[go: up one dir, main page]

CN115622710B - Conditional anonymous authentication system and method based on knowledge signature - Google Patents

Conditional anonymous authentication system and method based on knowledge signature Download PDF

Info

Publication number
CN115622710B
CN115622710B CN202211221482.4A CN202211221482A CN115622710B CN 115622710 B CN115622710 B CN 115622710B CN 202211221482 A CN202211221482 A CN 202211221482A CN 115622710 B CN115622710 B CN 115622710B
Authority
CN
China
Prior art keywords
user
acc
public key
long
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211221482.4A
Other languages
Chinese (zh)
Other versions
CN115622710A (en
Inventor
宁建廷
周晓彤
林超
黄欣沂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN202211221482.4A priority Critical patent/CN115622710B/en
Publication of CN115622710A publication Critical patent/CN115622710A/en
Application granted granted Critical
Publication of CN115622710B publication Critical patent/CN115622710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a conditional anonymous authentication system based on knowledge signature, which comprises an auditor, a message sender and a message receiver, wherein during system initialization, the auditor generates a traceable key pair and manages the accumulator state of recording access authority, before the message is sent, the sender generates a temporary identity pseudonym and carries out knowledge signature on the message by using evidence and the identity pseudonym, after the message is received, the receiver verifies the anonymous signature according to an authentication strategy, and during audit operation, the auditor can decrypt the identity pseudonym by using the traceable private key to obtain a long-term public key of a user. The invention can protect the true identity of the user and meet the tracking and monitoring requirements of the application.

Description

Knowledge signature-based conditional anonymous authentication system and method
Technical Field
The invention relates to the technical field of information security, in particular to a conditional anonymous authentication system and method based on knowledge signature.
Background
In information systems, an authentication protocol is used to authenticate the identity of a user, preventing unauthorized access, and is the basis of other security mechanisms. In the fields of electronic commerce, internet of vehicles, intelligent medical treatment and the like, user identity information is sensitive data, and personal privacy is often related. However, the conventional authentication protocol does not consider user identity privacy protection, and there is a risk of disclosure of private data.
In order to enhance the privacy protection capability of an authentication protocol, anonymous identity authentication is a hotspot problem of current subject research, and domestic and foreign scholars have proposed a plurality of privacy protection enhancement schemes based on anonymous certificates, certificate-free and other cryptographic technologies. However, the authentication protocol which is completely anonymous lacks an effective supervision means, and anonymous abuse conditions exist, namely when malicious users propagate harmful messages or threaten the security of the system, the system cannot perform responsibility for the harmful messages. Therefore, the anonymous authentication protocol needs to protect the privacy security of the user and also needs to consider the supervision capability.
Disclosure of Invention
Therefore, the invention aims to provide a conditional anonymous authentication system and method based on knowledge signature, which can meet the tracking and supervision requirements of applications while protecting the true identity of users.
In order to achieve the above purpose, the invention adopts the following technical scheme:
A conditional anonymous authentication system based on knowledge signature comprises an auditor, a message sender and a message receiver, wherein the auditor generates a traceable key pair and manages the accumulator state of recording access authority when the system is initialized, the sender generates a temporary identity pseudonym before sending the message, carries out knowledge signature on the message by using evidence and the identity pseudonym, the receiver verifies the anonymous signature according to an authentication strategy after receiving the message, and the auditor can decrypt the identity pseudonym by using the traceable private key when carrying out audit operation to obtain a long-term public key of a user.
An authentication method of a conditional anonymous authentication system based on knowledge signature comprises the following steps:
S1, initializing a system;
step S2, generating a long-term key pair and an anonymous identity of a user;
step S3, the user to be registered sends the long-term public key to the auditor TA through the secure channel, the TA receives the long-term public key of the user and stores the long-term public key in the set [ UPK n]={pk1,pk2,…,pkn }, and user permission is set;
Step S4, the message sender signs the information m epsilon {0,1} * by using the knowledge signature;
Step S5, after receiving the signature message (x, m, sigma), the receiver executes verification operation.
Further, the system initialization specifically includes:
a) TA selection of secured group parameters Selecting large prime numbers q 1 and q 2, calculating RSA modulus n=q 1×p1,φ(n)=(q1-1)(p1 -1), and selecting a secure one-way hash functionWherein p=min (q, q 1,p1);
b) TA selection private key Calculating TA public key tpk=g tsk;
c) The TA initializes an accumulator, which initializes an RSA accumulated value Acc for recording the authorized user public key set [ UPK n]={pk1,pk2,…,pkn }, and the set.
D) TA disclosure System parameters
Further, the step S2 specifically includes:
a) User randomly selects long-term private key Calculating a long-term public key pk=g sk;
b) The user computes ask 1=gv,ask2=pk·tpkv,(ask1,ask2) as an anonymous identity and generates multiple anonymous identities in the same manner.
Further, in the step S3, the TA performs the following calculation steps:
a) TA random selection of each public key So that y i=pki+ui is prime number, sequentially calculating
Add (Acc i-1,yi)→Acci, ultimately obtaining acc=acc n;
b) TA generates a membership proof for each user, calculates ω i=MemWitCreate(Acci,yi,[UPKn);
c) The TA distributes (Acc, ω i) to each user over the secure channel.
Further, in the step S4, a sender long-term key pair (sk, pk), a temporary identity (apk 1,apk2), and a membership proof ω knowledge signature structure are set as follows:
SoK={(x,w):apk1=gv,apk2=pk·tpkv,pk=gskpk+u=Acc}(m)
Wherein,
w=(sk,pk,v,ω,u),x=(g,n,q,apk1,apk2,Acc)
Conversion to a computable form:
Wherein,
x=(g,n,q,apk1,apk2,Acc,g1,g2,g3,g4,h1,h2,R1,R2,R1',R2)
The knowledge signature specific signature process is as follows:
a) The sender selects a random number s11234,∈1,∈2,∈3,μ,ρ121, B) Sender calculation
C) Sender calculation
z1=s1+ve,Z1=γ3·pke,Z2=μ·ωe
z2=γ1+r1e,z3=γ2+r2e,z4=γ3+pk·e
z8=∈1+t1e,z9=∈2+t2e,z10=∈3+sk-1e
z11=α1+φe,z12=α2+βe
The sender sends (x, m, σ) to the receiver, where σ= (Z 1,Z2,{zi}i∈[1,12], e).
Further, the verification operation specifically includes:
a) Receiver computing
B) Receiver judgment
If the verification is equal, the verification is passed, otherwise the verification fails.
Further, if a malicious user appears, the TA performs the following operations to realize the tracking recovery of the identity of the sender:
a) Acquiring temporary identity information (apk 1,apk2) related to a malicious user;
b) Calculation using TA private key tsk The long-term public key of the user is obtained, so that the identity of the user is obtained.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention realizes traceability of the anonymous identity of the user and prevents malicious users from abusing an anonymous mechanism to send harmful messages;
2. The invention combines the characteristics of access control and a password accumulator, can realize fine-grained access control on the basis of anonymous authentication, is suitable for application scenes with high privacy protection requirements, and has practicability in identity authentication, privacy protection, supervision audit and access control.
Drawings
Fig. 1 is a message signing and signing verification process of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings and examples.
The invention provides a conditional anonymous authentication system based on knowledge signature, which comprises an auditor, a message sender and a message receiver, wherein during system initialization, the auditor generates a traceable key pair and manages the accumulator state of recording access authority, before the message is sent, the sender generates a temporary identity pseudonym and carries out knowledge signature on the message by using evidence and the identity pseudonym, after the message is received, the receiver verifies the anonymous signature according to an authentication strategy, and during audit operation, the auditor can decrypt the identity pseudonym by using the traceable private key to obtain a long-term public key of a user.
In this embodiment, there is also provided an authentication method of a conditional anonymous authentication system based on knowledge signature, including the steps of:
S1, initializing a system;
step S2, generating a long-term key pair and an anonymous identity of a user;
step S3, the user to be registered sends the long-term public key to the auditor TA through the secure channel, the TA receives the long-term public key of the user and stores the long-term public key in the set [ UPK n]={pk1,pk2,…,pkn }, and user permission is set;
Step S4, the message sender signs the information m epsilon {0,1} * by using the knowledge signature;
Step S5, after receiving the signature message (x, m, sigma), the receiver executes verification operation.
In this embodiment, the system initialization specifically includes:
a) TA selection of secured group parameters Selecting large prime numbers q 1 and q 2, calculating RSA modulus n=q 1×p1,φ(n)=(q1-1)(p1 -1), and selecting a secure one-way hash functionWherein p=min (q, q 1,p1);
b) TA selection private key Calculating TA public key tpk=g tsk;
c) The TA initializes an accumulator, which initializes an RSA accumulated value Acc for recording the authorized user public key set [ UPK n]={pk1,pk2,…,pkn }, and the set.
D) TA disclosure System parameters
In this embodiment, step S2 specifically includes:
a) User randomly selects long-term private key Calculating a long-term public key pk=g sk;
b) The user computes ask 1=gv,ask2=pk·tpkv,(ask1,ask2) as an anonymous identity and generates multiple anonymous identities in the same manner.
In this embodiment, in step S3, TA performs the following calculation steps:
a) TA random selection of each public key So that y i=pki+ui is prime number, sequentially calculating
Add (Acc i-1,yi)→Acci, ultimately obtaining acc=acc n;
b) TA generates a membership proof for each user, calculates ω i=MemWitCreate(Acci,yi,[UPKn);
c) The TA distributes (Acc, ω i) to each user over the secure channel.
In this embodiment, in step S4, a sender long-term key pair (sk, pk), a temporary identity (apk 1,apk2), and a membership proof ω knowledge signature structure are set as follows:
SoK={(x,w):apk1=gv,apk2=pk·tpkv,pk=gskpk+u=Acc}(m)
Wherein,
w=(sk,pk,v,ω,u),x=(g,n,q,apk1,apk2,Acc)
Conversion to a computable form:
Wherein,
x=(g,n,q,apk1,apk2,Acc,g1,g2,g3,g4,h1,h2,R1,R2,R1',R2)
The knowledge signature specific signature process is as follows:
a) The sender selects a random number s11234,∈1,∈2,∈3,μ,ρ121, B) Sender calculation
C) Sender calculation
z1=s1+ve,Z1=γ3·pke,Z2=μ·ωe
z2=γ1+r1e,z3=γ2+r2e,z4=γ3+pk·e
z8=∈1+t1e,z9=ε2+t2e,z10=ε3+sk-1e
z11=α1+φe,z12=α2+βe
The sender sends (x, m, σ) to the receiver, where σ= (Z 1,Z2,{zi}i∈[1,12], e).
In this embodiment, the verification operation is specifically:
a) Receiver computing
B) Receiver judgment
If the verification is equal, the verification is passed, otherwise the verification fails.
In this embodiment, preferably, if a malicious user occurs, the TA performs the following operations to implement tracking recovery of the sender identity:
a) Acquiring temporary identity information (apk 1,apk2) related to a malicious user;
b) Calculation using TA private key tsk The long-term public key of the user is obtained, so that the identity of the user is obtained.
The foregoing description is only of the preferred embodiments of the invention, and all changes and modifications that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims (7)

1. The authentication method of the conditional anonymous authentication system based on the knowledge signature is characterized by comprising the following steps of:
S1, initializing a system;
step S2, generating a long-term key pair and an anonymous identity of a user;
step S3, the user to be registered sends the long-term public key to the auditor TA through the secure channel, the TA receives the long-term public key of the user and stores the long-term public key in the set [ UPK n]={pk1,pk2,…,pkn }, and user permission is set;
Step S4, the message sender signs the information m epsilon {0,1} * by using the knowledge signature;
step S5, after receiving the signature message (x, m, sigma), the receiver executes verification operation;
In the step S4, a sender long-term key pair (sk, pk), a temporary identity (apk 1,apk2), a membership certificate ω, and a knowledge signature structure are set as follows:
SoK={(x,w):apk1=gv,apk2=pk·tpkv,pk=gskpk+u=Acc}(m)
Wherein,
w=(sk,pk,v,ω,u),x=(g,n,q,apk1,apk2,Acc)
Conversion to a computable form:
wherein tpk is the TA public key;
x=(g,n,q,apk1,apk2,Acc,g1,g2,g3,g4,h1,h2,R1,R2,R1',R'2)
the system comprises an Acc, sk and pk, wherein the Acc is an RSA accumulated value for recording a public key set of an authorized user, and sk and pk are a long-term private key and a long-term public key of the user respectively;
the knowledge signature specific signature process is as follows:
a) The sender selects a random number s11234,∈1,∈2,∈3,μ,ρ121,
B) Sender calculation
C) Sender calculation
z1=s1+ve,Z1=γ3·pke,Z2=μ·ωe
z2=γ1+r1e,z3=γ2+r2e,z4=γ3+pk·e
z8=∈1+t1e,z9=∈2+t2e,z10=∈3+sk-1e
z11=α1+φe,z12=α2+βe
The sender sends (x, m, σ) to the receiver, where σ= (Z 1,Z2,{zi}i∈[1,12], e); Is a hash function.
2. The authentication method according to claim 1, characterized in that the system initialization specifically comprises:
a) TA selection of secured group parameters Selecting large prime numbers q 1 and p 1, calculating RSA modulus n=q 1×p1,φ(n)=(q1-1)(p1 -1), and selecting a secure one-way hash functionWherein p=min (q, q 1,p1);
b) TA selection private key Calculating TA public key tpk=g tsk;
c) The TA initializes an accumulator, and initializes an RSA accumulated value Acc for recording a public key set [ UPK n]={pk1,pk2,…,pkn ] of the authorized user and the set;
d) TA disclosure System parameters
3. The authentication method according to claim 1, wherein the step S2 is specifically:
a) User randomly selects long-term private key Calculating a long-term public key pk=g sk;
b) The user computes ask 1=gv,ask2=pk·tpkv,(ask1,ask2) as an anonymous identity and generates multiple anonymous identities in the same manner.
4. The authentication method according to claim 1, wherein in the step S3, the TA performs the following calculation steps:
a) TA random selection of each public key So that y i=pki+ui is prime number, sequentially calculating Add (Acc i-1,yi)→Acci, finally obtaining acc=acc n, wherein pk i is a long-term public key of the user;
b) TA generates a membership proof for each user, calculates ω i=MemWitCreate(Acci,yi,[UPKn);
c) The TA distributes (Acc, ω i) to each user over the secure channel.
5. The authentication method according to claim 1, characterized in that the verification operation is in particular:
a) Receiver computing
B) Receiver judgment
If the verification is equal, the verification is passed, otherwise the verification fails.
6. The authentication method of claim 1, wherein if a malicious user is present, the following operations are performed by the TA to achieve tracking recovery of the sender identity:
a) Acquiring temporary identity information (apk 1,apk2) related to a malicious user;
b) Calculation using TA private key tsk The long-term public key of the user is obtained, so that the identity of the user is obtained.
7. A conditional anonymous authentication system based on knowledge signature is characterized by comprising an auditor, a message sender and a message receiver, wherein the auditor generates a traceable key pair and manages the accumulator state of recording access authority when the system is initialized, the sender generates a temporary identity pseudonym before sending the message, the knowledge signature is carried out on the message by using the evidence and the identity pseudonym, the receiver verifies the anonymous signature according to an authentication strategy after receiving the message, and the auditor can decrypt the identity pseudonym by using a traceable private key when performing audit operation to obtain a long-term public key of a user.
CN202211221482.4A 2022-10-08 2022-10-08 Conditional anonymous authentication system and method based on knowledge signature Active CN115622710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211221482.4A CN115622710B (en) 2022-10-08 2022-10-08 Conditional anonymous authentication system and method based on knowledge signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211221482.4A CN115622710B (en) 2022-10-08 2022-10-08 Conditional anonymous authentication system and method based on knowledge signature

Publications (2)

Publication Number Publication Date
CN115622710A CN115622710A (en) 2023-01-17
CN115622710B true CN115622710B (en) 2025-04-22

Family

ID=84861624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211221482.4A Active CN115622710B (en) 2022-10-08 2022-10-08 Conditional anonymous authentication system and method based on knowledge signature

Country Status (1)

Country Link
CN (1) CN115622710B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118921657A (en) * 2024-08-26 2024-11-08 武汉大学 Vehicle message anonymity traceable authentication method and device based on certificate-free signature

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609417A (en) * 2017-08-29 2018-01-19 北京航空航天大学 For the anonymous message transmission system and method audited and followed the trail of
CN107835082A (en) * 2017-12-15 2018-03-23 河海大学 A kind of traceable ring signatures authentication protocol of identity-based

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8266439B2 (en) * 2007-09-12 2012-09-11 Hewlett-Packard Development Company, L.P. Integrity verification of pseudonymized documents
CN111372248B (en) * 2020-02-27 2022-08-12 南通大学 An efficient anonymous identity authentication method in the Internet of Vehicles environment
CN113761582B (en) * 2021-09-29 2023-06-16 山东省计算中心(国家超级计算济南中心) Group signature-based supervision blockchain transaction privacy protection method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609417A (en) * 2017-08-29 2018-01-19 北京航空航天大学 For the anonymous message transmission system and method audited and followed the trail of
CN107835082A (en) * 2017-12-15 2018-03-23 河海大学 A kind of traceable ring signatures authentication protocol of identity-based

Also Published As

Publication number Publication date
CN115622710A (en) 2023-01-17

Similar Documents

Publication Publication Date Title
Kaaniche et al. A blockchain-based data usage auditing architecture with enhanced privacy and availability
CN111797427A (en) A blockchain user identity supervision method and system that takes into account privacy protection
CN116707791A (en) A distributed authentication key agreement method in an intelligent vehicle network connection system
CN109525583A (en) A kind of false voucher detection method and system of the service system that Identity Management is provided for third party
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
Aghabagherloo et al. An efficient and physically secure privacy-preserving authentication scheme for vehicular ad-hoc NETworks (VANETs)
CN115622710B (en) Conditional anonymous authentication system and method based on knowledge signature
Tiwari et al. A novel secure authentication scheme for VANETs
CN119603079B (en) Multi-system password security management method based on equipment authentication
Shieh et al. An authentication protocol without trusted third party
Zhao et al. Efficient multi-authority attribute-based signcryption with constant-size ciphertext
Li et al. A Privacy‐Preserving Authentication Scheme for VANETs with Exculpability
CN117896066B (en) A searchable encryption method for verifiable multi-user authorization across domains based on dual-chain architecture
Hu et al. A Bilateral Access Control Data Sharing Scheme for Internet of Vehicles
CN109687978B (en) Anti-quantum computing proxy digital signature method and system based on private key pool and Elgamal
CN118249996A (en) Data confidentiality method for deriving multiple encryption keys from single password and resisting back door attack
CN117118706A (en) Single sign-on transparentization method and system supporting bill privacy protection
CN109981289A (en) Batch authentication method of elliptic curve digital signature algorithm under implicit certificate
CN114389808A (en) Open ID protocol design method based on SM9 blind signature
CN119561699B (en) A lightweight smart meter authentication method and system based on analog-to-digital grouping
Jiang et al. Edge-assisted Puncturable Fine-grained Task Distribution for the IoT-oriented Crowdsensing
CN119109597B (en) A reverse firewall method for identity ring signature
CN113612750B (en) User identity privacy protection method for mobile crowd sensing network
CN119945685A (en) Group signature method to support distributed tracing and linking
Wang et al. Content-Moderated Bilateral Access Control for Privacy-Preserving Cloud Data Sharing Services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant