[go: up one dir, main page]

CN115550007A - Signcryption method and system with equivalence test function based on heterogeneous system - Google Patents

Signcryption method and system with equivalence test function based on heterogeneous system Download PDF

Info

Publication number
CN115550007A
CN115550007A CN202211156358.4A CN202211156358A CN115550007A CN 115550007 A CN115550007 A CN 115550007A CN 202211156358 A CN202211156358 A CN 202211156358A CN 115550007 A CN115550007 A CN 115550007A
Authority
CN
China
Prior art keywords
signcryption
private key
ciphertext
key
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202211156358.4A
Other languages
Chinese (zh)
Inventor
金春花
刘念
陈晓兵
陈冠华
王兰芳
邵鹤帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202211156358.4A priority Critical patent/CN115550007A/en
Publication of CN115550007A publication Critical patent/CN115550007A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a signcryption method and a signcryption system with an equivalent test function based on a heterogeneous system, wherein system parameters are initialized; CLC-based key generation and PKI-based key generation; generating a trap value td; a sending end of the CLC environment obtains signcryption text by utilizing a private key, identity information and a public key of a receiver through Hash operation and XOR operation; the receiving end of the PKI environment performs decryption by Hash operation and XOR operation according to the signcryption ciphertext, the public key of the sending end and the private key of the receiver; performing equivalence test by taking an authorization trap door and a ciphertext of a sending end based on a CLC environment and a receiving end based on a PKI environment as input, and respectively returning test results to the sending end and the receiving end by a server; if the keywords are tested to be equal, the plaintext of the two users is indicated to be equal, otherwise, the plaintext is not equal. The method has high calculation efficiency, can be applied to data retrieval, realizes the integrity, confidentiality and authentication among wireless sensor networks, and meets the requirements of safety and privacy.

Description

一种基于异构系统的具有等值测试功能的签密方法及系统A signcryption method and system with equivalence testing function based on heterogeneous system

技术领域technical field

本发明属于安全通信领域,特别是涉及一种基于异构系统的具有等值测试功能的签密方法及系统。The invention belongs to the field of secure communication, in particular to a signcryption method and system based on a heterogeneous system with an equivalence test function.

背景技术Background technique

由于时间和空间的限制,数据存储和处理成为了关注点。幸运的是,云计算的概念被认为是是支持上述服务的有利方法,而不受资源的限制。在这个云辅助的环境中,云服务器提供了一个平台去处理智能设备所收集的外包数据,大大提高了效率。由于这些影响较大的处理能力,基于云辅助的环境WBANS的一系列结构出现了。Due to time and space constraints, data storage and processing becomes a concern. Fortunately, the concept of cloud computing is considered to be an advantageous method to support the above-mentioned services without resource constraints. In this cloud-assisted environment, cloud servers provide a platform to process outsourced data collected by smart devices, greatly improving efficiency. As a result of these high-impact processing capabilities, a series of architectures based on cloud-assisted environments WBANS has emerged.

尽管使用WBANS有很多好处,但系统中的存储和传输数据可能缺乏安全保护,从而产生各种安全问题,例如隐私泄露。因此,加密的概念被认为是克服这一弱点。但是,用于明文的检索方法不能用于密文。为了从大量密文中获取特定信息,直接使用下载然后解密的解决方案不仅降低了效率,而且还带来了数据泄露的风险。这样通过加密,信息的可用性就大大降低了。2002年,Zheng引入了签密的概念,与之前的方法相比,它允许加密和签名在一个逻辑步骤内同时进行,这种方法被称为“先签名然后加密”。使用这个方案,开销也减少了很多。此后,人们对在各种密码系统中使用的签密机制进行了大量的研究。随后,2004年,Boneh等人提出了带关键字搜索的公钥加密概念,该概念允许在不解密的情况下利用关键字搜索相应的加密数据。虽然这个原语可确保云服务器对不同的密文进行匹配操作,但有一个不可忽视的问题,即搜索功能仅支持使用相同的公钥对敏感数据进行加密。为了解决这一问题,2010年,Yang等人提出了具有等值测试的公钥加密(PKEET)方案。在这种情况下,云服务器可以对使用不同公钥加密的不同密文进行等值测试。Although there are many benefits of using WBANS, the storage and transmission data in the system may lack security protection, resulting in various security issues, such as privacy leakage. Therefore, the concept of encryption is considered to overcome this weakness. However, the retrieval methods used for plaintext cannot be used for ciphertext. In order to obtain specific information from a large number of ciphertexts, directly using the solution of downloading and then decrypting not only reduces the efficiency, but also brings the risk of data leakage. In this way, through encryption, the availability of information is greatly reduced. In 2002, Zheng introduced the concept of signcryption, which allows encryption and signing to occur simultaneously in one logical step compared to previous methods, an approach known as "sign first, then encrypt". Using this scheme, the overhead is also reduced a lot. Since then, a lot of research has been done on the signcryption mechanisms used in various cryptosystems. Subsequently, in 2004, Boneh et al. proposed the concept of public key encryption with keyword search, which allows searching for corresponding encrypted data using keywords without decryption. Although this primitive can ensure that the cloud server performs matching operations on different ciphertexts, there is a problem that cannot be ignored, that is, the search function only supports encryption of sensitive data using the same public key. To solve this problem, in 2010, Yang et al. proposed the public key encryption with equivalence test (PKEET) scheme. In this case, the cloud server can perform an equivalence test on different ciphertexts encrypted with different public keys.

关于WBANS传输信道的开放特性,基于PKEET的方案仍然存在着传感器和智能设备之间的伪造或删除等缺陷。确保数据的完整性、身份认证和机密性是至关重要的。受此启发,2019年,Wang等人引入了一个对密文进行指定的等值测试的公钥签密方案(PKS-DET)。加密和签名操作可以同时进行,大大提高了计算效率,达到了之前的要求。然而,他们的方案却只适用于单个系统,而不适用于复杂的异构系统。此外,Sun和Li提出了一个异构的签密解决方案,允许消息在PKI和CLC系统的用户之间传输。此外,这些系统之间相互作用的异构方案也逐渐被提出。Ting等人提出了一种异构的在线/离线签密方案,该方案允许消息从IBC系统中的传感器节点安全地传输到PKI系统中的internet主机。Saeed等人构建了一种新的异构在线/离线签密方案,用于构建物联网的安全通道。2020年,Xiong等人将PKI中的异构签密方案引入到CLC中。2021年,Ali等人提出从CLC到PKI的异构签密方案。现有的具有相等测试的签密协议面临着障碍,它们只适用于单个密码系统,而不适用于复杂的异构WBANS环境。为了有效地解决这些问题,本发明提出了发送端属于无证书环境、接收端属于基于公钥基础设施环境的等值测试方案。Regarding the open nature of the WBANS transmission channel, the PKEET-based scheme still has defects such as forgery or deletion between sensors and smart devices. Ensuring data integrity, authentication and confidentiality is critical. Inspired by this, in 2019, Wang et al. introduced a public key signcryption scheme (PKS-DET) with specified equivalence tests on ciphertexts. Encryption and signature operations can be performed at the same time, which greatly improves the computational efficiency and meets the previous requirements. However, their scheme is only suitable for a single system, not for complex heterogeneous systems. Furthermore, Sun and Li proposed a heterogeneous signcryption solution that allows messages to be transferred between users of PKI and CLC systems. In addition, heterogeneous schemes for the interactions between these systems are gradually being proposed. Ting et al. proposed a heterogeneous online/offline signcryption scheme that allows secure transmission of messages from sensor nodes in an IBC system to internet hosts in a PKI system. Saeed et al. constructed a new heterogeneous online/offline signcryption scheme for building secure channels for the Internet of Things. In 2020, Xiong et al. introduced the heterogeneous signcryption scheme in PKI into CLC. In 2021, Ali et al. proposed a heterogeneous signcryption scheme from CLC to PKI. Existing signcryption protocols with equivalence tests face the obstacle that they are only applicable to a single cryptosystem, but not to complex heterogeneous WBANS environments. In order to effectively solve these problems, the present invention proposes an equivalence test scheme in which the sending end belongs to an environment without a certificate, and the receiving end belongs to an environment based on public key infrastructure.

发明内容Contents of the invention

发明目的:本发明的目的是设计一种基于异构系统的具有等值测试功能的签密方法及系统,发送端处于CLC密码体制下,接收端处于PKI密码体制下,通信双方能够在异构的系统下进行安全通信。Purpose of the invention: the purpose of the present invention is to design a kind of signcryption method and system with equivalence test function and system based on heterogeneous system. The sending end is under the CLC cryptographic system, and the receiving end is under the PKI cryptographic system. Secure communication under the system.

技术方案:本发明提出一种基于异构系统的具有等值测试功能的签密方法,具体包括以下步骤:Technical solution: The present invention proposes a heterogeneous system-based signcryption method with an equivalence test function, which specifically includes the following steps:

(1)异构系统参数初始化;所述异构系统参数包括门限值模块、基于CLC环境的签密模块、基于PKI环境的解签密模块、等值测试模块及可信第三方模块所需要设置的系统参数;(1) Heterogeneous system parameter initialization; The heterogeneous system parameters include threshold value module, signcryption module based on CLC environment, decryption signcryption module based on PKI environment, equivalence test module and trusted third-party module Set system parameters;

(2)CLC环境的发送端提交身份信息IDs给密钥生成中心,密钥生成中心根据系统参数和身份信息IDs生成部分私钥Ds并发送给用户,用户随机选择一个秘密值xs,根据秘密值xs与部分私钥Ds设置完全私钥和公钥;(2) The sending end of the CLC environment submits the identity information ID s to the key generation center. The key generation center generates a part of the private key D s according to the system parameters and the identity information ID s and sends it to the user. The user randomly selects a secret value x s , set the complete private key and public key according to the secret value x s and the partial private key D s ;

(3)PKI环境的接收端随机选择私钥β1,

Figure BDA0003858867840000021
计算对应的公钥PKr,公钥与CA颁发的证书绑定,输出公钥PKr和私钥SKr;(3) The receiving end of the PKI environment randomly selects the private key β 1 ,
Figure BDA0003858867840000021
Calculate the corresponding public key PK r , bind the public key to the certificate issued by the CA, and output the public key PK r and private key SK r ;

(4)PKI环境的接收端根据私钥SKr,得到陷门值tdr=SKr(4) The receiving end of the PKI environment obtains the trapdoor value td r =SK r according to the private key SK r ;

(5)CLC环境的发送端根据系统参数、发送端的身份IDs与私钥Ss、接收端的公钥PKr,进行签密,得到签密密文σ并发送给接收端;(5) The sending end of the CLC environment performs signcryption according to the system parameters, the identity ID s and private key S s of the sending end, and the public key PK r of the receiving end, and obtains the sign-encrypted ciphertext σ and sends it to the receiving end;

(6)PKI环境的接收端根据系统参数、公钥PKs、签密密文σ、发送端的身份IDs和接收端的私钥,输出消息M或拒绝该密文;(6) The receiving end of the PKI environment outputs a message M or rejects the ciphertext according to the system parameters, the public key PK s , the sign-encrypted ciphertext σ, the identity ID s of the sending end and the private key of the receiving end;

(7)根据发送端的密文σs、陷门tds和接收端的密文、陷门tdr进行等值测试,检验有不同公钥加密得到的密文是否包含相同的消息M。(7) Perform an equivalence test according to the ciphertext σ s and trapdoor td s at the sending end and the ciphertext and trapdoor td r at the receiving end to check whether the ciphertext encrypted with different public keys contains the same message M.

进一步地,所述步骤(1)实现过程如下:Further, the implementation process of the step (1) is as follows:

给定一个安全参数k,设G1和G2是两个循环乘法群,两个群有相同的阶p,q为素数,P为G1的生成元;

Figure BDA0003858867840000031
为一个双线性映射;定义四个安全的哈希函数
Figure BDA0003858867840000032
KGC随机选择一个主密钥
Figure BDA0003858867840000033
计算Ppub=sP,
Figure BDA0003858867840000034
KGC公开系统参数{G1,G2,P,e,Ppub,,H1,H2,H3,H4},保密主密钥s;定义一个函数E,接收端的公钥PKα;如果PKγ=PKα,且E(PKr)=1,该方案是签密方案;然而当PKγ=PKα,且E(PKr)=0时,该方案是公钥加密方案。Given a security parameter k, let G1 and G2 be two cyclic multiplicative groups, the two groups have the same order p, q is a prime number, and P is the generator of G1 ;
Figure BDA0003858867840000031
is a bilinear map; define four secure hash functions
Figure BDA0003858867840000032
KGC randomly selects a master key
Figure BDA0003858867840000033
Calculate Ppub = sP,
Figure BDA0003858867840000034
KGC public system parameters {G 1 , G 2 , P, e, P pub ,, H 1 , H 2 , H 3 , H 4 }, secret master key s; define a function E, public key PK α of the receiver; If PK γ =PK α , and E(PK r )=1, the scheme is a signcryption scheme; however, when PK γ =PK α , and E(PK r )=0, the scheme is a public key encryption scheme.

进一步地,所述步骤(2)实现过程如下:Further, the implementation process of the step (2) is as follows:

根据系统参数和身份信息IDs,计算部分私钥

Figure BDA0003858867840000035
发送给用户;According to system parameters and identity information ID s , calculate part of the private key
Figure BDA0003858867840000035
sent to the user;

随机选择一个秘密值xs,根据部分私钥Ds计算完全私钥

Figure BDA0003858867840000036
公钥PKs=xs(H1(IDs)+Ppub)。Randomly select a secret value x s and calculate the full private key based on the partial private key D s
Figure BDA0003858867840000036
Public key PK s =x s (H 1 (ID s )+P pub ).

进一步地,所述步骤(3)实现过程如下:Further, the implementation process of the step (3) is as follows:

随机选择私钥β1

Figure BDA0003858867840000037
计算对应的公钥PKr=(PK1,PK2)=(β1P,β2P)、私钥
Figure BDA0003858867840000038
Randomly select the private key β 1 ,
Figure BDA0003858867840000037
Calculate the corresponding public key PK r = (PK 1 , PK 2 ) = (β 1 P, β 2 P), private key
Figure BDA0003858867840000038

进一步地,所述步骤(5)包括以下步骤:Further, the step (5) includes the following steps:

(51)选择随机数x1,x2,并根据Diffie-Hellman困难问题计算盲化值r1,r2(51) Select random numbers x 1 , x 2 , and calculate blinded values r 1 , r 2 according to the Diffie-Hellman difficulty problem;

(52)利用随机数x1,x2,消息M,发送端的身份IDs,发送方的公钥PKs,接收端的公钥PK1,PK2,得到哈希值h,从而得到签名值C1(52) Use random numbers x 1 , x 2 , message M, ID s of the sender, public key PK s of the sender, and public keys PK 1 and PK 2 of the receiver to obtain the hash value h, thereby obtaining the signature value C 1 ;

(53)利用混合签密计算得到C2,C3,同时通过异或运算得到C4,C5,从而得到签密密文σ=(C1,C2,C3,C4,C5);(53) Use mixed signcryption to calculate C 2 , C 3 , and at the same time obtain C 4 , C 5 through XOR operation, so as to obtain signcrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 );

(54)发送签密密文σ=(C1,C2,C3,C4,C5)和身份IDs给接收端。(54) Send the signcrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ) and ID s to the receiving end.

进一步地,所述步骤(6)包括以下步骤:Further, the step (6) includes the following steps:

(61)根据系统参数、公钥PKs、签密密文σ=(C1,C2,C3,C4,C5)、发送端的身份IDs和接收端的私钥

Figure BDA0003858867840000041
计算得到盲化值r1,r2;(61) According to system parameters, public key PK s , signciphered ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ), identity ID s of the sender and private key of the receiver
Figure BDA0003858867840000041
Calculate the blinding values r 1 , r 2 ;

(62)通过异或运算得到M||x2,从而得到哈希值h;如果E(PKr)=0,检验

Figure BDA0003858867840000042
如果是,输出M,否则输出⊥;如果E(PKr)=1,检验
Figure BDA0003858867840000043
并且仅当盲化值r1=e(C1,PKs+H2(PKs)(H1PKs)P+Ppub)t-h,如果是输出M;否则输出“⊥”。(62) Obtain M||x 2 through XOR operation, so as to obtain the hash value h; if E(PK r )=0, check
Figure BDA0003858867840000042
If yes, output M, otherwise output ⊥; if E(PK r )=1, check
Figure BDA0003858867840000043
And only when the blinded value r 1 =e(C 1 , PK s +H 2 (PK s )(H 1 PK s )P+P pub )t -h , if yes output M; otherwise output "⊥".

进一步地,所述步骤(7)包括以下步骤:Further, the step (7) includes the following steps:

根据发送端的密文σs=(C1,s,C2,s,C3,s,C4,s,C5,s),陷门tds,和接收端的密文σr=(C1,r,C2,r,C3,r,C4,r,C5,r),陷门tdr,计算盲化值r2,s,r2,r;计算关键字

Figure BDA0003858867840000044
检验等式
Figure BDA0003858867840000045
是否相等,如果是,消息Ms=Mr其中,
Figure BDA0003858867840000046
分别为发送端和接收端带有关键字的盲化值。According to the sender's ciphertext σ s = (C 1,s , C 2,s , C 3,s , C 4,s , C 5,s ), the trapdoor td s , and the receiver's ciphertext σ r =(C 1, r , C 2, r , C 3, r , C 4, r , C 5, r ), trapdoor td r , calculate blinded value r 2, s , r 2, r ; calculate keywords
Figure BDA0003858867840000044
Check the equation
Figure BDA0003858867840000045
Are they equal, if yes, the message M s =M r where,
Figure BDA0003858867840000046
are the blinded values with keywords at the sender and receiver, respectively.

基于相同的发明构思,本发明还提供一种基于异构系统的具有等值测试功能的签密系统,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述计算机程序被加载至处理器时实现上述的基于异构系统的具有等值测试功能的签密方法。Based on the same inventive concept, the present invention also provides a signcryption system based on a heterogeneous system with an equivalence test function, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the computer program is loaded into the processor, the above-mentioned signcryption method with equivalence testing function based on the heterogeneous system is implemented.

有益效果:与现有技术相比,本发明的有益效果:为发送端属于CLC环境、接收端属于PKI环境之间的签密通信提供了理论基础与技术保障;可以为PKI环境的用户和CLC环境的用户提供端到端的机密性、完整性、认证和不可否认性服务。Beneficial effect: Compared with the prior art, the beneficial effect of the present invention is that the theoretical basis and technical guarantee are provided for the signcryption communication between the sending end belonging to the CLC environment and the receiving end belonging to the PKI environment; Users of the environment are provided with end-to-end confidentiality, integrity, authentication and non-repudiation services.

附图说明Description of drawings

图1是本发明的流程图;Fig. 1 is a flow chart of the present invention;

图2是本发明的签密流程图;Fig. 2 is the flow chart of sign encryption of the present invention;

图3是本发明的解签密流程图;Fig. 3 is the flow chart of deciphering of the present invention;

图4是本发明的等值测试流程图。Fig. 4 is a flow chart of the equivalent test of the present invention.

具体实施方式detailed description

下面结合附图对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings.

本发明提出一种基于异构系统的具有等值测试功能的签密方法,设计了一个基于异构系统的具有等值测试功能的签密协议(HSCIP-ET)。CLC系统中使用的传感器负责收集用户的数据,并使用PKI系统中存在的服务管理中心(MC)的公钥进行签密。此外,MC还将陷门上传到云服务器。当CLC系统中的AP想要检索带有签密关键字的消息时,云服务器可以对不同的密文进行等值测试得到的结果返回给请求用户。如图1所示,具体包括以下步骤:The invention proposes a heterogeneous system-based signcryption method with equivalence test function, and designs a heterogeneous system-based signcryption protocol (HSCIP-ET) with equivalence test function. The sensors used in the CLC system are responsible for collecting the user's data and performing sign encryption using the public key of the Service Management Center (MC) present in the PKI system. In addition, MC also uploads the trapdoor to the cloud server. When an AP in the CLC system wants to retrieve a message with a signcryption keyword, the cloud server can perform an equivalence test on different ciphertexts and return the result to the requesting user. As shown in Figure 1, it specifically includes the following steps:

步骤1:异构系统参数初始化;异构系统参数包括门限值模块、基于CLC环境的签密模块、基于PKI环境的解签密模块、等值测试模块及可信第三方模块所需要设置的系统参数。Step 1: Heterogeneous system parameter initialization; heterogeneous system parameters include the threshold value module, the signcryption module based on the CLC environment, the decryption signcryption module based on the PKI environment, the equivalent test module and the trusted third-party module that need to be set System parameters.

给定一个安全参数k,设G1和G2是两个循环乘法群,两个群有相同的阶p,q为素数,P为G1的生成元。

Figure BDA0003858867840000051
为一个双线性映射。定义四个安全的哈希函数
Figure BDA0003858867840000052
KGC随机选择一个主密钥
Figure BDA0003858867840000053
计算Ppub=sP,
Figure BDA0003858867840000054
KGC公开系统参数{G1,G2,P,e,Ppub,H1,H2,H3,H4},保密主密钥s。定义一个函数E,接收者的公钥PKα。如果PKγ=PKα,且E(PKr)=1,该方案是签密方案;然而当PKγ=PKα,且E(PKr)=0时,该方案是公钥加密方案。Given a security parameter k, let G1 and G2 be two cyclic multiplicative groups, the two groups have the same order p, q is a prime number, and P is the generator of G1 .
Figure BDA0003858867840000051
is a bilinear map. Define four secure hash functions
Figure BDA0003858867840000052
KGC randomly selects a master key
Figure BDA0003858867840000053
Calculate Ppub = sP,
Figure BDA0003858867840000054
KGC publicizes system parameters {G 1 , G 2 , P, e, P pub , H 1 , H 2 , H 3 , H 4 }, and keeps secret master key s. Define a function E, receiver's public key PK α . If PK γ =PK α , and E(PK r )=1, the scheme is a signcryption scheme; however, when PK γ =PK α , and E(PK r )=0, the scheme is a public key encryption scheme.

对于该发明实施过程中主要使用的参数说明如表1所示:The parameter description mainly used in this invention implementation process is as shown in table 1:

表1参数说明Table 1 parameter description

Figure BDA0003858867840000055
Figure BDA0003858867840000055

Figure BDA0003858867840000061
Figure BDA0003858867840000061

步骤2:生成CLC环境的密钥。Step 2: Generate a key for the CLC environment.

无证书环境(CLC)的发送端提交身份信息IDs给密钥生成中心,密钥生成中心根据系统参数和身份信息IDs生成部分私钥Ds并发送给用户,用户随机选择一个秘密值xs,根据秘密值与部分私钥Ds设置完全私钥

Figure BDA0003858867840000062
和公钥PKs=xs(H1(IDs)+Ppub)。The sending end of the certificateless environment (CLC) submits the identity information ID s to the key generation center, and the key generation center generates a part of the private key D s according to the system parameters and the identity information ID s and sends it to the user. The user randomly selects a secret value x s , set the full private key according to the secret value and partial private key D s
Figure BDA0003858867840000062
and public key PK s =x s (H 1 (ID s )+P pub ).

步骤3:PKI环境的接收端随机选择私钥β1

Figure BDA0003858867840000063
计算对应的公钥PKr,公钥与CA颁发的证书绑定,输出公钥PKr=(PK1,PK2)=(β1P,β2P)、私钥
Figure BDA0003858867840000064
Step 3: The receiving end of the PKI environment randomly selects the private key β 1 ,
Figure BDA0003858867840000063
Calculate the corresponding public key PK r , the public key is bound to the certificate issued by the CA, and the output public key PK r = (PK 1 , PK 2 ) = (β 1 P, β 2 P), private key
Figure BDA0003858867840000064

步骤4:根据私钥SKr,生成陷门值tdr=SKrStep 4: According to the private key SK r , generate trapdoor value td r =SK r .

步骤5:发送端根据系统参数、发送端的身份IDs与私钥

Figure BDA0003858867840000065
接收端的公钥PKr=(PK1,PK2)=(β1P,β2P),进行签密,得到签密密文σ并发送给接收端。如图2所示,具体步骤如下:Step 5: According to the system parameters, ID s and private key of the sender, the sender
Figure BDA0003858867840000065
The public key PK r =(PK 1 , PK 2 )=(β 1 P, β 2 P) of the receiving end is signed encrypted to obtain the sign encrypted ciphertext σ and sent to the receiving end. As shown in Figure 2, the specific steps are as follows:

选择随机数x1,x2,并根据Diffie-Hellman困难问题计算盲化值r1,r2;利用随机数x1,x2,消息M,发送端的身份IDs,发送方的公钥PKs,接收端的公钥PK1,PK2,得到哈希值:Select random numbers x 1 , x 2 , and calculate blinded values r 1 , r 2 according to the Diffie-Hellman difficulty problem; use random numbers x 1 , x 2 , message M, identity ID s of the sender, and public key PK of the sender s , the public key PK 1 and PK 2 of the receiving end, get the hash value:

h=H2(M,r1,r2,IDs,PKs,PK1,PK2)h=H 2 (M, r 1 , r 2 , ID s , PK s , PK 1 , PK 2 )

从而得到签名值:and thus get the signed value:

C1=E(PKr)(x1+h)Ss,;C 1 =E(PK r )(x 1 +h)S s ,;

利用混合签密计算得到C2,C3C 2 , C 3 are obtained by hybrid signcryption calculation:

C2=x1PK1 C 2 =x 1 PK 1

C3=x2PK2 C 3 =x 2 PK 2

同时通过异或运算得到C4,C5At the same time, C 4 and C 5 are obtained through XOR operation:

Figure BDA0003858867840000071
Figure BDA0003858867840000071

Figure BDA0003858867840000072
Figure BDA0003858867840000072

从而得到签密密文σ=(C1,C2,C3,C4,C5)和身份IDsThus, the signciphered ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ) and identity ID s are obtained.

步骤6:PKI环境的接收端根据系统参数、公钥PKs、签密密文σ=(C1,C2,C3,C4,C5)、发送端的身份IDs和接收端的私钥

Figure BDA0003858867840000073
Figure BDA0003858867840000074
输出消息M或拒绝该密文,具体如图3所示。Step 6: The receiving end of the PKI environment is based on the system parameters, the public key PK s , the sign-encrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ), the identity ID s of the sending end and the private key of the receiving end
Figure BDA0003858867840000073
Figure BDA0003858867840000074
Output message M or reject the ciphertext, as shown in Figure 3.

根据系统参数、公钥PKs、签密密文σ=(C1,C2,C3,C4,C5)、发送端的身份IDs和接收端的私钥

Figure BDA0003858867840000075
计算得到盲化值r1,r2:According to system parameters, public key PK s , sign-encrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ), identity ID s of the sender and private key of the receiver
Figure BDA0003858867840000075
Calculate the blinding values r 1 , r 2 :

r1=e(C2,SK1)r 1 =e(C 2 ,SK 1 )

r2=e(C3,SK2)。r 2 =e(C 3 ,SK 2 ).

通过异或运算得到

Figure BDA0003858867840000076
从而得到哈希值h=H2(M,r1,r2,IDs,PKs,PK1,PK2)。如果E(PKr)=0,检验
Figure BDA0003858867840000077
如果是,输出M,否则输出“⊥”;如果E(PKr)=1,检验
Figure BDA0003858867840000078
并且仅当r1=e(C1,PKs+H2(PKs)(H1PKs)P+Ppub)t-h,如果是输出M;否则输出“⊥”。Obtained by XOR operation
Figure BDA0003858867840000076
Thus, the hash value h=H 2 (M, r 1 , r 2 , ID s , PK s , PK 1 , PK 2 ) is obtained. If E(PK r )=0, test
Figure BDA0003858867840000077
If yes, output M, otherwise output "⊥"; if E(PK r )=1, check
Figure BDA0003858867840000078
And only when r 1 =e(C 1 , PK s +H 2 (PK s )(H 1 PK s )P+P pub )t -h , output M if it is; otherwise output "⊥".

步骤7:根据发送端的密文σs=(C1,s,C2,s,C3,s,C4,s,C5,s),陷门tds,和接收端的密文σr=(C1,r,C2,r,C3,r,C4,r,C5,r),陷门tdr进行等值测试,检验有不同公钥加密得到的密文是否包含相同的消息M,如图4所示,具体步骤如下:Step 7: According to the ciphertext σ s of the sender = (C 1, s , C 2, s , C 3, s , C 4, s , C 5, s ), the trapdoor td s , and the ciphertext σ r of the receiver =(C 1, r , C 2, r , C 3, r , C 4, r , C 5, r ), the trapdoor td r conducts an equivalence test to check whether the ciphertext encrypted with different public keys contains the same The message M, as shown in Figure 4, the specific steps are as follows:

1)计算盲化值r2,s=e(C3,s,SK2,s);1) Calculate the blinding value r 2,s =e(C 3,s ,SK 2,s );

2)计算盲化值r2,r=e(C3,s,SK2,r);2) Calculate the blinding value r 2,r = e(C 3,s ,SK 2,r );

3)计算关键字

Figure BDA0003858867840000079
3) Calculate keywords
Figure BDA0003858867840000079

4)计算关键字

Figure BDA00038588678400000710
4) Calculate keywords
Figure BDA00038588678400000710

5)检验等式

Figure BDA0003858867840000081
是否相等,如果是,则Ms=Mr;其中,r2,s,r2,r分别为发送端和接收端的盲化值,Xs,Xr分别为发送端和接收端的关键字,
Figure BDA0003858867840000082
分别为发送端和接收端带有关键字的盲化值。5) Check the equation
Figure BDA0003858867840000081
Whether they are equal, if yes, then M s =M r ; wherein, r 2, s , r 2, r are the blinding values of the sending end and the receiving end respectively, X s , X r are the keywords of the sending end and the receiving end respectively,
Figure BDA0003858867840000082
are the blinded values with keywords at the sender and receiver, respectively.

基于相同的发明构思,本发明还提供一种基于异构系统的具有等值测试功能的签密系统,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中计算机程序被加载至处理器时实现上述的基于异构系统的具有等值测试功能的签密方法。Based on the same inventive concept, the present invention also provides a signcryption system based on a heterogeneous system with an equivalence test function, including a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the computer When the program is loaded into the processor, the above-mentioned signcryption method with equivalence testing function based on the heterogeneous system is implemented.

本发明不仅实现了等值测试的功能,以确定两个密文是否包含相同的消息,而且同时保持了数据的完整性、认证性和机密性。本发明允许发送端处于CLC密码体制下,接收端处于PKI密码体制下进行安全的通信。与现有的相关方案相比,该方案具有更低的计算成本和通信开销。在随机预言模型中计算q-双线性对逆Diffie-Hellman困难问题的假设下,本发明在自适应选择密文攻击下具有不可区分性,并且在计算Diffie-Hellman困难问题的假设下,可以对抗自适应选择消息攻击。The invention not only realizes the function of equivalent test to determine whether two ciphertexts contain the same message, but also maintains the integrity, authentication and confidentiality of data at the same time. The invention allows the sending end to be in the CLC cryptographic system and the receiving end to be in the PKI cryptographic system to carry out safe communication. Compared with existing related schemes, this scheme has lower computational cost and communication overhead. Under the assumption of calculating the q-bilinear pairing inverse Diffie-Hellman difficulty in the random oracle model, the present invention is indistinguishable under adaptively chosen ciphertext attacks, and under the assumption of calculating the Diffie-Hellman difficulty, can Combating Adaptive Chosen Message Attacks.

Claims (8)

1.一种基于异构系统的具有等值测试功能的签密方法,其特征在于,包括以下步骤:1. a kind of signcryption method with equivalence test function based on heterogeneous system, is characterized in that, comprises the following steps: (1)异构系统参数初始化;所述异构系统参数包括门限值模块、基于CLC环境的签密模块、基于PKI环境的解签密模块、等值测试模块及可信第三方模块所需要设置的系统参数;(1) Heterogeneous system parameter initialization; The heterogeneous system parameters include threshold value module, signcryption module based on CLC environment, decryption signcryption module based on PKI environment, equivalence test module and trusted third-party module Set system parameters; (2)CLC环境的发送端提交身份信息IDs给密钥生成中心,密钥生成中心根据系统参数和身份信息IDs生成部分私钥Ds并发送给用户,用户随机选择一个秘密值xs,根据秘密值xs与部分私钥Ds设置完全私钥和公钥;(2) The sending end of the CLC environment submits the identity information ID s to the key generation center. The key generation center generates a part of the private key D s according to the system parameters and the identity information ID s and sends it to the user. The user randomly selects a secret value x s , set the complete private key and public key according to the secret value x s and the partial private key D s ; (3)PKI环境的接收端随机选择私钥
Figure FDA0003858867830000011
计算对应的公钥PKr,公钥与CA颁发的证书绑定,输出公钥PKr和私钥SKr(3) The receiving end of the PKI environment randomly selects the private key
Figure FDA0003858867830000011
Calculate the corresponding public key PK r , bind the public key to the certificate issued by the CA, and output the public key PK r and private key SK r ; (4)PKI环境的接收端根据私钥SKr,得到陷门值tdr=SKr(4) The receiving end of the PKI environment obtains the trapdoor value td r =SK r according to the private key SK r ; (5)CLC环境的发送端根据系统参数、发送端的身份IDs与私钥Ss、接收端的公钥PKr,进行签密,得到签密密文σ并发送给接收端;(5) The sending end of the CLC environment performs signcryption according to the system parameters, the identity ID s and private key S s of the sending end, and the public key PK r of the receiving end, and obtains the sign-encrypted ciphertext σ and sends it to the receiving end; (6)PKI环境的接收端根据系统参数、公钥PKs、签密密文σ、发送端的身份IDs和接收端的私钥,输出消息M或拒绝该密文;(6) The receiving end of the PKI environment outputs a message M or rejects the ciphertext according to the system parameters, the public key PK s , the sign-encrypted ciphertext σ, the identity ID s of the sending end and the private key of the receiving end; (7)根据发送端的密文σs、陷门tds和接收端的密文、陷门tdr进行等值测试,检验有不同公钥加密得到的密文是否包含相同的消息M。(7) Perform an equivalence test according to the ciphertext σ s and trapdoor td s at the sending end and the ciphertext and trapdoor td r at the receiving end to check whether the ciphertext encrypted with different public keys contains the same message M. 2.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(1)实现过程如下:2. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (1) realization process is as follows: 给定一个安全参数k,设G1和G2是两个循环乘法群,两个群有相同的阶p,q为素数,P为G1的生成元;
Figure FDA0003858867830000012
G1×G1→G2为一个双线性映射;定义四个安全的哈希函数H1
Figure FDA0003858867830000013
H2
Figure FDA0003858867830000014
H3
Figure FDA0003858867830000015
H4:G2→{0,1}*;KGC随机选择一个主密钥
Figure FDA0003858867830000016
计算Ppub=sP,
Figure FDA0003858867830000017
KGC公开系统参数{G1,G2,P,e,Ppub,,H1,H2,H3,H4},保密主密钥s;定义一个函数E,接收端的公钥PKα;如果PKγ=PKα,且E(PKr)=1,该方案是签密方案;然而当PKγ=PKα,且E(PKr)=0时,该方案是公钥加密方案。Given a security parameter k, let G1 and G2 be two cyclic multiplicative groups, the two groups have the same order p, q is a prime number, and P is the generator of G1 ;
Figure FDA0003858867830000012
G 1 ×G 1 →G 2 is a bilinear map; define four secure hash functions H 1 :
Figure FDA0003858867830000013
H 2 :
Figure FDA0003858867830000014
H3 :
Figure FDA0003858867830000015
H 4 : G 2 → {0, 1} * ; KGC randomly selects a master key
Figure FDA0003858867830000016
Calculate Ppub = sP,
Figure FDA0003858867830000017
KGC public system parameters {G 1 , G 2 , P, e, P pub ,, H 1 , H 2 , H 3 , H 4 }, secret master key s; define a function E, public key PK α of the receiver; If PK γ =PK α , and E(PK r )=1, the scheme is a signcryption scheme; however, when PK γ =PK α , and E(PK r )=0, the scheme is a public key encryption scheme. 3.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(2)实现过程如下:3. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (2) realization process is as follows: 根据系统参数和身份信息IDs,计算部分私钥
Figure FDA0003858867830000021
发送给用户;According to system parameters and identity information ID s , calculate part of the private key
Figure FDA0003858867830000021
sent to the user; 随机选择一个秘密值xs,根据部分私钥Ds计算完全私钥
Figure FDA0003858867830000022
公钥PKs=xs(H1(IDs)+Ppub)。Randomly select a secret value x s and calculate the full private key based on the partial private key D s
Figure FDA0003858867830000022
Public key PK s =x s (H 1 (ID s )+P pub ). 4.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(3)实现过程如下:4. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (3) realization process is as follows: 随机选择私钥
Figure FDA0003858867830000023
计算对应的公钥PKr=(PK1,PK2)=(β1P,β2P)、私钥
Figure FDA0003858867830000024
random private key
Figure FDA0003858867830000023
Calculate the corresponding public key PK r = (PK 1 , PK 2 ) = (β 1 P, β 2 P), private key
Figure FDA0003858867830000024
 5.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(5)包括以下步骤:5. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (5) comprises the following steps: (51)选择随机数x1,x2,并根据Diffie-Hellman困难问题计算盲化值r1,r2(51) Select random numbers x 1 , x 2 , and calculate blinded values r 1 , r 2 according to the Diffie-Hellman difficulty problem; (52)利用随机数x1,x2,消息M,发送端的身份IDs,发送方的公钥PKs,接收端的公钥PK1,PK2,得到哈希值h,从而得到签名值C1(52) Use random numbers x 1 , x 2 , message M, ID s of the sender, public key PK s of the sender, and public keys PK 1 and PK 2 of the receiver to obtain the hash value h, thereby obtaining the signature value C 1 ; (53)利用混合签密计算得到C2,C3,同时通过异或运算得到C4,C5,从而得到签密密文σ=(C1,C2,C3,C4,C5);(53) Use mixed signcryption to calculate C 2 , C 3 , and at the same time obtain C 4 , C 5 through XOR operation, so as to obtain signcrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ); (54)发送签密密文σ=(C1,C2,C3,C4,C5)和身份IDs给接收端。(54) Send the signcrypted ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ) and ID s to the receiving end. 6.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(6)包括以下步骤:6. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (6) comprises the following steps: (61)根据系统参数、公钥PKs、签密密文σ=(C1,C2,C3,C4,C5)、发送端的身份IDs和接收端的私钥
Figure FDA0003858867830000025
计算得到盲化值r1,r2(61) According to system parameters, public key PK s , signciphered ciphertext σ=(C 1 , C 2 , C 3 , C 4 , C 5 ), identity ID s of the sender and private key of the receiver
Figure FDA0003858867830000025
Calculate the blinding values r 1 , r 2 ; (62)通过异或运算得到M||x2,从而得到哈希值h;如果E(PKr)=0,检验
Figure FDA0003858867830000026
如果是,输出M,否则输出⊥;如果E(PKr)=1,检验
Figure FDA0003858867830000027
并且仅当盲化值r1=e(C1,PKs+H2(PKs)(H1PKs)P+Ppub)t-h,如果是输出M;否则输出“⊥”。(62) Obtain M||x 2 through XOR operation, so as to obtain the hash value h; if E(PK r )=0, check
Figure FDA0003858867830000026
If yes, output M, otherwise output ⊥; if E(PK r )=1, check
Figure FDA0003858867830000027
And only when the blinded value r 1 =e(C 1 , PK s +H 2 (PK s )(H 1 PK s )P+P pub )t -h , if yes output M; otherwise output "⊥". 7.根据权利要求1所述的一种基于异构系统的具有等值测试功能的签密方法,其特征在于,所述步骤(7)包括以下步骤:7. a kind of signcryption method with equivalence test function based on heterogeneous system according to claim 1, is characterized in that, described step (7) comprises the following steps: 根据发送端的密文σs=(C1,s,C2,s,C3,s,C4,s,C5,s),陷门tds,和接收端的密文σr=(C1,r,C2,r,C3,r,C4,r,C5,r),陷门tdr,计算盲化值r2,s,r2,r;计算关键字
Figure FDA0003858867830000031
检验等式
Figure FDA0003858867830000032
是否相等,如果是,消息Ms=Mr;其中,
Figure FDA0003858867830000033
分别为发送端和接收端带有关键字的盲化值。According to the sender's ciphertext σ s = (C 1,s , C 2,s , C 3,s , C 4,s , C 5,s ), the trapdoor td s , and the receiver's ciphertext σ r =(C 1, r , C 2, r , C 3, r , C 4, r , C 5, r ), trapdoor td r , calculate blinded value r 2, s , r 2, r ; calculate keywords
Figure FDA0003858867830000031
Check the equation
Figure FDA0003858867830000032
Whether they are equal, if yes, the message M s =M r ; where,
Figure FDA0003858867830000033
are the blinded values with keywords at the sender and receiver, respectively. 8.一种基于异构系统的具有等值测试功能的签密系统,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述计算机程序被加载至处理器时实现根据权利要求1-7任一项所述的基于异构系统的具有等值测试功能的签密方法。8. A signcryption system based on a heterogeneous system with an equivalent test function, comprising a memory, a processor and a computer program stored on the memory and operable on the processor, wherein the computer program is loaded When reaching the processor, the signcryption method with equivalence testing function based on the heterogeneous system according to any one of claims 1-7 is realized.
CN202211156358.4A 2022-09-22 2022-09-22 Signcryption method and system with equivalence test function based on heterogeneous system Withdrawn CN115550007A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211156358.4A CN115550007A (en) 2022-09-22 2022-09-22 Signcryption method and system with equivalence test function based on heterogeneous system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211156358.4A CN115550007A (en) 2022-09-22 2022-09-22 Signcryption method and system with equivalence test function based on heterogeneous system

Publications (1)

Publication Number Publication Date
CN115550007A true CN115550007A (en) 2022-12-30

Family

ID=84730493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211156358.4A Withdrawn CN115550007A (en) 2022-09-22 2022-09-22 Signcryption method and system with equivalence test function based on heterogeneous system

Country Status (1)

Country Link
CN (1) CN115550007A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117715033A (en) * 2023-11-20 2024-03-15 西北师范大学 Processing methods, devices, equipment and storage media for heterogeneous communication data between vehicles
CN119449322A (en) * 2024-11-01 2025-02-14 西安电子科技大学 A threshold signcryption method on a lattice capable of realizing equal value detection function

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117715033A (en) * 2023-11-20 2024-03-15 西北师范大学 Processing methods, devices, equipment and storage media for heterogeneous communication data between vehicles
CN117715033B (en) * 2023-11-20 2024-11-22 西北师范大学 Method, device, equipment and storage medium for processing heterogeneous communication data between vehicles
CN119449322A (en) * 2024-11-01 2025-02-14 西安电子科技大学 A threshold signcryption method on a lattice capable of realizing equal value detection function

Similar Documents

Publication Publication Date Title
EP1710952B1 (en) Cryptographic Applications of the Cartier Pairing
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
CN109246098B (en) A Method for Supporting Synchronous Ciphertext Comparison of Backup Servers
CN103023637B (en) Encryption and search method for revocable keyword search public keys in cloud storage
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN112787796B (en) Aggregation method and device for detecting false data injection in edge calculation
CN107342859A (en) Anonymous authentication method and application thereof
CN108183791B (en) Intelligent terminal data security processing method and system applied to cloud environment
Luo et al. An enhanced certificateless signcryption in the standard model
CN110113155A (en) One kind is efficiently without CertPubKey encryption method
EP4144042B1 (en) Adaptive attack resistant distributed symmetric encryption
Ali et al. Secure IoT framework for authentication and confidentiality using hybrid cryptographic schemes
CN119299240B (en) Task offloading method and system for privacy protection in vehicle formation
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN115473703A (en) Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN116346336B (en) Key distribution method based on multi-layer key generation center and related system
Guo et al. Certificateless Ring Signcryption Scheme from Pairings.
Ali et al. Hyper elliptic curve based certificateless signcryption scheme for secure IIoT communications
Saeed et al. Improved cloud storage security of using three layers cryptography algorithms
Singh et al. A lightweight identity based generalized signcryption scheme for secure communication in standard model
Al-Zubi et al. Efficient signcryption scheme based on El-Gamal and Schnorr
US20240413984A1 (en) Replicated secret share generation for distributed symmetric cryptography
CN115550007A (en) Signcryption method and system with equivalence test function based on heterogeneous system
Zhan et al. Improved proxy re-encryption with delegatable verifiability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20221230