CN117955644A - SM 9-based linkable ring signature method - Google Patents

SM 9-based linkable ring signature method Download PDF

Info

Publication number
CN117955644A
CN117955644A CN202410060444.8A CN202410060444A CN117955644A CN 117955644 A CN117955644 A CN 117955644A CN 202410060444 A CN202410060444 A CN 202410060444A CN 117955644 A CN117955644 A CN 117955644A
Authority
CN
China
Prior art keywords
user
event
signatures
key
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410060444.8A
Other languages
Chinese (zh)
Inventor
曾祥勇
范金鹏
李念
余文秀
李丽莎
张莎莎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University
Original Assignee
Hubei University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University filed Critical Hubei University
Priority to CN202410060444.8A priority Critical patent/CN117955644A/en
Publication of CN117955644A publication Critical patent/CN117955644A/en
Pending legal-status Critical Current

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a method for signing a linkable ring based on SM9, which provides a method for signing a linkable ring based on SM9, wherein a signer can generate a label related to a private key and a participation signing event, an output signature can comprise the signature label, and when the labels of the two signatures are identical, the two signatures are linked together, so that the linkable property of the signatures is ensured. In the invention, the chainability is based on an event, two signatures generated by the same signer can be chained together under the same event, and two signatures generated by the same signer can not be chained under different events. Some practical problems can be solved in some specific application scenarios.

Description

SM 9-based linkable ring signature method
Technical Field
The invention relates to the field of information security, in particular to a linkable ring signature method based on SM 9.
Background
Digital signatures are fundamental tools of cryptography for authenticating digital information, applications of asymmetric key encryption techniques and digital digest techniques. Rivest et al in 2001 proposed a digital signature that was obscured by the signer, called a ring signature. The ring signature can complete the signature without cooperation of ring members, can ensure anonymity of signers, and has wide application scenes. The ring signature with single function can only additionally ensure anonymity of signers, and cannot solve some practical problems in some specific application scenes.
The linkable ring signature can enable anyone to determine whether two ring signatures are generated by the same signer, and is very practical in application scenes such as voting.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a linkable ring signature method based on SM9 in consideration of the above problems.
The invention adopts the following technical scheme:
a SM 9-based linkable ring signature method comprising the steps of:
Step 1, initializing a system:
Step 2, a key generation center generates a user private key D u;
step 3, signature: user input system parameters params, private key D u, message m, event, public key set After that, the following steps are performed;
Step 3.1, calculate e=h 3 (event), tag t=e (D u, E);
step 3.2, randomly selecting random numbers Calculating r=r·p 1; randomly selecting random number/>i=1,2,3,...,u-1,u+1,...,n;
Step 3.3, calculatingCalculation/> Calculation/>Calculation ofV=R-cu·Du,W=R-(Qucur)·P1
Step 3.4, outputting signature σ= (T, R, V, W, c 1,c2,...,cn);
step 4, verification: verifier inputs system parameters params, message m, event, public key set After signing σ, the following steps are performed:
Step 4.1, calculate e=h 3 (event), Calculation/>
Step 4.2, verificationIf the two are equal to h, if the two are equal to each other, the verification is passed, otherwise, the verification is not passed.
Step 5, linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T is not equal to T', the two signatures are not linkable;
in the above steps, the meanings of the parameters are as follows:
"·", wherein k·p represents a k times point of the point P on the elliptic curve, and k is a positive integer;
a set of integers consisting of 1,2, …, q-1;
h 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key that is held in secret by the key generation center;
m: a message;
sigma: signing;
Qi: hash value of ith user identity mark of public key list;
D i: a private key of user i;
A list of public keys, i.e., { ID 1,ID2,...,IDn };
event: the user participates in the signed event.
Further, the step 1 specifically includes the following steps:
Step 1.1, setting a safety parameter 1 λ, selecting an addition circulation group with the order of q The generator is P 1,P2, from/>To/>Bilinear pair mapping e, cryptographic hash function/>
Step 1.2, randomly selectingThe key generation center calculates a master public key: p pub=s·P2.
Step 1.3, outputting common parameters:
In the above steps, the meanings of the parameters are as follows:
q: a large prime number;
e: from the slave To/>Is a bilinear pair mapping of (1);
A set of integers consisting of 1,2, …, q-1;
An addition loop group of order q;
A multiplication loop group of order q;
p 1,P2: respectively as groups And/>Is a generator of (1).
Further, the step 2 specifically includes the following steps:
Step 2.1, the user sends the identity ID u to a key generation center;
Step 2.1, the key generation center calculates the hash value Q u=H1(IDu of the user, and then calculates the private key D u=[s·(H1(IDu)+s)-1]·P1 of the user;
And 2.3, the key generation center sends the private key D u of the user to the user.
The beneficial effects of the invention are as follows: the invention provides a SM 9-based linkable ring signature method, a signer can generate a label related to a private key and a participation signature event, the output signature can contain the signature label, and when the labels of the two signatures are identical, the two signatures are linked together, so that the linkable property of the signatures is ensured. In the invention, the chainability is based on an event, two signatures generated by the same signer can be chained together under the same event, and two signatures generated by the same signer can not be chained under different events. Can solve some practical problems in some specific application scenes
Drawings
FIG. 1 is a schematic flow chart of the present invention;
Fig. 2 is a schematic diagram of the present invention.
Detailed Description
The principles and features of the present invention are described below with reference to the drawings, the examples are illustrated for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
The parameters designed by the invention are defined as follows:
q: a large prime number.
An integer set consisting of 1,2, …, q-1.
The addition loop group with order q.
The multiplication loop group with the order q.
P 1,P2: respectively as groupsAnd/>Is a generator of (1).
K.P, which is a positive integer, is the k times point of the point P on the elliptic curve.
E: from the slaveTo/>Is a bilinear pair mapping of (1).
H 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key held by KGC secrets.
M: a message.
Sigma: and (5) signing.
Q i: the hash value of the ith user identity of the public key list.
D i: user i's private key.
A list of public keys, i.e., { ID 1,ID2,...,IDn }.
KGC: a key generation center.
Event: the user participates in the signed event.
As shown in fig. 1-2, the present invention proposes a solution of a linkable ring signature method based on SM9, and the specific solution flow is as follows: the scheme comprises five stages: system initialization, user key generation, signature, verification and linking;
1) Initializing a system: given security parameters 1 λ, the following steps are performed:
① Selecting an addition cyclic group of order q The generator is P 1,P2, from/>To/>Bilinear pair mapping e, cryptographic hash function/>
② KGC master private key: randomly selectCalculating a main public key: p pub=s·P2.
③ Outputting common parameters:
2) User key generation:
① The user sends an identification ID u to KGC.
② KGC calculates the hash value Q u=H1(IDu of the user and then calculates the user private key D u=[s·(H1(IDu)+s)-1]·P1.
③ KGC sends the user's private key D u to the user.
3) Signature: user input system parameters params, private key D u, message m, event, public key set
① Calculate e=h 3 (event), tag t=e (D u, E);
② Randomly selecting random numbers Calculating r=r·p 1;
③ Randomly selecting random numbers i=1,2,3,...,u-1,u+1,...,n;
④ Calculation of
⑤ Calculation of
⑥ Calculation of
⑦ Calculation ofV=R-cu·Du,W=R-(Qucur)·P1
⑧ Output signature σ= (T, R, V, W, c 1,c2,...,cn).
4) And (3) verification: verifier inputs system parameters params, message m, event, public key setSignature sigma.
① Calculate e=h 3 (event),
② Calculation of
③ VerificationIf the two are equal to h, if the two are equal to each other, the verification is passed, otherwise, the verification is not passed.
5) Linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T+.T', the two signatures are not linkable.
The foregoing is illustrative of the best mode of carrying out the invention, and is not presented in any detail as is known to those of ordinary skill in the art. The protection scope of the invention is defined by the claims, and any equivalent transformation based on the technical teaching of the invention is also within the protection scope of the invention.

Claims (3)

1. A method for interlinkable ring signature based on SM9, comprising the steps of:
Step 1, initializing a system:
Step 2, a key generation center generates a user private key D u;
step 3, signature: user input system parameters params, private key D u, message m, event, public key set After that, the following steps are performed;
Step 3.1, calculate e=h 3 (event), tag t=e (D u, E);
step 3.2, randomly selecting random numbers Calculating r=r·p 1; randomly selecting random number/>
Step 3.3, calculatingCalculation/> Calculation/>Calculation ofV=R-cu·Du,W=R-(Qucur)·P1
Step 3.4, outputting signature σ= (T, R, V, W, c 1,c2,...,cn);
step 4, verification: verifier inputs system parameters params, message m, event, public key set After signing σ, the following steps are performed:
Step 4.1, calculate e=h 3 (event), Calculation/>
Step 4.2, verificationIf the two types of the data are equal to h, if the two types of the data are equal to each other, the verification is passed, otherwise, the verification is not passed;
step 5, linking: inputting two signatures σ1=(T,R,V,W,c1,c2,...,cn),σ2=(T′,R′,V′,W′,c′1,c′2,...,c′n), if t=t', then the two signatures are linked; if T is not equal to T', the two signatures are not linkable;
in the above steps, the meanings of the parameters are as follows:
"·", wherein k·p represents a k times point of the point P on the elliptic curve, and k is a positive integer;
a set of integers consisting of 1,2, …, q-1;
h 1,H2: a cryptographic hash function is used to determine the cryptographic function,
H 3: a cryptographic hash function is used to determine the cryptographic function,
S: a system master private key that is held in secret by the key generation center;
m: a message;
sigma: signing;
q i: hash value of ith user identity mark of public key list;
D i: a private key of user i;
A list of public keys, i.e., { ID 1,ID2,...,IDn };
event: the user participates in the signed event.
2. The SM 9-based linkable ring signature method of claim 1, wherein step 1 specifically comprises the steps of:
Step 1.1, setting a safety parameter 1 λ, selecting an addition circulation group with the order of q The generating elements are P 1,P2 respectively, fromTo/>Bilinear pair mapping e, cryptographic hash function/>
Step 1.2, randomly selectingThe key generation center calculates a master public key: p pub=s·P2;
step 1.3, outputting common parameters:
In the above steps, the meanings of the parameters are as follows:
q: a large prime number;
e: from the slave To/>Is a bilinear pair mapping of (1);
A set of integers consisting of 1,2, …, q-1;
An addition loop group of order q;
A multiplication loop group of order q;
p 1,P2: respectively as groups And/>Is a generator of (1).
3. The SM 9-based linkable ring signature method of claim 1, wherein step 2 specifically comprises the steps of:
Step 2.1, the user sends the identity ID u to a key generation center;
Step 2.1, the key generation center calculates the hash value Q u=H1(IDu of the user, and then calculates the private key D u=[s·(H1(IDu)+s)-1]·P1 of the user;
And 2.3, the key generation center sends the private key D u of the user to the user.
CN202410060444.8A 2024-01-16 2024-01-16 SM 9-based linkable ring signature method Pending CN117955644A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410060444.8A CN117955644A (en) 2024-01-16 2024-01-16 SM 9-based linkable ring signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410060444.8A CN117955644A (en) 2024-01-16 2024-01-16 SM 9-based linkable ring signature method

Publications (1)

Publication Number Publication Date
CN117955644A true CN117955644A (en) 2024-04-30

Family

ID=90795475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410060444.8A Pending CN117955644A (en) 2024-01-16 2024-01-16 SM 9-based linkable ring signature method

Country Status (1)

Country Link
CN (1) CN117955644A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104008322A (en) * 2014-06-14 2014-08-27 河南融信数据有限公司 Two-dimension code publisher identity authentication method based on reliable digital signature
US20190273620A1 (en) * 2017-07-18 2019-09-05 Zhongan Information Technology Service Co., Ltd. Data sharing method and data sharing system
CN110932865A (en) * 2019-11-26 2020-03-27 武汉大学 Linkable ring signature generation method based on SM2 digital signature algorithm
CN111106936A (en) * 2019-11-27 2020-05-05 国家电网有限公司 SM 9-based attribute encryption method and system
WO2020258851A1 (en) * 2019-06-26 2020-12-30 创新先进技术有限公司 Method and apparatus for implementing confidential blockchain transaction by using ring signature

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104008322A (en) * 2014-06-14 2014-08-27 河南融信数据有限公司 Two-dimension code publisher identity authentication method based on reliable digital signature
US20190273620A1 (en) * 2017-07-18 2019-09-05 Zhongan Information Technology Service Co., Ltd. Data sharing method and data sharing system
WO2020258851A1 (en) * 2019-06-26 2020-12-30 创新先进技术有限公司 Method and apparatus for implementing confidential blockchain transaction by using ring signature
CN110932865A (en) * 2019-11-26 2020-03-27 武汉大学 Linkable ring signature generation method based on SM2 digital signature algorithm
CN111106936A (en) * 2019-11-27 2020-05-05 国家电网有限公司 SM 9-based attribute encryption method and system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
JIE CUI: ""Efficient and Anonymous Cross-Domain Authentication for IIoT Based on Blockchain"", 24 November 2022 (2022-11-24) *
张莎莎,曾祥勇: ""SM4算法的量子实现"", 《密码学报》, 31 December 2021 (2021-12-31) *
瞿云云;尹兰;熊祥光;***;: "具有可链接性的匿名签密方案", 西南大学学报(自然科学版), no. 09, 20 September 2012 (2012-09-20) *
闫玺玺;胡前伟;魏文燕;李子臣;: "外包环境中一种支持数据完整性验证的密钥管理方案", 小型微型计算机***, no. 12, 15 December 2016 (2016-12-15) *

Similar Documents

Publication Publication Date Title
CN108809658B (en) SM 2-based identity base digital signature method and system
CN110912708B (en) Ring signature generation method based on SM9 digital signature algorithm
KR101099814B1 (en) GROUP SIGNATURE SYSTEM, DEVICE, AND Recording medium
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
US8433897B2 (en) Group signature system, apparatus and storage medium
CN107579819A (en) A kind of SM9 digital signature generation method and system
CN107707358A (en) A kind of EC KCDSA digital signature generation method and system
CN113300856A (en) Heterogeneous mixed signcryption method capable of proving safety
Bhagya et al. Efficient and secure pairing-free certificateless directed signature scheme
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN115174037B (en) Construction method and device of chameleon hash function based on SM9 signature
Zhang et al. 1-round distributed key generation with efficient reconstruction using decentralized cp-abe
Dodis et al. Time capsule signature
CN117955644A (en) SM 9-based linkable ring signature method
Yu et al. Certificateless ring signature from NTRU lattice for electronic voting
Cheng et al. Secure obfuscation of encrypted verifiable encrypted signatures
CN115174052B (en) Adapter signature generation method and device based on SM9 signature
Qu et al. Optimistic fair exchange of ring signatures
Fischlin et al. Relaxed security notions for signatures of knowledge
CN115473635B (en) SM2 two-party adapter signature generation method and device for preventing malicious enemy
CN115174054B (en) Certificate-free signature generation method and device based on SM9 signature
Ali Provable security for public key cryptosystems: how to prove that the cryptosystem is secure
Zhang et al. Efficient and optimistic fair exchanges based on standard RSA with provable security
CN116405217A (en) SM9 ring signature method and system with constant-level signature size
Wang et al. Collusion-resistance in optimistic fair exchange

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination