CN116232677A - Method for implementing anonymous communication model based on identity encryption - Google Patents

Method for implementing anonymous communication model based on identity encryption Download PDF

Info

Publication number
CN116232677A
CN116232677A CN202211729439.9A CN202211729439A CN116232677A CN 116232677 A CN116232677 A CN 116232677A CN 202211729439 A CN202211729439 A CN 202211729439A CN 116232677 A CN116232677 A CN 116232677A
Authority
CN
China
Prior art keywords
identity
anonymous
users
receiver
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211729439.9A
Other languages
Chinese (zh)
Inventor
陈志祥
王世杰
张宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi IoT Technology Co Ltd
Original Assignee
Tianyi IoT Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi IoT Technology Co Ltd filed Critical Tianyi IoT Technology Co Ltd
Priority to CN202211729439.9A priority Critical patent/CN116232677A/en
Publication of CN116232677A publication Critical patent/CN116232677A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a realization method of an anonymous communication model based on identity encryption, which comprises the following steps: the model comprises a plurality of users, bulletin boards and registration servers, wherein the number of the users, the bulletin boards and the registration servers does not exceed a first set threshold value; the registration server divides a plurality of users into a plurality of groups, distributes an identity ID comprising the group number of the group to which the user belongs to each user, and generates a corresponding private key with the identity ID of each user according to an anonymous IBE algorithm; when a sender needs to send anonymous information to a receiver, the sender encrypts the anonymous information into a target ciphertext by using the identity ID of the receiver as a public key, wherein the target ciphertext comprises a target group number of a group to which the receiver belongs; the sender sends a target ciphertext to the bulletin board, and all users except the receiver send a pseudo ciphertext to the bulletin board; all users in the target group number corresponding group download the target ciphertext from the bulletin board, the receiver decrypts the target ciphertext by using the private key of the receiver to obtain the anonymous message, and the invention can be widely applied to the field of Internet security.

Description

Method for implementing anonymous communication model based on identity encryption
Technical Field
The invention relates to the technical field of Internet security, in particular to an implementation method of an anonymous communication model based on identity encryption.
Background
A great deal of personal information is currently input into the internet, but a great deal of privacy leakage risks exist in an open network environment, and privacy protection is required to verify the authenticity of identities of both communication parties and also protect the confidentiality of the identities and messages of both communication parties. In the existing anonymous communication system, certain measures are taken to conceal communication relations in communication flows, so that the relations and contents of two communication parties are difficult to acquire or infer by others. However, the existing anonymous communication system has larger requirements on network bandwidth and memory, and cannot resist flow attack in the prior art. In this case, anonymous communication is used in the small-scale group body for communication, which is not only inefficient, but also wastes a lot of resources, and the security of the group body cannot be ensured.
Therefore, how to efficiently and save network resources to ensure the security of anonymous communication in a small group with a small number of users is a worthy research problem.
Disclosure of Invention
In view of this, the embodiment of the invention provides a method for implementing an anonymous communication model based on identity encryption, which is used for implementing security of anonymous communication in a small group with fewer users in an efficient and network resource-saving manner.
An aspect of the embodiment of the invention provides a method for implementing an anonymous communication model based on identity encryption, which comprises the following steps: the anonymous communication model based on identity encryption comprises a plurality of users, a bulletin board and a registration server, wherein the number of the plurality of users does not exceed a first set threshold;
the registration server divides the plurality of users into a plurality of groups, the number of each group of users is larger than or equal to a second set threshold value, a unique and fixed identity ID is distributed to each user, a private key corresponding to each user is generated according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs;
when a sender needs to send anonymous information to a receiver, the sender encrypts the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, wherein the sender and the receiver are different users in the plurality of users, and the target ciphertext comprises a target group number of a group to which the receiver belongs;
the sender sends the target ciphertext to the bulletin board, and all users except the receiver in the plurality of users send pseudo ciphertext to the bulletin board;
and all users in the target group number corresponding group download the target ciphertext from the bulletin board, and the receiver decrypts the target ciphertext by using the private key of the receiver to obtain the anonymous message.
Preferably, the generating the private key corresponding to each user according to the anonymous IBE algorithm and the identity ID of each user includes:
generating a master key through a private key generator of the anonymous IBE algorithm, wherein the master key is kept secret by a PKG, and the PGK is a trusted third party;
and respectively inputting the identity ID of each user and the master key into the PGK to obtain a private key corresponding to each user.
Preferably, the sender encrypts the anonymous message into a target ciphertext using the identity ID of the receiver as a public key, including:
if the sender determines to disclose an identity to the recipient, the sender encrypts the anonymous message to a first target ciphertext comprising the sender's identity ID using the recipient's identity ID as a public key;
if the sender determines to secret the identity to the recipient, the sender encrypts the anonymous message to a second target ciphertext that does not include the sender's identity ID using the recipient's identity ID as a public key.
Preferably, the method further comprises:
and after the message passing among the plurality of users reaches a first set round, the registration server regenerates a new private key corresponding to each user according to the anonymous IBE algorithm and the identity ID of each user.
Preferably, the method further comprises:
and after the message passing among the plurality of users reaches a second set round, the registration server divides the plurality of users into a plurality of groups again so as to carry out grouping rearrangement on the plurality of users.
Preferably, the first set threshold is 200, and the second set threshold is 20.
Another aspect of the embodiment of the present invention further provides an apparatus for implementing an anonymous communication model based on identity encryption, including:
the first anonymous communication unit is used for dividing a plurality of users into a plurality of groups through the registration server, wherein the number of each group of users is larger than or equal to a set threshold value, distributing a unique and fixed identity ID to each user, generating a private key corresponding to each user according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs;
a second anonymous communication unit, configured to encrypt, when a sender needs to send anonymous information to a receiver, the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, where the sender and the receiver are different users from each other, and the target ciphertext includes a target group number of a group to which the receiver belongs;
a third anonymous communication unit configured to transmit the target ciphertext to the bulletin board through the sender, all users except the receiver among the plurality of users transmitting pseudo ciphertext to the bulletin board;
and the fourth anonymous communication unit is used for downloading the target ciphertext from the bulletin board through all users in the target group number corresponding group, and the receiver uses the private key of the receiver to decrypt the target ciphertext to obtain the anonymous message.
Another aspect of the embodiment of the invention also provides an electronic device, which includes a processor and a memory;
the memory is used for storing programs;
the processor executes the program to realize the method for realizing the anonymous communication model based on identity encryption.
Another aspect of the embodiments of the present invention further provides a computer-readable storage medium storing a program, where the program is executed by a processor to implement the method for implementing the anonymous communication model based on identity encryption.
Embodiments of the present invention also disclose a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions may be read from a computer-readable storage medium by a processor of a computer device, and executed by the processor, to cause the computer device to perform the method of implementing an anonymous communication model based on identity encryption as described above.
