Attribute-based network ring signing method for distributed authorization

Abstract

The invention discloses an attribute-based network ring signing method for distributed authorization and belongs to the field of information security. The method comprises the steps of in an initialization phase, removing a credible system centre through utilization of a distributed key negotiation protocol, dispersing key management authority of an attribute authorization mechanism, and solving an attribute key trusteeship problem; in a key distribution phase, embedding a user identity into the attribute key and determining that through utilization of the method, a collusion attack can be resisted; and in a signature generation phase, introducing a user identity fuzzy factor, thereby enabling the method to have unconditional high anonymity. The method is high in anonymity and high in security; and anonymous identity authentication and access control function can be effectively carried out on cloud computing and electronic medical networks.

Description

technical field [0001] The invention relates to a distributed authorization network anonymous identity authentication and signature method for access. Background technique [0002] With the vigorous development of big data applications such as electronic medical care and cloud computing, data authentication and privacy protection have become very realistic and urgently needed to be solved. Attribute-based (attribute-based) ring signatures have no group organization process in the signing process, do not require the participation of group administrators, facilitate the concealment of signer privacy, and can provide stronger anonymity protection than ordinary attribute-based signatures, so they are especially suitable for implementing Anonymous identity authentication and access control functions in networks with high anonymity requirements such as cloud computing and electronic medical care. The analysis shows that the existing attribute-based (attribute-based) ring signatur...

AI Technical Summary

Problems solved by technology

This method embeds user identity information directly into the attribute key, although it can ensure that the signature cannot be generated by collusion of multiple users, but the anonymity of the method is degraded due to the introduction of identity information.

In addition, since the use of a single attribute authority is responsible for the distribution and management of all attribute keys in the system, as long as the attribute authority is compromised by the attacker, the attacker can use the key of the attribute authority to generate the attribute key of any user in the system. Therefore, this approach also suffers from property key escrow issues

[0004] Li et al. "Li J, Chen XF, Huang XY. New attribute-based authentication and its application in anonymous cloud access service [J]. Journal on International Journal of Web and Grid Services, 2015, 11(1): 125-141." Reference Chase et al. "Chase M, Chow S. Improving privacy and security in multi-authority attribute-based encryption [A], In Proceedings of the 16th ACM Conference on Computer and Communications Security [C], 2009: 121-130." The key anonymous distribution protocol improves the existing attribute-based ring signature method, but the introduction of the key anonymous distribution protocol causes the attribute authority AA to generate user attribute keys in the key distribution stage. t 2 key to ensure the security of the scheme, where t is the number of attribute authority AA in the attribute authority set

This undoubtedly reduces the work efficiency of the attribute authority AA and increases the communication cost between the attribute authority AA and the user

Images