CN110086628B

CN110086628B - A method for elliptic curve signature in single-source network coding environment

Info

Publication number: CN110086628B
Application number: CN201910326163.1A
Authority: CN
Inventors: 俞惠芳; 李雯
Original assignee: Xian University of Posts and Telecommunications
Current assignee: Xian University of Posts and Telecommunications
Priority date: 2019-04-23
Filing date: 2019-04-23
Publication date: 2022-02-25
Anticipated expiration: 2039-04-23
Also published as: CN110086628A

Abstract

A method for elliptic curve signature under single-source network coding environment comprises the steps of system initialization, generation of a single-source network coding key pair, determination of a hash value of a message, elliptic curve signature of a source node, message combination, elliptic curve signature of an intermediate node and signature verification. The invention adopts elliptic curve signature and homomorphic hash function, simplifies the verification process of the intermediate node, reduces the calculation complexity, reduces the energy consumption, resists the pollution in generations, and simultaneously introduces the generation identifier to effectively resist the pollution between generations. The invention has the advantages of strong safety, high calculation efficiency and the like, and can be popularized and applied in single-source network coding.

Description

Elliptic curve signature method under single-source network coding environment

Technical Field

The invention belongs to the technical field of network information security, and particularly relates to an elliptic curve signature method and a homomorphic hash function in single-source network coding and cryptography.

Background

In a conventional communication network, intermediate nodes of the network can only forward incoming data packets without any processing of the data content. By adopting the network coding, not only can the network resources be greatly saved, but also the network transmission rate, the throughput and the reliability can be improved, and the energy consumption can be reduced. The method has great advantages in improving the comprehensive performance of the network, but brings a plurality of pollution threats. The system is polluted by the pollution of nodes or unstable network communication transmission and the like. The pollution information is combined with other effective messages through coding transmission, so that pollution is transmitted to other messages, and finally, a communication system is crashed to prevent a sink node from recovering original information. These insecurity factors greatly limit the application range of network coding, and prevent the application of the network coding in real life.

The traditional elliptic curve digital signature method can not resist the pollution in generations and the pollution between generations, the problem that the elliptic curve signature method in the single-source network coding environment is not adopted to resist the pollution in generations and the pollution between generations at present, and how to construct the elliptic curve homomorphic signature in the single-source network coding environment is a technical problem which needs to be urgently solved in the cryptology at present.

Disclosure of Invention

The technical problem to be solved by the present invention is to overcome the above drawbacks of the prior art, and to provide a method for elliptic curve signature in a single-source network coding environment, which has strong security and high computational efficiency, and can resist intra-generation pollution and inter-generation pollution.

The technical scheme adopted for solving the technical problems comprises the following steps:

A. system initialization

(A1) Trusted party defines a finite field F_qUpper elliptic curve E:

y²≡x³+ax+b

wherein a, b ∈ F_qQ is a large prime number in a finite positive integer satisfying 4a³+27b²Constant not equal to 0.

(A2) The trusted party sends an identifier I of the generation in the appointed single-source network code to the source node of the single-source network code through a secret channel:

I＝{I₁,I₂,…,I_n}

where n is a finite positive integer.

(A3) Selection of cryptographically secure Hash function H by trusted party_G：

{0,1}^*→G₁

Wherein G is₁Is a group of addition cycles of order large prime d.

(A4) The trusted party selects a, a e (1,2, t), determining a private key S of a generation in the single-source network coding_SKPrivate key K of elliptic curve signature, public key P of elliptic curve signature:

S_SK＝α·H_G(I)

K＝η·S_SK

P＝K·G

wherein eta is an secret random number selected by a trusted authority, G is a base point on an elliptic curve E, and H_G(I) Is a hash value of the generation identity.

(A5) The trusted party selects a cryptographically secure Hash function h as:

{0,1}^*→Z_q

wherein Z_q∈{1,2,...,q}。

(A6) The trusted party discloses a system parameter z:

z＝(E,F_q,G,q,t,h,P,H_G)

where t is the order of the trustable chosen base point G and is a prime number in the finite positive integer.

B. Generating a private key K for a single-source network code₀And a public key P₀

(B1) Determining a private key K of a source node of a single source network coding₀And a public key P₀：

K₀＝η₀·S_SK

P₀＝K₀·G

Wherein eta₀E {1, 2.. eta., t } is a secret random number chosen by the trusted party, t being a finite positive integer.

(B2) Determining a private key K of an intermediate node of a single-source network code_idAnd a public key P_id：

K_id＝η_id·S_SK

P_id＝K_id·G

Wherein eta_idIs 1, 2.. t, a secret random number chosen for the trusted party, id is 1, 2.. e, e is the number of intermediate nodes.

C. Determining hash value of message

Cancellation generated by source nodeThe message M is divided into M modules M₁,M₂,...,M_mEach module is an n-dimensional vector, represented as:

expanding all modules into a vector V with m + n dimensions_i：

V_i＝(v_i,1,v_i,2,...,v_i,m+n)

Where i ∈ {1,2, …, m }, a message vector V is determined_iHash function value of (1):

wherein R is_jA set of base point sets on the elliptic curve is randomly selected for the source node and the order is t.

D. Elliptic curve signature on source node of single-source network coding

(D1) Credible side randomly selects K'₀E {1,2, …, t }, determining X₀：

X₀＝h(V_i,K′₀)·G

In the formula X₀Is a point (x) on the elliptic curve₀,y₀)。

(D2) Determining r of a source node₀,S₀：

r₀＝x₀modt

S₀＝(h(V_i,K′₀)+r₀-h(V_i)K₀)modt

(D3) Determining a signature σ of a source node₀：

σ₀＝(r₀,S₀,H_G(I))

(D4) Vector V of messages_iHash value h (V) of message_i) Message signature σ₀And sending the data to an intermediate node or a sink node of the single-source network coding.

E. Message assembly

(E1) The intermediate node of the single source network coding combines the messages into:

where a is the global coding vector of the message, a ═ a₁,a₂,...,a_m) And i is a finite positive integer.

(E2) Determining a hash function value h (w) for the combined message w:

where m is a finite positive integer.

F. Elliptic curve signature on intermediate node of single-source network coding

(F1) Credible side randomly selects K'_idE {1,2, …, t }, determining X_id：

X_id＝h(w,K′_id)·G

In the formula X_idIs a point (x) on the elliptic curve_id,y_id)。

(F2) Determining an intermediate node r_id,S_id：

r_id＝x_idmodt

S_id＝(h(w,K′_id)+r_id-h(w)K_id)modt

(F3) Signature σ of intermediate node_id：

σ_id＝(r_id,S_id,H′_G(I))

G. Signature verification by the receiver

(G1) Recipient verification H_G(I)＝H′_G(I) And if the judgment result is true, the signature is accepted, and if the judgment result is true, the signature is rejected.

(G2) Determining U of receiver₁,U₂：

U₁＝(S_id-r_id)modt

U₂＝h(w)modt

(G3) The recipient determines X:

X＝U₁G+U₂P_id

x is a point (X ') on the elliptic curve'_id,y′_id)。

(G4) The recipient determines V':

V′＝x′_idmodt

(G5) receiver authentication V ═ r_idIf the elliptic curve signature is established, the elliptic curve signature is successful; otherwise the elliptic curve signature fails.

The invention adopts elliptic curve signature and homomorphic hash function, simplifies the verification process of the intermediate node, reduces the calculation complexity, reduces the energy consumption, can resist the pollution in generations and can effectively resist the pollution between generations. The invention has the advantages of strong safety, high calculation efficiency and the like, and can be popularized and applied in single-source network coding.

Drawings

FIG. 1 is a flowchart of example 1 of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the following drawings and examples, but the present invention is not limited to these examples.

Example 1

This embodiment uses an elliptic curve y²≡x³+ ax + b mod q, large prime q 1229388206666334394638158784063623508484129267643 as an example, the method for homomorphic signature of elliptic curve of single-source network coding consists of the following steps (as shown in fig. 1):

A. system initialization

(A1) Trusted party defines a finite field F_qUpper elliptic curve E:

y²≡x³+ax+b

wherein a, b ∈ F_qQ is a large prime number in finite positive integers, q is 1229388206666334394638158784063623508484129267643, and satisfies 4a³+27b²Constant not equal to 0.

I＝{I₁,I₂,…,I_n}

where n is a finite positive integer.

{0,1}^*→G₁

Wherein G is₁Is a group of addition cycles of order large prime d.

(A4) The credible party selects alpha, alpha E (1, 2.. eta., t) and determines the private key S of the generation in the single-source network coding_SKPrivate key K of elliptic curve signature, public key P of elliptic curve signature:

S_SK＝α·H_G(I)

K＝η·S_SK

P＝K·G

(A5) The trusted party selects a cryptographically secure Hash function h as:

{0,1}^*→Z_q

wherein Z_q∈{1,2,...,1229388206666334394638158784063623508484129267643}。

(A6) The trusted party discloses a system parameter z:

z＝(E,F_q,G,q,t,h,P,H_G)

K₀＝η₀·S_SK

P₀＝K₀·G

K_id＝η_id·S_SK

P_id＝K_id·G

C. Determining hash value of message

The message M generated by the source node is divided into M modules M₁,M₂,...,M_mEach module is an n-dimensional vector, represented as:

expanding all modules into a vector V with m + n dimensions_i：

V_i＝(v_i,1,v_i,2,...,v_i,m+n)

D. Elliptic curve signature on source node of single-source network coding

(D1) Credible side randomly selects K'₀E {1,2, …, t }, determining X₀：

X₀＝h(V_i,K′₀)·G

In the formula X₀Is a point (x) on the elliptic curve₀,y₀)。

(D2) Determining r of a source node₀,S₀:

r₀＝x₀modt

S₀＝(h(V_i,K′₀)+r₀-h(V_i)K₀)modt

(D3) Determining a signature σ of a source node₀：

σ₀＝(r₀,S₀,H_G(I))

E. Message assembly

(E2) Determining a hash function value h (w) for the combined message w:

where m is a finite positive integer.

(F1) Credible side randomly selects K'_idE {1,2, …, t }, determining X_id：

X_id＝h(w,K′_id)·G

In the formula X_idIs a point (x) on the elliptic curve_id,y_id)。

(F2) Determining an intermediate node r_id,S_id：

r_id＝x_idmodt

S_id＝(h(w,K′_id)+r_id-h(w)K_id)modt

(F3) Signature σ of intermediate node_id：

σ_id＝(r_id,S_id,H′_G(I))

G. Signature verification by the receiver

(G2) Determining U of receiver₁,U₂：

U₁＝(S_id-r_id)modt

U₂＝h(w)modt

(G3) The recipient determines X:

X＝U₁G+U₂P_id

x is a point (X ') on the elliptic curve'_id,y′_id)。

(G4) The recipient determines V':

V′＝x′_idmodt

Example 2

This embodiment uses an elliptic curve y²≡x³+ ax + b mod q, large prime q 1449849246051449679173689466738734355356891578223 as an example, the method for homomorphic signature of elliptic curve of single-source network coding comprises the following steps:

A. system initialization

(A1) Trusted party defines a finite field F_qUpper elliptic curve E:

y²≡x³+ax+b

wherein a, b ∈ F_qQ is a large prime number in finite positive integers, q is 1449849246051449679173689466738734355356891578223, and satisfies 4a³+27b²Constant not equal to 0.

I＝{I₁,I₂,…,I_n}

where n is a finite positive integer.

{0,1}^*→G₁

Wherein G is₁Is a group of addition cycles of order large prime d.

S_SK＝α·H_G(I)

K＝η·S_SK

P＝K·G

(A5) The trusted party selects a cryptographically secure Hash function h as:

{0,1}^*→Z_q

wherein Z_q∈{1,2,...,1449849246051449679173689466738734355356891578223}。

(A6) The trusted party discloses a system parameter z:

z＝(E,F_q,G,q,t,h,P,H_G)

the other steps were the same as in example 1.

Example 3

This embodiment uses an elliptic curve y²≡x³The + ax + bmdq and the large prime number q of 1366294046726635493399336680549214898319268492501 are taken as examples, and the method for homomorphic signature of the elliptic curve of the single-source network coding comprises the following steps:

A. system initialization

(A1) Trusted party defines a finite field F_qUpper elliptic curve E:

y²≡x³+ax+b

wherein a, b ∈ F_qQ is a large prime number in finite positive integers, q is 1366294046726635493399336680549214898319268492501, and satisfies 4a³+27b²Constant not equal to 0.

I＝{I₁,I₂,…,I_n}

where n is a finite positive integer.

{0,1}^*→G₁

Wherein G is₁Is a group of addition cycles of order large prime d.

S_SK＝α·H_G(I)

K＝η·S_SK

P＝K·G

(A5) The trusted party selects a cryptographically secure Hash function h as:

{0,1}^*→Z_q

wherein Z_q∈{1,2,...,1366294046726635493399336680549214898319268492501}。

(A6) The trusted party discloses a system parameter z:

z＝(E,F_q,G,q,t,h,P,H_G)

the other steps were the same as in example 1.

Claims

1. the method for elliptic curve signature under a single source network coding environment is characterized in that it is made up of the following steps:

A. System initialization

(A1) The trusted party defines the elliptic curve E on the finite field F _q :

y ² ≡x ³ +ax+b

where a,b∈F _q , q is a large prime number in finite positive integers, which satisfies the constant of 4a ³ +27b ² ≠0;

(A2) The trusted party sends the identifier I of the designated generation in the single-source network coding to the source node of the single-source network coding through the confidential channel:

I= _{ I ₁ ,I ₂ ,...,In }

where n is a finite positive integer;

(A3) The trusted party selects a cryptographically secure Hash function H _G :

{0,1} ^* →G ₁

where G ₁ is an additive cyclic group of order large prime q;

(A4) The trusted party chooses α, α∈(1,2,...,t), where t is the order of the base point G selected by the trusted party and is a prime number in the finite positive integers; determine the generation in the single-source network coding Private key S _SK , private key K for elliptic curve signature, and public key P for elliptic curve signature:

S _SK =α·H _G (I)

K=η·S _SK

P=K·G

where η∈{1,2,...,q} is the secret random number selected by the trusted authority, G is a base point on the elliptic curve E, and H _G (I) is the hash value of the proxy identifier;

(A5) The trusted party selects the cryptographically secure Hash function h as:

{0,1} ^* →Z _q

where Z _q ∈ {1,2,...,q};

(A6) The trusted party discloses the system parameter z:

z=(E, _Fq ,G,q,t,h,P, _HG );

B. Generate the private key K ₀ and public key P ₀ of single-source network coding

(B1) Determine the private key K ₀ and public key P ₀ of the source node of the single-source network coding:

K ₀ =η ₀ ·S _SK

P ₀ =K ₀ ·G

where η ₀ ∈{1,2,...,t} is the secret random number chosen by the trusted party;

(B2) Determine the private key K _id and public key P _id of the intermediate node of the single-source network coding:

K _id =η _id ·S _SK

P _id =K _id ·G

where η _id is the secret random number selected by the trusted party, η _id ∈(1,2,...,t), id is 1,2,...,e, and e is the number of intermediate nodes;

C. Determine the hash value of the message

The message M generated by the source node is divided into m modules M ₁ , M ₂ ,..., M _m , each module is an n-dimensional vector, expressed as:

Expand all modules into an m+n-dimensional vector V _i :

V _i =(vi _,1 ,vi _,2 ,...,vi _,m+n )

where i∈{1,2,…,m}, determine the hash function value of the message vector V _i :

where R _j is a set of base points randomly selected by the source node on the elliptic curve and the order is t;

D. Elliptic curve signature on the source node of single-source network coding

(D1) The trusted party randomly selects K′ ₀ ∈{1,2,…,t} to determine X ₀ :

X ₀ =h(V _i ,K′ ₀ )·G

where X ₀ is a point (x ₀ , y ₀ ) on the elliptic curve;

(D2) Determine r ₀ , S ₀ of the source node:

r ₀ =x ₀ modt

S ₀ =(h(V _i ,K′ ₀ )+r ₀ -h(V _i )K ₀ )modt

(D3) Determine the signature σ ₀ of the source node:

σ ₀ =(r ₀ ,S ₀ ,H _G (I))

(D4) Send the message vector V _i , the hash value h(V _i ) of the message, and the signature σ ₀ of the message to the intermediate node or sink node of single-source network coding;

E. Message composition

(E1) The intermediate nodes of single-source network coding combine the messages as:

where a is the global encoding vector of the message, a=(a ₁ ,a ₂ ,...,am ), _i is a finite positive integer;

(E2) Determine the hash function value h(w) of the combined message w:

where m is a finite positive integer;

F. Elliptic curve signature on the intermediate node of single-source network coding

(F1) The trusted party randomly selects K′ _id ∈ {1,2,…,t} to determine X _id :

X _id =h(w,K' _id )·G

where X _id is a point on the elliptic curve (x _id , y _id );

(F2) Determine the intermediate nodes r _id , S _id :

r _id = x _id modt

S _id =(h(w,K' _id )+r _id -h(w)K _id )modt

(F3) The signature σ _id of the intermediate node:

σ _id = (r _id , S _id , H′ _G (I))

G. The recipient performs signature verification

(G1) The receiver verifies whether H _G (I)=H′ _G (I) is established, if it is established, the signature is accepted, otherwise, the signature is rejected;

(G2) Determine the receiver's U ₁ , U ₂ :

U ₁ =(S _id -r _id )modt

U ₂ =h(w)modt

(G3) The receiver determines X:

X=U ₁ G+U ₂ P _id

X is a point on the elliptic curve (x' _id , y' _id );

(G4) The receiver determines V':

V'=x' _id modt

(G5) The receiver verifies whether V′=r _id is established, if established, the elliptic curve signature succeeds; otherwise, the elliptic curve signature fails.