The anonymous communication model based on identity encryption comprises a plurality of users, a bulletin board and a registration server, wherein the number of the plurality of users does not exceed a first set threshold value; the registration server divides the plurality of users into a plurality of groups, the number of users in each group is larger than or equal to a second set threshold value, the number of users in each group reaches a certain degree, the registration server can resist flow attack, the registration server can be used for anonymous communication of small-scale communities with fewer users, a unique and fixed identity ID is distributed to each user, a private key corresponding to each user is generated according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the registration server belongs; when a sender needs to send anonymous information to a receiver, the sender encrypts the anonymous information into a target ciphertext by using the identity ID of the receiver as a public key, wherein the sender and the receiver are two different users in a plurality of users, and the target ciphertext comprises a target group number of a group to which the receiver belongs; the sender sends a target ciphertext to the bulletin board, all users except the receiver send a pseudo ciphertext to the bulletin board, all users need to send the ciphertext to the bulletin board, the difference is that the pseudo ciphertext is uploaded by the users except the sender, the identity of the receiver can be kept secret, the information uploaded to the bulletin board by all the users is encrypted ciphertext, the encrypted ciphertext does not reveal any content related to the identity of the users, and the safety of the information is ensured; all users in the target group number corresponding group download the target ciphertext from the bulletin board, the receiver decrypts the target ciphertext by using the private key of the receiver to obtain anonymous information, and all users in the group where the receiver is located need to download the target ciphertext from the bulletin board, so that the true identity of the receiver is not easy to be known by others, and the identity of the receiver can be kept secret externally, thereby realizing anonymous reception. In addition, the anonymous communication model of the invention has no limit on the number of messages in each round, and compared with other anonymous communication models, which can only send one message in each round, the anonymous communication model of the invention has no need of waiting, and all users can send any number of messages in one round, thereby improving the communication efficiency and reducing the communication cost.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow diagram of an implementation method of an anonymous communication model based on identity encryption according to an embodiment of the present invention;
FIG. 2 is a diagram showing comparison of communication consumption of an anonymous communication model and an anonymous communication model for limiting the number of messages according to an embodiment of the present invention;
FIG. 3 is a system architecture diagram of an IBE-based lightweight anonymous communication prototype system according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a process of transmitting a round of ciphertext between a user and a bulletin board according to an embodiment of the present invention;
fig. 5 is a block diagram of an implementation device of an anonymous communication model based on identity encryption according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, an embodiment of the present invention provides a method for implementing an anonymous communication model based on identity encryption, where the anonymous communication model based on identity encryption may include a plurality of users, a bulletin board, and a registration server, and the number of the plurality of users may not exceed a first set threshold. In an alternative embodiment, the first set threshold may be 200, and since the present invention includes a plurality of users, that is, the number of users of the present invention is at least 2, the number of users of the present invention may be any number between 2 and 200.
The method specifically comprises the following steps:
step S100: the registration server divides the plurality of users into a plurality of groups, the number of each group of users is larger than or equal to a second set threshold value, a unique and fixed identity ID is distributed to each user, a private key corresponding to each user is generated according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs.
Specifically, the registration server may group all users, and divide the users into M groups, each group being N members. To prevent traffic analysis attacks, the number of N should be large enough, N may be not less than 20. An identity ID corresponds to a unique group number i and an intra-group sequence number j (i, j is randomly selected and 0 < i.ltoreq.M and 0 < j.ltoreq.N). The invention can record the user identity as ID ij Each trusted user knows the identity and group number of other users within the anonymous communication model. The user needs to obtain his own private key d before starting communication ij . Registration server generates a master key and each user ID for anonymous communication model ij Corresponding private key d ij . The registration server randomly generates a number r, and public parameter params= (g, g) of anonymous communication model 1 ,g 2 ). Each user ID ij Corresponding private key d ij The method comprises the following steps:
Figure BDA0004031052040000041
after the private key is generated, the registration server distributes the private key to the corresponding user.
Further, for the security of the anonymous communication model, after the number of rounds of message transfer between users reaches a certain value, private key update and packet update of the anonymous communication model can be triggered, which specifically comprises the following steps:
in an alternative implementation manner, when the anonymous communication model carries out 1000 rounds of message transmission, the registration server can regenerate private keys for all users so as to strengthen the security of the system and prevent the adversary from being cracked by network attack.
In an alternative implementation manner, when the anonymous communication model carries out 100 rounds of message transmission, the registration server can carry out grouping rearrangement on all users, and randomly select and regroup all users in the anonymous communication model so as to strengthen the security of the system and prevent the system from being cracked by adversaries.
Step S110: when a sender needs to send anonymous information to a receiver, the sender encrypts the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, wherein the sender and the receiver are different users from each other, and the target ciphertext comprises a target group number of a group to which the receiver belongs.
Specifically, at a set T 1 During the time, the sender can use the identity ID of the receiver ij The anonymous message m is encrypted as a public key and the target ciphertext C is obtained.
All users who want to transfer information in the anonymous communication model can be in T 1 Based on the ID of the receiver during the time ij The information is encrypted. Meanwhile, the sender can also know the target group number i of the receiver, and in order to realize the target of anonymous communication transmission of the packet, the invention designs C 1 In order to obtain the group number i of the receiver, the receiver can quickly screen out the message to be downloaded after the target ciphertext C is uploaded to the bulletin board, so that the time and the memory cost are saved.
Further, if the sender wants to inform the recipient of its identity, the anonymous message m is encrypted as follows:
Figure BDA0004031052040000051
where t is the sender's random choice, ID ij Is the identity of the recipient, sign sendIDij Is the identity of the sender, C 1 =i, i is the target group number where the receiver is located.
If the sender does not want to inform the recipient of the identity, the encryption is as follows:
Figure BDA0004031052040000052
step S120: the sender sends the target ciphertext to the bulletin board, and all users of the plurality of users except the receiver send pseudo ciphertext to the bulletin board.
Specifically, all users in the anonymous communication model may have to send ciphertext to the bulletin board within a set T2 time.
All users, whether or not desiring to communicate, must send ciphertext to the bulletin board and the upload process is completed within time T2, wherein the sender sends the target ciphertext to the bulletin board and all users except the receiver send the pseudo ciphertext to the bulletin board.
Step S130: and all users in the target group number corresponding group download the target ciphertext from the bulletin board, and the receiver decrypts the target ciphertext by using the private key of the receiver to obtain the anonymous message.
Specifically, at a set T 3 In time, all users in the group of receivers need to download the target ciphertext C from the bulletin board.
After the target ciphertext is uploaded to the bulletin board, all users can judge whether the C part of the target ciphertext is equal to the group number i of the users, so that whether the receiver of the target ciphertext belongs to the group is determined, and if the receiver belongs to the group, all users in the group must download the target ciphertext so as not to miss the message. The above process is at T 3 Completed in time.
Then, at the set T 4 In time, the receiver decrypts the downloaded data by its own private keyTarget ciphertext: all users in the target group number use the private key dij of the users to attempt to decrypt the downloaded target ciphertext one by one. If the decryption is successful, the user is the actual recipient and can obtain the relevant message m:
Figure BDA0004031052040000061
Figure BDA0004031052040000062
in some embodiments of the present application, the anonymous IBE algorithm described above is introduced, and next, a construction process of the anonymous IBE algorithm will be described.
Specifically, the IBE algorithm is an identity-based encryption algorithm (Identity Based Encryption, IBE).
In an identity-based encryption algorithm (Identity Based Encryption, IBE), the parties are user and private key generators (Public Key Generation, PKG). The public key is the identity of the user, which makes the IBE algorithm different from the traditional public key cryptosystem. PKG is a trusted third party responsible for generating the system master key and the private key of the corresponding user. Because the method does not need to distribute public keys or cancel keys, the key management of the IBE algorithm is simple and effective and is widely applied to the field of information security. The basic construction of an IBE algorithm is as follows:
(1) Initializing: the stage private key generator generates public parameters and a system master key.
The private key generator runs an initialization function, inputs a security parameter k, and returns a public parameter params and a system master key msk. The limited plaintext space M, the limited ciphertext space C and the params are stored in a public parameter list. The system master key msk is kept secret by the PKG.
(2) Generating a private key: the PKG at this stage generates a user private key.
PKG inputs a system master key msk and a user ID, and generates a private key d corresponding to the user ID ID The private key generator uses the secure channel to transfer the private key d ID And sending the message to the corresponding user.
(3) Encryption: the sender performs an encryption operation at this stage.
The sender inputs the message mε M and the identity ID of the receiver, and generates ciphertext C ε C through certain encryption operation.
(4) Decryption: the receiver performs the decryption operation at this stage.
The receiver inputs ciphertext c and its own private key sk ID And obtaining a plaintext m through certain decryption operation.
The anonymous IBE algorithm is a public key encryption scheme based on an identity ID, has the advantages of high ciphertext expansion degree, no need of managing certificates and no need of distributing public and private key pairs, and is suitable for encrypting messages in an anonymous communication model. The anonymous communication model based on IBE can ensure the communication safety in a small-scale group body, and realize the anonymity of the identities of the two communication parties, the anonymity of the communication path and the confidentiality of the message.
The anonymous IBE algorithm is constructed based on the DBDH problem, can resist an ANON-IND-ID-CCA attack of a network attack adversary, and comprises the following specific processes:
set G 1 And G 2 Is a multiplicative cyclic group of order p, mapped
Figure BDA0004031052040000071
Is a bilinear map.
Initializing: to generate system parameters, the registration server randomly selects
Figure BDA0004031052040000072
G is group G 1 Setting g 1 =g α . Next, the generation group G is randomly selected 1 G of (3) 2 The public parameters params and secret system master-key are defined as follows:
params=(g,g 1 ,g 2 ):master-key=α
private key generation: PKG is identity
Figure BDA0004031052040000073
Generating a corresponding private key, generating a random number r by the registration server, and outputting the private key:
Figure BDA0004031052040000074
encryption: sender using identity of recipient
Figure BDA0004031052040000075
Encrypting message G 2 Element m in (c). The sender randomly selects t freely and outputs ciphertext:
Figure BDA0004031052040000076
decryption: the receiver uses its own private key d= (d) 1 ,d 2 ) Decrypting. Decryption is as follows:
Figure BDA0004031052040000077
the correctness of the anonymous IBE algorithm is verified as follows:
if C= (C 1 ,C 2 ,C 3 ) Is a valid ciphertext encrypted for m using the identity ID, then the following verification can be made:
Figure BDA0004031052040000081
so there are:
Figure BDA0004031052040000082
/>
furthermore, the invention constructs a lightweight anonymous communication model based on the anonymous IBE algorithm. According to the anonymous IBE algorithm, the sender encrypts the message using the identity of the recipient. After encryption, the user uploads the message to the bulletin board and downloads ciphertext on the bulletin board in groups. Only the actual recipient can decrypt and retrieve the message.
The present invention first gives a definition of the use of symbols in an anonymous communication model. G 1 And G 2 Is a multiplicative cyclic group with order of prime number p, G is G 1 Is a generator of (1). The bilinear mapping satisfies
Figure BDA0004031052040000083
Figure BDA0004031052040000084
For registering a server generated system master key, randomly selecting g 2 ∈G 1 And g 1 =g α
In order to verify the performance of the anonymous communication model of the present invention, a related experiment is performed, and fig. 2 shows the communication consumption of the anonymous communication model of the present invention and the existing anonymous communication model for limiting the number of messages. The anonymity performance of the lightweight anonymous communication model is compared to existing anonymous communication models. The results show that only the inventive model achieves all anonymity, while other models are not.
The anonymous communication model of the invention realizes three anonymities with lower storage cost and communication cost. The anonymous communication model of the present invention has no limitation on the number of messages per round, which is a significant advantage over existing anonymous communication models in which only one message can be sent per round. For example, one user may want to communicate with multiple people, or more than one user may want to send a message. In existing anonymous communication models that limit the number of messages, the user must wait for several rounds. However, in the anonymous communication model of the invention, all users can send any number of messages in one round, and the characteristic improves the communication efficiency and reduces the communication cost.
Practical applications of the present invention will be described in the following with specific examples.
Referring to fig. 3, an embodiment of the present invention provides a light-weight anonymous communication prototype system based on IBE, and referring to fig. 4, an embodiment of the present invention provides an example of a process for transmitting a round of ciphertext between a user and a bulletin board.
Specifically, after logging in the anonymous communication model, the user realizes bidirectional anonymous authentication and key negotiation with the big data server, and takes the session key to establish secret communication. The user inputs the anonymous information to be sent in the foreground through the visual page, and encrypts the information by the background. And similarly, after the background successfully decrypts the downloaded ciphertext, the message is presented to the user through the visual page.
The background realizes anonymous communication of the user. When the foreground has an anonymous message to be sent, the anonymous communication model encrypts the message by using an anonymous IBE algorithm in the time of T1. During time T2, the anonymous communication model automatically uploads the ciphertext to the bulletin board. In time T3, if there is ciphertext corresponding to the group number on the bulletin board, the anonymous communication model downloads the ciphertext from the bulletin board. And the background decrypts the ciphertext by using the private key of the user within the time T4, and if the decryption is successful, the message m is displayed to the visual page of the receiver.
The user of the IBE-based anonymous communication system is a main body, and the front end has the main functions of sending anonymous messages and receiving anonymous messages. The user needs to register and log on to the anonymous communication system to perform the above functions of the anonymous communication model. The information transmitted by the user in the anonymous communication model can be checked through the information recording function in the anonymous communication model, and meanwhile, all people can check the encrypted ciphertext, and other people cannot decrypt the encrypted ciphertext, so that the related privacy information of the sender and the receiver cannot be revealed.
Fig. 4 shows a process by which a user and bulletin board transmit a round of ciphertext. During time T2, all users upload ciphertext C to the bulletin board, with the red line indicating this process. During time T3, it is checked whether the C1 part of the ciphertext is equal to a group number in the model. As shown in the figure, assuming c1=2, all users in the second group have to download the ciphertext to the local and the other groups do not need to download the ciphertext, where the green line represents the download process and the black line represents the communication paths available in the model.
Referring to fig. 5, an embodiment of the present invention provides an implementation apparatus of an anonymous communication model based on identity encryption, including:
the first anonymous communication unit is used for dividing a plurality of users into a plurality of groups through the registration server, wherein the number of each group of users is larger than or equal to a set threshold value, distributing a unique and fixed identity ID to each user, generating a private key corresponding to each user according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs;
a second anonymous communication unit, configured to encrypt, when a sender needs to send anonymous information to a receiver, the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, where the sender and the receiver are different users from each other, and the target ciphertext includes a target group number of a group to which the receiver belongs;
a third anonymous communication unit configured to transmit the target ciphertext to the bulletin board through the sender, all users except the receiver among the plurality of users transmitting pseudo ciphertext to the bulletin board;
and the fourth anonymous communication unit is used for downloading the target ciphertext from the bulletin board through all users in the target group number corresponding group, and the receiver uses the private key of the receiver to decrypt the target ciphertext to obtain the anonymous message.
Embodiments of the present invention also disclose a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions may be read from a computer-readable storage medium by a processor of a computer device, and executed by the processor, to cause the computer device to perform the method shown in fig. 1.
In some alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed, and in which sub-operations described as part of a larger operation are performed independently.
Furthermore, while the invention is described in the context of functional modules, it should be appreciated that, unless otherwise indicated, one or more of the described functions and/or features may be integrated in a single physical device and/or software module or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary to an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be apparent to those skilled in the art from consideration of their attributes, functions and internal relationships. Accordingly, one of ordinary skill in the art can implement the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative and are not intended to be limiting upon the scope of the invention, which is to be defined in the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiment of the present invention has been described in detail, the present invention is not limited to the embodiments described above, and those skilled in the art can make various equivalent modifications or substitutions without departing from the spirit of the present invention, and these equivalent modifications or substitutions are included in the scope of the present invention as defined in the appended claims.

Claims (10)

1. An implementation method of an anonymous communication model based on identity encryption is characterized by comprising the following steps: the anonymous communication model based on identity encryption comprises a plurality of users, a bulletin board and a registration server, wherein the number of the plurality of users does not exceed a first set threshold;
the registration server divides the plurality of users into a plurality of groups, the number of each group of users is larger than or equal to a second set threshold value, a unique and fixed identity ID is distributed to each user, a private key corresponding to each user is generated according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs;
when a sender needs to send anonymous information to a receiver, the sender encrypts the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, wherein the sender and the receiver are different users in the plurality of users, and the target ciphertext comprises a target group number of a group to which the receiver belongs;
the sender sends the target ciphertext to the bulletin board, and all users except the receiver in the plurality of users send pseudo ciphertext to the bulletin board;
and all users in the target group number corresponding group download the target ciphertext from the bulletin board, and the receiver decrypts the target ciphertext by using the private key of the receiver to obtain the anonymous message.
2. The method for implementing the anonymous communication model based on identity encryption according to claim 1, wherein the generating a private key corresponding to each user according to the anonymous IBE algorithm and the identity ID of each user comprises:
generating a master key through a private key generator of the anonymous IBE algorithm, wherein the master key is kept secret by a PKG, and the PGK is a trusted third party;
and respectively inputting the identity ID of each user and the master key into the PGK to obtain a private key corresponding to each user.
3. The method according to claim 1, wherein the sender encrypts the anonymous message into a target ciphertext using the identity ID of the receiver as a public key, comprising:
if the sender determines to disclose an identity to the recipient, the sender encrypts the anonymous message to a first target ciphertext comprising the sender's identity ID using the recipient's identity ID as a public key;
if the sender determines to secret the identity to the recipient, the sender encrypts the anonymous message to a second target ciphertext that does not include the sender's identity ID using the recipient's identity ID as a public key.
4. The method for implementing an anonymous communication model based on identity encryption of claim 1, further comprising:
and after the message passing among the plurality of users reaches a first set round, the registration server regenerates a new private key corresponding to each user according to the anonymous IBE algorithm and the identity ID of each user.
5. The method for implementing an anonymous communication model based on identity encryption of claim 1, further comprising:
and after the message passing among the plurality of users reaches a second set round, the registration server divides the plurality of users into a plurality of groups again so as to carry out grouping rearrangement on the plurality of users.
6. The method for implementing an anonymous communication model based on identity encryption according to claim 1, wherein the first set threshold is 200 and the second set threshold is 20.
7. An apparatus for implementing an anonymous communication model based on identity encryption, comprising:
the first anonymous communication unit is used for dividing a plurality of users into a plurality of groups through the registration server, wherein the number of each group of users is larger than or equal to a set threshold value, distributing a unique and fixed identity ID to each user, generating a private key corresponding to each user according to an anonymous IBE algorithm and the identity ID of each user, and the identity ID of each user comprises the group number of the group to which the user belongs;
a second anonymous communication unit, configured to encrypt, when a sender needs to send anonymous information to a receiver, the anonymous information into a target ciphertext by using an identity ID of the receiver as a public key, where the sender and the receiver are different users from each other, and the target ciphertext includes a target group number of a group to which the receiver belongs;
a third anonymous communication unit configured to transmit the target ciphertext to the bulletin board through the sender, all users except the receiver among the plurality of users transmitting pseudo ciphertext to the bulletin board;
and the fourth anonymous communication unit is used for downloading the target ciphertext from the bulletin board through all users in the target group number corresponding group, and the receiver uses the private key of the receiver to decrypt the target ciphertext to obtain the anonymous message.
8. An electronic device comprising a processor and a memory;
the memory is used for storing programs;
the processor executing the program implements a method of implementing an identity-based encryption anonymous communication model as set forth in any one of claims 1 to 6.
9. A computer-readable storage medium, characterized in that the storage medium stores a program that is executed by a processor to implement a method of implementing an identity-based encryption anonymous communication model as set forth in any one of claims 1 to 6.
10. A computer program product comprising a computer program which, when executed by a processor, implements a method of implementing an identity-based encryption anonymous communication model as claimed in any one of claims 1 to 6.
CN202211729439.9A 2022-12-30 2022-12-30 Method for implementing anonymous communication model based on identity encryption Pending CN116232677A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211729439.9A CN116232677A (en) 2022-12-30 2022-12-30 Method for implementing anonymous communication model based on identity encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211729439.9A CN116232677A (en) 2022-12-30 2022-12-30 Method for implementing anonymous communication model based on identity encryption

Publications (1)

Publication Number Publication Date
CN116232677A true CN116232677A (en) 2023-06-06

Family

ID=86581631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211729439.9A Pending CN116232677A (en) 2022-12-30 2022-12-30 Method for implementing anonymous communication model based on identity encryption

Country Status (1)

Country Link
CN (1) CN116232677A (en)

Similar Documents

Publication Publication Date Title
Phuong et al. Puncturable attribute-based encryption for secure data delivery in Internet of Things
Horng et al. An identity-based and revocable data-sharing scheme in VANETs
CN112165472B (en) Internet of things data security sharing method based on privacy protection
Liu et al. Verifiable attribute-based keyword search over encrypted cloud data supporting data deduplication
JP2011151866A (en) System and method for id-based encryption and related cryptographic technique
Xu et al. Server-aided bilateral access control for secure data sharing with dynamic user groups
CN112383550B (en) Dynamic authority access control method based on privacy protection
Li et al. Enabling efficient and secure data sharing in cloud computing
Xie et al. [Retracted] Provable Secure and Lightweight Vehicle Message Broadcasting Authentication Protocol with Privacy Protection for VANETs
El Gafif et al. Efficient Ciphertext‐Policy Attribute‐Based Encryption Constructions with Outsourced Encryption and Decryption
Wang et al. Identity-based matchmaking encryption with stronger security and instantiation on lattices
Xue et al. SCD2: Secure content delivery and deduplication with multiple content providers in information centric networking
Lv et al. Efficiently attribute-based access control for mobile cloud storage system
Hwang et al. Robust stream‐cipher mode of authenticated encryption for secure communication in wireless sensor network
Thorncharoensri et al. Secure and Efficient Communication in VANETs Using Level‐Based Access Control
Di et al. A Novel Identity‐Based Mutual Authentication Scheme for Vehicle Ad Hoc Networks
Yang et al. Efficient certificateless encryption withstanding attacks from malicious KGC without using random oracles
Liang et al. PPC: Privacy-preserving chatting in vehicular peer-to-peer networks
CN116232677A (en) Method for implementing anonymous communication model based on identity encryption
Fu et al. Secure multi-receiver communications: Models, proofs, and implementation
Affum et al. Lattice Puncturable Attribute Based Proxy Re-encryption Scheme and Its Application in Information Centric Network
Dolev et al. Magnifying computing gaps: Establishing encrypted communication over unidirectional channels
Mandal et al. Efficient identity-based traceable cloud data broadcasting with outsider anonymity and simultaneous individual transmission
Zhu et al. Secure snaps: a new forward secrecy cryptosystem for self-destructing messages in mobile services
Jeong et al. Key agreement for key hypergraph

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination