CN115834056A - Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices - Google Patents

Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices Download PDF

Info

Publication number
CN115834056A
CN115834056A CN202211543467.1A CN202211543467A CN115834056A CN 115834056 A CN115834056 A CN 115834056A CN 202211543467 A CN202211543467 A CN 202211543467A CN 115834056 A CN115834056 A CN 115834056A
Authority
CN
China
Prior art keywords
signature
user
private key
key
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211543467.1A
Other languages
Chinese (zh)
Inventor
何俊杰
刘正辉
孙芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Sangeng Network Technology Co ltd
Xinyang Normal University
Original Assignee
Henan Sangeng Network Technology Co ltd
Xinyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Sangeng Network Technology Co ltd, Xinyang Normal University filed Critical Henan Sangeng Network Technology Co ltd
Priority to CN202211543467.1A priority Critical patent/CN115834056A/en
Publication of CN115834056A publication Critical patent/CN115834056A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a certificateless ordered aggregate signature method, a certificateless ordered aggregate signature system and a related device, and relates to the technical field of information security. The method of the present disclosure comprises the steps of: (1) A Key Generation Center (KGC) generates a system public parameter params and a system master key msk; (2) KGC inputs msk and user identity ID to generate user part private key D ID (ii) a (3) Signature user terminal input identity ID and partial private key D ID Generating the signature private key sk ID And public key PK ID (ii) a (4) Signature user terminal sequentially generates signatures sigma i The last signed ue outputs the aggregated signature σ = σ n (ii) a (5) Verifying that a user terminal inputs a sequential list L consisting of user identities, public keys and messages n And aggregate signature σ, output 0 (signature invalid) or 1 (signature valid)). The method and the device effectively save the data volume of signature storage and communication transmission and improve the signature verification efficiency.

Description

Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices
Technical Field
The invention relates to the technical field of information security, in particular to a certificateless ordered aggregation signature method, a certificateless ordered aggregation signature system and a related device.
Background
In the field of information security, it is often encountered that multiple users sign different messages. For example, in order to improve the security of an inter-domain routing System based on a Border Gateway Protocol (BGP), a BGP speaker of each Autonomous System (AS) may be required to sign a received network prefix, an Autonomous System Path (AS-Path), and a next hop AS, so AS to implement integrity protection of the AS-Path. AS the number of ASs and routers increases, the number of signatures and the computational load of verification increase significantly, which places a huge computational burden on the BGP speaker. At this time, the signatures can be aggregated in sequence to form a signature by using the sequential aggregation signatures, so that the number of the signatures is reduced, the computational overhead of verification is reduced, and the verification of the integrity of the AS-PATH can be realized through signature verification. The certificateless public key cryptosystem eliminates the problem of key escrow in an identity-based public key system without a public key certificate, and applies certificateless ordered aggregated signatures to a BGP-based interdomain routing system, so that the integrity of the AS-PATH can be protected, and the identity of each hop of a signer (namely a BGP speaker) can be verified.
In the prior art, the signature length of many certificateless ordered aggregated signatures increases with the increase of the number of signatures, and although the number of signatures is reduced, the storage and communication overhead is not greatly improved.
Disclosure of Invention
In view of the foregoing, an object of the present invention is to provide a certificateless ordered aggregate signature method, system and related apparatus.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, a certificateless ordered aggregate signature method is provided, which includes the following steps: (1) system initialization: a Key Generation Center (KGC) generates a system public parameter params and a system master key msk; (2) partial private key generation: KGC inputs msk and user identity ID to generate user part private key D ID (ii) a (3) user key generation: signing user terminal input identity ID and partial private key D ID Generating the signature private key sk ID And public key PK ID (ii) a And (4) generating an ordered aggregate signature: signature user terminal sequentially generates signatures sigma i The last signed ue outputs the aggregated signature σ = σ n (ii) a (5) signature verification: and the verification user terminal inputs a sequence list L consisting of the user identity, the public key and the message and an aggregation signature sigma and outputs 0 or 1, wherein 0 represents that the signature is invalid and 1 represents that the signature is valid.
Further, the step (1) of initializing the system is performed by KGC, and the specific steps are as follows: (1) an addition cycle group (G, +) with a prime number p and a multiplication cycle group (G) with a prime number p are selected T V), P is a generator of G; selecting bilinear map e: GXG → G T (ii) a (2) Select 3 secure hash functions H 1 :{0,1} * →G * ,H 2 :{0,1}→G * ,
Figure BDA0003979225280000011
(3) Random selection
Figure BDA0003979225280000012
S is taken as a master private key msk to be secretly stored; (4) calculating P pub = sP pub As a system public key; (5) public parameter params = (G, G) of publishing system T ,p,e,P,P pub ,H 1 ,H 2 ,H)。
The step (2) of generating part of the private key is executed by KGC, and the specific steps are as follows: (1) and acquiring the ID of the signature user from a user database, and if the database does not have data of related users, sending a request to each signature user by the database, acquiring the ID of the user and storing the ID in the database. (2) Calculating D ID =sH 1 (ID), mixing D ID As a user part private key; (3) partial private key D through secret channel ID And sending the ID to the signed user with the ID.
The user key generation in the step (3) is executed by each signed user terminal, and the specific steps are as follows: (1) receiving part of private key D sent by KGC through secret channel ID (ii) a (2) Selecting random numbers
Figure BDA0003979225280000021
As a secret value; (3) combining the secret value with part of the private key received from the KGC to generate the private key sk of the signature user ID =(D ID ,x ID ) (ii) a (4) Computing public key PK ID =x ID P and discloses.
The step (4) orderly aggregating the signature generation and signature user terminal N 1 ,N 2 ,...,N n Sequentially executing the steps of: (1) signature data initialization: signing user N 1 For message m 1 Before signing, signature σ 0 =(0 G ,0 G ) Temporary data tau 0 =(0 G 0), information List
Figure BDA0003979225280000022
Wherein 0 G Zero elements in the addition cycle group (G, +),
Figure BDA0003979225280000023
representing an empty set; (2) signature data reception: signature user terminal N i (i =2,3.., n) for message m i Before signature, receiving former signature user terminal N through public channel i-1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data tau i-1 =(T i-1 ,t i-1 ) And order list
Figure BDA0003979225280000024
(3) Signature: signature user terminal N 1 ,N 2 ,...,N n Sequentially aligning m with each other i (i =1,2, …, N) signing, wherein the signing user terminal N is i First, a random number is selected
Figure BDA0003979225280000025
Calculate h i =H(PK i ||m i ) Then calculate t i =t i-1 +h i x i +r i modp,U i =U i-1 +r i P,V i =V i-1 +D i +(h i x i +r i )T i-1 +t i H 2 (ID i ) And T i =T i-1 +H 2 (ID i ) And finally, the identity ID is identified i Public key PK i Message m i Add order List
Figure BDA0003979225280000026
(4) Signature data transmission or output: if i is less than N, signing the user terminal N i Will be listed in order
Figure BDA0003979225280000027
Temporary data tau i =(T i ,t i ) And a signature σ i =(U i ,V i ) Sending to the next signature user terminal N i+1 (ii) a If i = N, signing the user terminal N n Output order list
Figure BDA0003979225280000028
And aggregate signature σ = (U, V) = (U) n ,V n )。
The signature verification in the step (5) is executed by a verification user terminal, and the specific steps are as follows: (1) receive order list
Figure BDA0003979225280000029
And aggregate signature σ = (U, V) = (U) n ,V n ) (ii) a (2) According to the sequence list, judging each user ID in the list i If the situation of repetition exists, stopping verification if the situation exists, failing to verify the signature, and outputting 0 to indicate that the signature is invalid; (3) calculating a hash function value R i =H 1 (ID i ),S i =H 2 (ID i ),h i =H(PK i ||m i ) I =1,2, · n; (4) verification equation
Figure BDA00039792252800000210
If the formula is established, the signing user terminals can be confirmed to carry out signing and information transmission according to the specified sequence, and the signing user terminals signThe name is valid, and 1 is output; if the equation is not satisfied, the signature verification fails, and a "0" is output, indicating that the signature is invalid.
In a second aspect, there is provided a certificateless ordered aggregate signature system and related apparatus, including: a key generation center device, a signature user terminal device and a verification user terminal device.
Further, the key generation center apparatus includes: (1) a system initialization module for generating a system common parameter params = (G, G) by a Key Generation Center (KGC) T ,p,e,P,P pub ,H 1 ,H 2 H) and a system master key msk, specifically comprising a group and bilinear pair selection unit, a hash function selection unit, a system master key generation unit and a system public key generation unit; (2) a partial private key generation module for generating and secretly sending a partial private key D of the signed user with ID as the identity by a Key Generation Center (KGC) ID The system specifically comprises an identity acquisition unit, a partial private key generation unit and a partial private key sending unit.
The signature user terminal device comprises: (1) a key generation module for receiving part of private key sent by the Key Generation Center (KGC) and generating the signature private key sk of the signature user ID And public key PK ID The system specifically comprises a partial private key receiving unit, a secret value generating unit, a private key generating unit and a public key generating unit; (2) an ordered aggregate signature generation module for signing the user N i Receiving last signed user N i-1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data tau i-1 =(T i-1 ,t i-1 ) And order list
Figure BDA00039792252800000211
And generates a pair message m i Signature σ of i =(U i ,V i ) And a sequential list consisting of the identity, the public key and the message
Figure BDA00039792252800000212
And temporary data τ i =(T i ,t i ),Sending to the next signature user N i+1 Or outputting an aggregated signature σ = (U, V), specifically including a signature data initialization unit, a signature data receiving unit, a signature unit, and a signature data transmitting unit; (3) the signature verification module is used for verifying the validity of the received aggregate signature σ = (U, V), and specifically comprises an information receiving unit and a signature verification unit.
The verification user terminal device comprises a signature verification module, is used for verifying the validity of the received aggregate signature sigma = (U, V) by a verification user, and specifically comprises an information receiving unit and a signature verification unit.
The certificateless ordered aggregated signature method, the certificateless ordered aggregated signature system and the related device aggregate signatures of a plurality of different messages by a plurality of users in sequence to form a signature (aggregated signature), and the aggregated signature length is a fixed value and cannot be increased along with the increase of the number of the signatures, so that the data volume of signature storage and communication transmission is greatly saved, the workload of signature verification is reduced, and the verification efficiency is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flowchart of a certificateless ordered aggregate signature method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of ordered aggregate signature generation in a certificateless ordered aggregate signature method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of signature verification in a certificateless ordered aggregate signature method according to an embodiment of the present invention;
FIG. 4 is a block diagram illustrating a certificateless ordered aggregate signature system according to an embodiment of the present invention;
fig. 5 is a block diagram illustrating a key generation center device in a certificateless ordered aggregation signature system according to an embodiment of the present invention;
fig. 6 is a block diagram of a signing user terminal device in a certificateless ordered aggregation signature system according to an embodiment of the present invention;
fig. 7 is a block diagram illustrating a structure of a verified user terminal device in a certificateless ordered aggregation signature system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
Fig. 1 is a schematic flowchart of a certificateless ordered aggregation signature method according to an embodiment of the present invention. As shown in fig. 1, the method of this embodiment may include the steps of:
step S100: initializing a system, inputting a security parameter k by a Key Generation Center (KGC), and generating a system public parameter params and a system master key msk;
step S200: generating a private key of a user part, inputting a KGC (KGC) into a master key msk of a system and a user identity ID (identity) to generate a private key D of the user part ID
Step S300: user key generation, user input ID and partial private key D ID Generating the signature private key sk ID And public key PK ID
Step S400: ordered aggregated signature generation, user N 1 ,N 2 ,…,N n Sequentially generating signatures σ in order i =(U i ,V i ) I =1,2, …, n, outputs an aggregate signature σ = (U) n ,V n );
Step S500: and (4) signature verification, wherein a verifier inputs a sequential list L consisting of a user identity, a public key and a message and an aggregation signature sigma and outputs 0 or 1.
Referring to fig. 2, a flowchart of an ordered aggregation signature generation S400 in a certificateless ordered aggregation signature method according to an embodiment of the present invention is shown. As shown in fig. 2, the ordered aggregate signature generation of this embodiment may include the following steps:
s401: initialization: signature σ = (0,0), temporary data τ = (0,0), order list
Figure BDA0003979225280000041
Serial number i =1;
s402: user N i For message m i Signing: randomly selecting r E R Z p * Calculate H = H (PK) ID ||m i ),t=t+hx+rmodp,U=U+rP,V=V+D ID +(hx ID +r)T+tH 2 (ID),T=T+H 2 (ID);
S403: updating the sequence list: user N i Identity ID, public key PK ID Message m i Adding an order list L;
s404: judging whether the signature user is the last signature user, if so, turning to the step S406, and if not, turning to the step S405;
s405: i = i +1, go to step S402;
s406: the order list L and the aggregate signature σ = (U, V) are output.
Referring to fig. 3, a flowchart of signature verification S500 in a certificateless ordered aggregation signature method according to an embodiment of the present invention is shown. As shown in fig. 3, the signature verification of this embodiment may include the following steps:
s501: receiving information: obtaining user ID, public key and passwordOrdered lists of information constructs
Figure BDA0003979225280000042
And aggregate signature σ = (U, V);
s502: and (3) repeatedly judging by the user: user identification ID 1 ,ID 2 ,…,ID n Is there a duplication? If there is duplication, go to step S506, if there is no duplication, go to step S503;
s503: and (3) Hash calculation: calculation of R i =H 1 (ID i ),S i =H 2 (ID i ),h i =H(PK i ||m i ),i=1,2,…,n;
S504: and (3) equation verification: equation of equation
Figure BDA0003979225280000043
Is there any? If the equality is established, go to step S505, if the equality is not established, go to step S506;
s505: output "1", indicating that the signature is valid;
s506: a "0" is output, indicating that the signature is invalid.
Referring to fig. 4, a block diagram of a certificateless ordered aggregation signature system according to an embodiment of the present invention is shown. As shown in fig. 4, the system of this embodiment may include the following modules:
the key generation center apparatus 100 includes: a system initialization module 110 for a Key Generation Center (KGC) to generate a system common parameter params = (G, G) T ,p,e,P,P pub ,H 1 ,H 2 H) and a system master key msk; a partial private key generation module 120, configured to generate and secretly send a partial private key D of the signed user identified by ID by a Key Generation Center (KGC) ID
The signature user terminal device 200 includes: a key generating module 210, configured to receive a part of the private key sent by the Key Generating Center (KGC) and generate a private signature key sk of the signing user ID And public key PK ID (ii) a An ordered aggregated signature generation module 220 for signing user N i Receiving last signed user N i-1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data τ i-1 =(T i-1 ,t i-1 ) And order list
Figure BDA0003979225280000044
And generates a pair message m i Signature σ of (2) i =(U i ,V i ) And a sequential list consisting of the identity, the public key and the message
Figure BDA0003979225280000045
And temporary data τ i =(T i ,t i ) Is sent to the next signature user N i+1 Or output aggregate signature σ = (U, V); a signature verification module 230, configured to verify validity of the received aggregate signature σ = (U, V).
The verification user terminal device 300 includes a signature verification module 310 for verifying the validity of the received aggregate signature σ = (U, V) by the user.
Referring to fig. 5-7, there are shown block diagrams of key generation center devices 100, signature user terminal devices 200, and verification user terminal devices 300 in a certificateless ordered aggregation signature system according to an embodiment of the present invention.
As shown in fig. 5, the key generation center device 100 of this embodiment may include the following modules: a system initialization module 110 for a Key Generation Center (KGC) to generate a system common parameter params = (G, G) T ,p,e,P,P pub ,H 1 ,H 2 H) and a system master key msk, specifically including a group and bilinear pair selection unit 111, a hash function selection unit 112, a system master key generation unit 113, and a system public key generation unit 114; a partial private key generation module 120, configured to generate and secretly send a partial private key D of the signed user identified with ID by a Key Generation Center (KGC) ID Specifically, the device includes an identity obtaining unit 121, a partial private key generating unit 122, and a partial private key sending unit 123.
As shown in fig. 6, the signature user terminal device 200 of this embodiment may include the following modules: key generation module210 for receiving part of private key sent by the Key Generation Center (KGC) and generating the signature private key sk of the signature user ID And public key PK ID Specifically, the device includes a partial private key receiving unit 211, a secret value generating unit 212, a private key generating unit 213, and a public key generating unit 214; an ordered aggregated signature generation module 220 for signing user N i Receiving last signed user N i - 1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data τ i-1 =(T i-1 ,t i-1 ) And order list
Figure BDA0003979225280000051
And generates a pair message m i Signature σ of i =(U i ,V i ) And a sequential list consisting of the identity, the public key and the message
Figure BDA0003979225280000052
And temporary data tau i =(T i ,t i ) Is sent to the next signature user N i+1 Or output aggregate signature σ = (U, V), specifically including a signature data initialization unit 221, a signature data reception unit 222, a signature unit 223, and a signature data transmission unit 224; the signature verification module 230 is configured to verify validity of the received aggregate signature σ = (U, V), and specifically includes an information receiving unit 231 and a signature verification unit 232.
As shown in fig. 7, the verification user terminal device 300 of this embodiment includes a signature verification module 310, configured to verify the validity of the received aggregate signature σ = (U, V) by a user, and specifically includes an information receiving unit 311 and a signature verification unit 312.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus necessary general hardware, and certainly may also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present invention may be substantially implemented or a part of the technical solutions contributing to the prior art may be embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a hard disk, or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (7)

1. A certificateless ordered aggregate signature method is characterized by comprising the following steps:
(1) Initializing a system: a Key Generation Center (KGC) generates a system public parameter params and a system master key msk;
(2) And (3) partial private key generation: KGC inputs msk and user identity ID to generate user part private key D ID
(3) And (3) generating a user key: signing user terminal input identity ID and partial private key D ID Generating the signature private key sk ID And public key PK ID
(4) Ordered aggregate signature generation: signature user terminal sequentially generates signatures sigma i The last signed ue outputs the aggregated signature σ = σ n
(5) Signature verification: and the verification user terminal inputs a sequence list L consisting of the user identity, the public key and the message and an aggregation signature sigma and outputs 0 or 1, wherein 0 represents that the signature is invalid and 1 represents that the signature is valid.
The step (1) of initializing the system is performed by a Key Generation Center (KGC), and specifically includes the following steps:
(1) an addition cycle group (G, +) with a prime number p and a multiplication cycle group (G) with a prime number p are selected T V), P is a generator of G; selecting bilinear map e: GXG → G T
(2) Select 3 secure hash functions H 1 :{0,1} * →G * ,H 2 :{0,1}→G * ,H:
Figure FDA0003979225270000011
(3) Random selection
Figure FDA0003979225270000012
S is taken as a master private key msk to be secretly stored;
(4) calculating P pub = sP pub As a system public key;
(5) public parameter params = (G, G) of publishing system T ,p,e,P,P pub ,H 1 ,H 2 ,H)。
The step (2) of generating part of the private key is executed by KGC, and specifically includes the following steps:
(1) and acquiring the ID of the signature user from a user database, and if the database does not have data of related users, sending a request to each signature user by the database, acquiring the ID of the user and storing the ID in the database.
(2) Calculating D ID =sH 1 (ID), mixing D ID As a user part private key;
(3) partial private key D through secret channel ID And sending the ID to the signed user with the ID.
The step (3) of generating the user key is executed by each signed user terminal, and specifically includes the following steps:
(1) receiving part of private key D sent by KGC through secret channel ID
(2) Selecting random numbers
Figure FDA0003979225270000013
As a secret value;
(3) combining the secret value with part of the private key received from the KGC to generate the private key sk of the signing user ID =(D ID ,x ID );
(4) Computing public keysPK ID =x ID P is also disclosed.
2. The certificateless ordered aggregate signing method of claim 1, wherein the ordered aggregate signature generation of step (4) is signed by a signing user terminal N 1 ,N 2 ,...,N n Sequentially executing the steps of:
(1) signature data initialization: signing user N 1 For message m 1 Before signing, the signature σ 0 =(0 G ,0 G ) Temporary data tau 0 =(0 G 0), information List
Figure FDA0003979225270000014
Wherein 0 G Zero elements in the addition cycle group (G, +),
Figure FDA0003979225270000015
representing an empty set;
(2) signature data reception: signature user terminal N i (i =2,3.., n) for message m i Before signature, receiving former signature user terminal N through public channel i-1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data tau i-1 =(T i-1 ,t i-1 ) And order list
Figure FDA0003979225270000016
(3) Signature: signature user terminal N 1 ,N 2 ,...,N n M are sequentially paired i (i =1,2, …, N) signing, wherein signing user terminal N i First, a random number is selected
Figure FDA0003979225270000017
Calculate h i =H(PK i ||m i ) Then calculate t i =t i-1 +h i x i +r i mod p,U i =U i-1 +r i P,V i =V i-1 +D i +(h i x i +r i )T i-1 +t i H 2 (ID i ) And T i =T i-1 +H 2 (ID i ) And finally, the identity ID is identified i Public key PK i Message m i Add order List
Figure FDA0003979225270000018
(4) Signature data transmission or output: if i is less than N, signing the user terminal N i Will be listed in order
Figure FDA0003979225270000019
Temporary data tau i =(T i ,t i ) And a signature σ i =(U i ,V i ) Sending to the next signature user terminal N i+1 (ii) a If i = N, signing the user terminal N n Output order list
Figure FDA0003979225270000021
And aggregate signature σ = (U, V) = (U) n ,V n )。
3. The certificateless ordered aggregate signature method as claimed in claim 1, wherein the signature verification of step (5) is performed by a verification user terminal, and the specific steps are as follows:
(1) receive order list
Figure FDA0003979225270000022
And aggregate signature σ = (U, V) = (U) n ,V n );
(2) According to the sequence list, judging each user ID in the list i If the situation of repetition exists, stopping verification if the situation exists, failing to verify the signature, and outputting 0 to indicate that the signature is invalid;
(3) calculating a hash function value R i =H 1 (ID i ),S i =H 2 (ID i ),h i =H(PK i ||m i ),i=1,2,...,n;
(4) Verification equation
Figure FDA0003979225270000023
If the formula is established, the signature user terminals can be confirmed to carry out signature and information transmission according to the specified sequence, the signature is valid, and 1 is output; if the equation is not satisfied, the signature verification fails, and 0 is output, indicating that the signature is invalid.
4. A key generation center device in a certificateless ordered aggregation signature system is characterized by comprising the following modules:
(1) a system initialization module for generating a system common parameter params = (G, G) by a Key Generation Center (KGC) T ,p,e,P,P pub ,H 1 ,H 2 H) and a system master key msk, specifically comprising a group and bilinear pair selection unit, a hash function selection unit, a system master key generation unit and a system public key generation unit;
(2) a partial private key generation module for generating and secretly sending a partial private key D of the signed user with ID as the identity by a Key Generation Center (KGC) ID The system specifically comprises an identity acquisition unit, a partial private key generation unit and a partial private key sending unit.
5. A signature user terminal device in a certificateless ordered aggregation signature system is characterized by comprising the following modules:
(1) a key generation module for receiving part of private key sent by the Key Generation Center (KGC) and generating the signature private key sk of the signature user ID And public key PK ID The system specifically comprises a partial private key receiving unit, a secret value generating unit, a private key generating unit and a public key generating unit;
(2) an ordered aggregate signature generation module for signing the user N i Receiving last signed user N i-1 The transmitted signature σ i-1 =(U i-1 ,V i-1 ) Temporary data tau i-1 =(T i-1 ,t i-1 ) And order list
Figure FDA0003979225270000024
And generates a pair message m i Signature σ of (2) i =(U i ,V i ) And a sequential list consisting of the identity, the public key and the message
Figure FDA0003979225270000025
And temporary data τ i =(T i ,t i ) Is sent to the next signature user N i+1 Or outputting an aggregate signature σ = (U, V), specifically including a signature data initialization unit, a signature data receiving unit, a signature unit, and a signature data transmitting unit;
(3) the signature verification module is used for verifying the validity of the received aggregate signature σ = (U, V), and specifically comprises an information receiving unit and a signature verification unit.
6. A user terminal device for verification in a certificateless ordered aggregation signature system is characterized by comprising a signature verification module, a message receiving unit and a signature verification unit, wherein the signature verification module is used for verifying the validity of a received aggregation signature sigma = (U, V) by a verification user.
7. A certificateless ordered aggregate signature system, comprising: the key generation center apparatus of claim 4, the signature user terminal apparatus of claim 5, and the verification user terminal apparatus of claim 6.
CN202211543467.1A 2022-12-05 2022-12-05 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices Pending CN115834056A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211543467.1A CN115834056A (en) 2022-12-05 2022-12-05 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211543467.1A CN115834056A (en) 2022-12-05 2022-12-05 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices

Publications (1)

Publication Number Publication Date
CN115834056A true CN115834056A (en) 2023-03-21

Family

ID=85543895

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211543467.1A Pending CN115834056A (en) 2022-12-05 2022-12-05 Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices

Country Status (1)

Country Link
CN (1) CN115834056A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116132070A (en) * 2023-04-10 2023-05-16 中国民用航空总局第二研究所 Heterogeneous aggregation signature method and equipment
CN116488800A (en) * 2023-04-10 2023-07-25 中国民用航空总局第二研究所 Heterogeneous aggregation signature system applied to signature terminal
CN116743431A (en) * 2023-05-10 2023-09-12 重庆大学 Certificate-free aggregation signature data security protection method and system based on pairing-free
CN117879837A (en) * 2024-03-11 2024-04-12 贵州师范大学 Aggregation signature method, system, equipment and medium with constant length

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116132070A (en) * 2023-04-10 2023-05-16 中国民用航空总局第二研究所 Heterogeneous aggregation signature method and equipment
CN116488800A (en) * 2023-04-10 2023-07-25 中国民用航空总局第二研究所 Heterogeneous aggregation signature system applied to signature terminal
CN116132070B (en) * 2023-04-10 2023-10-03 中国民用航空总局第二研究所 Heterogeneous aggregation signature method and equipment
CN116488800B (en) * 2023-04-10 2024-03-29 中国民用航空总局第二研究所 Heterogeneous aggregation signature system applied to signature terminal
CN116743431A (en) * 2023-05-10 2023-09-12 重庆大学 Certificate-free aggregation signature data security protection method and system based on pairing-free
CN116743431B (en) * 2023-05-10 2024-02-02 重庆大学 Certificate-free aggregation signature data security protection method and system based on pairing-free
CN117879837A (en) * 2024-03-11 2024-04-12 贵州师范大学 Aggregation signature method, system, equipment and medium with constant length
CN117879837B (en) * 2024-03-11 2024-05-07 贵州师范大学 Aggregation signature method, system, equipment and medium with constant length

Similar Documents

Publication Publication Date Title
US7308097B2 (en) Digital signature and authentication method and apparatus
CN108667625B (en) Digital signature method of cooperative SM2
CN108667626A (en) The two sides cooperation SM2 endorsement methods of safety
Chen et al. CPP-CLAS: Efficient and conditional privacy-preserving certificateless aggregate signature scheme for VANETs
CN115834056A (en) Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices
Zhang et al. An efficient RSA-based certificateless signature scheme
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN109714153B (en) Efficient aggregated signature method
TWI608722B (en) Public key certificate method
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN113507374A (en) Threshold signature method, device, equipment and storage medium
CN101145913B (en) A method and system for network security communication
US20150006900A1 (en) Signature protocol
CN111245625A (en) Digital signature method without certificate aggregation
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN108964906B (en) Digital signature method for cooperation with ECC
Liu et al. Secure and efficient two-party collaborative SM9 signature scheme suitable for smart home
CN111669275B (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
Zhu et al. An efficient and provable secure identity-based ring signcryption scheme
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN116961917A (en) ECDSA-based multiparty cooperative threshold signature method, device and system
Yang et al. On-line/off-line threshold proxy re-signature scheme through the simulation approach
WO2016187689A1 (en) Signature protocol
CN114710294A (en) Novel block chain privacy protection method
CN112636918B (en) Efficient two-party collaborative signature method based on SM2

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination