[go: up one dir, main page]

CN119449322A - A threshold signcryption method on a lattice capable of realizing equal value detection function - Google Patents

A threshold signcryption method on a lattice capable of realizing equal value detection function Download PDF

Info

Publication number
CN119449322A
CN119449322A CN202411552686.5A CN202411552686A CN119449322A CN 119449322 A CN119449322 A CN 119449322A CN 202411552686 A CN202411552686 A CN 202411552686A CN 119449322 A CN119449322 A CN 119449322A
Authority
CN
China
Prior art keywords
message
message receiver
algorithm
detection function
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411552686.5A
Other languages
Chinese (zh)
Other versions
CN119449322B (en
Inventor
赵梦舒
王保仓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202411552686.5A priority Critical patent/CN119449322B/en
Priority claimed from CN202411552686.5A external-priority patent/CN119449322B/en
Publication of CN119449322A publication Critical patent/CN119449322A/en
Application granted granted Critical
Publication of CN119449322B publication Critical patent/CN119449322B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a grid threshold signcryption method capable of realizing an equivalent detection function, wherein an improved threshold signcryption algorithm is adopted to generate a final ciphertext, the algorithm maintains the existing safety standard, meanwhile, the overall efficiency is improved through optimizing calculation steps and reducing the number of required participants, the algorithm also ensures that the calculation complexity is not obviously increased when equivalent detection is introduced in the signing process, in addition, the algorithm adopts an efficient signature generation and verification mechanism, signature can be quickly generated and verified under the condition of minimizing communication and calculation resource consumption, and particularly obvious time advantage is shown in a multi-participant threshold environment.

Description

Grid threshold signcryption method capable of realizing equivalent detection function
Technical Field
The invention belongs to the technical field of network security, and particularly relates to an on-grid threshold signcryption method capable of realizing an equivalent detection function.
Background
The signcryption technology is a technology for simultaneously completing data encryption and digital signature, and combines the traditional encryption and digital signature step by step. Specifically, the signing technology can realize various security assurance measures such as encryption, authentication, integrity verification, non-repudiation and the like of data by combining a digital signature and an encryption algorithm in one operation. Compared with the traditional encryption and signature stepwise operation, the advantages of the signature technology are that the computing total amount and the communication cost can be reduced, meanwhile, the integrity and the safety of the algorithm can be ensured, and information leakage and tampering are prevented.
Early threshold signcryption schemes were based on bilinear pairs, which were inefficient. The formatted security certification based on the threshold signcryption scheme, li et al propose the threshold signcryption scheme based on identity, under the random order model, prove that it meets confidentiality and existence and can not be forged, and the scheme does not need to store a public key dictionary and process a public key certificate, so that the storage cost is reduced. In addition, zheng et al propose a threshold signcryption scheme based on attributes, which uses DBDH and CBDH difficult assumptions for verification under standard model to prove its security. The certification-free threshold signcryption scheme proposed by Yu and Wang not only solves the key escrow problem and the certificate management problem, but also has high flexibility and expandability. In this scheme, the signer can generate the secret key by itself and split the secret key into a plurality of shares, and then distribute the shares to a plurality of trusted parties, and the trusted parties can finish the signer and decryption operations together under the condition of no mutual trust, so that compared with the traditional certificate signing scheme, the certification-free threshold signer scheme proposed by Yu and Wang has higher efficiency and stronger security. None of the above proposed solutions are resistant to quantum computing attacks.
Most of the threshold schemes proposed at present have the following drawbacks:
(1) Time consuming-the existing scheme may involve cumbersome steps and multiple communications in the signature generation and verification process, resulting in a longer overall process time consuming. This is a significant disadvantage for application scenarios requiring fast response;
(2) The security is insufficient, and part of the prior art can not provide enough security under certain attack scenes, especially when facing advanced cryptoanalysis and attack;
(3) The flexibility is poor, the existing scheme is possibly inflexible when adapting to different application scenes or user requirements, and the requirement change under specific conditions, such as insufficient requirement of peer-to-peer value detection, cannot be met.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a lattice threshold signcryption method capable of realizing an equivalent detection function. The technical problems to be solved by the invention are realized by the following technical scheme:
An on-grid threshold signcryption method capable of realizing an equivalent detection function comprises the following steps:
step1, inputting security parameters, and operating an initialization algorithm to output a public parameter set;
Step 2, each user side inputs the public parameter set and generates own public and private key pair by utilizing a key generation algorithm, wherein the user side comprises a message sender and a message receiver;
step 3, each user terminal generates a secret sharing value of the user terminal by utilizing a sharing algorithm according to the public and private keys of the user terminal and the secret sharing value of other user terminals;
step 4, the message sender calculates the final ciphertext of the message to be sent by using a threshold signcryption algorithm and a secret sharing value of the message sender, and sends the final ciphertext to the message receiver;
step 5, the message receiver verifies whether the final ciphertext is valid or not by using a decryption algorithm, and decrypts the message value from the valid final ciphertext;
And 6, the message receiver performs equivalence test on the received final ciphertext by using the self tag.
The beneficial effects are that:
1. The invention provides a lattice threshold signcryption method capable of realizing an equivalent detection function, wherein an improved threshold signcryption algorithm is adopted in the method to generate a final ciphertext, and the algorithm improves the overall efficiency by optimizing calculation steps and reducing the number of required participants while keeping the existing safety standard. In addition, the algorithm also ensures that the computational complexity is not increased significantly when equivalent detection is introduced in the signing process;
2. The invention designs a decryption algorithm which adopts a high-efficiency signature generation and verification mechanism, can quickly generate and verify the signature under the condition of minimizing communication and calculation resource consumption, and particularly shows obvious time advantage in a multi-participant threshold environment.
3. The invention introduces the equivalence detection attribute in the traditional threshold signcryption scheme, and the attribute allows whether equivalence exists between different ciphertexts or not to be effectively detected in the signature verification process, thereby improving the safety and flexibility of the system.
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Drawings
FIG. 1 is a flow chart of a method for on-grid threshold signcryption, which can realize the equivalent detection function.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but embodiments of the present invention are not limited thereto.
Aiming at the defects of the prior art, the invention provides a lattice threshold signcryption method capable of realizing the equivalent detection function, which can improve the efficiency of encryption and signature integration, the invention also provides an equivalent detection function, and can flexibly adapt to various application requirements, and particularly provides stronger adaptability and practicability in a scene where signature verification is required according to different conditions or data. And the unidirectional OW-CCA, the confidentiality IND-CCA2 and the non-counterfeitability UF-CMA are met, and the safety of the scheme is greatly improved.
The invention mainly solves the following technical problems:
The threshold signcryption scheme provided by the invention is designed for the interaction scene between the message sender U s and the message receiver U r, and mainly comprises five algorithm stages, namely an initialization algorithm, a secret key generation algorithm, a secret sharing algorithm, a threshold signcryption algorithm, a decryption algorithm and the like.
As shown in FIG. 1, the invention provides a lattice threshold signcryption method capable of realizing an equivalent detection function, which comprises the following steps:
step1, inputting security parameters, and operating an initialization algorithm to output a public parameter set;
specifically, step 1 includes:
Step 11, inputting a safety parameter n, a prime number q more than or equal to 3, a positive integer m more than or equal to 5nlogq and a Gaussian parameter And p complexity
Step 12, setting a collision-resistant hash function, wherein the collision-resistant hash function comprises a one-way collision-resistant hash function H= {0,1} *→{0,1}k, a collision-resistant hash function H' = {0,1} *→{-1,1}p and a hash functionWhere k is the message length;
Step 13, setting a signcryption user set u= { U 1,…,Ul }, where l is the set size, t is the threshold value, the identity of the user terminal U i is ID i, the identity of the message sender U s e U is ID s, and the message receiver The identity of (a) is ID r, i=1.. l;
step 14, setting the common parameter params= { q, m, n, σ, ω, k, H', H 1, l, t }.
Step 2, each user side inputs the public parameter set and generates own public and private key pair by utilizing a key generation algorithm, wherein the user side comprises a message sender and a message receiver;
specifically, step 2 includes:
Step 21, inputting common parameter params and selecting p+1 uniform random matrices And publishing;
Step 22, running trapdoor generation method TrapGen (q, n, m) generates a i、Ti、A′i and T i 'for user terminal U i (i=1,.,. L), and uses (a i,A′i,A1,…,Ap, B) as public key of user terminal U i and (T i,Ti') as private key of user terminal U i;
Step 23, running trapdoor generation algorithm TrapGen (q, n, m) generates a r、Tr、A′r and T' r for message recipient U r, and takes (a r,A′r,A1,…,Ap, B) as the public key of message recipient U r and (T r,T′r) as the private key of message recipient U r.
Step 3, each user terminal generates a secret sharing value of the user terminal by utilizing a sharing algorithm according to the public and private keys of the user terminal and the secret sharing value of other user terminals;
specifically, step 3 includes:
Step 31, the user terminal U i generates respective secret sharing values s i and randomly selects vectors Let a i0 =0, generate l t-1 order polynomials: f i(ξ)=ai(t-1)ξt-1+…+ai1ξ+ai0;
Step 32, the user ends U i and U j perform interactive computation s ij=fi(IDj), where j=1.
Step 33, the user U j outputs a secret sharing value
Step 4, the message sender calculates the final ciphertext of the message to be sent by using a threshold signcryption algorithm and a secret sharing value of the message sender, and sends the final ciphertext to the message receiver;
specifically, step 4 includes:
step 41, the message sender U s selects a message M e {0,1} k from the message space, where k is the message length, calculates f=h 1(IDs,IDr, M);
Step 42, the message sender U s sends the selected message M to the user end U i;
Step 43, the user terminal U i runs the original sampling algorithm SAMPLEPRE (a i,Ti,σ,f+si) to obtain the signature e i of the message M and send the signature e i to the message sender U s;
Step 44, if the number of signatures e i received by the message sender U s is greater than or equal to the threshold t, the message sender U s runs the general primitive sampling algorithm SAMPLEMAT (A s,Ts,σ,Ai) to obtain C i, and calculates Wherein the method comprises the steps ofD=(l!)2,
Step 45, message sender U s selects uniform random vectorsRandomly selectCalculation ofAnd calculate to obtain partial ciphertext value
At step 46, the message sender U s calculates b=h' (c 1‖c2)∈{-1,1}p,
Step 47, selecting p uniform random matrices R i∈{-1,1}m×m, where i=1,..p, and defining
Step 48, message sender U s randomly selectsThe calculation of z 1=RTy1 is carried out,
In step 49, the message sender U s sends the final ciphertext c= (e, C 1,c2,c3,c4) to the message receiver U r.
Step 5, the message receiver verifies whether the final ciphertext is valid or not by using a decryption algorithm, and decrypts the message value from the valid final ciphertext;
specifically, step 5 includes:
In step 51, the message recipient U r calculates b=h' (c 1‖c2)∈{-1,1}p) and runs the left sampling algorithm Obtaining
Step 52, message recipient U r calculates
Step 53, message recipient U r compares w i with k for each i=1If so, outputting M i =1, otherwise outputting M i =0 to obtain M;
Step 54, message recipient U r runs a left sampling algorithm Obtaining
Step 55, message recipient I r calculation
Step 56, message recipient U r compares w i' with k for each i=1If the two pieces are close, outputting h i =1, otherwise outputting h i =0 to obtain h;
The approach of the invention means that the difference value between the two is within a tolerance range, the approach of the two is determined, otherwise, the approach is not considered, the tolerance range is a preset range, and the adjustment can be carried out according to actual conditions.
In step 57, if a s e=df, |e|β+|β and h=h (M) are all true, the message receiver U r solves the message value M from the final ciphertext c= (e, C 1,c2,c3,c4), otherwise, outputs Σ.
And 6, the message receiver performs equivalence test on the received final ciphertext by using the self tag.
Specifically, step 6 includes:
Step 61, setting a tag value of the message receiver U r;
This step takes part of the private key of the message receiver U r (T r,T′r) as the tag value, denoted T r=T′r.
And step 62, each message receiver performs equivalence test on the final ciphertext received by the message receiver by using the tag value of the message receiver.
Specifically, step 62 includes:
Step 621, determining any two message receivers, one is a message receiver U ri and the other is a message receiver U rj, wherein the label t ri=T′ri of the message receiver U ri and a received final ciphertext C i;
In step 622, the message receiver U ri performs the following operations:
First calculate b i=H′(ci1‖ci2)=(bi1,…,bip), run left sampling algorithm The preparation method of the catalyst comprises the steps of obtaining g i,Second calculateFinally for each d=1..k, w id is compared toIf approaching, outputting h id =1, otherwise outputting h id =0 to obtain h i;
In step 623, the message recipient U rj performs the following operations:
Calculation b j=H′(ci1‖ci2)=(bj1,…,bjp), running a left sampling algorithm The preparation method of the catalyst comprises the steps of obtaining g j,Second calculateFinally for each d=1..k, w jd is compared toIf approaching, outputting h jd =1, otherwise outputting h jd =0 to obtain h j;
Step 624, if h i=hj, output an output value of 1 indicating that the final ciphertext equivalent test was successful, otherwise output 0.
The invention provides a grid threshold signcryption method capable of realizing an equivalent detection function, wherein an improved threshold signcryption algorithm is adopted to generate a final ciphertext, the algorithm maintains the existing safety standard, meanwhile, the overall efficiency is improved through optimizing calculation steps and reducing the number of required participants, the algorithm also ensures that the calculation complexity is not obviously increased when equivalent detection is introduced in the signing process, in addition, the algorithm adopts an efficient signature generation and verification mechanism, signature can be quickly generated and verified under the condition of minimizing communication and calculation resource consumption, and particularly obvious time advantage is shown in a multi-participant threshold environment.
It is noted that the terms "first," "second," and "second" are used herein for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.

Claims (9)

1.一种可实现等值检测功能的格上门限签密方法,其特征在于,包括:1. A threshold signcryption method on a grid capable of realizing an equal value detection function, characterized in that it comprises: 步骤1,输入安全参数,并运行初始化算法输出公共参数合集;Step 1: Input security parameters and run the initialization algorithm to output a set of public parameters; 步骤2,每个用户端输入所述公共参数合集,并利用密钥生成算法生成自身的公私钥对;所述用户端包括消息发送方和消息接收方;Step 2, each user terminal inputs the public parameter set and generates its own public and private key pair using a key generation algorithm; the user terminal includes a message sender and a message receiver; 步骤3,每个用户端根据自身的公私钥以及其他用户端秘密共享值,利用分享算法生成自身的秘密共享值;Step 3: Each client generates its own secret sharing value using a sharing algorithm based on its own public and private keys and the secret sharing values of other clients. 步骤4,消息发送方利用门限签密算法和自身的秘密共享值,计算出需要发送消息的最终密文,并发送至消息接收方;Step 4: The message sender uses the threshold signcryption algorithm and its own secret shared value to calculate the final ciphertext of the message to be sent, and sends it to the message receiver; 步骤5,消息接收方利用解秘密算法验证所述最终密文是否有效,并从有效的最终密文解密出消息值;Step 5: The message receiver verifies whether the final ciphertext is valid using a decryption algorithm, and decrypts the message value from the valid final ciphertext; 步骤6,所述消息接收方利用自身的标签,对接收到的最终密文进行等值测试。Step 6: The message receiver uses its own tag to perform an equivalence test on the received final ciphertext. 2.根据权利要求1所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤1包括:2. The upper threshold signcryption method capable of realizing equal value detection function according to claim 1, characterized in that step 1 comprises: 步骤11,输入安全参数n、素数q≥3、正整数m≥5nlogq、高斯参数和p的复杂度 Step 11: Input security parameter n, prime number q≥3, positive integer m≥5nlogq, Gaussian parameter and the complexity of p 步骤12,设置抗碰撞哈希函数,所述抗碰撞哈希函数包括:单向抗碰撞哈希函数H={0,1}*→{0,1}k、抗碰撞哈希函数H′={0,1}*→{-1,1}p、哈希函数其中k是消息长度;Step 12: Set a collision-resistant hash function, which includes: a one-way collision-resistant hash function H = {0,1} * → {0,1} k , a collision-resistant hash function H′ = {0,1} * → {-1,1} p , and a hash function Where k is the message length; 步骤13,设置签密用户集合U={U1,…,Ul},其中l是集合大小,t是门限值,用户端Ui身份为IDi,消息发送方Us∈U的身份为IDs,消息接收方的身份为IDr,i=1,…,l;Step 13: Set the signcryption user set U = {U 1 ,…,U l }, where l is the set size, t is the threshold value, the identity of the user end U i is ID i , the identity of the message sender U s ∈ U is ID s , and the identity of the message receiver is The identity is ID r , i=1,…,l; 步骤14,设置公共参数params={q,m,n,σ,ω,k,H,H′,H1,l,t}。Step 14: Set common parameters params = {q, m, n, σ, ω, k, H, H′, H 1 , l, t}. 3.根据权利要求2所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤2包括:3. The upper threshold signcryption method capable of realizing equal value detection function according to claim 2, characterized in that step 2 comprises: 步骤21,输入公共参数params以及选择p+1个均匀随机矩阵A1,…,Ap, 并公布;Step 21, input common parameters params and select p+1 uniform random matrices A 1 ,…,A p , and publish; 步骤22,运行陷门生成法TrapGen(q,n,m)为用户端Ui(i=1,…,l)生成ai、Ti、A′i和Ti′,并将(Ai,A′i,A1,…,Ap,B)作为用户端Ui的公钥,将(Ti,Ti′)作为用户端Ui的私钥;Step 22, run the trapdoor generation method TrapGen (q, n, m) to generate ai , Ti , A'i and Ti ' for the user terminal Ui (i = 1, ..., l), and use ( Ai , A'i , A1 , ..., Ap , B) as the public key of the user terminal Ui , and use ( Ti , Ti ') as the private key of the user terminal Ui ; 步骤23,运行陷门生成算法TrapGen(q,n,m)为消息接收方Ur生成Ar、Tr、A′r和Tr′,并将(Ar,A′r,A1,…,Ap,B)作为消息接收方Ur的公钥,将(Tr,Tr′)作为消息接收方Ur的私钥。Step 23, run the trapdoor generation algorithm TrapGen(q,n,m) to generate A r , Tr , A′ r and Tr ′ for the message receiver Ur , and use (A r , A′ r , A 1 ,…,A p , B) as the public key of the message receiver Ur , and use ( Tr , Tr ′) as the private key of the message receiver Ur . 4.根据权利要求3所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤3包括:4. The upper threshold signcryption method capable of realizing equal value detection function according to claim 3, characterized in that step 3 comprises: 步骤31,用户端Ui生成各自的秘密共享值si,并随机选择向量令ai0=0,生成l个t-1阶多项式:fi(ξ)=ai(t-1)ξt-1+…+ai1ξ+ai0Step 31: User terminal U i generates its own secret shared value s i and randomly selects vector Let a i0 = 0, generate l t-1 order polynomials: fi (ξ) = a i(t-1) ξ t-1 +…+a i1 ξ+a i0 ; 步骤32,用户端Ui和Uj进行交互计算sij=fi(IDj),其中j=1,…,l;Step 32, user terminals U i and U j interactively calculate s ij = fi (ID j ), where j=1,…,l; 步骤33,用户端Uj输出秘密共享值 Step 33: User terminal U j outputs the secret shared value 5.根据权利要求4所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤4包括:5. The upper threshold signcryption method capable of realizing equal value detection function according to claim 4, characterized in that step 4 comprises: 步骤41,消息发送方Us从消息空间中选择消息M∈{0,1}k,其中k是消息长度,计算g=H1(IDs,IDr,M);Step 41, the message sender U s selects a message M∈{0,1} k from the message space, where k is the message length, and calculates g=H 1 (ID s ,ID r ,M); 步骤42,消息发送方Us将所选消息M发送给用户端UiStep 42, the message sender U s sends the selected message M to the user terminal U i ; 步骤43,用户端Ui运行原像抽样算法SamplePre(Ai,Ti,σ,f+si)获得对消息M的签名ei并发送至消息发送方UsStep 43, the user terminal U i runs the original image sampling algorithm SamplePre(A i ,T i ,σ,f+s i ) to obtain the signature e i of the message M and sends it to the message sender U s ; 步骤44,如果消息发送方Us收到的签名ei数量大于或等于门限值t,则消息发送方Us运行一般原像抽样算法SampleMat(As,Ts,σ,Ai)获得Ci,并计算其中D=(l!)2 Step 44: If the number of signatures e i received by the message sender U s is greater than or equal to the threshold value t, the message sender U s runs the general original image sampling algorithm SampleMat(A s ,T s ,σ,A i ) to obtain C i , and calculates in D = (l!) 2 , 步骤45,消息发送方Us选取均匀随机向量d1,随机选取x1,计算并计算得到部分密文值 Step 45, the message sender U s selects a uniform random vector d 1 , Randomly select x 1 , calculate And calculate the partial ciphertext value 步骤46,消息发送方Us计算b=H′(c1‖c2)∈{-1,1}p Step 46: The message sender U s calculates b = H′(c 1 ‖c 2 )∈{-1,1} p , 步骤47,选取p个均匀随机矩阵Ri∈{-1,1}m×m,其中i=1,…,p,并定义 Step 47, select p uniform random matrices R i ∈ {-1, 1} m×m , where i = 1, …, p, and define 步骤48,消息发送方Us随机选择y1,计算z1=RTy1, Step 48, the message sender U s randomly selects y 1 , Calculate z 1 = R T y 1 , 步骤49,消息发送方Us将最终密文C=(e,c1,c2,c3,c4)发送至消息接收方UrStep 49: The message sender U s sends the final ciphertext C=(e, c 1 , c 2 , c 3 , c 4 ) to the message receiver Ur . 6.根据权利要求5所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤5包括:6. The upper threshold signcryption method capable of realizing equal value detection function according to claim 5, characterized in that step 5 comprises: 步骤51,消息接收方Ur计算b=H′(c1‖c2)∈{-1,1}p,并运行左抽样算法得到 Step 51: The message receiver Ur calculates b = H′(c 1 ‖c 2 )∈{-1,1} p and runs the left sampling algorithm get 步骤52,消息接收方Ur计算 Step 52: The message receiver Ur calculates 步骤53,消息接收方Ur对于每个i=1,…,k,比较wi是否接近,如果接近,则输出Mi=1,否则输出Mi=0,得到M;Step 53: The message receiver Ur compares w i with Are they close? If they are close, output Mi = 1, otherwise output Mi = 0, and get M; 步骤54,消息接收方Ur运行左抽样算法得到 Step 54: The message receiver Ur runs the left sampling algorithm get 步骤55,消息接收方Ur计算 Step 55, the message receiver Ur calculates 步骤56,消息接收方Ur对于每个i=1,…,k,比较wi′和是否接近,如果接近则输出hi=1,否则输出hi=0,得到h;Step 56: The message receiver Ur compares w i ′ and Are they close? If they are close, output h i = 1; otherwise, output h i = 0, and get h; 步骤57,如果Ase=Df,‖e‖≤β以及h=H(M)均成立,则消息接收方Ur从最终密文C=(e,c1,c2,c3,c4)中解出消息值M,否则输出⊥。Step 57: If Ase =Df, ‖e‖≤β and h=H(M) all hold, the message receiver Ur deciphers the message value M from the final ciphertext C=(e, c1 , c2 , c3 , c4 ), otherwise it outputs ⊥. 7.根据权利要求6所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤6包括:7. The upper threshold signcryption method capable of realizing equal value detection function according to claim 6, characterized in that step 6 comprises: 步骤61,设置消息接收方Ur的标签值;Step 61, setting the tag value of the message receiver Ur ; 步骤62,每个消息接收方利用自身的标签值,对自身接收到的最终密文进行等值测试。Step 62: Each message receiver uses its own tag value to perform an equivalence test on the final ciphertext it receives. 8.根据权利要求7所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤61包括:8. The upper threshold signcryption method capable of realizing equal value detection function according to claim 7, characterized in that step 61 comprises: 将消息接收方Ur的私钥(Tr,Tr′)中的部分私钥作为标签值,表示为tr=Tr′。A part of the private key ( Tr , Tr ') of the message receiver Ur is used as the tag value, which is expressed as tr = Tr '. 9.根据权利要求8所述的可实现等值检测功能的格上门限签密方法,其特征在于,步骤62包括:9. The upper threshold signcryption method capable of realizing equal value detection function according to claim 8, characterized in that step 62 comprises: 步骤621,确定任意两个消息接收方,一个为消息接收方Uri,另一个为消息接收方Urj;其中,消息接收方Uri的标签tri=Tri和接收到的一个最终密文CiStep 621, determine any two message receivers, one is the message receiver U ri and the other is the message receiver U rj ; wherein the label t ri = Tr i of the message receiver U ri and a received final ciphertext C i ; 步骤622,消息接收方Uri执行下述操作:Step 622: The message receiver Uri performs the following operations: 首先计算bi=H′(ci1‖ci2)=(bi1,…,bip),运行左抽样算法得到gi;其中,其次计算最后对于每个d=1,…,k,比较wid是否接近,如果接近则输出hid=1,否则输出hid=0,得到hiFirst, calculate bi =H′( ci1 ‖ci2 )=( bi1 ,…, bip ), and run the left sampling algorithm Get g i ; where, Second, calculate Finally, for each d=1,…,k, compare w id and Are they close? If they are close, output hi id = 1; otherwise, output hi id = 0, and get hi ; 步骤623,消息接收方Urj执行下述操作:Step 623: The message receiver Urj performs the following operations: 计算bj=H′(ci1‖ci2)=(bj1,…,bjp),运行左抽样算法 得到gj;其中,其次计算最后对于每个d=1,…,k,比较wjd是否接近,如果接近则输出hjd=1,否则输出hjd=0,得到hjCalculate b j =H′(c i1 ‖c i2 )=(b j1 ,…,b jp ) and run the left sampling algorithm Get g j ; where, Second, calculate Finally, for each d=1,…,k, compare w jd and Are they close? If they are close, output h jd = 1; otherwise, output h jd = 0, and get h j ; 步骤624,如果hi=hj,输出表示最终密文等值测试成功的输出值1,否则输出0。Step 624: if hi = hj , output an output value 1 indicating that the final ciphertext equality test is successful; otherwise, output 0.
CN202411552686.5A 2024-11-01 Grid threshold signcryption method capable of realizing equivalent detection function Active CN119449322B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411552686.5A CN119449322B (en) 2024-11-01 Grid threshold signcryption method capable of realizing equivalent detection function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411552686.5A CN119449322B (en) 2024-11-01 Grid threshold signcryption method capable of realizing equivalent detection function

Publications (2)

Publication Number Publication Date
CN119449322A true CN119449322A (en) 2025-02-14
CN119449322B CN119449322B (en) 2025-10-17

Family

ID=

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996012362A2 (en) * 1994-10-14 1996-04-25 Stefanus Alfonsus Brands Secret-key certificates
CN102694654A (en) * 2012-05-25 2012-09-26 孙华 Identity-based threshold ring signcryption method
CN103973449A (en) * 2014-04-23 2014-08-06 南通大学 ABOOE method capable of being proved to be safe
EP3410633A1 (en) * 2017-06-02 2018-12-05 Analog Devices, Inc. Device and system with global tamper resistance
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A structured encryption method and system for equality testing based on cloud service platform
CN110176995A (en) * 2019-06-17 2019-08-27 西安邮电大学 Afterwards without certificate label decryption method on the lattice of quantum safety
CN110719159A (en) * 2019-09-24 2020-01-21 河南师范大学 Multi-party Privacy Set Intersection Method Against Malicious Adversaries
CN111475796A (en) * 2020-03-20 2020-07-31 南京如般量子科技有限公司 Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station
CN112260830A (en) * 2020-10-21 2021-01-22 青海交通职业技术学院 Certificateless threshold signcryption method under secret sharing mechanism
US20210090072A1 (en) * 2017-04-07 2021-03-25 nChain Holdings Limited Method and system for secure data record distribution using a blockchain
CN115037556A (en) * 2022-08-09 2022-09-09 晨越建设项目管理集团股份有限公司 Authorized sharing method for encrypted data in smart city system
CN115550007A (en) * 2022-09-22 2022-12-30 淮阴工学院 Signcryption method and system with equivalence test function based on heterogeneous system
CN117640082A (en) * 2023-12-06 2024-03-01 西华大学 A batch ciphertext equivalence test method and device
CN118432822A (en) * 2024-02-28 2024-08-02 西安电子科技大学 A Signcryption Method with Equality Testing Properties

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996012362A2 (en) * 1994-10-14 1996-04-25 Stefanus Alfonsus Brands Secret-key certificates
CN102694654A (en) * 2012-05-25 2012-09-26 孙华 Identity-based threshold ring signcryption method
CN103973449A (en) * 2014-04-23 2014-08-06 南通大学 ABOOE method capable of being proved to be safe
US20210090072A1 (en) * 2017-04-07 2021-03-25 nChain Holdings Limited Method and system for secure data record distribution using a blockchain
EP3410633A1 (en) * 2017-06-02 2018-12-05 Analog Devices, Inc. Device and system with global tamper resistance
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A structured encryption method and system for equality testing based on cloud service platform
CN110176995A (en) * 2019-06-17 2019-08-27 西安邮电大学 Afterwards without certificate label decryption method on the lattice of quantum safety
CN110719159A (en) * 2019-09-24 2020-01-21 河南师范大学 Multi-party Privacy Set Intersection Method Against Malicious Adversaries
CN111475796A (en) * 2020-03-20 2020-07-31 南京如般量子科技有限公司 Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station
CN112260830A (en) * 2020-10-21 2021-01-22 青海交通职业技术学院 Certificateless threshold signcryption method under secret sharing mechanism
CN115037556A (en) * 2022-08-09 2022-09-09 晨越建设项目管理集团股份有限公司 Authorized sharing method for encrypted data in smart city system
CN115550007A (en) * 2022-09-22 2022-12-30 淮阴工学院 Signcryption method and system with equivalence test function based on heterogeneous system
CN117640082A (en) * 2023-12-06 2024-03-01 西华大学 A batch ciphertext equivalence test method and device
CN118432822A (en) * 2024-02-28 2024-08-02 西安电子科技大学 A Signcryption Method with Equality Testing Properties

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
C. HE, B. ZHANG, L. ZHANG, Z. XI, Y. FANG AND Y. WANG: "Lightweight Certificateless Encryption Supporting Equality Test without Bilinear Pairing", 2023 4TH INFORMATION COMMUNICATION TECHNOLOGIES CONFERENCE (ICTC), NANJING, CHINA, 2023, 23 June 2023 (2023-06-23) *
QUANBO QU, BAOCANG WANG, LEIZHANG WANG, YUEJUN WANG, YINGFEI YAN: "More efficient tightly-secure lattice-based IBE with equality test", COMPUTER STANDARDS & INTERFACES ( IF 3.1 ), 5 March 2023 (2023-03-05) *
ZHICHAO YANG, DEBIAO HE, LONGJIANG QU, QING YE: "An Efficient Identity-Based Encryption With Equality Test in Cloud Computing", IEEE TRANSACTIONS ON CLOUD COMPUTING(VOLUME:11, ISSUE:3, 01 JULY-SEPT.2023), 23 February 2023 (2023-02-23) *
杨小东、陈艾佳 、汪志松、廖泽帆、王彩芬: "基于区块链的多授权密文策略属性基等值测试加密方案", 电子学报, no. 2024, 10 May 2024 (2024-05-10) *
江明明, 胡予濮, 王保仓, 来齐齐, 刘振华: "格上基于身份的单向代理重签名", 电子与信息学报, vol. 36, no. 3, 2 June 2014 (2014-06-02) *
祁正华;杨庚;陈伟;王卉;: "ITBES:一种基于门限与身份的WSN加密签名方法", 南京邮电大学学报(自然科学版), no. 05, 15 October 2009 (2009-10-15) *

Similar Documents

Publication Publication Date Title
CN108667625B (en) Digital signature method of cooperative SM2
Chen et al. Efficient certificateless online/offline signcryption scheme for edge IoT devices
CN113132104B (en) A proactive and secure two-party generation method for ECDSA digital signatures
WO2017041669A1 (en) Password based key exchange from ring learning with er-rors
CN111049738B (en) E-mail data security protection method based on hybrid encryption
CN113901506B (en) Post-quantum encryption method supporting multi-party private data operation in secret state
CN110086630B (en) A Generating Method of Digital Signature Based on Edwards Curve
CN109981269B (en) A safe and efficient SM9 multi-party key distribution method and device
CN111404693A (en) Reverse password firewall method suitable for digital signature
CN117879833A (en) Digital signature generation method based on improved elliptic curve
Fan et al. Security analysis and improvement of the certificateless aggregate signature schemes
Bicakci et al. Server assisted signatures revisited
Pal et al. Diffie-Hellman key exchange protocol with entities authentication
Liu et al. pKAS: A Secure Password‐Based Key Agreement Scheme for the Edge Cloud
CN119449322B (en) Grid threshold signcryption method capable of realizing equivalent detection function
CN116896448A (en) Grating-password-based non-trapdoor non-certificate aggregation signature and verification method
Bicakci et al. Saots: A new efficient server assisted signature scheme for pervasive computing
CN119449322A (en) A threshold signcryption method on a lattice capable of realizing equal value detection function
CN116346363A (en) Digital signature method based on collaborative ECC
Shen et al. Asymmetric Group Key Agreement Protocol from Short Signatures
Porambage et al. Public key based protocols–ec crypto
Dugardin et al. A new fair identity based encryption scheme
Nam et al. An offline dictionary attack against a three-party key exchange protocol
Ren et al. Authenticated Group Key Agreement Protocol to Prevent Impersonation Attacks.
Xinglin et al. A Two-Party Collaborative Blind Signature Scheme Based on SM9

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant