GB/T 34953.2-2018 English PDF (GBT34953.2-2018)
GB/T 34953.2-2018 English PDF (GBT34953.2-2018)
GB/T 34953.2-2018: Information technology -- Security techniques -- Anonymous entity authentication -- Part 2: Mechanisms based on signatures using a group public key
Information technology - Security techniques - Anonymous entity authentication - Part 2. Mechanisms based on signatures using a group public key ICS 35.040
National Standards of People's Republic of China
Information technology security technology anonymous entity authentication Part 2. Mechanism based on group public key signature
(ISO /IEC .20009-2.2013, IDT)
State market supervision and administration
China National Standardization Administration issued
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 symbols and abbreviations 3
5 models and requirements 4
6 key generation process 4
7 Anonymous authentication mechanism without online trusted third party participation 5 7.1 Overview 5
7.2 One-way anonymous authentication 6
7.3 Two-way anonymous authentication 7
7.4 One-way anonymous two-way authentication 10
7.5 Two-way anonymous authentication with binding characteristics 12
7.6 One-way anonymous two-way authentication with binding characteristics 17 8 Anonymous authentication mechanism with online trusted third party participation 22 8.1 Overview 22
8.2 One-way anonymous authentication 22
8.3 Two-way anonymous authentication 25
8.4 One-way anonymous two-way authentication 28
9 group member open process 35
9.1 General 35
9.2 Evidence Evaluation Process 36
10 Group Signature Connection Process 36
10.1 General 36
10.2 Connection Process with Open Party 36
10.3 Connection Process with Connection Keys 37
10.4 Connection process with connection library 37
Appendix A (Normative) Object identifier 38
Appendix B (informative) Information on mechanisms with binding properties 39 Reference 40
GB/T 34953 "Information Technology Security Technology Anonymous Entity Authentication" has been released or plans to release the following sections. --- Part 1. General;
--- Part 2. Mechanism based on group public key signature;
--- Part 3. Mechanism based on blind signature;
--- Part 4. Mechanism based on weak secrets.
This part is the second part of GB/T 34953.
This part is drafted in accordance with the rules given in GB/T 1.1-2009. This part uses the translation method equivalent to ISO /IEC .20009-2.2013 "Information Technology Security Technology Anonymous Entity Identification Part 2 Part. Mechanism based on group public key signature.
The documents of our country that have a consistent correspondence with the international documents referenced in this part are as follows. --- GB/T 34953.1-2017 Information technology security technology - Anonymous entity identification - Part 1. General (ISO /IEC 20009-1.2013, IDT).
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This section drafted by. Xi'an Xidian Jietong Wireless Network Communications Co., Ltd., National Engineering Laboratory for Wireless Network Security Technology, WAPI Industry Alliance (Zhongguancun Wireless Network Security Industry Alliance), National Cryptographic Authority Commercial Password Testing Center, Chongqing University of Posts and Telecommunications, National Radio Monitoring Center Testing Center, China Electronics Technology Standardization Research Institute, Tianjin Radio Monitoring Station, China General Technology Research Institute, Peking University Shenzhen Graduate School, Institute of Software, Chinese Academy of Sciences, National Computer Network Emergency Technology Processing Coordination Center, China Network Space Research Institute, National Information Technology Security Research Center, National Information Security Engineering Technology Research Center, Information Security of the People's Liberation Army Evaluation and Certification Center, the Third Institute of the Ministry of Public Security, Beijing Institute of Computer Technology and Applications, Fujian Radio Monitoring Station, Beijing Digital Certification Co., Ltd., China Telecom Corporation Shanghai Research Institute, Ministry of Industry and Information Technology Broadband Wireless IP Standards Working Group. The main drafters of this section. Du Zhiqiang, Cao Jun, Huang Zhenhai, Li Dawei, Song Qizhu, Li Qin, Long Zhaohua, Feng Dengguo, Shu Min, Chen Xiaohua, Li Jingchun, Ge Peiqin, Guo Xiaolei, Gao Bo, Zhu Yuesheng, Li Guangsen, Gu Jian, Li Nan, Yu Guangming, Zhang Wei, Tie Manxia, Zhang Lingling, Xu Yuna, Hu Yanan, Yan Xiang, Zhang Guoqiang, Tong Weigang, Li Ming, Wan Hongtao, Wang Yuehui, Zheng Yi, Peng Yu, Zhu Zhengmei, Chen Zhiyu, Hou Pengliang, Xu Fuming. introduction
This part of GB/T 34593 defines an anonymous entity authentication mechanism based on group public key signature, which is divided into online trusted third party parameters. There are two types of authentication mechanisms and authentication mechanisms that do not involve online trusted third parties. The issuing body of this document draws attention to the fact that, when the statement conforms to this document, it may involve Chapter 8 and ZL201010546339.3, ZL201010546320.9, CN201210063055.8, CN201210063632.3, CN201210063650.1, ZL200910024191.4, Use of related patents such as ZL200910023774.5 and ZL200910023735.5.
The issuing organization of this document has no position on the authenticity, validity and scope of the patent. The holder of the patent has assured the issuing authority of this document that he is willing to work with any applicant on reasonable and non-discriminatory terms and conditions. Licensing for negotiation. The patent holder's statement has been filed with the issuing authority of this document. Information can be obtained by contacting. Patent holder name. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd. Address. A201, Qinfeng Pavilion, Xi'an Software Park, No. 68, Science and Technology Second Road, High-tech Zone, Xi'an Contact. Feng Yuchen
Postal code. 710075
The issuing organization of this document draws attention to the fact that this document is equivalent to ISO /IEC .20009-2.2013, therefore, in addition to the above statement, Korea The Institute of Electronics and Telecommunications, Intel Corporation for ISO /IEC .20009-2.2013, "patent holders are willing to be based on non-discrimination and reasonable The statement that the terms and conditions are negotiated with other parties is applicable to this document. Relevant information can be obtained by contacting. Patent holder name. Electronics andTelecommunicationsResearchInstitute
Address. 161, Gajeong-dong, Yuseong-gu, Daejeon, 305-700, KOREA
Patent Holder Name. Intel Corporation
Address. IntelLegaland CorporationAffairs2200 MissionColegeBlvd., RNB-150, SantaClara, CA95054
Please note that in addition to the above patents, certain aspects of this document may still involve patents. The issuing organization of this document does not undertake to identify these special Liability.
Information technology security technology anonymous entity authentication Part 2. Mechanism based on group public key signature
This part of GB/T 34953 defines an anonymous entity authentication mechanism based on group public key signature. The authenticator is based on the group signature mechanism. Verify the validity of the peer identity and do not need to obtain the identity information of the peer. This section specifies.
--- A general description of the anonymous entity authentication mechanism based on group public key signature; --- A variety of anonymous authentication mechanisms.
This section describes.
---Group member publishing process;
---Anonymous entity authentication mechanism without online trusted third party participation; --- An anonymous entity authentication mechanism with online trusted third party participation. In addition, this section also specifies.
--- The process of group membership opening (optional);
--- The process of group member signature connection (optional).
2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. ISO /IEC .20008-1 Information technology security technology - Anonymous signature service - Part 1. General technology-Securitytechniques-Anonymousdigitalsignatures-Part 1.General) ISO /IEC .20008-2 Information technology security technology - Anonymous signature service - Part 2. Mechanisms using group public keys (Infor- mationtechnology-Securitytechniques-Anonymousdigitalsignatures-Part 2.Mechanismsusinga Grouppublickey)
ISO /IEC .20009-1 Information technology security technology - Anonymous entity authentication - Part 1. General technology-Securitytechniques-Anonymousentityauthentication-Part 1.General) 3 Terms and definitions
The following terms and definitions defined by ISO /IEC .20008-1 and ISO /IEC .20009-1 apply to this document. 3.1
Binding property binding-property
An attribute that provides binding guarantees between messages of a communicating entity. 3.2
Trusted entity that creates and issues public key certificates.
[ISO /IEC 11770-1.2010, Definition 2.3]
Temporary key pair ephemeralkeypair
An asymmetric key pair consisting of a temporary public key and a temporary private key. The temporary public key and the temporary private key are paired with one encryption side. Each execution of the case is unique.
Group public key certificate grouppublickeycertificate
The public key information of the group issued by the certificate authority. 3.5
Group public key certification authority grouppublickeycertificationauthority An entity that is trusted to create and assign a group public key certificate. 3.6
Group public key information grouppublickeyinformation
The information includes at least a group distinguishable identifier and a group public key, and can also include a group public key certificate authority, a group, and a key. Use static information such as restrictions, expiration dates, and related algorithms. 3.7
Key export function keyderivationfunction
The shared secret and other mutually known parameters are input as inputs, and a function of one or more shared secrets used as keys is output. [ISO /IEC 11770-3.2015, definition 3.22]
Local connectivity ability locallinkingcapability
The connection capability is as follows. two or more signatures originating from the same anonymous user are only passed by a specific group signature connector. A connection key connection is made, and other entities cannot connect to the above signature. 3.9
Message authentication code messageauthenticationcode;MAC
The bit string output by the message authentication code algorithm.
[ISO /IEC 9797-1.2011, definition 3.9]
Message authentication code (MAC) algorithm messageauthenticationcode(MAC) algorithm An algorithm for computing a function that maps a bit string and a secret key into fixed-length bit strings and satisfies the following two properties. --- For any key and any input string, this function can be effectively calculated; --- For any fixed key, in the unknown case, even if the input string and the corresponding function value set are known (the ith The value of the input string can be selected after observing the value of the i-1 function value before the observation), and the function value of any new input string is calculated. It is not feasible to count.
[ISO /IEC 9797-1.2011, definition 3.10]
Public key certificate publickeycertificate
The public key information of the entity issued by the certificate authority. [ISO /IEC 11770-1.2010, definition 2.37]
Public key information publickeyinformation
The information contains at least an entity distinguishable identifier and a public key, and can also contain information about the certification authority, entity, key usage restrictions, Validity and other static information such as related algorithms.
[ISO /IEC 11770-1.2010, definition 2.38]
4 symbols and abbreviations
The following symbols and abbreviations apply to this document.
A distinguishable identifier of entity A
B. Distinguished identifier of entity B
CertA entity A's public key certificate
CertB entity B's public key certificate
Group public key certificate for CertG group G
G, G' distinguishable identifier of group G or G'
The G q-order cyclic group, in which the deterministic Diffie-Helman (DDH) problem is difficult to solve Generator of g G
gsSXG(m) Entity X An anonymous signature generated using the group public key, which is the entity X that applies one of the provisions of this section. Group signature mechanism, signature of the signature message m using the group member signature key SXG The identity of the IG group G can be represented by G or CertG
IX The identity of group X, which can be represented by X or CertX
Kdf key export function
MAC message authentication code
m to be signed message
macK(M) MAC algorithm using key K and an arbitrary data string M
NX serial number issued by entity X
Public key of PA entity A
Public key of PB entity B
Group public key of PG group G
q prime number
ResA verifies the result of entity A's public or public key certificate ResB verifies the result of entity B's public or public key certificate ResG verifies the result of group public key or group public key certificate for group G Random number generated by RX entity X
SXG Group member signature key associated with entity X, entity X is a member of group G sSX(m) The digital signature generated by entity X with its signed private key on message m Distinguishing identifier for TP TTP
TTP trusted third party
Timestamp issued by TX entity X
Integer set between Zq [0,q-1]
‖ Y‖Z is used to represent the result of concatenating data items Y and Z in the specified order. When two or more data items When the tandem result is input as a mechanism specified in this section, the result should be uniquely decomposed into A combination of data items at the time of its construction, so that it does not lead to the possibility of ambiguous explanations. Rear This attribute of the face exists in many different ways depending on the specific application. For example, it can take the following Two ways.
a) fix the length of each data item throughout the use of the mechanism; b) Sequence coding methods using concatenated data items that ensure decoding uniqueness, such as ISO /IEC 8825-1 The distinctive encoding rules used in .
5 Models and requirements
This chapter describes the models and requirements involved in the anonymous authentication mechanism. An entity authentication mechanism based on group public key signatures typically consists of a series of group members. Each group must have a group Member release party. If it is necessary to expose its claim by opening a group signature generated in the authentication protocol, a group should have The open side of a group. If a group needs to connect two group signatures generated by the same claimant for authentication purposes, Can have a connection party. The anonymity of this mechanism depends on the number of group members in this group, an anonymous entity authentication mechanism. It is defined as the following specification process.
---Key generation process;
--- The identification process of anonymous entities;
---Open the process (if the mechanism supports opening);
---Connection process (if the mechanism supports connections).
As defined below, various entities are used in this section, some of which are involved in all mechanisms, while others These entities are only covered in some mechanisms. In this section, if a mechanism supports opening or connecting, the related operations used by it are The group signature scheme followed by the program can be found in ISO /IEC .20008-2. ---Claimant. An entity whose identity is not revealed when it is authenticated. In this section, a claiming party The group signature scheme specified in ISO /IEC .20008-2 acts as a signatory; Note. In some mechanisms, the role of the claiming party is broken down between multiple entities. For example, the Direct Anonymous Verification (DAA) mechanism involves a finite calculation And the main claimants of storage capabilities, such as a Trusted Platform Module (TPM), and a higher computing power but lower security fault tolerance Help the claim party, such as a common computer platform (that is, a host with a built-in TPM). ---Verifier. An entity that verifies the correctness of the claimant's identity, and it does not know the true identity of the claimant; --- Issuer (Issuer). An entity that distributes group member credentials to a claimant, which exists in ISO /IEC .20008-2 regulations. In all mechanisms;
---Opener. An entity that can determine the identity of the claimant using the group signature generated during the authentication process. Entities exist in some of the mechanisms specified in ISO /IEC .20008-2. In some mechanisms, group membership publishers, group components The open party is the same entity;
---Linker. An entity that can determine whether two group signatures for authentication originate from the same claimant. This entity exists in some of the mechanisms specified in ISO /IEC .20008-2. In some mechanisms, this connection is also a verifier. In a mechanism for anonymous entity authentication, the number of these connected parties is not fixed. Every entity that participates in the anonymous entity authentication mechanism is required to know a common group parameter. This parameter is used in the mechanism. Calculation of multiple functions.
The 24 verification mechanisms specified in this part of GB/T 34953 have the following intended uses. If online TTP is not necessary or not The mechanisms of Chapter 7 should be used if available. Among the 16 mechanisms in Chapter 7, the first to eighth mechanisms have no binding properties, and the 9th to the The 16 mechanisms have binding properties. If you need to use the online TTP participation mechanism, you should use the mechanism in Chapter 8. Chapter 7 And the mechanisms specified in Chapter 8 provide one-way anonymous authentication, two-way anonymous authentication, and one-way anonymous two-way authentication, and are provided according to different steps. A variety of options. The object identifiers of the mechanisms specified in this section are given in Appendix A. The undo process is used to revoke the user and check if the user has been revoked. The details of this process depend on the right to generate anonymous authentication. Anonymous digital signature scheme for Token. ISO /IEC .20008-1 specifies the general model of the revocation process, ISO /IEC .20008-2 The operation of a personal anonymous signature scheme using a group public key is defined. 6 key generation process
The key generation process includes generating a group member distr...