ID-based signature, encryption system and encryption method
First Claim
1. A private key generation apparatus in an ID-based signature and encryption system that comprises an encryption apparatus and a decryption apparatus and can use any character string as a public key, wherein:
- said private key generation apparatus comprises;
a private key generation and issuing means, which generates public parameters and a master key used in the entire system, and uses said master key for generating a private key corresponding to a user'"'"'s public key in response to a request of a user, to issue the generated private key to said user as a requester; and
a parameter publication means, which publishes the public parameters generated by the private key generation apparatus; and
said private key generation apparatus generation and issuing means;
adds g=e(P, P) (e is a bilinear mapping called a pairing) calculated in advance using a selected element P of a group of order q to said public parameters; and
defines two elements P1 and P2 of said group as P1=s1P and P2=s2P, using random numbers s1 and s2 as a part of said master key, with s1 and s2 being included in a set Zq* of positive integers less than said order q and relatively prime with q, to calculate (s1+us2)−
1P as the private key.
1 Assignment
0 Petitions
Accused Products
Abstract
An ID-based encryption and signature technique, according to which more efficient and higher speed processing is possible. In generation of public parameters, an element P of a group G1 of order q is selected, and then, g=e(P, P) calculated in advance is added to the public parameters. At the time of encryption and verification, a public key ID is associated with an element PID of the group G1, using u∈Zq* and two elements P1 and P2 (included in the public parameters) of G1 and calculating PID=P1+uP2. The above-mentioned elements P1 and P2 are determined by P1=s1P and P2=s2P using random numbers s1, s2∈Zq* as a part of a master key, and a private key of a user is determined by dID=(s1+us2)−1P.
22 Citations
11 Claims
-
1. A private key generation apparatus in an ID-based signature and encryption system that comprises an encryption apparatus and a decryption apparatus and can use any character string as a public key, wherein:
-
said private key generation apparatus comprises;
a private key generation and issuing means, which generates public parameters and a master key used in the entire system, and uses said master key for generating a private key corresponding to a user'"'"'s public key in response to a request of a user, to issue the generated private key to said user as a requester; and
a parameter publication means, which publishes the public parameters generated by the private key generation apparatus; and
said private key generation apparatus generation and issuing means;
adds g=e(P, P) (e is a bilinear mapping called a pairing) calculated in advance using a selected element P of a group of order q to said public parameters; and
defines two elements P1 and P2 of said group as P1=s1P and P2=s2P, using random numbers s1 and s2 as a part of said master key, with s1 and s2 being included in a set Zq* of positive integers less than said order q and relatively prime with q, to calculate (s1+us2)−
1P as the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An ID-based signature and encryption system that can use any character string as a public key, wherein:
-
said ID-based signature and encryption system comprises;
a private key generation apparatus, which generates public parameters and a master key used in the entire system, publishes said public parameters, and uses said master key for generating a private key corresponding to a user'"'"'s public key in response to a request of a user, to issue the generated private key to said user as a requester;
an encryption and signature generation apparatus, which performs at least one of a message encryption processing that is performed using the public parameters published by said private key generation apparatus and a public key of a recipient and a signature generation processing that is performed using said public parameters and a user'"'"'s private key issued by said private key generation apparatus;
a decryption and signature verification apparatus, which performs at least one of a decryption processing that is performed using the public parameters published by said private key generation apparatus and a user'"'"'s private key issued by said private key generation apparatus, for decrypting a message encrypted by said encryption and signature generation apparatus, and a signature verification processing that is performed using said public parameters and a public key of a sender, for signature verification of a message on which the signature generation processing has been performed by said encryption and signature verification apparatus; and
said private key generation apparatus;
selects an element P of a group of order q, and adds g=e(P, P) (e is a bilinear mapping called a pairing) calculated in advance to said public parameters; and
defines two elements P1 and P2 of said group as P1=s1P and P2=s2P, using random numbers s1 and s2 as a part of said master key, with s1 and s2 being included in a set Zq* of positive integers less than said order q and relatively prime with q, to calculate (s1+us2)−
1P as the private key; and
said encryption and signature generation apparatus and said decryption and signature verification apparatus associate said public key with an element PID of said group, by calculating PID=P1+uP2 using any character string u included in said set Zq* and said two elements P1 and P2.
-
-
11. An ID-based signature and encryption method that can use any character string as a public key, comprising:
-
a public parameter and master key generation step, in which public parameters and a master key used in the entire system are generated and said public parameters are published;
a private key issuing step, in which said master key is used for generating a private key corresponding to a user'"'"'s public key in response to a request of a user, and the generated private key is issued to said user as a requester;
an encryption and signature generation step, in which at least one of a message encryption processing that is performed using the public parameters a public key of a recipient and a signature generation processing that is performed using said public parameters and the private key of said user; and
a decryption and signature verification step, in which at least one of decryption processing that is performed using the public parameters and the private key of said user, for decrypting the encrypted message, and a signature verification processing that is performed using said public parameters and a public key of a sender, for signature verification of the message on which said signature generation processing has been performed; and
in said public parameter and master key generation step, an element P of a group of order q is selected, and g=e(P, P) (e is a bilinear mapping called a pairing) calculated in advance is added to said public parameters;
in said private key issuing step, two elements P1 and P2 of said group are defined as P1=s1P and P2=s2P, using random numbers s1 and s2 as a part of said master key, with s1 and s2 being included in a set Zq* of positive integers less than said order q and relatively prime with q, to calculate (s1+us2)−
1P as said private key; and
in said encryption and signature generation step and said decryption and signature verification step, said public key is associated with an element PID of said group, by calculating PID=P1+uP2 using any character string u included in said set Zq* and said two elements P1 and P2.
-
Specification