[go: up one dir, main page]

CN108494559B - Electronic contract signing method based on semi-trusted third party - Google Patents

Electronic contract signing method based on semi-trusted third party Download PDF

Info

Publication number
CN108494559B
CN108494559B CN201810198446.8A CN201810198446A CN108494559B CN 108494559 B CN108494559 B CN 108494559B CN 201810198446 A CN201810198446 A CN 201810198446A CN 108494559 B CN108494559 B CN 108494559B
Authority
CN
China
Prior art keywords
signature
party
contract
digital signature
signing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810198446.8A
Other languages
Chinese (zh)
Other versions
CN108494559A (en
Inventor
罗喜伶
王震
周泽全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201810198446.8A priority Critical patent/CN108494559B/en
Publication of CN108494559A publication Critical patent/CN108494559A/en
Application granted granted Critical
Publication of CN108494559B publication Critical patent/CN108494559B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an electronic contract signing method based on a semi-trusted third party, which mainly adopts the technical means of cryptography to ensure the safety and fairness of electronic contract signing. And when signing, the contract initiator A firstly generates a digital signature of the contract initiator A, then performs double encryption and sends the double encrypted signature to the other party B, and if the encrypted signature is valid, both parties can exchange the digital signature to finally complete signing of the contract. If any disputes occur, a third party (arbitrator) may be applied for arbitration and to assist in completing the contract subscription. In the process of contract signing, a third party (arbitrator) is offline and semi-credible, namely the third party (arbitrator) is introduced only when disputes occur, and in the process of arbitration, the third party (arbitrator) cannot obtain the original signatures of both contract signing parties, so that the possibility that the third party (arbitrator) reveals digital signatures is avoided, and therefore the method has strong guarantee on efficiency and safety.

Description

Electronic contract signing method based on semi-trusted third party
Technical Field
The invention relates to the technical field of electronic commerce and cryptography, in particular to an electronic contract signing method based on a semi-trusted third party.
Background
With the development of the internet, electronic commerce gradually becomes a new economic development mode, and an electronic contract is used as a link in the electronic commerce and is rapidly developed by the characteristics of simplicity, convenience and flexibility. The electronic contract can be signed by two mutually-acquainted parties through the electronic technology and the Internet as media, and compared with the traditional signing mode, the electronic contract has the characteristics of rapidness, simplicity, convenience, easiness in storage and the like, so that the electronic contract has a good development prospect.
However, there are many insecure factors in the internet, and hacker attacks, network eavesdropping, and fraudulent activities can greatly harm the security and fairness of electronic contracts. Electronic contracts generally relate to business confidentiality, and once contract or user information is leaked, the consequences are unimaginable, so that the realization of the security and fairness of electronic contracts is a prerequisite for the development of electronic contract technologies. At present, most schemes adopt technologies such as digital signatures and the like to ensure the integrity of electronic contract contents, but the schemes only consider the integrity of the contract contents and do not consider the security of the digital signatures of users, the digital signatures are equivalent to hand-written signatures, and once the digital signatures are revealed, the benefits of the users are damaged; secondly, most schemes require an online third party to complete contract exchange, and the scheme efficiency is not high for a system with a large number of users; finally, the above scheme requires complete trust for the third party, and once the third party is attacked, the user information is necessarily leaked.
Therefore, aiming at the defects and shortcomings of the electronic contract signing method, the invention provides the electronic contract signing method based on the semi-trusted third party, which improves the efficiency of signing the electronic contract and ensures the safety and fairness of the electronic contract content and the digital signature of the user.
Disclosure of Invention
The invention provides an electronic contract signing method based on a semi-trusted third party, which adopts the technical means of combining digital signature with public key encryption and the like, simultaneously comprises an arbitration mechanism of the semi-trusted third party and aims to solve the problems of low safety, fairness and efficiency and the like in the electronic contract signing process at present.
An electronic contract signing method based on a semi-trusted third party comprises the following steps:
s1: both parties of the contract (A, B) confirm to sign the electronic contract, both parties disclose the contract document, at the same time, both parties register in the electronic contract system by using the identity information to obtain respective signature keys for generating respective digital signatures;
s2: A. b and the third party (arbitrator) register in CA (authentication center) center separately, get their own cipher key pair, include a public key and a private key, the public key is used for encrypting the digital signature, the private key is used for deciphering;
s3: the contract initiator A firstly generates a digital signature about the contract by using a signature key of the contract initiator A, and doubly encrypts the digital signature by using the public keys of the party B and a third party (an arbitrator) to obtain an encrypted digital signature and sends the encrypted digital signature to the party B;
s4: if B does not receive the digital signature of A or receives the signature which is verified to be invalid, B terminates signing of the contract; otherwise, B uses its own signature key to generate digital signature about contract, and sends it to A;
s5: if A does not receive the digital signature of B or receives the digital signature which is verified to be invalid, A terminates the signing of the contract; otherwise, the A sends the digital signature to the B, the B verifies the digital signature, and if the signature of the A is valid, the signing of the contract is completed; otherwise, entering an arbitration stage;
s6: b first encrypts its digital signature with the public key of a to obtain an encrypted signature, and submits the encrypted signature to a third party (arbiter) for arbitration together with the encrypted signature sent by a at S2.
As a further supplement to the present invention, the electronic contract system and the CA center are separated, and are respectively responsible for different authorities and mutual noninterference, the electronic contract system is responsible for contract signing, the CA center is only responsible for maintenance and distribution of user keys, and a third party (arbitrator) responsible for arbitrating transactions belongs to the electronic contract system. The authority separation strategy reduces the workload of the CA center, improves the scheme efficiency, reduces interference factors in the electronic contract signing process, and improves the safety.
As a further supplement to the present invention, the digital signature for signing an electronic contract is based on an identity cryptosystem, that is, the signature key of the user is related to the identity information of the user, and the identity information includes the user's identity number, mobile phone number, mailbox, address, and biometric information (fingerprint, iris), etc. The signature key of the user is used for generating the digital signature, the system parameters and the public key are used for verifying the digital signature, the verification is successful, the digital signature is valid, the contract content is not tampered, and the identity of the contract signer is valid.
As a further supplement to the present invention, when the contracting parties (A, B) and the third party (arbitrator) register with the CA center, the CA center generates a pair of keys for them, the private key is sent to the user through short message, mail or other private channel, and the public key is provided with a corresponding digital certificate for proving the validity of the key. The public key is used for encrypting the digital signature, the encrypted signature is firstly sent when signing, and after the signature is verified to be valid, both parties sign a contract. The private key is used for decryption, and when rights and interests disputes or fraud behaviors occur, the private key can be used for decryption to recover the digital signature of the other party, so that the signing of the electronic contract is completed.
As a further supplement to the present invention, in step S3, the contract initiator a first needs to perform double encryption on the digital signature generated by the contract initiator a, that is, after encrypting the digital signature by using the public key of B, the second layer of encryption is performed by using the public key of the third party (arbiter), and the order of the two layers of encryption can be changed.
As a further supplement of the present invention, when both parties of the contract receive the digital signature or the encrypted signature of the other party, the public key of the other party is firstly required to be used for verification, if the signature is valid, the next step is carried out, when the encrypted signature is verified, decryption is not required, and if the encrypted signature is valid, the original digital signature is also valid; otherwise, the signature is invalid.
As a further supplement to the present invention, the third party (arbitrator) in the present invention is in an offline state, and appears only when the two parties dispute, i.e. in step S6, to resolve disputes and assist the two parties in completing contract signing. The offline third party (arbitrator) has a significant increase in efficiency compared to the online third party in most current schemes, since it does not need to directly participate in the contract-signing process.
As a further supplement to the present invention, in step S6, i.e. during the arbitration phase, the third party (arbiter) first verifies whether the two encrypted signatures sent by B are valid, and if any encrypted signature is invalid, the third party rejects the arbitration application; otherwise, if the two are both effective, the third party (arbiter) utilizes the private key of the third party to carry out first-layer decryption, and the results are respectively sent to A and B; and B, carrying out second-layer decryption by using the private key of the B to obtain the original digital signature of A, thereby completing signing of the electronic contract. During arbitration, the two layers of decryption order cannot be changed.
As a further supplement to the present invention, the third party (arbitrator) in the invention is semi-trusted, that is, the third party (arbitrator) does not directly participate in the exchange of digital signatures during the whole contract signing process, and the third party (arbitrator) does not know the original digital signatures of both parties, so that the possibility that the third party (arbitrator) reveals the digital signatures of both parties of the contract is reduced, and the security is improved.
The electronic contract signing method based on the semi-trusted third party provided by the invention adopts the digital signature technology based on the identity to ensure the integrity of contract content and the validity of the identities of both parties of the contract, adopts the public key encryption technology to encrypt the digital signature to ensure the safety and the confidentiality of the digital signature, and ensures the high efficiency and the fairness of contract signing through the arbitration mechanism of the semi-trusted off-line third party (arbiter), thereby completing the electronic contract signing more efficiently and more safely and playing a positive role in the development of electronic contracts and even electronic commerce.
Drawings
Fig. 1 is a flowchart of an electronic contract signing method based on a semi-trusted third party according to an embodiment of the present invention.
Detailed Description
In order to make the objects, aspects and effects of the embodiments of the present invention clearer and clearer, the present invention is further described in detail below by way of examples with reference to the accompanying drawings.
The attached drawing is a flow chart of the electronic contract signing method based on the semi-trusted third party provided by the invention. As shown in fig. 1, the present invention comprises the following steps:
s1: the contract parties (A, B) confirm the electronic contract, and the contract documents are disclosed, and the contract parties register with the identity information in the electronic contract system.
Upon receiving the willingness of the parties to sign an electronic contract, the system generates the following parameters. Selecting two finite cyclic groups G and G of order pTAnd e: g → GTIs a bilinear map and G is the generator of the cyclic group G. User identity length is set to nuAnd identity information is recorded as
Figure GDA0002761095030000041
Wherein for 0 < i ≦ nuThere is ui ∈ {0, 1 }. If uiUnder 1, the index i is taken into the set
Figure GDA0002761095030000042
In (1). Randomly selecting nuDimension vector U ═ Ui),nmDimension vector M ═ Mj) And the element u ', m' e.g. G, where ui,mjIs a random element in group G. Is provided with ZpRandomly selecting alpha for integer cyclic groups of order p1∈Zp,g2E G, set
Figure GDA0002761095030000043
Let A, B register as uA、uBRandomly selecting alpha1∈ZpThen the signing key of A, B is
Figure GDA0002761095030000044
S2: A. b and the third party (arbitrator) are respectively registered in a CA (certification center) center, and the CA center comprises a key generator for generating key pairs of the two parties of the contract and the third party (arbitrator). Is provided with ZpIs a cyclic group of p-order integers, randomly selecting alphaA,αB,αT∈ZpThen A, B and the key pair of the third party (arbiter) are respectively
Figure GDA0002761095030000045
Figure GDA0002761095030000046
And
Figure GDA0002761095030000047
wherein PKA、PKBAnd PKTIs a public key used for encrypting digital signatures, SKA、SKBAnd SKTIs a private key used to decrypt the digital signature.
S3: the contract initiator A firstly generates a digital signature about the contract by using the own signature key, and when the digital signature is generated, n is generated by using a digital digest algorithmmSummary of electronic contract documents of length
Figure GDA00027610950300000412
Wherein for 0 < j ≦ nmHas m ofjE {0, 1 }. If mjLet the subscript j be taken together as 1
Figure GDA0002761095030000048
In (1). Then the system randomly selects
Figure GDA00027610950300000411
Calculating digital signature by using signature key of A
Figure GDA0002761095030000049
Wherein sigmaA,0,σA,1,σA,2For digital signature σAThree components of (a). Then A uses public keys of B and a third party (arbitrator) to carry out double encryption on the digital signature, and when carrying out double encryption, the public keys PK of the third party (arbitrator) and B are firstly usedT,PKBGenerating a new public key
Figure GDA00027610950300000410
Randomly selecting t ∈ ZpThen calculates the encrypted signature
Figure GDA0002761095030000051
Figure GDA0002761095030000052
ωA=(ωA,1,ωA,2,ωA,3,ωA,4).
Wherein ω isA,1,ωA,2,ωA,3,ωA,4For encrypted signatures omegaAFour components of. Finally A will be omegaAAnd sending the data to B.
S4: after receiving the encrypted signature sent by a, B verifies it using the following formula.
Figure GDA0002761095030000053
Where e is a bilinear map. If the formula is established, the signature is valid; otherwise, the signature is invalid.
If B does not receive the digital signature of A or receives the signature which is verified to be invalid, B terminates signing of the contract; otherwise, B generates a digital signature for the contract using its own signing key. When generating digital signature, n is generated by using digital digest algorithmmSummary of electronic contract documents of length
Figure GDA0002761095030000054
Wherein for 0 < j ≦ nmHas m ofjE {0, 1 }. If mjLet the subscript j be taken together as 1
Figure GDA0002761095030000055
In (1). Then the system randomly selects
Figure GDA0002761095030000056
Computing a digital signature of B
Figure GDA0002761095030000057
Wherein sigmaB,0,σB,1,σB,2For digital signature σBThree components of (a). B then sends the digital signature to a.
S5: after receiving the digital signature of B, a verifies using the following formula.
Figure GDA0002761095030000058
Where e is a bilinear map. If the formula is established, the signature is valid; otherwise, the signature is invalid.
If A does not receive the digital signature of B or receives the digital signature which is verified to be invalid, A terminates the signing of the contract; otherwise, the A sends the digital signature to the B, the B verifies the digital signature, and if the signature of the A is valid, the signing of the contract is completed; otherwise, enter the arbitration phase.
S6: b first uses the public key PK of AAAnd encrypting the digital signature of the user to obtain the encrypted signature. During encryption, the system randomly selects t' to be belonged to ZpThen calculate
Figure GDA0002761095030000061
Figure GDA0002761095030000062
ωB=(ωB,1,ωB,2,ωB,3,ωB,4).
Wherein ω isB,1,ωB,2,ωB,3,ωB,4For encrypted signatures omegaBFour components of (1). Then B will be ωBAnd a cryptographic signature ω sent at stage S2ASubmitted to a third party (arbitrator) for arbitration.
The third party (arbiter) receives the omega sent by BAAnd ωBThereafter, first, whether the signature is valid is verified using the following formula.
Figure GDA0002761095030000063
Figure GDA0002761095030000064
Where e is a bilinear map. If two formulas have anyIf not, the third party (arbitrator) refuses the arbitration request of B; otherwise, the third party (arbiter) utilizes its private key SKTFor omegaAThe first layer of decryption is performed,
Figure GDA0002761095030000065
Figure GDA0002761095030000066
ω′A=(ω′A,1,ω′A,2,ω′A,3,ω′A,4).
the third party (arbiter) will then ω'AIs sent to B while ω is sentBAnd sending the signal to A. B received ω'AThereafter, use its private key PKBPerform decryption and calculation
Figure GDA0002761095030000067
Figure GDA0002761095030000068
σA=(σA,0,σA,1,σA,2).
Finally, the digital signature sigma of A is obtainedAThereby completing the signing of the electronic contract.
In the above embodiment, all the calculations are completed by the electronic contract system, and the user only needs to perform corresponding operations on the corresponding platform, so that the method has good practicability. In the whole process, a semi-trusted third party (arbitrator) only arbitrates when two parties dispute or fraud behaviors, and original digital signatures of the two parties are not contacted all the time, so that the fairness of contract signing can be ensured, and the identity privacy of a user can be effectively protected.
The foregoing is a more detailed description of the invention, taken in conjunction with the detailed description, and it is to be understood that the embodiments described are only a few examples, but not all examples, of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Claims (8)

1.一种基于半可信第三方的电子合同签订方法,其特征在于,包括以下步骤:1. an electronic contract signing method based on a semi-trusted third party, is characterized in that, comprises the following steps: S1:合同双方(A、B)确认进行电子合同的签订,双方公示合同文件,同时双方在电子合同系统里利用身份信息进行注册,系统选择两个阶数为p的有限循环群G和GT,且e:G×G→GT是一个双线性映射,g为循环群G的生成元,用户身份长度设为nu,身份信息记为
Figure FDA0002761095020000011
其中对于0<i≤nu,有ui∈{0,1},若ui=1,将下标i记入集合
Figure FDA0002761095020000012
中;随机选择nu维向量U=(ui),nm维向量M=(mj)以及元素u′,m′∈G,其中ui,mj为群G中的随机元素;设Zp为p阶整数循环群,随机选择α1∈Zp,g2∈G,设置
Figure FDA00027610950200000112
设A、B注册的身份信息为uA、uB,随机选择ru∈Zp,则A、B的签名密钥为S1: Both parties (A, B) of the contract confirm the signing of the electronic contract, both parties publish the contract documents, and both parties use the identity information to register in the electronic contract system, and the system selects two finite cyclic groups G and G T of order p , and e: G×G→G T is a bilinear mapping, g is the generator of the cyclic group G, the user identity length is set as n u , and the identity information is recorded as
Figure FDA0002761095020000011
Among them, for 0<i≤n u , there is u i ∈{0,1}, if u i =1, the subscript i is recorded in the set
Figure FDA0002761095020000012
in; randomly select n u -dimensional vector U=(u i ), n m -dimensional vector M=(m j ) and elements u′, m′∈G, where u i , m j are random elements in group G; let Z p is an integer cyclic group of order p, randomly select α 1 ∈ Z p , g 2 ∈ G, set
Figure FDA00027610950200000112
Assuming that the registered identity information of A and B is u A , u B , and r u ∈ Z p is randomly selected, then the signature keys of A and B are
Figure FDA0002761095020000013
Figure FDA0002761095020000013
 S2:A、B和第三方(仲裁者)分别在CA(认证中心)中心进行注册,CA中心包含一个密钥生成器,用于生成合同双方和第三方(仲裁者)的密钥对;设Zp为p阶整数循环群,其随机选择αA,αB,αT∈Zp,则A、B和第三方(仲裁者)的密钥对分别为
Figure FDA0002761095020000014
Figure FDA0002761095020000015
Figure FDA0002761095020000016
其中PKA、PKB和PKT为公钥,用于加密数字签名,SKA、SKB和SKT为私钥,用于解密数字签名;S2: A, B and the third party (arbitrator) are registered in the CA (certification center) center respectively, and the CA center includes a key generator to generate the key pair of both parties to the contract and the third party (arbiter); set Z p is a p-order integer cyclic group, which randomly selects α A , α B , α T ∈ Z p , then the key pairs of A, B and the third party (arbiter) are respectively
Figure FDA0002761095020000014
Figure FDA0002761095020000015
and
Figure FDA0002761095020000016
Among them, PK A , PK B and PK T are the public keys, which are used to encrypt the digital signature, and SK A , SK B and SK T are the private keys, which are used to decrypt the digital signature; S3:合同发起者A首先利用自己的签名密钥产生关于合同的数字签名,在产生数字签名时,需先利用数字摘要算法产生nm长度的电子合同文件的摘要
Figure FDA0002761095020000017
其中对于0<j≤nm,有mj∈{0,1},若mj=1,将下标j记入集合
Figure FDA00027610950200000111
中;然后系统随机选择
Figure FDA0002761095020000018
再利用A的签名密钥计算数字签名S3: The contract initiator A first uses its own signature key to generate a digital signature about the contract. When generating the digital signature, it needs to use the digital digest algorithm to generate the digest of the electronic contract file with a length of n m .
Figure FDA0002761095020000017
Among them, for 0<j≤n m , there is m j ∈{0,1}, if m j =1, record the subscript j into the set
Figure FDA00027610950200000111
medium; the system then randomly selects
Figure FDA0002761095020000018
Then use A's signature key to calculate the digital signature
Figure FDA0002761095020000019
Figure FDA0002761095020000019
 其中σA,0,σA,1,σA,2为数字签名σA的三个组成部分;然后A利用B和第三方(仲裁者)的公钥对数字签名进行双重加密,在进行双重加密时,先利用第三方(仲裁者)和B的公钥PKT,PKB生成一个新的公钥
Figure FDA00027610950200000110
随机选择t∈Zp,再计算加密后的签名Among them, σ A, 0 , σ A, 1 , σ A, 2 are the three components of the digital signature σ A ; then A uses the public key of B and the third party (arbiter) to double encrypt the digital signature, and then double encrypt the digital signature. When encrypting, first use the public key PK T of the third party (arbiter) and B, and PK B to generate a new public key
Figure FDA00027610950200000110
Randomly select t∈Z p , and then calculate the encrypted signature
Figure FDA0002761095020000021
Figure FDA0002761095020000021
 ωA,2=gt
Figure FDA0002761095020000022
ω A,2 = g t ,
Figure FDA0002761095020000022
 ωA=(ωA,1,ωA,2,ωA,3,ωA,4)ω A = (ω A, 1 , ω A, 2 , ω A, 3 , ω A, 4 ) 其中ωA,1,ωA,2,ωA,3,ωA,4为加密的签名ωA的四个组成部分,最后A将ωA发送给B;Among them, ω A, 1 , ω A, 2 , ω A, 3 , ω A, 4 are the four components of the encrypted signature ω A , and finally A sends ω A to B; S4:接收到A发送的加密的签名后,B利用如下公式进行验证:S4: After receiving the encrypted signature sent by A, B uses the following formula to verify:
Figure FDA0002761095020000023
Figure FDA0002761095020000023
 其中e为双线性映射,若公式成立,则签名有效;否则,签名无效;where e is a bilinear mapping, if the formula is established, the signature is valid; otherwise, the signature is invalid; 若B未接接收到A的数字签名或接收到经验证是无效的签名,则B终止合同的签订;否则,B利用自己的签名密钥产生关于合同的数字签名;在产生数字签名时,同样需先利用数字摘要算法产生nm长度的电子合同文件的摘要
Figure FDA0002761095020000024
其中对于0<j≤nm,有mj∈{0,1},若mj=1,将下标j记入集合
Figure FDA0002761095020000028
中;然后系统随机选择
Figure FDA0002761095020000025
计算B的数字签名If B does not receive A's digital signature or receives a signature that is verified to be invalid, B terminates the signing of the contract; otherwise, B uses its own signature key to generate a digital signature about the contract; when generating a digital signature, the same It is necessary to first use the digital digest algorithm to generate the digest of the electronic contract document of length n m
Figure FDA0002761095020000024
Among them, for 0<j≤n m , there is m j ∈{0,1}, if m j =1, record the subscript j into the set
Figure FDA0002761095020000028
medium; the system then randomly selects
Figure FDA0002761095020000025
Compute B's digital signature
Figure FDA0002761095020000026
Figure FDA0002761095020000026
 其中σB,0,σB,1,σB,2为数字签名σB的三个组成部分,然后B将数字签名发送给A;Where σ B, 0 , σ B, 1 , σ B, 2 are the three components of the digital signature σ B , and then B sends the digital signature to A; S5:接收到B的数字签名后,A利用如下公式进行验证:S5: After receiving the digital signature of B, A uses the following formula to verify:
Figure FDA0002761095020000027
Figure FDA0002761095020000027
 其中e为双线性映射,若公式成立,则签名有效;否则,签名无效;where e is a bilinear mapping, if the formula is established, the signature is valid; otherwise, the signature is invalid; 若A未接收到B的数字签名或接受到经验证是无效的数字签名,则A终止合同的签订;否则,A再将自己的数字签名发送给B,B对其进行验证,若A的签名有效,则完成合同的签订;否则,进入仲裁阶段;If A does not receive B's digital signature or receives a digital signature that is verified to be invalid, A terminates the signing of the contract; otherwise, A sends its own digital signature to B, and B verifies it. If A's signature If it is valid, the signing of the contract will be completed; otherwise, it will enter the arbitration stage; S6:B首先利用A的公钥PKA对自己的数字签名进行加密,得到加密后的签名,加密时,系统随机选择t′∈Zp,然后计算S6: B first uses A's public key PK A to encrypt its own digital signature to obtain the encrypted signature. During encryption, the system randomly selects t'∈Z p , and then calculates
Figure FDA0002761095020000031
Figure FDA0002761095020000031
 ωB,2=gt′
Figure FDA0002761095020000032
ω B,2 =g t' ,
Figure FDA0002761095020000032
 ωB=(ωB,1,ωB,2,ωB,3,ωB,4)ω B = (ω B, 1 , ω B, 2 , ω B, 3 , ω B, 4 ) 其中ωB,1,ωB,2,ωB,3,ωB,4为加密的签名ωB的四个组成部分,然后B将ωB和A在S2阶段发送的加密签名ωA提交给第三方(仲裁者)申请仲裁;where ω B, 1 , ω B, 2 , ω B, 3 , ω B, 4 are the four components of the encrypted signature ω B , and then B submits the encrypted signature ω A sent by ω B and A in the S2 stage to the A third party (arbitrator) applies for arbitration; 第三方(仲裁者)接收到B发送的ωA和ωB后,首先利用下列公式验证签名是否有效:After the third party (arbiter) receives ω A and ω B sent by B , it first uses the following formula to verify whether the signature is valid:
Figure FDA0002761095020000033
Figure FDA0002761095020000033
Figure FDA0002761095020000034
Figure FDA0002761095020000034
 其中e为双线性映射,若两个公式有任一不成立,则第三方(仲裁者)拒绝B的仲裁请求;否则,第三方(仲裁者)利用其私钥SKT对ωA进行第一层解密,where e is a bilinear mapping. If either of the two formulas fails, the third party (arbiter) rejects B's arbitration request; otherwise, the third party (arbiter) uses its private key SK T to first perform the first step on ω A. layer decryption,
Figure FDA0002761095020000035
Figure FDA0002761095020000035
 ω′A,2=ωA,2=gt
Figure FDA0002761095020000036
ω′ A, 2A, 2 =g t ,
Figure FDA0002761095020000036
 ω′A=(ωA,1,ωA,2,ωA,3,ωA,4).ω′ A = (ω A, 1 , ω A, 2 , ω A, 3 , ω A, 4 ). 然后第三方(仲裁者)将ω′A发送给B,同时将ωB发送给A;B接收到ω′A后,利用自己的私钥PKB进行解密,计算Then the third party (arbiter) sends ω' A to B and ω B to A at the same time; after B receives ω' A , it decrypts it with its own private key PK B , and calculates
Figure FDA0002761095020000037
Figure FDA0002761095020000037
Figure FDA0002761095020000038
Figure FDA0002761095020000038
 σA=(σA,0,σA,1,σA,2).σ A = (σ A, 0 , σ A, 1 , σ A, 2 ). 最终得到A的数字签名σA,从而完成电子合同的签订。Finally, the digital signature σ A of A is obtained, thereby completing the signing of the electronic contract. 2.如权利要求1所述的方法,其特征在于,电子合同系统和CA中心是分离开的,各自负责职权不同,互不干涉,电子合同系统负责合同的签订,CA中心则只负责用户密钥的维护和分发,而负责仲裁事务的第三方(仲裁者)属于电子合同系统。2. method as claimed in claim 1, it is characterized in that, electronic contract system and CA center are separated, respective responsibility authority is different, does not interfere with each other, electronic contract system is responsible for the signing of contract, and CA center is only responsible for user secrets. The maintenance and distribution of keys, and the third party (arbiter) responsible for arbitrating matters belongs to the electronic contract system. 3.如权利要求1所述的方法,其特征在于,合同签订双方(A、B)和第三方(仲裁者)在CA中心注册时,CA中心为其产生一对密钥,私钥通过短信、邮件或其他私密信道发送给用户,而公钥则配有对应的数字证书,数字证书用于证明密钥的合法性。3. method as claimed in claim 1 is characterized in that, when contract signing both parties (A, B) and third party (arbitrator) are registered in CA center, CA center generates a pair of keys for it, and private key is passed through short message , mail or other private channels to the user, and the public key is equipped with a corresponding digital certificate, which is used to prove the legitimacy of the key. 4.如权利要求1所述的方法,其特征在于,在S3步骤中,合同发起者A首先需要对其产生的数字签名进行双重加密,双重加密即利用B的公钥对数字签名进行加密后,再利用第三方(仲裁者)的公钥进行第二层加密,两层加密顺序可更改。4. method as claimed in claim 1 is characterized in that, in step S3, contract initiator A first needs to carry out double encryption to the digital signature that it produces, after double encryption namely utilizes B's public key to encrypt the digital signature. , and then use the public key of the third party (arbiter) to perform the second layer of encryption, and the order of the two-layer encryption can be changed. 5.如权利要求1所述的方法,其特征在于,合同双方在接收到对方的数字签名或经过加密后的签名时,首先需要利用对方的公钥进行验证,若签名有效,则进行下一步,验证经过加密的签名时,无需进行解密,若加密的签名有效,则原来的数字签名也有效;否则,签名无效。5. method as claimed in claim 1, is characterized in that, when receiving the digital signature of the other party or the signature after encryption, both parties of the contract first need to use the public key of the other party to verify, if the signature is valid, then proceed to the next step. , when verifying the encrypted signature, no decryption is required. If the encrypted signature is valid, the original digital signature is also valid; otherwise, the signature is invalid. 6.如权利要求1所述的方法,其特征在于,第三方(仲裁者)是处于离线状态的,仅在双方发生争端时即S6步骤中出现,以解决争端,协助双方完成合同签订。6. The method of claim 1, wherein the third party (arbitrator) is offline, and only appears in step S6 when a dispute occurs between the two parties, so as to resolve the dispute and assist the two parties to complete the contract signing. 7.如权利要求1所述的方法,其特征在于,在S6步骤中,即仲裁阶段时,第三方(仲裁者)首先验证B发送的两个加密的签名是否有效,若任一加密的签名无效,则拒绝仲裁申请;否则,若两者均有效,则第三方(仲裁者)利用自己的私钥进行第一层解密,将结果分别发送给A和B;B再利用自己的私钥进行第二层解密,得到A原始的数字签名,从而完成电子合同的签订。7. method as claimed in claim 1 is characterized in that, in step S6, namely during arbitration stage, third party (arbiter) at first verifies whether two encrypted signatures sent by B are valid, if any encrypted signature If it is invalid, the arbitration application will be rejected; otherwise, if both are valid, the third party (arbiter) will use its own private key to decrypt the first layer, and send the results to A and B respectively; The second layer is decrypted, and the original digital signature of A is obtained, thereby completing the signing of the electronic contract. 8.如权利要求1所述的方法,其特征在于,第三方(仲裁者)是半可信的,即第三方(仲裁者)在整个合同签订过程中不直接参与数字签名的交换,且第三方(仲裁者)不知道双方的原始数字签名。8. The method of claim 1, wherein the third party (arbiter) is semi-trusted, that is, the third party (arbiter) does not directly participate in the exchange of digital signatures during the entire contract signing process, and the first The three parties (arbiters) do not know the original digital signatures of both parties.
CN201810198446.8A 2018-03-12 2018-03-12 Electronic contract signing method based on semi-trusted third party Active CN108494559B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810198446.8A CN108494559B (en) 2018-03-12 2018-03-12 Electronic contract signing method based on semi-trusted third party

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810198446.8A CN108494559B (en) 2018-03-12 2018-03-12 Electronic contract signing method based on semi-trusted third party

Publications (2)

Publication Number Publication Date
CN108494559A CN108494559A (en) 2018-09-04
CN108494559B true CN108494559B (en) 2021-01-08

Family

ID=63338329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810198446.8A Active CN108494559B (en) 2018-03-12 2018-03-12 Electronic contract signing method based on semi-trusted third party

Country Status (1)

Country Link
CN (1) CN108494559B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114820147A (en) * 2022-06-02 2022-07-29 杭州天谷信息科技有限公司 Signing method and signing system for staged electronic contract

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108989360A (en) * 2018-10-22 2018-12-11 上海朔羡网络科技有限公司 Agreement signature system, method, computer equipment and readable storage medium storing program for executing
DE102018131084A1 (en) * 2018-12-05 2020-06-10 Uniscon Universal Identity Control Gmbh Procedures to ensure the trustworthiness of source codes
CN111343170B (en) * 2020-02-19 2022-07-08 深圳壹账通智能科技有限公司 Electronic signing method and system
CN115392913B (en) * 2022-10-27 2023-03-10 杭州钱袋数字科技有限公司 Electronic contract generating method based on user identity recognition and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101821987A (en) * 2007-10-08 2010-09-01 微软公司 Efficient authentication email protocol
CN103440444A (en) * 2013-07-16 2013-12-11 深圳市亚略特生物识别科技有限公司 Method of signing electronic contract

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010034689A1 (en) * 2000-01-21 2001-10-25 Heilman Theodore A. Method and system of negotiating a transaction over a network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101821987A (en) * 2007-10-08 2010-09-01 微软公司 Efficient authentication email protocol
CN103440444A (en) * 2013-07-16 2013-12-11 深圳市亚略特生物识别科技有限公司 Method of signing electronic contract

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
一种基于短签名和离线半可信第三方的公平交换协议;辛向军等;《西安电子科技大学学报(自然科学版)》;20070321;第1-4页 *
基于双线性对的数字签名体制研究和设计;崔巍;《中国博士学位论文全文数据库》;20100315;第6章 *
基于离线可信第三方的公平电子合同签署协议;丁振国;《计算机技术与发展》;20090626;全文 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114820147A (en) * 2022-06-02 2022-07-29 杭州天谷信息科技有限公司 Signing method and signing system for staged electronic contract
CN114820147B (en) * 2022-06-02 2022-11-25 杭州天谷信息科技有限公司 Signing method and signing system for staged electronic contract

Also Published As

Publication number Publication date
CN108494559A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
CN109714167B (en) Identity authentication and key agreement method and equipment suitable for mobile application signature
CN106548345B (en) Method and system for realizing block chain private key protection based on key partitioning
CN110932870B (en) Quantum communication service station key negotiation system and method
US7958362B2 (en) User authentication based on asymmetric cryptography utilizing RSA with personalized secret
CN108494559B (en) Electronic contract signing method based on semi-trusted third party
CN104821880B (en) One kind is without certificate broad sense agent signcryption method
CN108551435B (en) An Anonymous Verifiable Cryptographic Group Signature Method
WO2021042685A1 (en) Transaction method, device, and system employing blockchain
WO2017195886A1 (en) Authentication system, authentication method, and program
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
CN106897879A (en) Block chain encryption method based on the PKI CLC close algorithms of isomerization polymerization label
CN108768608A (en) The secret protection identity identifying method of thin-client is supported at block chain PKI
CN104243494B (en) A kind of data processing method
CN110120939A (en) A kind of encryption method and system of the deniable authentication based on heterogeneous system
CN105187405A (en) Reputation-based cloud computing identity management method
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
JP2023540739A (en) A method for secure, traceable, and privacy-preserving digital currency transfers with anonymity revocation on a distributed ledger
CN116707854A (en) A Robust Attribute-Based Encryption Access Control Method for Cloud Storage
CN103281180B (en) User is protected to access the bill generation method of privacy in a kind of network service
CN114978549B (en) SM2 digital signature generation method and system for signer to control signature making data
JP2025506640A (en) Method and structure for establishing a digital identity - Patents.com
CN116738452A (en) District democratic voting method based on block chain
CN110661816A (en) Cross-domain authentication method based on block chain and electronic equipment
CN119363343A (en) A medical service management system based on national secret key splitting algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant