基于属性的加密或基于ID的加密 [英] Attribute based encryption or ID based encryption

问题描述

你好，



这是我的第一篇帖子，任何错误请原谅我......



i想要实现短群签名算法..



i ll简要解释一下..

假设我有一个10人小组。 ..然后我生成10个不同的密钥（任意密钥）并传输给他们......



他们会加密一些数据并将它们发回给我..



我，如果没有使用它们的所有私钥，我应该能够识别加密它的人...



意思是，一次性我应该识别用户...



请尽快回复..

any欢迎使用想法或算法或C＃代码..



提前致谢..

hello,

this is my first post, any mistake please forgive me...

i want implement the short group signature algorithm..

i ll briefly explain about it..
suppose i have a group with 10 people... and i generate 10 different keys (any key) and transmit to them...

they will encrypt some data and send them back to me..

me, without using all the private key of them, i should be able to identify the the person who encrypted it...

meaning is, with one shot i should identify the user...

Please respond asap..
any idea or algorithm or C# code are welcome..

Thanks in advance..

推荐答案

1）加密和签名都是相同PKI方法的应用程序，但它们有不同的算法。

- 签名时，发件人正在加密ha使用他的私钥来处理文档，然后您将使用他的公钥来验证签名

- 加密时，发件人正在使用您的公钥，您将使用您的私钥进行解密。

我不清楚你真正想要什么，因为你写了一些奇怪的混合物......



所以你会永远不需要其他人的私钥，这会损害整个想法。或者你不是在谈论PKI ..​​.



2）你可以用PKI做什么：

a）发件人生成文件（ D）和身份证（IC），这个可以是一个XML，其中包含有关发件人和可能与文档有关的信息。

b）发件人用他的私钥加密文件：ED = E（D，Prk）

c）发件人用你的公钥密钥签署加密文件和卡片SED = S（ED + IC，Puk）

d）将全部内容发送给您。你有他们的公钥和你的私钥。

e）你读了未加密的身份证，你看到了发件人。由于您拥有所有公钥，因此您只需选择卡上的公钥即可，只需验证一次签名即可。如果没问题，您可以用私钥解密加密文档，就是这样。如果签名验证失败，则消息已被泄露。

1) encryption and signature are both applications of the same PKI approach, but they have different algorithms.
- when signing, the sender is encrypting the hash of the document with his private key, and you will use the his public key to verify signature
- when encrypting, the sender is using your public key, and you will use your private key to decrypt.
It is not clear to me what you really want, since you wrote about a strange mixture of these...

So you will never need the private key of other people, this would compromise the whole idea. Or you are not talking about PKI...

2) What you can do with PKI:
a) The sender generates the document (D) and an identity card (IC), this one could be an XML that contains information about the sender and probably about the document.
b) The sender encrypts the document with hes private key: ED = E(D, Prk)
c) The sender signs the encrypted document and the card with your public key key SED = S(ED + IC, Puk)
d) Sends the whole thing to you. You have their public keys and your private key.
e) You read the unencrypted identity card, and you see the sender. Since you have all public key, you simply choose that of the one on the card, and you verify the signature just once. If it is ok, you decrypt the encrypted document with your private key, and that's it. If the signature verification fails, than the message had been compromised.

我希望您完全理解公钥加密如何工作，尤其是加密：< a href =http://en.wikipedia.org/wiki/Public-key_cryptography> http://en.wikipedia.org/wiki/Public-key_cryptography [ ^ ]。



万一你完全理解它，抱歉多余的信息。但如果你这样做，其他一切都是纯粹的逻辑。没有什么是你自己无法推断的。因此，如果您需要一个组来向您发送加密信息，您可以创建一对密钥。您只发送公钥，每个公钥一个。如果我理解你的话，你会发送10个单独的密钥，每个密钥对应一个密钥，因此你可以生成10个密钥对。发送公钥及其消息非常重要：使用此密钥加密您的数据并将您的加密数据发回给我。这个初始消息是非加密的很重要。因此，任何获取此信息的人都可以对其进行加密，但除了您之外，没有人可以对其进行解密，因为只有您拥有私钥。



再次，我希望你知道这一切。



但是现在，你也不知道加密邮件发件人的身份。通常情况并非如此。如果您说电子邮件（例如），则可以通过电子邮件地址识别发件人。请注意，即使从这一点来看，这也不是很安全，因为电子邮件可以伪造，但让我们暂时忽略它，因为你可能有更糟糕的情况：由于某种原因，你不知道身份。



从一开始，您应该明白，不仅您无法获得所需的快捷方式，而且严格来说，您甚至无法解密消息，因为您不能甚至不使用哪个键。你只能尝试所有10个私钥，但即使在成功的情况下，你不能保证这是一个真正的解密（实际上，这是一个看起来很合理的解密消息是错误的，但我们正在讨论的原则：加密始终采用身份）。



如何解决问题？我可以建议一种方法：每个发件人都应该将您的身份与消息一起发送。怎么样？该消息应该分为两部分：在一部分中，发件人应该发回给你公钥的副本，另一部分是加密消息。如果当然，第一部分应该不加密。如果您这样做，安全性不会受到影响，因为您已经公开发送了公钥;并且公钥不允许解密任何东西。但现在您有完整的信息，因为您可以存储公钥和相应的私钥（例如，使用 System.Collections.Generic.Dictionary<，> ）。



看起来问题已经解决，但只有部分加密才能解决。还有另一个问题：没有人可以解密这些消息，但是任何人（在某些条件下，在您的情况下可能会或可能不会满足），模仿您的一个同伴并向您发送虚假消息。这对你来说是一个问题吗？在许多情况下，这是问题，解决方案基于数字签名。使用数字签名的方案比加密复杂得多，但从技术上讲，这只是密钥角色的反转。如果您需要，您可以了解它。

-SA

I hope you full understand how public-key cryptography works, in particular, for encryption: http://en.wikipedia.org/wiki/Public-key_cryptography[^].

In case you perfectly understand it, sorry for redundant information. But if you do, everything else is pure logic. There is nothing you could no infer by yourself. So, if you need a group to send you encrypted information, you create a pair of keys. You send only the public keys, one to each. If I understand you right, you send, say, 10 individual keys, one to each, so you generate 10 key pairs. It's important that you send the public key and them message: use this key to encrypt your data and send me back your encrypted data. It's important that this initial message is non-encrypted. So, anyone who gets this information, can encrypt it, but no one can decrypt it, except you, because only you have the private key.

Again, I hope you knew it all.

But now, you also don't know the identity of the sender of the encrypted message. Normally, this is not the case. If you say e-mail (for example), you can identify the sender by e-mail address. Note, that even from this point, this is not quite safe, because e-mail can be forged, but let's ignore it for a while, because you probably have much worse situation: by some reason, you don't know identity.

From the very beginning, you should understand that not only you cannot get the shortcut you want, but, strictly speaking, you cannot even decrypt a message, because you don't even use which of the keys to use. You can only try all 10 private keys to each, but even in case of success, you cannot guarantee this is a true decrypting (in practice, this is extremely unlikely that some reasonably looking decrypted message is wrong, but we are talking about the principles: encryption always assumes identity).

How to resolve the problem? I can suggest just one method: each sender should send your the identity along with the message. How? The message should be in two part: in one part, the sender should send you back a copy of the public key, another part is encrypted message. If course, the first part should be not encrypted. If you do that, the security is not compromised, because you already sent the public keys publicly; and having the public keys does not allow for decryption of anything. But now you have full information, because you can store both public and corresponding private key (use, for example, System.Collections.Generic.Dictionary<,>).

It looks like the problem is solved, but it is solved only in part of encryption. There is another problem: no one can decrypt the messages, but anyone (under certain condition which may or may not be met in your case), impersonate one of your companions and send you a fake message. Is it an issue for your? In many cases, this is the issue, and the solution is based on digital signature. The scenario of using the digital signatures is considerably more complex than encryption, but, technically, this is just the inversion of the roles of the keys. If you need, you can learn about it.

—SA

你可以去KP-ABE或CP-ABE算法。

对于bileaner配对，你可以使用JPBC公共图书馆。

You can go for the KP-ABE or CP-ABE algorithm.
For bileaner pairing u can user JPBC public library.

这篇关于基于属性的加密或基于ID的加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！