CN117955644A - SM 9-based linkable ring signature method - Google Patents
SM 9-based linkable ring signature method Download PDFInfo
- Publication number
- CN117955644A CN117955644A CN202410060444.8A CN202410060444A CN117955644A CN 117955644 A CN117955644 A CN 117955644A CN 202410060444 A CN202410060444 A CN 202410060444A CN 117955644 A CN117955644 A CN 117955644A
- Authority
- CN
- China
- Prior art keywords
- user
- event
- signatures
- key
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 238000012795 verification Methods 0.000 claims description 13
- 238000013507 mapping Methods 0.000 claims description 6
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to a method for signing a linkable ring based on SM9, which provides a method for signing a linkable ring based on SM9, wherein a signer can generate a label related to a private key and a participation signing event, an output signature can comprise the signature label, and when the labels of the two signatures are identical, the two signatures are linked together, so that the linkable property of the signatures is ensured. In the invention, the chainability is based on an event, two signatures generated by the same signer can be chained together under the same event, and two signatures generated by the same signer can not be chained under different events. Some practical problems can be solved in some specific application scenarios.
Description
Technical Field
The invention relates to the field of information security, in particular to a linkable ring signature method based on SM 9.
Background
Digital signatures are fundamental tools of cryptography for authenticating digital information, applications of asymmetric key encryption techniques and digital digest techniques. Rivest et al in 2001 proposed a digital signature that was obscured by the signer, called a ring signature. The ring signature can complete the signature without cooperation of ring members, can ensure anonymity of signers, and has wide application scenes. The ring signature with single function can only additionally ensure anonymity of signers, and cannot solve some practical problems in some specific application scenes.
The linkable ring signature can enable anyone to determine whether two ring signatures are generated by the same signer, and is very practical in application scenes such as voting.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a linkable ring signature method based on SM9 in consideration of the above problems.
The invention adopts the following technical scheme:
a SM 9-based linkable ring signature method comprising the steps of:
Step 1, initializing a system:
Step 2, a key generation center generates a user private key D u;
step 3, signature: user input system parameters params, private key D u, message m, event, public key set After that, the following steps are performed;
Step 3.1, calculate e=h 3 (event), tag t=e (D u, E);
step 3.2, randomly selecting random numbers Calculating r=r·p 1; randomly selecting random number/>i=1,2,3,...,u-1,u+1,...,n;
Step 3.3, calculatingCalculation/> Calculation/>Calculation ofV=R-cu·Du,W=R-(Qucur)·P1;
Step 3.4, outputting signature σ= (T, R, V, W, c 1,c2,...,cn);
step 4, verification: verifier inputs system parameters params, message m, event, public key set After signing σ, the following steps are performed:
Step 4.1, calculate e=h 3 (event), Calculation/>
Step 4.2, verificationIf the two are equal to h, if the two are equal to each other, the verification is passed, otherwise, the verification is not passed.
Step 5, linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T is not equal to T', the two signatures are not linkable;
in the above steps, the meanings of the parameters are as follows:
"·", wherein k·p represents a k times point of the point P on the elliptic curve, and k is a positive integer;
a set of integers consisting of 1,2, …, q-1;
h 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key that is held in secret by the key generation center;
m: a message;
sigma: signing;
Qi: hash value of ith user identity mark of public key list;
D i: a private key of user i;
A list of public keys, i.e., { ID 1,ID2,...,IDn };
event: the user participates in the signed event.
Further, the step 1 specifically includes the following steps:
Step 1.1, setting a safety parameter 1 λ, selecting an addition circulation group with the order of q The generator is P 1,P2, from/>To/>Bilinear pair mapping e, cryptographic hash function/>
Step 1.2, randomly selectingThe key generation center calculates a master public key: p pub=s·P2.
Step 1.3, outputting common parameters:
In the above steps, the meanings of the parameters are as follows:
q: a large prime number;
e: from the slave To/>Is a bilinear pair mapping of (1);
A set of integers consisting of 1,2, …, q-1;
An addition loop group of order q;
A multiplication loop group of order q;
p 1,P2: respectively as groups And/>Is a generator of (1).
Further, the step 2 specifically includes the following steps:
Step 2.1, the user sends the identity ID u to a key generation center;
Step 2.1, the key generation center calculates the hash value Q u=H1(IDu of the user, and then calculates the private key D u=[s·(H1(IDu)+s)-1]·P1 of the user;
And 2.3, the key generation center sends the private key D u of the user to the user.
The beneficial effects of the invention are as follows: the invention provides a SM 9-based linkable ring signature method, a signer can generate a label related to a private key and a participation signature event, the output signature can contain the signature label, and when the labels of the two signatures are identical, the two signatures are linked together, so that the linkable property of the signatures is ensured. In the invention, the chainability is based on an event, two signatures generated by the same signer can be chained together under the same event, and two signatures generated by the same signer can not be chained under different events. Can solve some practical problems in some specific application scenes
Drawings
FIG. 1 is a schematic flow chart of the present invention;
Fig. 2 is a schematic diagram of the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the examples are illustrated for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
The parameters designed by the invention are defined as follows:
q: a large prime number.
An integer set consisting of 1,2, …, q-1.
The addition loop group with order q.
The multiplication loop group with the order q.
P 1,P2: respectively as groupsAnd/>Is a generator of (1).
K.P, which is a positive integer, is the k times point of the point P on the elliptic curve.
E: from the slaveTo/>Is a bilinear pair mapping of (1).
H 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key held by KGC secrets.
M: a message.
Sigma: and (5) signing.
Q i: the hash value of the ith user identity of the public key list.
D i: user i's private key.
A list of public keys, i.e., { ID 1,ID2,...,IDn }.
KGC: a key generation center.
Event: the user participates in the signed event.
As shown in fig. 1-2, the present invention proposes a solution of a linkable ring signature method based on SM9, and the specific solution flow is as follows: the scheme comprises five stages: system initialization, user key generation, signature, verification and linking;
1) Initializing a system: given security parameters 1 λ, the following steps are performed:
① Selecting an addition cyclic group of order q The generator is P 1,P2, from/>To/>Bilinear pair mapping e, cryptographic hash function/>
② KGC master private key: randomly selectCalculating a main public key: p pub=s·P2.
③ Outputting common parameters:
2) User key generation:
① The user sends an identification ID u to KGC.
② KGC calculates the hash value Q u=H1(IDu of the user and then calculates the user private key D u=[s·(H1(IDu)+s)-1]·P1.
③ KGC sends the user's private key D u to the user.
3) Signature: user input system parameters params, private key D u, message m, event, public key set
① Calculate e=h 3 (event), tag t=e (D u, E);
② Randomly selecting random numbers Calculating r=r·p 1;
③ Randomly selecting random numbers i=1,2,3,...,u-1,u+1,...,n;
④ Calculation of
⑤ Calculation of
⑥ Calculation of
⑦ Calculation ofV=R-cu·Du,W=R-(Qucur)·P1;
⑧ Output signature σ= (T, R, V, W, c 1,c2,...,cn).
4) And (3) verification: verifier inputs system parameters params, message m, event, public key setSignature sigma.
① Calculate e=h 3 (event),
② Calculation of
③ VerificationIf the two are equal to h, if the two are equal to each other, the verification is passed, otherwise, the verification is not passed.
5) Linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T+.T', the two signatures are not linkable.
The foregoing is illustrative of the best mode of carrying out the invention, and is not presented in any detail as is known to those of ordinary skill in the art. The protection scope of the invention is defined by the claims, and any equivalent transformation based on the technical teaching of the invention is also within the protection scope of the invention.
Claims (3)
1. A method for interlinkable ring signature based on SM9, comprising the steps of:
Step 1, initializing a system:
Step 2, a key generation center generates a user private key D u;
step 3, signature: user input system parameters params, private key D u, message m, event, public key set After that, the following steps are performed;
Step 3.1, calculate e=h 3 (event), tag t=e (D u, E);
step 3.2, randomly selecting random numbers Calculating r=r·p 1; randomly selecting random number/>
Step 3.3, calculatingCalculation/> Calculation/>Calculation ofV=R-cu·Du,W=R-(Qucur)·P1;
Step 3.4, outputting signature σ= (T, R, V, W, c 1,c2,...,cn);
step 4, verification: verifier inputs system parameters params, message m, event, public key set After signing σ, the following steps are performed:
Step 4.1, calculate e=h 3 (event), Calculation/>
Step 4.2, verificationIf the two types of the data are equal to h, if the two types of the data are equal to each other, the verification is passed, otherwise, the verification is not passed;
step 5, linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T is not equal to T', the two signatures are not linkable;
in the above steps, the meanings of the parameters are as follows:
"·", wherein k·p represents a k times point of the point P on the elliptic curve, and k is a positive integer;
a set of integers consisting of 1,2, …, q-1;
h 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key that is held in secret by the key generation center;
m: a message;
sigma: signing;
q i: hash value of ith user identity mark of public key list;
D i: a private key of user i;
A list of public keys, i.e., { ID 1,ID2,...,IDn };
event: the user participates in the signed event.
2. The SM 9-based linkable ring signature method of claim 1, wherein step 1 specifically comprises the steps of:
Step 1.1, setting a safety parameter 1 λ, selecting an addition circulation group with the order of q The generating elements are P 1,P2 respectively, fromTo/>Bilinear pair mapping e, cryptographic hash function/>
Step 1.2, randomly selectingThe key generation center calculates a master public key: p pub=s·P2;
step 1.3, outputting common parameters:
In the above steps, the meanings of the parameters are as follows:
q: a large prime number;
e: from the slave To/>Is a bilinear pair mapping of (1);
A set of integers consisting of 1,2, …, q-1;
An addition loop group of order q;
A multiplication loop group of order q;
p 1,P2: respectively as groups And/>Is a generator of (1).
3. The SM 9-based linkable ring signature method of claim 1, wherein step 2 specifically comprises the steps of:
Step 2.1, the user sends the identity ID u to a key generation center;
Step 2.1, the key generation center calculates the hash value Q u=H1(IDu of the user, and then calculates the private key D u=[s·(H1(IDu)+s)-1]·P1 of the user;
And 2.3, the key generation center sends the private key D u of the user to the user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410060444.8A CN117955644A (en) | 2024-01-16 | 2024-01-16 | SM 9-based linkable ring signature method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410060444.8A CN117955644A (en) | 2024-01-16 | 2024-01-16 | SM 9-based linkable ring signature method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117955644A true CN117955644A (en) | 2024-04-30 |
Family
ID=90795475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410060444.8A Pending CN117955644A (en) | 2024-01-16 | 2024-01-16 | SM 9-based linkable ring signature method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117955644A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
US20190273620A1 (en) * | 2017-07-18 | 2019-09-05 | Zhongan Information Technology Service Co., Ltd. | Data sharing method and data sharing system |
CN110932865A (en) * | 2019-11-26 | 2020-03-27 | 武汉大学 | Linkable ring signature generation method based on SM2 digital signature algorithm |
CN111106936A (en) * | 2019-11-27 | 2020-05-05 | 国家电网有限公司 | SM 9-based attribute encryption method and system |
WO2020258851A1 (en) * | 2019-06-26 | 2020-12-30 | 创新先进技术有限公司 | Method and apparatus for implementing confidential blockchain transaction by using ring signature |
-
2024
- 2024-01-16 CN CN202410060444.8A patent/CN117955644A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104008322A (en) * | 2014-06-14 | 2014-08-27 | 河南融信数据有限公司 | Two-dimension code publisher identity authentication method based on reliable digital signature |
US20190273620A1 (en) * | 2017-07-18 | 2019-09-05 | Zhongan Information Technology Service Co., Ltd. | Data sharing method and data sharing system |
WO2020258851A1 (en) * | 2019-06-26 | 2020-12-30 | 创新先进技术有限公司 | Method and apparatus for implementing confidential blockchain transaction by using ring signature |
CN110932865A (en) * | 2019-11-26 | 2020-03-27 | 武汉大学 | Linkable ring signature generation method based on SM2 digital signature algorithm |
CN111106936A (en) * | 2019-11-27 | 2020-05-05 | 国家电网有限公司 | SM 9-based attribute encryption method and system |
Non-Patent Citations (4)
Title |
---|
JIE CUI: ""Efficient and Anonymous Cross-Domain Authentication for IIoT Based on Blockchain"", 24 November 2022 (2022-11-24) * |
张莎莎,曾祥勇: ""SM4算法的量子实现"", 《密码学报》, 31 December 2021 (2021-12-31) * |
瞿云云;尹兰;熊祥光;***;: "具有可链接性的匿名签密方案", 西南大学学报(自然科学版), no. 09, 20 September 2012 (2012-09-20) * |
闫玺玺;胡前伟;魏文燕;李子臣;: "外包环境中一种支持数据完整性验证的密钥管理方案", 小型微型计算机***, no. 12, 15 December 2016 (2016-12-15) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108809658B (en) | SM 2-based identity base digital signature method and system | |
CN110912708B (en) | Ring signature generation method based on SM9 digital signature algorithm | |
KR101099814B1 (en) | GROUP SIGNATURE SYSTEM, DEVICE, AND Recording medium | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
US8433897B2 (en) | Group signature system, apparatus and storage medium | |
CN107579819A (en) | A kind of SM9 digital signature generation method and system | |
CN107707358A (en) | A kind of EC KCDSA digital signature generation method and system | |
CN113300856A (en) | Heterogeneous mixed signcryption method capable of proving safety | |
Bhagya et al. | Efficient and secure pairing-free certificateless directed signature scheme | |
CN111245615B (en) | Digital signature password reverse firewall method based on identity | |
CN115174037B (en) | Construction method and device of chameleon hash function based on SM9 signature | |
Zhang et al. | 1-round distributed key generation with efficient reconstruction using decentralized cp-abe | |
Dodis et al. | Time capsule signature | |
CN117955644A (en) | SM 9-based linkable ring signature method | |
Yu et al. | Certificateless ring signature from NTRU lattice for electronic voting | |
Cheng et al. | Secure obfuscation of encrypted verifiable encrypted signatures | |
CN115174052B (en) | Adapter signature generation method and device based on SM9 signature | |
Qu et al. | Optimistic fair exchange of ring signatures | |
Fischlin et al. | Relaxed security notions for signatures of knowledge | |
CN115473635B (en) | SM2 two-party adapter signature generation method and device for preventing malicious enemy | |
CN115174054B (en) | Certificate-free signature generation method and device based on SM9 signature | |
Ali | Provable security for public key cryptosystems: how to prove that the cryptosystem is secure | |
Zhang et al. | Efficient and optimistic fair exchanges based on standard RSA with provable security | |
CN116405217A (en) | SM9 ring signature method and system with constant-level signature size | |
Wang et al. | Collusion-resistance in optimistic fair exchange |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |