Anonymous authentication signature system, user device, verification device, signature method, verification method, and program therefor
First Claim
1. An anonymous authentication signature system constituted by mutually connecting a user device which generates and outputs signature data for a document inputted by a user and a verification device which verifies whether or not the signature data generated by the user device is proper and outputs a result thereof, wherein:
- the user device includesa first recording unit which stores first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate,an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose,a cryptograph generator which generates a cryptograph based on at least two from among the first parameters,a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, anda signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed;
the verification device includesa second recording unit which stores second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate,an input receiver which receives the input of the document and the signature data from the user device, anda zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receives the signature data when judged as acceptable;
the user public key and the attribute certificate are generated by using a same power;
the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and
the signature text generator of the user device combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance.
1 Assignment
0 Petitions
Accused Products
Abstract
The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power.
8 Citations
16 Claims
-
1. An anonymous authentication signature system constituted by mutually connecting a user device which generates and outputs signature data for a document inputted by a user and a verification device which verifies whether or not the signature data generated by the user device is proper and outputs a result thereof, wherein:
-
the user device includes a first recording unit which stores first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate, an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose, a cryptograph generator which generates a cryptograph based on at least two from among the first parameters, a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, and a signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed; the verification device includes a second recording unit which stores second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate, an input receiver which receives the input of the document and the signature data from the user device, and a zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receives the signature data when judged as acceptable; the user public key and the attribute certificate are generated by using a same power; the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and the signature text generator of the user device combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A user device which generates and outputs signature data for a document inputted by a user, the user device comprising:
-
a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose; a cryptograph generator which generates a cryptograph based on at least two from among the parameters; a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the generated cryptograph and the attribute certificate corresponding to each of the attributes to be disclosed; and a signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed, wherein the user public key and the attribute certificate are generated by using a same power; the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and the signature text generator combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance.
-
-
9. A verification device which verifies whether or not signature data generated by a user device is proper and outputs a result thereof, the verification device comprising:
-
a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate; an input receiver which receives input of a document from a user and the signature data; and a zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters, and receives the signature data when judged as acceptable, wherein the user public key and the attribute certificate are generated by using a same power, and the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
10. A signature method which generates and outputs signature data for a document inputted by a user, the method comprising:
-
storing in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, and a member certificate as well as an attribute certificate generated by using a same power as that of the user public key; receiving input of the document from the user and a plurality of attributes the user intends to disclose; generating, using a cryptograph generator, a cryptograph based on at least two from among the parameters; combining, using a signature text generator, a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate a zero-knowledge signature text showing that the combined data satisfies an expression defined in advance; and outputting, using a signature outputter, the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed, wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
11. A verification method which verifies whether or not signature data generated by a user device is proper and outputs a result thereof, the method comprising:
-
storing in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate generated by using a same power as that of the user public key; receiving input of a document from a user and the signature data; judging, using a zero-knowledge certification verifier, whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters; and receiving, using an input receiver, the signature data when judged as acceptable, wherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
12. A non-transitory computer readable recording medium storing a signature program for generating and outputting signature data for a document inputted by a user, the program causing a computer which stores in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, and a member certificate as well as an attribute certificate generated by using a same power as that of the user public key to execute:
-
a procedure for receiving input of the document from the user and a plurality of attributes the user intends to disclose; a procedure for generating, using a cryptograph generator, a cryptograph based on at least two from among the parameters; a procedure for combining, using a signature text generator, a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate a zero-knowledge signature text showing that the combined data satisfies an expression defined in advance; and a procedure for outputting, using a signature outputter, the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed, wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
13. A non-transitory computer readable recording medium storing a verification program for verifying whether or not signature data generated by a user device is proper and outputting a result thereof, the program causing a computer which stores in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate generated by using a same power as that of the user public key to execute:
-
a procedure for receiving input of the document from a user and the signature data; a procedure for judging, using a zero-knowledge certification verifier, whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters; and a procedure for receiving, using an input receiver, the signature data when judged as acceptable, wherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
14. An anonymous authentication signature system constituted by mutually connecting user means for generating and outputting signature data for a document inputted by a user and verification means for verifying whether or not the signature data generated by the user device is proper and outputting a result thereof, wherein:
-
the user means includes; first recording means for storing first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate, input/output means for receiving input of the document from the user and a plurality of attributes the user intends to disclose, cryptograph generating means for generating a cryptograph based on at least two from among the first parameters, signature text generating means for generating a signature text from the cryptograph and for generating a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, and signature output means for outputting the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed; the verification means includes; second recording means for storing second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate, input receiving means for receiving the input of the document and the signature data from the user means, and zero-knowledge certification verifying means for judging whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receiving the signature data when judged as acceptable; the user public key and the attribute certificate are generated by using a same power; and the signature text generating means of the user means combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance, wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
15. User means for generating and outputting signature data for a document inputted by a user, the user device comprising:
-
recording means for storing system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; input/output means for receiving input of the document from the user and a plurality of attributes the user intends to disclose; cryptograph generating means for generating a cryptograph from at least two from among the parameters; signature text generating means for generating a signature text from the cryptograph and for generating a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed; and signature output means for outputting the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed, wherein; the user public key and the attribute certificate are generated by using a same power; the signature text generating means combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance, and the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
-
16. Verification means for verifying whether or not signature data generated by a user device is proper and outputs a result thereof, the verification means comprising:
-
recording means for storing system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate; input receiving means for receiving input of a document from a user and the signature data; and zero-knowledge certification verifying means for judging whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters, and receiving the signature data when judged as acceptable, wherein the user public key and the attribute certificate are generated by using a same power, and wherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.
-
Specification