计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (19): 120-125.DOI: 10.3778/j.issn.1002-8331.1907-0159

• 网络、通信与安全 • 上一篇    下一篇

可公开验证无证书的多接收者匿名签密方案

陈虹,朱亚囡,肖成龙,金海波,张子浩   

  1. 辽宁工程技术大学 软件学院,辽宁 葫芦岛 125105
  • 出版日期:2020-10-01 发布日期:2020-09-29

Publicly Verifiable Certificateless Multi-receiver Anonymous Signcryption

CHEN Hong, ZHU Yanan, XIAO Chenglong, JIN Haibo, ZHANG Zihao   

  1. College of Software, Liaoning Technical University, Huludao, Liaoning 125105, China
  • Online:2020-10-01 Published:2020-09-29

摘要:

针对广播通信环境下存在的接收方身份信息泄露以及发送方身份信息模糊等问题,提出了一种可公开验证的多接收者匿名签密方案。该方案利用安全参数完成系统初始化,生成系统的主密钥和公开参数,利用用户身份和哈希函数相结合的密钥生成方法,提取出用户的公私钥对,并在签密过程中将接收者的身份集合采用拉格朗日插值隐藏在多项式里,生成具有接收者身份匿名性的密文,将此密文发送给接收者,对收到的密文验证发送和接收两方身份合法性,通过后解密输出正确明文。在随机预言模型下,基于离散对数问题和计算性Diffie-Hellman困难问题证明了方案的机密性、不可伪造性、匿名性和公开验证性。与几种经典的多接收者签密算法在计算量和安全属性上进行比较,实验结果表明该方案计算开销适中、安全性好。

关键词: 匿名签密, 多接收者, 无证书, 不可伪造性, 公开验证性

Abstract:

Aiming at the problems of the ambiguity and disclosure of the receiver’s identity information in the broadcasting communication environment, a public verifiable certificateless multi-receiver anonymous signcryption scheme is proposed. The scheme uses the security parameters to complete the system initialization, generates the system’s master key and public parameters, and uses the key generation method combined with the user identity and the hash function to extract the public-private key pair of the user. In the signcryption process, the identity set of the receiver is hidden in the polynomial by Lagrangian interpolation, the ciphertext with the identity of the recipient is generated, the ciphertext is sent to the receiver to send the ciphertext verification, and receiving the legality of the two parties’ identity, and decrypting and outputting the correct plaintext after decryption. Under the random prediction model, the confidentiality, unforgeability, anonymity and public verification of the scheme are proved based on the discrete logarithm problem and the computational Diffie-Hellman problem. Finally, compared with several classical multi-receiver signcryption algorithms, the computational cost and security attributes are compared. The experimental results show that the proposed scheme has moderate computational cost and good security.

Key words: anonymous signcryption, multi-receiver, certificateless, unforgeability, public verification