Hierarchical identity-based encryption and signature schemes
First Claim
1. A computer-implemented method of generating a digital signature on a message M for a signer Et which is an entity t levels below an entity E0 in a hierarchical system including at least the entities E0, E1, . . . , Et, t≧
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
1 in the hierarchical system, the method comprising;
(1) obtaining the signer'"'"'s secret key St which is a member of a group G1;
(2) obtaining the signer'"'"'s integer secret st;
(3) generating a signature component Sig on the message M as a value
Sig=St+stPM wherein;
“
+”
is a group operation in the group G1; and
PM is a value depending on the message M and is a member of the group G1.
0 Assignments
0 Petitions
Accused Products
Abstract
A signature {Sig, {Qi}} is generated on a message M by a signer Et in a hierarchical system including the entities E0, E1, . . . , Et, each entity Ei (i>0) being a child of Ei−1. Here
where: each Si is a secret key of Ei; each si is a secret of Si; PM is a public function of M; each Pi is a public function of the ID'"'"'s of all entities Ej such that 1≦j≦i; each Qi=siP0 where P0 is public. The verifier confirms that
where: the product Πiê(Qi−1,Pi) is taken over all integers i in a proper subset of the integers from 1 to t inclusive; ê is a bilinear non-degenerate mapping; V can be ê(Q0,Pi
-
Citations
25 Claims
-
1. A computer-implemented method of generating a digital signature on a message M for a signer Et which is an entity t levels below an entity E0 in a hierarchical system including at least the entities E0, E1, . . . , Et, t≧
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
1 in the hierarchical system, the method comprising;(1) obtaining the signer'"'"'s secret key St which is a member of a group G1; (2) obtaining the signer'"'"'s integer secret st; (3) generating a signature component Sig on the message M as a value
Sig=St+stPMwherein; “
+”
is a group operation in the group G1; andPM is a value depending on the message M and is a member of the group G1. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
wherein each Pi is a public function of an identity of the entity Ei, and each si−
1 is an integer secret of the entity Ei−
1.
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
-
3. The method of claim 2 wherein in operation (1), the signer obtains St from the entity Et−
- 1, and in operation (2) the signer generates st.
-
4. The method of claim 2, wherein each Pi depends on the identity of each entity Ej such that 1≦
- j≦
i.
- j≦
-
5. The method of claim 1 wherein:
-
each entity Ei (i>
0) receives its secret key Si from the entity Ei−
1;each entity Ei (i<
t) generates its secret si and also generates a secret key Si+1 as;
Si+1=Si+siPi+1and provides the secret key Si+1 to the entity Ei+1; each entity Ei (0≦
i≦
t) generates a value Qi=siP0, where P0 is a predefined element of the group G1, and each entity Ei (1≦
i≦
t) obtains the values Qj for all j<
i.
-
-
6. The method of claim 5 further comprising providing the signature component Sig to a verifier, wherein the verifier has access to values {Qi} for values i in a subset of integers from 0 to t inclusive.
-
7. The method of claim 6 wherein said subset of integers from 0 to t inclusive comprises each integer from 0 to t inclusive except the integer 1.
-
8. The method of claim 6 wherein said subset of integers from 0 to t inclusive is the set of all integers from L to t inclusive, where L is an integer greater than 1;
- and
the verifier is a child of the entity EL in the hierarchical system.
- and
-
9. The method of claim 5, wherein each Pi depends on the identity of each entity Ej such that 1≦
- j≦
i and also on each Qj such that 1≦
j≦
i.
- j≦
-
10. A computer-implemented method of verifying a digital signature on a message M to verify that the digital signature is a valid signature by a signer Et which is an entity t levels below an entity E0 in a hierarchical system including at least the entities E0, E1, . . . , Et, t≧
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
1 in the hierarchical system, the method comprising;(1) obtaining a signature component Sig which is an element of a predefined group G1; (2) obtaining one or more values Qi associated with respective one or more entities Ei, the one or more values Qi including a value Qt; (3) confirming that wherein; P0 is a predefined element of a group G1; the product Π
iê
(Qi−
1,Pi) is taken over all integers i in a proper subset of the integers from 1 to t inclusive;each Qi−
1=si−
1P0, where si−
1 is an integer secret of the entity Ei−
1;Qt=stP0, where si is an integer secret of the entity Et; ê
is a bilinear non-degenerate mapping of G1×
G1 into a predefined group G2;PM is a value depending on the message M and is a member of the group G1; each Pi depends on an identity of the entity Ei; V is an element of the group G2. - View Dependent Claims (11, 12, 13, 14)
wherein; each Pzi (i>
L) is a public function of an identity of the entity Ezi;each si−
1 is an integer secret of the entity Ei−
1, and each sz(i−
1) is an integer secret of the entity Ez(i−
1).
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
-
14. The method of claim 10 wherein:
-
each entity Ei (i>
0) receives its secret key Si from the entity Ei−
1;each entity Ei (i<
t) generates its secret si and also generates a secret key Si+1 as;
Si+1=Si+siPi+1and provides the secret key Si+1 to the entity Ei+1; each entity Ei (0≦
i≦
t) generates a value Qi=siP0, where P0 is a predefined element of the group G1.
-
-
15. An apparatus operable to generate a digital signature on a message M for a signer Et which is an entity t levels below an entity E0 in a hierarchical system including at least the entities E0, E1, . . . , Et, t≧
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
1 in the hierarchical system, the apparatus comprising circuitry for;(1) obtaining the signer'"'"'s secret key St which is a member of a group G1; (2) obtaining the signer'"'"'s integer secret st; (3) generating a signature component Sig on the message M as a value
Sig=St+stPMwherein; “
+”
is a group operation in the group G1; andPM is a value depending on the message M and is a member of the group G1. - View Dependent Claims (16, 17, 18, 19, 20)
wherein each Pi is a public function of an identity of the entity Ei, and each si−
1 is an integer secret of the entity Ei−
1.
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
-
17. The apparatus of claim 16 wherein in operation (1), the signer obtains St from the entity Et−
- 1, and in operation (2) the signer generates st.
-
18. The apparatus of claim 16 wherein:
-
each entity Ei (i>
0) receives its secret key Si from the entity Ei−
1;each entity Ei (i<
t) generates its secret si and also generates a secret key Si+1 as;
Si+1=Si+siPi+1and provides the secret key Si+1 to the entity Ei+1; each entity Ei (0≦
i≦
t) generates a value Qi=siP0, where P0 is a predefined element of the group G1, and each entity Ei (1≦
i≦
t) obtains the values Qj for all j<
i.
-
-
19. The apparatus of claim 18 wherein the apparatus is further for providing the signature component Sig to a verifier, wherein the verifier has access to values {Qi} for values i in a subset of integers from 0 to t inclusive, wherein said subset of integers from 0 to t inclusive comprises each integer from 0 to t inclusive except one integer.
-
20. The apparatus of claim 18 wherein said subset of integers from 0 to t inclusive is the set of all integers from L to t inclusive, where L is an integer greater than 1 and less than t;
- and
the verifier is a child of the entity EL in the hierarchical system.
- and
-
21. An apparatus operable to verify a digital signature on a message M to confirm that the digital signature is a valid signature by a signer Et which is an entity t levels below an entity E0 in a hierarchical system including at least the entities E0, E1, . . . , Et, t≧
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
1 in the hierarchical system, the apparatus comprising circuitry for;(1) obtaining a signature component Sig which is an element of a predefined group G1; (2) obtaining one or more values Qi associated with respective one or more entities Ei, the one or more values Qi including a value Qt; (3) confirming that wherein; P0 is a predefined public element of a group G1; ê
is a bilinear non-degenerate mapping of G1×
G1 into a predefined group G2;PM is a value depending on the message M and is a member of the group G1; each Pi depends on an identity of the entity Ei; V is an element of the group G2. - View Dependent Claims (22, 23, 24, 25)
wherein; each Pzi (i>
L) is a public function of an identity of the entity Ezi;each si−
1 is an integer secret of the entity Ei−
1, and each sz(i−
1) is an integer secret of the entity Ez(i−
1).
- 2, wherein each entity Ei (i=1, . . . ,t) is a child of entity Ei−
-
25. The apparatus of claim 21 wherein:
-
each entity Ei (i>
0) receives its secret key Si from the entity Ei−
1;each entity Ei (i<
t) generates its secret si and also generates a secret key Si+1 as;
Si+1=Si+siPi+1and provides the secret key Si+1 to the entity Ei+1; each entity Ei (0≦
i≦
t) generates a value Qi=siP0, where P0 is a predefined element of the group G1.
-
Specification