CN111756539A - A Re-random Identification Encryption and Decryption Method - Google Patents

Abstract

The invention discloses a re-random identification encryption and decryption method, aiming at solving the security defect of the existing re-random identification encryption and decryption method. The technical scheme is as follows: constructing an encryption and decryption system consisting of an initialization module, a key extraction module, an encryption module, a decryption module and a re-random module; the key generation center runs an initialization module to generate public parameters and a main private key and disclose the public parameters; the key generation center runs a key extraction module and generates a private key for the receiver by adopting the identification id of the receiver; the sender runs the encryption module, generates a ciphertext C by adopting the identification id of the receiver and sends the C to the public server; the public server runs a re-randomization module to re-randomize the C and send a new ciphertext C' to a receiver; the receiver operates the decryption module to decrypt C'. The invention can resist the attack of the reproducible selection ciphertext based on the identification, and the operation of the re-random module does not need the identification of the receiver, thereby avoiding the distribution of the identification.

Description

Translated fromChinese

一种可重随机的标识加解密方法A Re-random Identification Encryption and Decryption Method

技术领域technical field

本发明属于信息安全技术领域，涉及一种标识加解密方法，具体涉及一种具有高安全性的可重随机的标识加解密方法。The invention belongs to the technical field of information security, and relates to an identification encryption and decryption method, in particular to a re-random identification encryption and decryption method with high security.

背景技术Background technique

目前在密码领域具有代表性的可重随机的标识加解密方法有BB04方法、Waters05方法和Gentry06方法。然而，这三种方法均只能实现抗基于标识的选择明文安全(ID-CPA安全)。在实际应用中，某些具有更强能力的攻击者能够破解ID-CPA安全的加解密方法。下面将以Gentry06方法为例进行阐述。At present, the representative re-random identification encryption and decryption methods in the cryptographic field include the BB04 method, the Waters05 method and the Gentry06 method. However, all these three methods can only achieve identity-resistant chosen-plaintext security (ID-CPA security). In practical applications, some more capable attackers can crack the ID-CPA security encryption and decryption method. The following will take the Gentry06 method as an example to illustrate.

Gentry06方法：由Gentry在2006年EuroCrypt会议中提出。具体包括以下步骤：Gentry06 method: Presented by Gentry at the 2006 EuroCrypt conference. Specifically include the following steps:

第一步，密钥生成中心(指负责生成私钥的服务器)运行初始化模块生成公共参数和主密钥，并将公共参数公开。具体包括以下步骤：In the first step, the key generation center (referring to the server responsible for generating the private key) runs the initialization module to generate public parameters and the master key, and discloses the public parameters. Specifically include the following steps:

1.1初始化模块生成对称双线性群四元组

其中p为素数，根据国际通用的美国国家标准与技术研究院(NIST)标准，当p的数量级约为2¹⁶⁰时，加解密方法的安全性等级为80比特，即攻击者至少需要进行2⁸⁰次运算才能破解该方法，

中的元素个数均为p，

中的元素均为椭圆曲线上点的坐标，可表示为两个整数，

中的元素为有限域

中的元素，可表示为k维整数数组，

为一个可有效计算的非退化的双线性映射；1.1 The initialization module generates a symmetric bilinear group quaternion

Among them, p is a prime number. According to the international standard of the National Institute of Standards and Technology (NIST), when the magnitude of p is about 2¹⁶⁰ , the security level of the encryption and decryption method is 80 bits, that is, the attacker needs to perform at least 2⁸⁰ It takes several operations to break the method,

The number of elements in is p,

The elements in are the coordinates of points on the elliptic curve, which can be expressed as two integers,

The elements in are finite fields

The elements in , which can be represented as a k-dimensional integer array,

is an efficiently computable non-degenerate bilinear map;

1.2初始化模块生成元素个数为q的加法整数群

其元素为0到p-1的整数；1.2 The initialization module generates an additive integer group with the number of elements q

Its elements are integers from 0 to p-1;

1.3从

中随机选取2个元素g，h；从

中随机选取元素α；1.3 From

Randomly select 2 elements g, h from

Randomly select element α in ;

1.4计算公共参数元素g₁＝g^α，为方便起见，椭圆曲线坐标与标量的乘法运算统一用指数运算的形式进行表示，具体的椭圆曲线坐标与标量的乘法运算步骤可以视为对椭圆曲线坐标进行多次加法运算；1.4 Calculate the common parameter element g₁ =g^α . For the sake of convenience, the multiplication of elliptic curve coordinates and scalars is uniformly expressed in the form of exponential operations. perform multiple addition operations;

1.5将g，g₁，h组成公共参数，将α视为主私钥。1.5 Form g, g₁ , h into public parameters, and regard α as the master private key.

第二步，密钥生成中心根据接收者的标识id，运行密钥提取模块为接收者生成私钥，其中接收者的标识id为

中的元素。私钥生成具体包括以下步骤：In the second step, the key generation center runs the key extraction module to generate a private key for the recipient according to the recipient's ID, where the recipient's ID is

elements in . Private key generation includes the following steps:

2.1检查id是否等于α。若相等，则标识非法，终止运行；2.1 Check if id is equal to α. If they are equal, the identification is illegal and the operation is terminated;

2.2从

中随机选取私钥第一元素r_id；2.2 From

Randomly select the first element r_id of the private key;

2.3计算私钥第二元素

2.3 Calculate the second element of the private key

2.4将r_id，h_id组成接收者的私钥。2.4 Make r_id and h_id the recipient's private key.

第三步，发送者(即发送者所在服务器)运行加密模块生成密文，并将密文发送给公共服务器。需要加密的明文m为

中的元素，具体步骤如下：In the third step, the sender (that is, the server where the sender is located) runs the encryption module to generate the ciphertext, and sends the ciphertext to the public server. The plaintext m to be encrypted is

elements, the specific steps are as follows:

3.1从

中随机选取元素s；3.1 From

Randomly select element s in ;

3.2构建密文C，

3.2 Construct ciphertext C,

第四步，公共服务器运行重随机模块，将得到的新密文发送给接收者。具体步骤如下：In the fourth step, the public server runs the re-random module and sends the obtained new ciphertext to the receiver. Specific steps are as follows:

4.1将密文C解析成三元组(u，v，w)；4.1 Parse the ciphertext C into triples (u, v, w);

4.2从

中随机选取元素t；4.2 From

Randomly select an element t in ;

4.3构建新密文C′，

4.3 Construct a new ciphertext C′,

第五步，接收者(即接收者所在服务器)运行解密模块，对收到的密文进行解密。具体步骤如下：In the fifth step, the receiver (that is, the server where the receiver is located) runs the decryption module to decrypt the received ciphertext. Specific steps are as follows:

5.1将密文C′解析成三元组(u′，v′，w′)；5.1 Parse the ciphertext C' into triples (u', v', w');

5.2构建明文m，

5.2 Construct the plaintext m,

考虑如下攻击场景：密钥生成中心运行初始化模块生成公共参数和主私钥，并公开公共参数。然后，密钥生成中心运行密钥提取模块为接收者生成私钥，并通过安全信道发送给接收者。攻击者选择两个明文m₀和m₁，并诱使发送者从m₀和m₁中随机挑选一个明文进行加密。攻击者可以获得发送者生成的密文。同时，攻击者还可以向密钥生成中心发起一系列解密询问。解密询问以标识和密文为输入，返回密文在该标识对应密钥下的解密结果。当解密结果等于m₀或m₁时，则不回答该询问。最终，攻击者的目标是猜测发送者是对m₀还是m₁进行了加密。Consider the following attack scenario: the key generation center runs the initialization module to generate public parameters and the master private key, and discloses the public parameters. Then, the key generation center runs the key extraction module to generate a private key for the receiver, and sends it to the receiver through a secure channel. The attacker chooses two plaintexts m₀ and m₁ , and induces the sender to randomly pick a plain text from m₀ and m₁ to encrypt. An attacker can obtain the ciphertext generated by the sender. At the same time, the attacker can also initiate a series of decryption challenges to the key generation center. The decryption query takes the identifier and the ciphertext as input, and returns the decryption result of the ciphertext under the key corresponding to the identifier. When the decryption result is equal to m₀ or m₁ , the query is not answered. Ultimately, the attacker's goal is to guess whether the sender encrypted_m0 or_m1 .

下面将解释Gentry06方法为何不能抵挡上述攻击。攻击者在获得发送者生成的密文后，可以将其解析为三元组(u，v，w)。从

中随机选择元素m′，计算新密文C^*＝(u，v，m′·w)。假设以接收者的标识id和新密文C^*发起解密询问得到的结果为m^*，那么计算m^*/m′即可得知发送者是对m₀还是m₁进行了加密。The following will explain why the Gentry06 method cannot withstand the above attacks. After obtaining the ciphertext generated by the sender, the attacker can parse it into a triple (u, v, w). from

Randomly select the element m' in , and calculate the new ciphertext C^* =(u, v, m'·w). Assuming that the result obtained by initiating a decryption query with the receiver's identification id and the new ciphertext C^* is m^* , then calculating m^* /m' can know whether the sender has encrypted m₀ or m₁ .

目前为止，还没有公开文献涉及能够抵抗上述攻击(又称为基于标识的可重放的选择密文攻击)的可重随机的标识加解密方法。So far, there is no open document related to a re-random identifier encryption/decryption method that can resist the above attack (also known as an identifier-based replayable chosen ciphertext attack).

发明内容SUMMARY OF THE INVENTION

本发明要解决的技术问题是针对现有可重随机的标识加解密方法存在的安全性缺陷，提供一种更高安全性的可重随机的标识加解密方法。The technical problem to be solved by the present invention is to provide a re-random re-random identification encryption and decryption method with higher security for the security defects existing in the existing re-random identification encryption and decryption methods.

本发明技术方案如下：The technical scheme of the present invention is as follows:

第一步：构建加解密系统。该系统中有四个角色，分别为密钥生成中心、发送者、接收者和公共服务器。加解密系统由五个模块组成，分别为初始化模块、密钥提取模块、加密模块、解密模块和重随机模块。其中初始化模块和密钥提取模块部署在密钥生成中心，加密模块部署在发送者，解密模块部署在接收者，重随机模块部署在公共服务器。Step 1: Build an encryption and decryption system. There are four roles in the system, namely, the key generation center, the sender, the receiver, and the public server. The encryption and decryption system consists of five modules, namely initialization module, key extraction module, encryption module, decryption module and re-random module. The initialization module and the key extraction module are deployed in the key generation center, the encryption module is deployed in the sender, the decryption module is deployed in the receiver, and the re-random module is deployed in the public server.

第二步：密钥生成中心运行初始化模块，生成公共参数和主私钥，并将公共参数公开。具体步骤如下：Step 2: The key generation center runs the initialization module, generates public parameters and the master private key, and exposes the public parameters. Specific steps are as follows:

2.1初始化模块生成对称双线性群四元组

其中p为素数，其大小与加解密方法的安全性等级相关。p的数量级约为2¹⁶⁰，

中的元素个数均为p，

中的元素为椭圆曲线上点的坐标，可表示为两个整数，

中的元素为有限域

中的元素，可表示为k维整数数组，e(g₁，g₂)为一个可有效计算的非退化的双线性映射，即

g₁，g₂均为

中的元素；2.1 The initialization module generates a symmetric bilinear group quaternion

Among them, p is a prime number, and its size is related to the security level of the encryption and decryption method. The magnitude of p is about 2¹⁶⁰ ,

The number of elements in is p,

The elements in are the coordinates of the points on the elliptic curve, which can be expressed as two integers,

The elements in are finite fields

The elements in can be represented as a k-dimensional integer array, e(g₁ , g₂ ) is a non-degenerate bilinear map that can be efficiently calculated, namely

g₁ and g₂ are both

elements in;

2.2初始化模块生成元素个数为p的加法整数群

其元素为0到p-1的整数；2.2 The initialization module generates an additive integer group with the number of elements p

Its elements are integers from 0 to p-1;

2.3构造哈希函数H(m)，其输入m为

中的元素，输出为

中的元素。H(m)采用了美国国家标准与技术研究院发布的SHA-1函数，具体为将m划分成512比特的片段，将每一段运算SHA-1函数的结果进行异或运算得到160比特长的输出，即

中的元素；2.3 Construct a hash function H(m) whose input m is

elements in , the output is

elements in . H(m) adopts the SHA-1 function issued by the National Institute of Standards and Technology of the United States. Specifically, m is divided into 512-bit segments, and the result of each segment of the SHA-1 function is XORed to obtain a 160-bit long output, i.e.

elements in;

2.4从

中随机选取8个元素g，h₁，h₂，h₃，h₄，h₅，h₆，h₇；2.4 From

8 elements g, h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ are randomly selected from the

2.5从

中随机选取3个元素α，z₀，z₁，其中z₀≠z₁；2.5 From

Randomly select 3 elements α, z₀ , z₁ in , where z₀ ≠z₁ ;

2.6计算公共参数元素g₁＝g^α。该指数运算代表椭圆曲线坐标元素g与从

中随机选取的标量元素α的乘法运算，椭圆曲线坐标g与标量的乘法运算步骤可以视为对椭圆曲线坐标g进行α-1次加法运算，方法是：2.6 Calculate the common parameter element g₁ =g^α . The exponential operation represents the elliptic curve coordinate element g with the

The multiplication operation of the randomly selected scalar element α, the multiplication operation step of the elliptic curve coordinate g and the scalar can be regarded as α-1 addition operation on the elliptic curve coordinate g, the method is:

2.6.1令椭圆曲线y²＝x³+ax+b上的坐标元素g＝(g_x，g_y)，令变量i＝2，令坐标元素h＝(h_x，h_y)＝g；2.6.1 Let the coordinate element g=(g_x , g_y ) on the elliptic curve y² =x³ +ax+b, let the variable i=2, let the coordinate element h=(h_x ,_hy )=g;

2.6.2计算g和h之间的斜率λ。若g＝h，则

为经点g与椭圆曲线相切的切线的斜率；若g≠h，则λ＝(g_y-h_y)/(g_x-h_x)；2.6.2 Calculate the slope λ between g and h. If g=h, then

is the slope of the tangent line tangent to the elliptic curve through point g; if g≠h, then λ=(g_y -h_y )/(g_x -h_x );

2.6.3计算g和h相加后的横坐标r_x＝λ²-g_x-h_x和g和h相加后的纵坐标r_y＝λ(g_x-r_x)-g_y。r＝(r_x，r_y)即为g与h相加的结果。2.6.3 Calculate the abscissa r_x =λ² -g_x -h_x after adding g and h and the ordinate ry₌ λ(g_x -r_x )_-gy after adding g and h. r₌ (r_x , ry ) is the result of adding g and h.

2.6.4若i＝α，此时r即为元素g₁，转2.7；否则，更新i＝i+1，令h＝r，转2.6.2。2.6.4 If i=α, then r is the element g₁ , go to 2.7; otherwise, update i=i+1, set h=r, go to 2.6.2.

2.7将g，g₁，h₁，h₂，h₃，h₄，h₅，h₆，h₇，z₀，z₁，H(m)组成公共参数，α组成主私钥。h₁，h₂，h₃，h₄，h₅，h₆，h₇中的任意一个记为h_i，i∈{1，2，3，4，5，6，7}。2.7 Form g, g₁ , h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ , z₀ , z₁ , H(m) as public parameters, and α as the master private key. Any one of h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ is denoted as h_i , i∈{1, 2, 3, 4, 5, 6, 7}.

第三步，密钥生成中心运行密钥提取模块，采用接收者的标识id为接收者生成私钥。接收者的标识id为接收者已有的身份标识在

中对应的元素，私钥生成方法是：In the third step, the key generation center runs a key extraction module, and generates a private key for the recipient by using the recipient's identification id. The receiver's identification id is the receiver's existing identification.

The corresponding element in , the private key generation method is:

3.1判断id是否等于α，若相等，则标识非法，转第七步；若不相等，转3.2；3.1 Judging whether the id is equal to α, if it is equal, the identification is illegal, go to the seventh step; if not, go to 3.2;

3.2令变量i＝1；3.2 Let the variable i=1;

3.3从

中随机选取一个元素，作为接收者的私钥中的第i个元素r_id，i；3.3 From

Randomly select an element in the receiver's private key as the i-th element r_id,i in the receiver's private key;

3.4计算私钥元素

更新i＝i+1；；3.4 Calculate private key elements

update i = i+1;;

3.5若i≤7，转3.3；否则，将{r_id.i，h_id.i|i∈{1，2，3，4，5，6，7}}组成私钥。3.5 If i≤7, go to 3.3; otherwise, combine {r_id.i , h_id.i |i∈{1, 2, 3, 4, 5, 6, 7}} to form the private key.

第四步，发送者运行加密模块，采用接收者的标识id生成密文，并将密文发送给公共服务器。需要加密的明文M为转化为十进制数后不大于p的二进制数，具体步骤如下：In the fourth step, the sender runs the encryption module, uses the receiver's identification id to generate the ciphertext, and sends the ciphertext to the public server. The plaintext M that needs to be encrypted is a binary number that is not greater than p after being converted into a decimal number. The specific steps are as follows:

4.1将明文M按照二进制转十进制的方法，转化为整数M′。令中间明文m＝(0，…，0，M′)，其中前k-1维元素均为0，第k维元素为M′。那么m即

中的元素；k为

中元素表示为整数数组时的维数；4.1 Convert the plaintext M into an integer M' according to the method of converting from binary to decimal. Let the intermediate plaintext m=(0, . . . , 0, M'), wherein the first k-1 dimension elements are all 0, and the kth dimension element is M'. Then m is

elements in ; k is

The number of dimensions when the elements in are represented as integer arrays;

4.2从

中随机选取4个元素s，t，

4.2 From

Randomly select 4 elements s, t,

4.3从

中随机选取元素u；4.3 From

Randomly select element u in ;

4.4计算第一哈希值θ＝H(m)，计算第二哈希值σ＝H(u)；4.4 Calculate the first hash value θ=H(m), and calculate the second hash value σ=H(u);

4.5计算密文第一元素

密文第二元素x₂＝e(g^s，g)，密文第三元素x₃＝m·e(g^-s，h₁)，密文第四元素

密文第五元素

密文第六元素

密文第七元素y₂＝e(g^t，g)，密文第八元素y₃＝e(g^-t，h₁)，密文第九元素y₄＝(e(g，h₂)e(g^θ，h₃))^σt，密文第十元素y₅＝(e(g，h₄)e(g^θ，h₅))^σt，密文第十一元素

密文第十二元素

密文第十三元素

密文第十四元素

密文第十五元素

密文第十六元素

密文第十七元素

密文第十八元素

令元素β₁，β₂为从

中随机选取的元素，元素γ为从

中随机选取的元素，β₁β₂表示β₁和β₂进行有限域

上的乘法运算，

表示β₁和γ进行有限域

上的指数运算。例如：当β₁＝e(g，h₂)，β₂＝e(g^θ，h₃)时，

表示β₁和β₂进行有限域

上的乘法运算后的结果，再和σ(s+z₀)进行有限域

上的指数运算。4.5 Calculate the first element of the ciphertext

The second element of the ciphertext x₂ =e(g^s , g), the third element of the ciphertext x₃ =m·e(g^-s , h₁ ), the fourth element of the ciphertext

The fifth element of the ciphertext

The sixth element of the ciphertext

The seventh element of ciphertext y₂ =e(g^t , g), the eighth element of ciphertext y₃ =e(g^-t , h₁ ), the ninth element of ciphertext y₄ =(e(g, h₂ ) e(g^θ , h₃ ))^σt , the tenth element of the ciphertext y₅ =(e(g, h₄ )e(g^θ , h₅ ))^σt , the eleventh element of the ciphertext

The twelfth element of the ciphertext

Thirteenth element of ciphertext

The fourteenth element of the ciphertext

The fifteenth element of the ciphertext

The sixteenth element of the ciphertext

The seventeenth element of the ciphertext

The eighteenth element of the ciphertext

Let the elements β₁ , β₂ be from

A randomly selected element in , the element γ is from

_{Randomlyselectedelementsin}

multiplication on ,

Represents β₁ and γ for a finite field

exponentiation on . For example: when β₁ =e(g, h₂ ), β₂ =e(g^θ , h₃ ),

Represents β₁ and β₂ for finite field

The result of the multiplication operation on , and then perform a finite field with σ(s+z₀ )

exponentiation on .

4.6将x₁，x₂，x₃，x₄，x₅组成第一五元组X，将y₁，y₂，y₃，y₄，y₅组成第二五元组Y，将u₁，u₂，u₃，u₄组成第一四元组U，将v₁，v₂，v₃，v₄组成第二四元组V；4.6 Form x₁ , x₂ , x₃ , x₄ , x₅ into the first quintuple X, y₁ , y₂ , y₃ , y₄ , y₅ form the second quintuple Y, and u₁ , u₂ , u₃ , u₄ form the first quadruple U, and v₁ , v₂ , v₃ , and v₄ form the second quadruple V;

4.7将X，Y，U，V组成密文C，将C发送给公共服务器。4.7 Form X, Y, U, V into ciphertext C, and send C to the public server.

第五步，公共服务器运行重随机模块，对从发送者接收的密文C进行重随机，将得到的新密文C′发送给接收者。具体步骤如下：In the fifth step, the public server runs the re-random module, re-randomizes the ciphertext C received from the sender, and sends the new ciphertext C' obtained to the receiver. Specific steps are as follows:

5.1重随机模块从发送者接收密文C，将密文C解析成(X，Y，U，V)，其中第一五元组X＝(x₁，x₂，x₃，x₄，x₅)，第二五元组Y＝(y₁，y₂，y₃，y₄，y₅)，第一四元组U＝(u₁，u₂，u₃，u₄)以及第二四元组V＝(v₁，v₂，v₃，v₄)；5.1 The re-random module receives the ciphertext C from the sender, and parses the ciphertext C into (X, Y, U, V), where the first five-tuple X=(x₁ , x₂ , x₃ , x₄ , x₅ ), the second quintuple Y=(y₁ , y₂ , y₃ , y₄ , y₅ ), the first quintuple U=(u₁ , u₂ , u₃ , u₄ ) and the second quaternion V=(v₁ , v₂ , v₃ , v₄ );

5.2从

中随机选取4个元素s′，t′，

5.2 From

Randomly select 4 elements s', t',

5.3计算新密文第一元素

新密文第二元素

新密文第二元素

新密文第四元素

新密文第五元素

新密文第六元素

新密文第七元素

新密文第八元素

新密文第九元素

新密文第十元素

新密文第十一元素

新密文第十二元素

新密文第十三元素

新密文第十四元素

新密文第十五元素

新密文第十六元素

新密文第十七元素

新密文第十八元素

5.3 Calculate the first element of the new ciphertext

The second element of the new ciphertext

The second element of the new ciphertext

The fourth element of the new ciphertext

The fifth element of the new ciphertext

The sixth element of the new ciphertext

The seventh element of the new ciphertext

The eighth element of the new ciphertext

The ninth element of the new ciphertext

The tenth element of the new ciphertext

The eleventh element of the new ciphertext

The twelfth element of the new ciphertext

The thirteenth element of the new ciphertext

The fourteenth element of the new ciphertext

The fifteenth element of the new ciphertext

The sixteenth element of the new ciphertext

The seventeenth element of the new ciphertext

The eighteenth element of the new ciphertext

5.4将x′₁，x′₂，x′₃，x′₄，x′₅组成第三五元组X′，将y′₁，y′₂，y′₃，y′₄，y′₅组成第四五元组Y′，将u′₁，u′₂，u′₃，u′₄组成第三四元组U′，将v′₁，v′₂，v′₃，v′₄组成第四四元组V′；5.4 Form x′₁ , x′₂ , x′₃ , x′₄ , x′₅ into the third quintuple X′, and combine y′₁ , y′₂ , y′₃ , y′₄ , y′₅ The fourth quintuple Y' is formed, u'₁ , u'₂ , u'₃ , u'₄ are formed into the third quaternary U', v'₁ , v'₂ , v'₃ , v'₄ Form the fourth quadruple V';

5.5将X′，Y′，U′，V′组成新密文C′，将C′发送给接收者。5.5 Combine X', Y', U', V' to form a new ciphertext C', and send C' to the receiver.

第六步，接收者运行解密模块，对从公共服务器收到的新密文C′进行解密。具体步骤如下：In the sixth step, the receiver runs the decryption module to decrypt the new ciphertext C' received from the public server. Specific steps are as follows:

6.1将密文C′解析成(X′，Y′，U′，V′)，其中第三五元组X′＝(x′₁，x′₂，x′₃，x′₄，x′₅)，第四五元组Y′＝(y′₁，y′₂，y′₃，y′₄，y′₅)，第三四元组U′＝(u′₁，u′₂，u′₃，u′₄)以及第四四元组V′＝(v′₁，v′₂，v′₃，v′₄)；6.1 Parse the ciphertext C' into (X', Y', U', V'), where the third quintuple X'=(x'₁ , x'₂ , x'₃ , x'₄ , x'₅ ), the fourth quintuple Y′=(y′₁ , y′₂ , y′₃ , y′₄ , y′₅ ), the third quintuple U′=(u′₁ , u′₂ , u′₃ , u′₄ ) and the fourth quadruple V′=(v′₁ , v′₂ , v′₃ , v′₄ );

6.2还原中间明文

和元素

若m不能表示为k维数组(0，…，0，M′)或者整数M′大于p，转第七步；否则，将M′按照十进制转二进制的方法，计算得到明文M。此时还不能直接输出明文M，需要进一步确定密文C′是否合法；6.2 Restoring the intermediate plaintext

and elements

If m cannot be represented as a k-dimensional array (0, . . . , 0, M') or the integer M' is greater than p, go to step 7; At this time, the plaintext M cannot be directly output, and it is necessary to further determine whether the ciphertext C' is legal;

6.3计算第一哈希值θ＝H(m)和第二哈希值σ＝H(u)；6.3 Calculate the first hash value θ=H(m) and the second hash value σ=H(u);

6.4计算临时第一元素

临时第二元素

临时第三元素

6.4 Computing the temporary first element

temporary second element

temporary third element

6.5判断第一三元组

是否等于第二三元组(u′₄，v′₃，v′₄)，若不等于，则密文C′不合法，转第七步；若相等，转6.6；6.5 Judging the first triple

Is it equal to the second triplet (u′₄ , v′₃ , v′₄ ), if not, then the ciphertext C′ is invalid, go to step 7; if it is equal, go to 6.6;

6.6计算临时第四元素

临时第五元素

临时第六元素

临时第七元素

临时第八元素

6.6 Calculating the Temporary Fourth Element

temporary fifth element

temporary sixth element

temporary seventh element

temporary eighth element

6.7判断第五五元组

是否等于第六五元组(x′₄，x′₅，y′₃，y′₄，y′₅)，若不等于，则密文不合法，转第七步；若相等，则解密结果为M。6.7 Judging the fifth quintuple

Is it equal to the sixth quintuple (x′₄ , x′₅ , y′₃ , y′₄ , y′₅ ), if not equal, the ciphertext is invalid, go to the seventh step; if it is equal, the decryption result for M.

第七步，加解密系统结束运行。In the seventh step, the encryption and decryption system ends operation.

采用本发明可以得到如下效果：The following effects can be obtained by adopting the present invention:

1.本发明由于第四步的4.4，保证了抗可重放的选择密文攻击安全。具体来说，在4.4中，x₄，x₅，y₄，y₅的计算使用了第一哈希值θ，即明文m的哈希值。当攻击者尝试对通过修改本发明中的现有密文C得到具有不同底层明文的新密文C^*时，攻击者需要重新计算出对应的

然而严谨的数学规约可以证明攻击者无法计算正确的

因此，攻击者不能通过修改密文C得到具有不同底层明文的新密文C^*，本发明可以抵抗基于标识的可重放的选择密文攻击，解决了背景技术所述的攻击以及Gentry06方法存在的安全缺陷。1. Due to 4.4 of the fourth step, the present invention ensures the security against replayable selected ciphertext attacks. Specifically, in 4.4, the calculation of x₄ , x₅ , y₄ , and y₅ uses the first hash value θ, that is, the hash value of the plaintext m. When an attacker tries to obtain a new ciphertext C^* with a different underlying plaintext by modifying the existing ciphertext C in the present invention, the attacker needs to recalculate the corresponding

However, a rigorous mathematical specification can prove that the attacker cannot calculate the correct

Therefore, an attacker cannot obtain a new ciphertext C^* with a different underlying plaintext by modifying the ciphertext C. The present invention can resist the replayable selected ciphertext attack based on the identification, and solves the attack described in the background art and the existence of the Gentry06 method. security flaws.

2.相比于一般的可重随机的标识加解密方案，本发明第五步重随机模块的运行不需要接收者的标识，因此可以免去标识的分发，使得任意角色可以对密文直接进行重随机化，而不需要事先获取密文所对应的标识，这样使得公共服务器的部署和运行更加简洁和高效。2. Compared with the general re-random identification encryption and decryption scheme, the operation of the fifth step of the re-random module of the present invention does not require the identification of the receiver, so the distribution of the identification can be omitted, so that any role can directly perform the encryption on the ciphertext. Re-randomization without the need to obtain the identifier corresponding to the ciphertext in advance, which makes the deployment and operation of the public server more concise and efficient.

附图说明Description of drawings

图1是本发明的加解密以及重随机逻辑结构图；Fig. 1 is the encryption and decryption of the present invention and the re-random logic structure diagram;

图2是本发明的流程图。Figure 2 is a flow chart of the present invention.

具体实施方式：Detailed ways:

以下结合说明书附图和具体实施例对本发明作进一步描述。The present invention will be further described below with reference to the accompanying drawings and specific embodiments.

如图2所示，本发明包括以下步骤：As shown in Figure 2, the present invention comprises the following steps:

第一步：构建加解密系统。如图1所示，加解密系统中有四个角色，分别为密钥生成中心、发送者、接收者和公共服务器。加解密系统由五个模块组成，分别为初始化模块、密钥提取模块、加密模块、解密模块和重随机模块。其中初始化模块和密钥提取模块部署在密钥生成中心，加密模块部署在发送者，解密模块部署在接收者，重随机模块部署在公共服务器。Step 1: Build an encryption and decryption system. As shown in Figure 1, there are four roles in the encryption and decryption system, namely the key generation center, the sender, the receiver and the public server. The encryption and decryption system consists of five modules, namely initialization module, key extraction module, encryption module, decryption module and re-random module. The initialization module and the key extraction module are deployed in the key generation center, the encryption module is deployed in the sender, the decryption module is deployed in the receiver, and the re-random module is deployed in the public server.

第二步：密钥生成中心运行初始化模块，生成公共参数和主私钥，并将公共参数公开。具体步骤如下：Step 2: The key generation center runs the initialization module, generates public parameters and the master private key, and exposes the public parameters. Specific steps are as follows:

2.1初始化模块生成对称双线性群四元组

其中p为素数，其大小与加解密方法的安全性等级相关。p的数量级约为2¹⁶⁰，

中的元素个数均为p，

和的元素为椭圆曲线上点的坐标，可表示为两个整数，

中的元素为有限域

中的元素，可表示为k维整数数组，e(g₁，g₂)为一个可有效计算的非退化的双线性映射，即

g₁，g₂均为

中的元素；2.1 The initialization module generates a symmetric bilinear group quaternion

Among them, p is a prime number, and its size is related to the security level of the encryption and decryption method. The magnitude of p is about 2¹⁶⁰ ,

The number of elements in is p,

The elements of and are the coordinates of points on the elliptic curve, which can be expressed as two integers,

The elements in are finite fields

The elements in can be represented as a k-dimensional integer array, e(g₁ , g₂ ) is a non-degenerate bilinear map that can be efficiently calculated, namely

g₁ and g₂ are both

elements in;

2.2初始化模块生成元素个数为p的加法整数群

其元素为0到p-1的整数；2.2 The initialization module generates an additive integer group with the number of elements p

Its elements are integers from 0 to p-1;

2.3构造哈希函数H(m)，其输入m为

中的元素，输出为

中的元素。H(m)采用了美国国家标准与技术研究院发布的SHA-1函数，具体为将m划分成512比特的片段，将每一段运算SHA-1函数的结果进行异或运算得到160比特长的输出，即

中的元素；2.3 Construct a hash function H(m) whose input m is

elements in , the output is

elements in . H(m) adopts the SHA-1 function issued by the National Institute of Standards and Technology of the United States. Specifically, m is divided into 512-bit segments, and the result of each segment of the SHA-1 function is XORed to obtain a 160-bit long output, i.e.

elements in;

2.4从

中随机选取8个元素g，h₁，h₂，h₃，h₄，h₅，h₆，h₇；2.4 From

8 elements g, h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ are randomly selected from the

2.5从

中随机选取3个元素α，z₀，z₁，其中z₀≠z₁；2.5 From

Randomly select 3 elements α, z₀ , z₁ in , where z₀ ≠z₁ ;

2.6计算公共参数元素g₁＝g^α。该指数运算代表椭圆曲线坐标元素g与从

中随机选取的标量元素α的乘法运算，椭圆曲线坐标g与标量的乘法运算步骤可以视为对椭圆曲线坐标g进行α-1次加法运算，方法是：2.6 Calculate the common parameter element g₁ =g^α . The exponential operation represents the elliptic curve coordinate element g with the

The multiplication operation of the randomly selected scalar element α, the multiplication operation step of the elliptic curve coordinate g and the scalar can be regarded as α-1 addition operation on the elliptic curve coordinate g, the method is:

2.6.1令椭圆曲线y²＝x³+ax+b上的坐标元素g＝(g_x，g_y)，令变量i＝2，令坐标元素h＝(h_x，h_y)＝g；2.6.1 Let the coordinate element g=(g_x , g_y ) on the elliptic curve y² =x³ +ax+b, let the variable i=2, let the coordinate element h=(h_x ,_hy )=g;

2.6.2计算g和h之间的斜率λ。若g＝h，则

为经点g与椭圆曲线相切的切线的斜率；若g≠h，则λ＝(g_y-h_y)/(g_x-h_x)；2.6.2 Calculate the slope λ between g and h. If g=h, then

is the slope of the tangent line tangent to the elliptic curve through point g; if g≠h, then λ=(g_y -h_y )/(g_x -h_x );

2.6.3计算g和h相加后的横坐标r_x＝λ²-g_x-h_x和g和h相加后的纵坐标r_y＝λ(g_x-r_x)-g_y。r＝(r_x，r_y)即为g与h相加的结果。2.6.3 Calculate the abscissa r_x =λ² -g_x -h_x after adding g and h and the ordinate ry₌ λ(g_x -r_x )_-gy after adding g and h. r₌ (r_x , ry ) is the result of adding g and h.

2.6.4若i＝α，此时r即为元素g₁，转2.7；否则，更新i＝i+1，令h＝r，转2.6.2。2.6.4 If i=α, then r is the element g₁ , go to 2.7; otherwise, update i=i+1, set h=r, go to 2.6.2.

2.7将g，g₁，h₁，h₂，h₃，h₄，h₅，h₆，h₇，z₀，z₁，H(m)组成公共参数，α组成主私钥。h₁，h₂，h₃，h₄，h₅，h₆，h₇中的任意一个记为h_i，i∈{1，2，3，4，5，6，7}。2.7 Form g, g₁ , h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ , z₀ , z₁ , H(m) as public parameters, and α as the master private key. Any one of h₁ , h₂ , h₃ , h₄ , h₅ , h₆ , h₇ is denoted as h_i , i∈{1, 2, 3, 4, 5, 6, 7}.

第三步，密钥生成中心运行密钥提取模块，采用接收者的标识id为接收者生成私钥。接收者的标识id为接收者已有的身份标识在

中对应的元素，私钥生成方法是：In the third step, the key generation center runs a key extraction module, and generates a private key for the recipient by using the recipient's identification id. The receiver's identification id is the receiver's existing identification.

The corresponding element in , the private key generation method is:

3.1判断id是否等于α，若相等，则标识非法，转第七步；若不相等，转3.2；3.1 Judging whether the id is equal to α, if it is equal, the identification is illegal, go to the seventh step; if not, go to 3.2;

3.2令变量i＝1；3.2 Let the variable i=1;

3.3从

中随机选取一个元素，作为接收者的私钥中的第i个元素r_id，i；3.3 From

Randomly select an element in the receiver's private key as the i-th element r_id,i in the receiver's private key;

3.4计算私钥元素

更新i＝i+1；；3.4 Calculate private key elements

update i = i+1;;

3.5若i≤7，转3.3；否则，将{r_id.i，h_id.i|i∈{1，2，3，4，5，6，7}}组成私钥。3.5 If i≤7, go to 3.3; otherwise, combine {r_id.i , h_id.i |i∈{1, 2, 3, 4, 5, 6, 7}} to form the private key.

第四步，发送者运行加密模块，采用接收者的标识id生成密文，并将密文发送给公共服务器。需要加密的明文M为转化为十进制数后不大于p的二进制数，具体步骤如下：In the fourth step, the sender runs the encryption module, uses the receiver's identification id to generate the ciphertext, and sends the ciphertext to the public server. The plaintext M that needs to be encrypted is a binary number that is not greater than p after being converted into a decimal number. The specific steps are as follows:

4.1将明文M按照二进制转十进制的方法，转化为整数M′。令中间明文m＝(0，…，0，M′)，其中前k-1维元素均为0，第k维元素为M′。那么m即

中的元素；k为

中元素表示为整数数组时的维数；4.1 Convert the plaintext M into an integer M' according to the method of converting from binary to decimal. Let the intermediate plaintext m=(0, . . . , 0, M'), wherein the first k-1 dimension elements are all 0, and the kth dimension element is M'. Then m is

elements in ; k is

The number of dimensions when the elements in are represented as integer arrays;

4.2从

中随机选取4个元素s，t，

4.2 From

Randomly select 4 elements s, t,

4.3从

中随机选取元素u；4.3 From

Randomly select element u in ;

4.4计算第一哈希值θ＝H(m)，计算第二哈希值σ＝H(u)；4.4 Calculate the first hash value θ=H(m), and calculate the second hash value σ=H(u);

4.5计算密文第一元素

密文第二元素x₂＝e(g^s，g)，密文第三元素x₃＝m·e(g^-s，h₁)，密文第四元素

密文第五元素

密文第六元素

密文第七元素y₂＝e(g^t，g)，密文第八元素y₃＝e(g^-t，h₁)，密文第九元素y₄＝(e(g，h₂)e(g^θ，h₃))^σt，密文第十元素y₅＝(e(g，h₄)e(g^θ，h₅))^σt，密文第十一元素

密文第十二元素

密文第十三元素

密文第十四元素

密文第十五元素

密文第十六元素

密文第十七元素

密文第十八元素

令元素β₁，β₂为从

中随机选取的元素，元素y为从

中随机选取的元素，β₁β₂表示β₁和β₂进行有限域

上的乘法运算，

表示β₁和γ进行有限域

上的指数运算。4.5 Calculate the first element of the ciphertext

The second element of the ciphertext x₂ =e(g^s , g), the third element of the ciphertext x₃ =m·e(g^-s , h₁ ), the fourth element of the ciphertext

The fifth element of the ciphertext

The sixth element of the ciphertext

The seventh element of ciphertext y₂ =e(g^t , g), the eighth element of ciphertext y₃ =e(g^-t , h₁ ), the ninth element of ciphertext y₄ =(e(g, h₂ ) e(g^θ , h₃ ))^σt , the tenth element of the ciphertext y₅ =(e(g, h₄ )e(g^θ , h₅ ))^σt , the eleventh element of the ciphertext

The twelfth element of the ciphertext

Thirteenth element of ciphertext

The fourteenth element of the ciphertext

The fifteenth element of the ciphertext

The sixteenth element of the ciphertext

The seventeenth element of the ciphertext

The eighteenth element of the ciphertext

Let the elements β₁ , β₂ be from

Randomly selected elements in , element y is from

_{Randomlyselectedelementsin}

multiplication on ,

Represents β₁ and γ for a finite field

exponentiation on .

4.6将x₁，x₂，x₃，x₄，x₅组成第一五元组X，将y₁，y₂，y₃，y₄，y₅组成第二五元组Y，将u₁，u₂，u₃，u₄组成第一四元组U，将v₁，v₂，v₃，v₄组成第二四元组V；4.6 Form x₁ , x₂ , x₃ , x₄ , x₅ into the first quintuple X, y₁ , y₂ , y₃ , y₄ , y₅ form the second quintuple Y, and u₁ , u₂ , u₃ , u₄ form the first quadruple U, and v₁ , v₂ , v₃ , and v₄ form the second quadruple V;

4.7将X，Y，U，V组成密文C，将C发送给公共服务器。4.7 Form X, Y, U, V into ciphertext C, and send C to the public server.

第五步，公共服务器运行重随机模块，对从发送者接收的密文C进行重随机，将得到的新密文C′发送给接收者。具体步骤如下：In the fifth step, the public server runs the re-random module, re-randomizes the ciphertext C received from the sender, and sends the new ciphertext C' obtained to the receiver. Specific steps are as follows:

5.1重随机模块从发送者接收密文C，将密文C解析成(X，Y，U，V)，其中第一五元组X＝(x₁，x₂，x₃，x₄，x₅)，第二五元组Y＝(y₁，y₂，y₃，y₄，y₅)，第一四元组U＝(u₁，u₂，u₃，u₄)以及第二四元组V＝(v₁，v₂，v₃，v₄)；5.1 The re-random module receives the ciphertext C from the sender, and parses the ciphertext C into (X, Y, U, V), where the first five-tuple X=(x₁ , x₂ , x₃ , x₄ , x₅ ), the second quintuple Y=(y₁ , y₂ , y₃ , y₄ , y₅ ), the first quintuple U=(u₁ , u₂ , u₃ , u₄ ) and the second quaternion V=(v₁ , v₂ , v₃ , v₄ );

5.2从

中随机选取4个元素s′，t′，

5.2 From

Randomly select 4 elements s', t',

5.3计算新密文第一元素

新密文第二元素

新密文第二元素

新密文第四元素

新密文第五元素

新密文第六元素

新密文第七元素

新密文第八元素

新密文第九元素

新密文第十元素

新密文第十一元素

新密文第十二元素

新密文第十三元素

新密文第十四元素

新密文第十五元素

新密文第十六元素

新密文第十七元素

新密文第十八元素

5.3 Calculate the first element of the new ciphertext

The second element of the new ciphertext

The second element of the new ciphertext

The fourth element of the new ciphertext

The fifth element of the new ciphertext

The sixth element of the new ciphertext

The seventh element of the new ciphertext

The eighth element of the new ciphertext

The ninth element of the new ciphertext

The tenth element of the new ciphertext

The eleventh element of the new ciphertext

The twelfth element of the new ciphertext

The thirteenth element of the new ciphertext

The fourteenth element of the new ciphertext

The fifteenth element of the new ciphertext

The sixteenth element of the new ciphertext

The seventeenth element of the new ciphertext

The eighteenth element of the new ciphertext

5.4将x′₁，x′₂，x′₃，x′₄，x′₅组成第三五元组X′，将y′₁，y′₂，y′₃，y′₄，y′₅组成第四五元组Y′，将u′₁，u′₂，u′₃，u′₄组成第三四元组U′，将v′₁，v′₂，v′₃，v′₄组成第四四元组V′；5.4 Form x′₁ , x′₂ , x′₃ , x′₄ , x′₅ into the third quintuple X′, and combine y′₁ , y′₂ , y′₃ , y′₄ , y′₅ The fourth quintuple Y' is formed, u'₁ , u'₂ , u'₃ , u'₄ are formed into the third quaternary U', v'₁ , v'₂ , v'₃ , v'₄ Form the fourth quadruple V';

5.5将X′，Y′，U′，V′组成新密文C′，将C′发送给接收者。5.5 Combine X', Y', U', V' to form a new ciphertext C', and send C' to the receiver.

第六步，接收者运行解密模块，对从公共服务器收到的新密文C′进行解密。具体步骤如下：In the sixth step, the receiver runs the decryption module to decrypt the new ciphertext C' received from the public server. Specific steps are as follows:

6.1将密文C′解析成(X′，Y′，U′，V′)，其中第三五元组X′＝(x′₁，x′₂，x′₃，x′₄，x′₅)，第四五元组Y′＝(y′₁，y′₂，y′₃，y′₄，y′₅)，第三四元组U′＝(u′₁，u′₂，u′₃，u′₄)以及第四四元组V′＝(v′₁，v′₂，v′₃，v′₄)；6.1 Parse the ciphertext C' into (X', Y', U', V'), where the third quintuple X'=(x'₁ , x'₂ , x'₃ , x'₄ , x'₅ ), the fourth quintuple Y′=(y′₁ , y′₂ , y′₃ , y′₄ , y′₅ ), the third quintuple U′=(u′₁ , u′₂ , u′₃ , u′₄ ) and the fourth quadruple V′=(v′₁ , v′₂ , v′₃ , v′₄ );

6.2还原中间明文

和元素

若m不能表示为k维数组(0，…，0，M′)或者整数M′大于p，转第七步；否则，将M′按照十进制转二进制的方法，计算得到明文M。此时还不能直接输出明文M，需要进一步确定密文C′是否合法；6.2 Restoring the intermediate plaintext

and elements

If m cannot be represented as a k-dimensional array (0, . . . , 0, M') or the integer M' is greater than p, go to step 7; At this time, the plaintext M cannot be directly output, and it is necessary to further determine whether the ciphertext C' is legal;

6.3计算第一哈希值θ＝H(m)和第二哈希值σ＝H(u)；6.3 Calculate the first hash value θ=H(m) and the second hash value σ=H(u);

6.4计算临时第一元素

临时第二元素

临时第三元素

6.4 Computing the temporary first element

temporary second element

temporary third element

6.5判断第一三元组

是否等于第二三元组(u′₄，v′₃，v′₄)，若不等于，则密文C′不合法，转第七步；若相等，转6.6；6.5 Judging the first triple

Is it equal to the second triplet (u′₄ , v′₃ , v′₄ ), if not, then the ciphertext C′ is invalid, go to step 7; if it is equal, go to 6.6;

6.6计算临时第四元素

临时第五元素

临时第六元素

临时第七元素

临时第八元素

6.6 Calculating the Temporary Fourth Element

temporary fifth element

temporary sixth element

temporary seventh element

temporary eighth element

6.7判断第五五元组

是否等于第六五元组(x′₄，x′₅，y′₃，y′₄，y′₅)，若不等于，则密文不合法，转第七步；若相等，则解密结果为M。6.7 Judging the fifth quintuple

Is it equal to the sixth quintuple (x′₄ , x′₅ , y′₃ , y′₄ , y′₅ ), if not equal, the ciphertext is invalid, go to the seventh step; if it is equal, the decryption result for M.

第七步，加解密系统结束运行。In the seventh step, the encryption and decryption system ends operation.

最后说明的是，以上仅是本发明的优选实施例，并非对本发明作任何形式上的限制。虽然本发明已以优选实施例揭露如上，然而并非用以限定本发明。任何熟悉本领域的技术人员，在不脱离本发明技术方案范围的情况下，都可利用上述揭示的技术内容对本发明技术方案做出许多可能的变动和修饰，或修改为等同变化的等效实施例。因此，凡是未脱离本发明技术方案的内容，依据本发明技术实质对以上实施例所做的任何简单修改、等同变化及修饰，均应落在本发明技术方案保护的范围内。Finally, it should be noted that the above are only preferred embodiments of the present invention, and do not limit the present invention in any form. Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art, without departing from the scope of the technical solution of the present invention, can make many possible changes and modifications to the technical solution of the present invention by using the technical content disclosed above, or modify it into an equivalent implementation of equivalent changes. example. Therefore, any simple modifications, equivalent changes and modifications made to the above embodiments according to the technical essence of the present invention without departing from the content of the technical solutions of the present invention should fall within the protection scope of the technical solutions of the present invention.

Claims (5)

1. A method for encrypting and decrypting identification capable of being re-randomized is characterized by comprising the following steps:

the first step is as follows: the encryption and decryption system is constructed and comprises five modules, namely an initialization module, a key extraction module, an encryption module, a decryption module and a re-randomization module, wherein the initialization module and the key extraction module are deployed in a key generation center, namely a server responsible for generating a private key, the encryption module is deployed in a sender, namely a sender, server, the decryption module is deployed in a receiver, namely a receiver, server, and the re-randomization module is deployed in a public server;

the second step is that: the key generation center runs an initialization module to generate public parameters and a master private key and discloses the public parameters, and the specific steps are as follows:

2.1 Generation of symmetric bilinear group quadruplets by initialization Module

Wherein p is a prime number;

the number of the elements in the formula (I) is p,

the element in (1) is the coordinate of a point on an elliptic curve, expressed as two integers,

the element in (A) is a finite field

Element(s) in (1), expressed as an array of k-dimensional integers, e (g)₁,g₂) For an efficiently computable non-degenerate bilinear map, i.e.

g₁,g₂Are all made of

The elements of (1);

2.2 initialization Module Generation of additive integer groups with element number p

The elements are integers from 0 to p-1;

2.3 constructing a hash function H (m) with m as an input

Is output as

The elements of (1);

2.4 from

Randomly selecting 8 elements g, h₁,h₂,h₃,h₄,h₅,h₆,h₇；

2.5 from

In the method, 3 elements α, z are randomly selected₀,z₁Wherein z is₀≠z₁；

2.6 calculating the common parameter element g₁＝g^αThe exponential operation represents the coordinate element g and the slave on the elliptic curve

The multiplication operation of the randomly selected scalar element α shows that α -1 times of addition operation is carried out on the elliptic curve coordinate g;

2.7 g, g₁,h₁,h₂,h₃,h₄,h₅,h₆,h₇,z₀,z₁H (m) constitutes the public parameter, α constitutes the master private key h₁,h₂,h₃,h₄,h₅,h₆,h₇Is denoted as h_i，i∈{1,2,3,4,5,6,7}；

Thirdly, the key generation center runs a key extraction module, and generates a private key for the receiver by adopting the identification id of the receiver, wherein the identification id of the receiver is the existing identification of the receiver

The private key generation method comprises the following corresponding elements:

3.1 judging whether id is equal to alpha or not, if so, identifying illegally, and turning to the seventh step; if not, rotating by 3.2;

3.2 let variable i be 1;

3.3 from

Randomly selects an element as the ith element r in the private key of the receiver_id,i；

3.4 computing private Key elements

Updating i to i + 1; (ii) a

If i is less than or equal to 7, rotating to 3.3; otherwise, will { r_id.i,h_id.iI ∈ {1,2,3,4,5,6,7} } constitutes a private key;

and fourthly, the sender runs the encryption module, generates a ciphertext by adopting the identification id of the receiver and sends the ciphertext to the public server, and the method specifically comprises the following steps:

4.1 converting the plaintext M into an integer M' according to a binary decimal conversion method; let M be (0, …,0, M '), where the first k-1 dimensional elements are all 0, the k-th dimensional element is M', M is

Wherein k is

The dimension of the middle element when the middle element is expressed as an integer array;

4.2 from

Wherein 4 elements s, t,

4.3 from

Randomly selecting an element u;

4.4 calculate the first hash value θ ═ h (m), calculate the second hash value σ ═ h (u);

4.5 computing the first element of the ciphertext

Ciphertext second element x₂＝e(g^sG), third element x of ciphertext₃＝m·e(g^-s,h₁) Fourth element of ciphertext

Fifth element of cipher text

Ciphertext sixth element

Seventh element y of ciphertext₂＝e(g^tG), ciphertext eighth element y₃＝e(g^-t,h₁) Ninth element of ciphertext y₄＝(e(g,h₂)e(g^θ,h₃))^σtThe tenth element y of the ciphertext₅＝(e(g,h₄)e(g^θ,h₅))^σtEleventh element of ciphertext

Twelfth element of ciphertext

The thirteenth element of the ciphertext

The fourteenth element of the ciphertext

The fifteenth element of the ciphertext

Sixteenth element of ciphertext

Seventeenth element of ciphertext

Eighteenth element of ciphertext

Let element β₁,β₂To be driven from

Wherein the element is randomly selected from the group consisting of

Of a randomly selected element, β₁β₂Representation β₁And β₂Performing a finite field

The multiplication operation of (a) above (b),

representation β₁And gamma to perform finite field

The above exponential operation;

4.6 mixing of x₁,x₂,x₃,x₄,x₅Form a first quintuple X of y₁,y₂,y₃,y₄,y₅Form a second quintuple Y, add u₁,u₂,u₃,u₄Form a first quadruple U of v₁,v₂,v₃,v₄Forming a second quadruple V;

4.7, forming a ciphertext C by the X, the Y, the U and the V, and sending the C to a public server;

fifthly, the public server operates a re-randomizing module to re-randomize the ciphertext C received from the sender and send the obtained new ciphertext C' to the receiver, and the specific steps are as follows:

5.1 the re-randomizing module receives the ciphertext C from the sender, parses the ciphertext C into (X, Y, U, V), where the first quintuple X is (X, Y, U, V)₁,x₂,x₃,x₄,x₅) The second pentad Y ═ Y₁,y₂,y₃,y₄,y₅) The first quadruple U ═ U (U)₁,u₂,u₃,u₄) And a second quadruple V ═ V (V)₁,v₂,v₃,v₄)；

5.2 from

In the method, 4 elements s ', t' are randomly selected,

5.3 computing the first element of the New ciphertext

Second element of new cipher text

Third element of new cipher text

Fourth element of new cryptograph

Fifth element of new cipher text

Sixth element of new ciphertext

Seventh element of new ciphertext

Eighth element of new cipher text

Ninth element of new cipher text

Tenth element of new ciphertext

Eleventh element of new ciphertext

Twelfth element of new cipher text

Thirteenth element of new ciphertext

Fourteenth element of new cipher text

Fifteenth element of new ciphertext

Sixteenth element of new ciphertext

Seventeenth element of new ciphertext

Eighteenth element of new cipher text

5.4 will be x'₁,x′₂,x′₃,x′₄,x′₅To form a third pentad X ', y'₁,y′₂,y′₃,y′₄,y′₅To form a fourth pentad Y ', u'₁,u′₂,u′₃,u′₄Constitute a third quadruple U ', will v'₁,v′₂,v′₃,v′₄Forming a fourth quadruple V';

5.5, forming a new ciphertext C 'from the X', Y ', U' and V ', and sending the C' to a receiver;

and sixthly, the receiver operates a decryption module to decrypt the new ciphertext C' received from the public server, and the specific steps are as follows:

6.1 parse ciphertext C ' into (X ', Y ', U ', V '), where the third quintuple X ' is (X '₁,x′₂,x′₃,x′₄,x′₅) Fourth pentad Y '═ Y'₁,y′₂,y′₃,y′₄,y′₅) Third quadruple U '═ U'₁,u′₂,u′₃,u′₄) And a fourth quadruple V '═ V'₁,v′₂,v′₃,v′₄)；

6.2 recovery of intermediate plaintext

And elements

If M cannot be represented as a k-dimensional array (0, …,0, M ') or the integer M' is larger than p, turning to the seventh step; otherwise, calculating the M' according to a method of converting decimal system into binary system to obtain a plaintext M;

6.3 calculating a first hash value θ ═ h (m) and a second hash value σ ═ h (u);

6.4 calculating the provisional first element

Temporary second element

Temporary third element

6.5 judging the first triplet

Whether equal to the second triplet (u'₄,v′₃,v′₄) If not, the ciphertext C' is illegal, and the seventh step is carried out; if equal, turning to 6.6;

6.6 computing the provisional fourth element

Temporary fifth element

Temporary sixth element

Temporary seventh element

Temporary eighth element

6.7 judging the fifth quintuple

Whether or not equal to a sixth quinary group (x'₄,x′₅,y′₃,y′₄,y′₅) If not, the cipher text is illegal, and the seventh step is carried out; if the two are equal, the decryption result is M.

And seventhly, finishing the operation of the encryption and decryption system.

2. A method of re-randomizing identity encryption and decryption as claimed in claim 1, wherein p is on the order of 2¹⁶⁰。

3. The method of claim 1, wherein the step 2.3 of constructing the hash function h (m) is: m is divided into 512-bit segments, and the result of each segment operation SHA-1 function is subjected to XOR operation to obtain 160-bit long output, namely

Of (1).

4. A method of re-randomizing identity encryption and decryption as claimed in claim 1, wherein the step of 2.6 computing the common parameter element g₁＝g^αThe method comprises the following steps: ,

2.6.1 order elliptic curve y²＝x³Coordinate element g ═ g on + ax + b_x,g_y) Let variable i equal to 2 and coordinate element h equal to (h)_x,h_y)＝g；

2.6.2 calculate the slope λ between g and h: if g is h, then

The slope of a tangent line tangent to the elliptic curve via point g; if g ≠ h, λ ═ g_y-h_y)/(g_x-h_x)；

2.6.3 calculating the abscissa r of the sum of g and h_x＝λ²-g_x-h_xOrdinate r after addition of g and h_y＝λ(g_x-r_x)-g_y，r＝(r_x,r_y) I.e. the result of the addition of g to h.

2.6.4 if i is α, then r is the element g₁Turning to 2.7; otherwise, update i to i +1, let h to r, and go to 2.6.2.

5. The method according to claim 1, wherein the plaintext M to be encrypted in step 2.5 is a binary number not greater than p after being converted into a decimal number.

Images