribute authorization terminal 1 Generating element P of 1 ,G 2 Generating element P of 2
The attribute authorization terminal selects a system attribute domain U = { att = 1 ,att 2 ,...,att u Therein of
Figure FDA0003718477210000023
u=|U|,
Figure FDA0003718477210000024
Attribute authorization end definition algorithm
Figure FDA0003718477210000025
Figure FDA0003718477210000026
Converting the attribute set omega into a binary identification ID ω Wherein
Figure FDA0003718477210000027
Figure FDA0003718477210000028
The definition is as follows: inputting an attribute set omega and a system attribute domain U; order ID ω [i]Representation ID ω If att in the ith position of i E.g. omega, let ID ω [i]=1; otherwise, let ID ω [i]=0; wherein i is more than or equal to 1 and less than or equal to U, and U = | U |. Finally, the algorithm outputs the ID ω
Step S12: attribute authority random selection
Figure FDA0003718477210000029
Calculating P pub =αP 2 ,g=e(P 1 ,P pub );
Step S13: two Hash functions H are selected by the attribute authorization terminal 1
Figure FDA00037184772100000210
H 2
Figure FDA00037184772100000211
Randomly selecting a 1-bit private key generation function identifier hid ∈ {0,1};
step S14: the attribute authorization end outputs a main private key msk = alpha and a public parameter
params=(BP,P 1 ,P 2 ,P pub ,g,U,hid,H 1 ,H 2 ) And (4) a formula I.
4. The attribute-based online/offline signature method based on the quotient secret SM9 as recited in claim 2, wherein: the step S2 specifically includes the following steps:
step S21: attribute authorization end input access policy A = { A = { (A) 1 ,A 2 ,...,A n Therein of
Figure FDA0003718477210000031
n = | a |, algorithm
Figure FDA0003718477210000032
Signature end attribute set
Figure FDA0003718477210000033
A master private key msk and a public parameter params;
step S22: attribute authorization end utilization algorithm
Figure FDA0003718477210000034
Access policy a = { a = { (a) 1 ,A 2 ,...,A n And signature end attribute set omega j Conversion to binary token sets
Figure FDA0003718477210000035
And binary identification
Figure FDA0003718477210000036
Step S23: attribute authorization end random selection
Figure FDA0003718477210000037
Computing private key of signature end
Figure FDA0003718477210000038
Wherein
Figure FDA0003718477210000039
sk 2 =r s A third formula;
computing signature end public key
Figure FDA00037184772100000310
Step S24: attribute authorization end output signature end public and private key pair
Figure FDA00037184772100000311
5. The attribute-based online/offline signature method based on the quotient secret SM9 as recited in claim 2, wherein: the step S3 specifically includes the following steps:
step S31: the signature end inputs a public parameter params and a private key of the signature end
Figure FDA00037184772100000312
Step S32: signature end random selection
Figure FDA00037184772100000313
Calculate w = g r ,l=sk 2 ·(r-k)mod p,S=l·sk 1
Step S33: signature end outputs off-line signature sigma off =(r,k,w,S)。
6. The attribute-based online/offline signature method based on the quotient secret SM9 as recited in claim 2, wherein: the step S4 specifically includes the following steps:
step S41: the signature end inputs the public parameter params and off-line signature sigma off Private key of signing side
Figure FDA0003718477210000041
Signature end attribute set omega j And a message M;
step S42: signature end utilization algorithm
Figure FDA0003718477210000042
Signature end attribute set omega j Conversion into a binary identification
Figure FDA0003718477210000043
Step S43: and (3) signature end calculation: h = H 2 (M||w,p),τ=(r-h)(r-k) -1 mod p,
Figure FDA0003718477210000044
Step S44: on-line signature sigma output by signature end on =(h,τ,y,S)。
7. The attribute-based online/offline signature method based on the quotient secret SM9 as recited in claim 2, wherein: the step S5 specifically includes the following steps:
step S51: verification end input message signature pair (M, sigma) on ) Public key of signature end
Figure FDA0003718477210000045
And the public parameter params;
step S52: verification end judgment equation
Figure FDA0003718477210000046
If the result is not true, the execution is terminated; otherwise, continuing to execute the following steps;
step S53: the verifying end calculates t = g h ,P=yP 2 +P pub β = e (τ · S, P), w' = β · t and h 2 =H 2 (M||w′,p);
Step S54: the verification end judges the equation: h is 2 If h is true. If yes, outputting accept, otherwise, outputting reject.
CN202210751705.1A 2022-06-28 2022-06-28 Attribute-based online/offline signature method and system based on secret SM9 Pending CN115174104A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210751705.1A CN115174104A (en) 2022-06-28 2022-06-28 Attribute-based online/offline signature method and system based on secret SM9

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210751705.1A CN115174104A (en) 2022-06-28 2022-06-28 Attribute-based online/offline signature method and system based on secret SM9

Publications (1)

Publication Number Publication Date
CN115174104A true CN115174104A (en) 2022-10-11

Family

ID=83489205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210751705.1A Pending CN115174104A (en) 2022-06-28 2022-06-28 Attribute-based online/offline signature method and system based on secret SM9

Country Status (1)

Country Link
CN (1) CN115174104A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664651A (en) * 2022-10-20 2023-01-31 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN116346688A (en) * 2023-05-24 2023-06-27 江苏金盾检测技术股份有限公司 SSL VPN security authentication gateway service compliance detection system and method based on active scanning

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664651A (en) * 2022-10-20 2023-01-31 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN115664651B (en) * 2022-10-20 2024-03-08 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN116346688A (en) * 2023-05-24 2023-06-27 江苏金盾检测技术股份有限公司 SSL VPN security authentication gateway service compliance detection system and method based on active scanning
CN116346688B (en) * 2023-05-24 2023-08-04 江苏金盾检测技术股份有限公司 SSL VPN security authentication gateway service compliance detection system and method

Similar Documents

Publication Publication Date Title
CN106936566B (en) Outsourcing document signing method based on block chain technology
CN109818730B (en) Blind signature acquisition method and device and server
CN115174104A (en) Attribute-based online/offline signature method and system based on secret SM9
CN107248909A (en) It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN107171788B (en) Identity-based online and offline aggregated signature method with constant signature length
CN113360943A (en) Block chain private data protection method and device
CN113676333A (en) Method for generating SM2 blind signature through cooperation of two parties
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN115664675B (en) SM2 algorithm-based traceable ring signature method, system, equipment and medium
CN115442057A (en) Randomizable blind signature method and system with strong unlinkability
CN113055161B (en) Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms
CN113919008A (en) Traceable attribute-based signature method and system with fixed signature length
US20230041237A1 (en) Key generation and pace with protection against side channel attacks
CN111245594B (en) Homomorphic operation-based collaborative signature method and system
CN112434281A (en) Multi-factor identity authentication method oriented to alliance chain
CN115314205B (en) Collaborative signature system and method based on key segmentation
CN116961917A (en) ECDSA-based multiparty cooperative threshold signature method, device and system
CN108449174B (en) Revocable encryption method and device for intelligent terminal in cloud computing application
CN111191262A (en) Block chain wallet client private key protection method based on two-party signature
CN113438085B (en) Efficient attribute-based server auxiliary signature verification method and system
CN115174105A (en) Attribute-based cleanable signature method and system with server-assisted verification
CN112784314B (en) Data integrity detection method and device, electronic equipment and storage medium
CN115174239B (en) Traceable and forward secure attribute-based signature system and method with fixed length
CN116188007B (en) Identity verification method and system
CN114172654B (en) Distributed attribute-based server assisted signature system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination