主权项 |
1. A group signature system comprising:
a key issuer server; an opener server; a linker server; a signature verifying unit; and a user device, wherein the key issuer server includes a processor; and a non-transitory computer readable medium with computer executable instructions stored thereon which, when executed by the processor, perform a method comprising: generating a first parameter of a group public key, generating a corresponding master issuing key, generating a group public key using the first parameter of a group public key and a second parameter of a group public key received from the opener server, verifying a validity of a subscription request message received from the user device requesting a membership in the group signature system, and storing a secret signature key corresponding to the user device membership in the group signature system, wherein the opener server includes a processor; and a non-transitory computer readable medium with computer executable instructions stored thereon which, when executed by the processor, perform a method comprising: generating the second parameter of a group public key, transmitting the second parameter of a group public key to the key issuer server, defining a master opening key, and defining a master linking key, wherein the master linking key is a secret key, wherein the user device includes a processor; and a non-transitory computer readable medium with computer executable instructions stored thereon which, when executed by the processor, perform a method comprising: receiving a message, receiving the group public key, receiving a secret signature key corresponding to the group public key, generating for the message a group signature corresponding to the group public key, selecting a random number Ziεzp*, calculating upk[1]=Zi=g3Zi, generating TU (CU=Ext-Commit(Zi), NIZKEqDL (CU,Zi,g3)), wherein Ext-Commit is an extractable commitment scheme providing perfect binding and computational hiding, and NIZKEqDL( ) is a non-interactive zero-knowledge proof scheme, and transmitting the subscription request message (Join, Idi, (upk[i]=Zi, TU)), wherein the subscription request message includes upk[i]=Zi, TU as a proof of possession of a personal key, wherein the signature verifying unit is configured to includes a processor; and a non-transitory computer readable medium with computer executable instructions stored thereon which, when executed by the processor, perform a method comprising: receiving the message and the group signature corresponding to the group public key, and checking whether the group signature received from the user device is valid, and wherein the linker server includes a processor; and a non-transitory computer readable medium with computer executable instructions stored thereon which, when executed by the processor, perform a method comprising: receiving the master linking key from the opener server, receiving from the user device at least two pairs of a message and a group signature as input values, and determining whether said pairs are linked using the master linking key when each of the group signatures correspond to the group public key.
|