MEMBER CERTIFICATE ACQUIRING DEVICE, MEMBER CERTIFICATE ISSUING DEVICE, GROUP SIGNING DEVICE, AND GROUP SIGNATURE VERIFYING DEVICE
First Claim
1. A member-certificate acquiring device, which is input with a group public key and a random number and outputs a member certificate and a member secret key by communicating with a member-certificate issuing device, characterized in thatwhen input with said group public key which includes:
- a description for four groups;
group 1, group 2, group T, and group E, of the same order number;
a description of bilinear mapping from group 1 and group 2 to group T;
each generator of group 1, group 2, group T, and group E; and
a signature public key of a signature scheme using said group 1, said group 2, and said group T, said member-certificate acquiring device sends;
said member secret key including an integer not larger than said order number;
a member evidence which is a value given by multiplying said generator of said group E by said member secret key; and
an element of said group 1 or group 2 which is a value given by multiplying said generator of said group 1 or group 2 by said member secret key, to said member-certificate issuing device, and thereafter upon receipt of a signature for said member secret key, which is verifiable by said signature public key, from said member-certificate issuing device, uses said signature as said member certificate;
and especially group E is a group different from group 1, group 2, and group T, in which solving the Diffie-Hellman discrimination problem is difficult.
1 Assignment
0 Petitions
Accused Products
Abstract
It is an object of the present invention to enhance the security and reduce the data amount of data to be handled in a group signing system, in which when the group public key which includes: a description for four groups: group 1, group 2, group T, and group E of the same order number; a description of bilinear mapping from group 1 and group 2 to group T; each generator of group 1, group 2, group T, and group E; and a signature public key of a signature scheme using group 1, group 2, and group T, is input, the member secret key including an integer not larger than the order number, member evidence which is a value given by multiplying the generator of group E by the member secret key, and an element of group 1 or group 2 which is a value given by multiplying the generator of the group 1 or the group 2 by the member secret key are sent to the member-certificate issuing device, and thereafter upon receipt of a signature for the member secret key, which is verifiable by the signature public key, from the member-certificate issuing device, the signature is used as the member certificate.
30 Citations
17 Claims
-
1. A member-certificate acquiring device, which is input with a group public key and a random number and outputs a member certificate and a member secret key by communicating with a member-certificate issuing device, characterized in that
when input with said group public key which includes: - a description for four groups;
group 1, group 2, group T, and group E, of the same order number;
a description of bilinear mapping from group 1 and group 2 to group T;
each generator of group 1, group 2, group T, and group E; and
a signature public key of a signature scheme using said group 1, said group 2, and said group T, said member-certificate acquiring device sends;
said member secret key including an integer not larger than said order number;
a member evidence which is a value given by multiplying said generator of said group E by said member secret key; and
an element of said group 1 or group 2 which is a value given by multiplying said generator of said group 1 or group 2 by said member secret key, to said member-certificate issuing device, and thereafter upon receipt of a signature for said member secret key, which is verifiable by said signature public key, from said member-certificate issuing device, uses said signature as said member certificate;and especially group E is a group different from group 1, group 2, and group T, in which solving the Diffie-Hellman discrimination problem is difficult. - View Dependent Claims (13)
- a description for four groups;
-
2. A member-certificate issuing device, which is input with a group public key, a group secret key and a random number and which outputs a member evidence for use in identifying a member by communicating with a member-certificate acquiring device, characterized in that
the member-certificate issuing device is input with said group public key which includes: - a description for four groups;
group 1, group 2, group T, and group E, of the same order number;
a description of bilinear mapping from group 1 and group 2 to group T;
each generator of group 1, group 2, group T, and group E; and
a signature public key of a signature scheme using said group 1, said group 2, and said group T, and said group secret key which includes a signature secret key corresponding to said signature public key of a signature scheme using said group 1, said group 2, and said group T, and upon receipt of a member evidence which is a value given by multiplying said generator of said group E by the member secret key, and an element of said group 1 or said group 2 which is a value given by multiplying the generator of said group 1 or group 2 by the member secret key from said member-certificate acquiring device, generates a signature for said member secret key using said signature secret key to send said signature to the member-certificate acquiring device as said member certificate;and especially group E is a group different from group 1, group 2, and group T, in which solving the Diffie-Hellman discrimination problem is difficult. - View Dependent Claims (14)
- a description for four groups;
-
3. A group signing device, which is input with a group public key, a tracking public key, a member certificate, a member secret key, and a message and which outputs a group signature for said message, characterized in that
said group signing device comprises an encryption device for creating an encrypted text in which part of the member evidence generated from the said member secret key is encrypted by a tracking public key from: - said group public key including a description for four groups;
group 1, group 2, group T, and group E, of the same order number, a description of bilinear mapping from group 1 and group 2 to group T, each generator of group 1, group 2, group T, and group E, and a signature public key of a signature scheme utilizing said group 1, said group 2, and said group T;
said tracking public key comprising an element of said group E; and
said member secret key;and especially group E is a group different from group 1, group 2, and group T, in which solving the Diffie-Hellman discrimination problem is difficult. - View Dependent Claims (4, 5, 6, 7, 15)
- said group public key including a description for four groups;
-
8. A group-signature verifying device, which is input with a group public key, a tracking public key, a message, and a group signature, and judges whether said group signature is a valid group signature for said message to output “
- valid”
or “
invalid,”
characterized in thatwhen input with;
a group public key which includes a description for four groups;
group 1, group 2, group T, and group E, of the same order number;
a description of bilinear mapping from group 1 and group 2 to group T;
each generator of group 1, group 2, group T, and group E; and
a signature public key of a signature scheme using said group 1, said group 2, and said group T;
a tracking public key comprising an element of group E; and
a group signature including an encrypted text in which part of member evidence generated by a member secret key is encrypted by the tracking public key, said group-signature verifying device judges whether said group signature is a valid group signature for said message to output “
valid”
or “
invalid”
;and especially group E is a group different from group 1, group 2, and group T, in which solving the Diffie-Hellman discrimination problem is difficult. - View Dependent Claims (9, 10, 11, 16)
- valid”
- 12. A tracking device, which is input with a group public key, a tracking public key, a group signature, and a tracking secret key, and which decrypts the encrypted text of part of the member evidence generated from a member secret key contained in the group signature to output the part of member evidence which is a value uniquely determined from the member secret key, the encrypted text of part of the member certificate being an ElGamal encrypted text.
Specification