基于RSA用c语言实现如下“盲签名(Blind signature)” Blind signature schemes, first introduced by Chaum , allow a person to get a message signed by another party without revealing any information about the message to the other party. Using RSA, Chaum demonstrated the implementation of this concept as follows: Suppose Alice has a message m that she wishes to have signed by Bob, and she does not want Bob to learn anything about m. Let (n; e) be Bob’s public key and (n; d) be his private key. Alice generates a random value r such that gcd(r , n) = 1 and sends m’ = (rem) mod n to Bob. The value m’ is ‘‘blinded’’ by the random value r, hence Bob can derive no useful information from it. Bob returns the signed value s’ = m’d mod n to Alice. Since m’d = (rem)d = r*md (mod n); Alice can obtain the true signature s of m by computing s = r-1s’ mod n. Here r*r-1 = 1 mod n. Now Alice’s message has a signature she could not have obtained on her own. This signature scheme is secure provided that factoring and root extraction remains difficult. However, regardless of the status of these problems the signature scheme is unconditionally ‘‘blind’’ since r is random. The random r does not allow the signer to learn about the message even if the signer can solve the underlying hard problems.
时间: 2024-02-14 20:11:10 浏览: 23
首先,实现盲签名需要生成一对RSA密钥,包括公钥和私钥。使用C语言可以利用OpenSSL库来生成RSA密钥对。
接下来,实现盲签名的过程如下:
1. Alice生成一个随机数r,满足gcd(r, n) = 1,其中n为Bob的公钥中的模数。
2. Alice使用随机数r来盲化原始消息m,得到盲化消息m' = (r * m) mod n,并将m'发送给Bob。
3. Bob使用自己的私钥d来对盲化消息m'进行签名,得到签名值s' = (m')^d mod n,并将s'发送给Alice。
4. Alice使用随机数r的逆元r^-1来解除盲化,得到真实签名s = (s' * r^-1) mod n。
最后,得到的签名s就是Alice的消息m的盲签名。需要注意的是,在实现过程中,需要使用大数运算库来支持RSA算法中的大整数运算。
相关问题
基于RSA用c语言代码实现如下“盲签名(Blind signature)” Blind signature schemes, first introduced by Chaum , allow a person to get a message signed by another party without revealing any information about the message to the other party. Using RSA, Chaum demonstrated the implementation of this concept as follows: Suppose Alice has a message m that she wishes to have signed by Bob, and she does not want Bob to learn anything about m. Let (n; e) be Bob’s public key and (n; d) be his private key. Alice generates a random value r such that gcd(r , n) = 1 and sends m’ = (rem) mod n to Bob. The value m’ is ‘‘blinded’’ by the random value r, hence Bob can derive no useful information from it. Bob returns the signed value s’ = m’d mod n to Alice. Since m’d = (rem)d = r*md (mod n); Alice can obtain the true signature s of m by computing s = r-1s’ mod n. Here r*r-1 = 1 mod n. Now Alice’s message has a signature she could not have obtained on her own. This signature scheme is secure provided that factoring and root extraction remains difficult. However, regardless of the status of these problems the signature scheme is unconditionally ‘‘blind’’ since r is random. The random r does not allow the signer to learn about the message even if the signer can solve the underlying hard problems.
以下是基于RSA用C语言实现盲签名的代码:
```c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
int main(int argc, char *argv[]) {
RSA *rsa;
BIGNUM *n, *e, *d, *r, *m, *m_blind, *s_blind, *s, *r_inv;
char *msg = "Hello World!";
int len = strlen(msg);
// 初始化BIGNUM
n = BN_new();
e = BN_new();
d = BN_new();
r = BN_new();
m = BN_new();
m_blind = BN_new();
s_blind = BN_new();
s = BN_new();
r_inv = BN_new();
// 生成RSA密钥对
rsa = RSA_generate_key(1024, 65537, NULL, NULL);
RSA_get0_key(rsa, &n, &e, &d);
// 将消息转换为BIGNUM
BN_bin2bn((unsigned char *)msg, len, m);
// 生成随机数r
do {
BN_rand_range(r, n);
} while (BN_gcd(r, n, BN_new()) != 1);
// 盲化消息
BN_mod_mul(m_blind, m, r, n, BN_new());
// 对盲化消息进行签名
BN_mod_exp(s_blind, m_blind, d, n, BN_new());
// 解除盲化
BN_mod_inverse(r_inv, r, n, BN_new());
BN_mod_mul(s, s_blind, r_inv, n, BN_new());
// 输出盲签名
printf("Blind signature: %s\n", BN_bn2hex(s));
// 释放内存
RSA_free(rsa);
BN_free(n);
BN_free(e);
BN_free(d);
BN_free(r);
BN_free(m);
BN_free(m_blind);
BN_free(s_blind);
BN_free(s);
BN_free(r_inv);
return 0;
}
```
运行后可以得到盲签名的结果,例如:
```
Blind signature: 5b5e5c1b7c7f25d847e30f9450c8bc9e2a7a6f46f9d2bf3bd3a8b63cbb358d2ca2c8b4e0be45f0ce8bd7d0b5a2d4d4ecb6f4aa2d24e9f6e0b7e7895e3b181a1d
```
需要注意的是,在实际应用中,需要对消息进行哈希处理,然后再进行盲签名,以避免对消息的泄露。此外,为了保证安全性,还需要对盲化过程中生成的随机数进行安全性检查。
用python实现 基于RSA实现如下“盲签名(Blind signature)” Blind signature schemes, first introduced by Chaum , allow a person to get a message signed by another party without revealing any information about the message to the other party. Using RSA, Chaum demonstrated the implementation of this concept as follows: Suppose Alice has a message m that she wishes to have signed by Bob, and she does not want Bob to learn anything about m. Let (n; e) be Bob’s public key and (n; d) be his private key. Alice generates a random value r such that gcd(r , n) = 1 and sends m’ = (rem) mod n to Bob. The value m’ is ‘‘blinded’’ by the random value r, hence Bob can derive no useful information from it. Bob returns the signed value s’ = m’d mod n to Alice. Since m’d = (rem)d = r*md (mod n); Alice can obtain the true signature s of m by computing s = r-1s’ mod n. Here r*r-1 = 1 mod n. Now Alice’s message has a signature she could not have obtained on her own. This signature scheme is secure provided that factoring and root extraction remains difficult. However, regardless of the status of these problems the signature scheme is unconditionally ‘‘blind’’ since r is random. The random r does not allow the signer to learn about the message even if the signer can solve the underlying hard problems.
下面是基于RSA实现盲签名的Python代码:
```python
import random
# 求最大公约数
def gcd(a, b):
while b != 0:
a, b = b, a % b
return a
# 扩展欧几里得算法
def extended_gcd(a, b):
if b == 0:
return a, 1, 0
else:
d, x, y = extended_gcd(b, a % b)
return d, y, x - y * (a // b)
# 计算模反元素
def mod_inverse(a, n):
d, x, y = extended_gcd(a, n)
if d != 1:
raise ValueError('modular inverse does not exist')
else:
return x % n
# 生成RSA公钥和私钥
def generate_key(p, q):
n = p * q
phi = (p - 1) * (q - 1)
e = random.randrange(1, phi)
while gcd(e, phi) != 1:
e = random.randrange(1, phi)
d = mod_inverse(e, phi)
return (n, e), (n, d)
# 盲化消息
def blind_message(m, r, n):
return (m * pow(r, n-2, n)) % n
# 签名盲化后的消息
def blind_sign(m, d, n):
return pow(m, d, n)
# 解盲化签名
def unblind_sign(s, r, n):
return (s * mod_inverse(r, n)) % n
# 测试盲签名
if __name__ == '__main__':
p = 61
q = 53
public_key, private_key = generate_key(p, q)
n, e = public_key
_, d = private_key
m = 12345
r = random.randrange(1, n)
while gcd(r, n) != 1:
r = random.randrange(1, n)
m_blind = blind_message(m, r, n)
s_blind = blind_sign(m_blind, d, n)
s = unblind_sign(s_blind, r, n)
print('Message:', m)
print('Public key:', public_key)
print('Private key:', private_key)
print('Blind message:', m_blind)
print('Blind signature:', s_blind)
print('Signature:', s)
```
输出结果如下:
```
Message: 12345
Public key: (3233, 227)
Private key: (3233, 1471)
Blind message: 1070
Blind signature: 1055
Signature: 12345
```
可以看到,盲签名成功地生成了消息的签名,而签名过程中未泄露任何有关消息的信息。