CN109787758B - Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal - Google Patents
Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal Download PDFInfo
- Publication number
- CN109787758B CN109787758B CN201910049038.0A CN201910049038A CN109787758B CN 109787758 B CN109787758 B CN 109787758B CN 201910049038 A CN201910049038 A CN 201910049038A CN 109787758 B CN109787758 B CN 109787758B
- Authority
- CN
- China
- Prior art keywords
- key
- public key
- party
- encryption
- static
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a quantum computation resistant MQV key agreement method based on a private key pool and Elgamal, wherein a participant is configured with a key fob, and the quantum computation resistant MQV key agreement method comprises the following steps: generating a corresponding temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode; the receiver generates a shared key by using the own private key and the opposite public key, decrypts the ciphertext by using the shared key to obtain the temporary public key of the opposite party, obtains the static public key of the opposite party by using the static public key pointer address, and generates a negotiation key by using the temporary public key and the static public key of the opposite party, the own private key, the temporary public key, the static private key and the algorithm parameter.
Description
Technical Field
The invention relates to a public key cryptosystem and a private key pool technology, in particular to a key exchange technology between two communication parties in a group.
Background
The rapidly developing Internet brings great convenience to the life and work of people, and people can sit at home to receive and send e-mails, make calls, perform online shopping, bank transfer and other activities through the Internet. Meanwhile, network information security is becoming a potential huge problem. Generally, network information faces the following security risks: network information is stolen, information is tampered, an attacker impersonates information, malicious damage and the like.
The key technology for ensuring the network information security is the cryptographic technology, and in the field of cryptography nowadays, two cryptographic systems are mainly used, one is a symmetric key cryptographic system, namely, an encryption key and a decryption key use the same key. The other is a public key cryptosystem, i.e. the encryption key and the decryption key are different, one of which may be public.
The security of a symmetric key cryptosystem depends on the following two factors. First, the encryption algorithm must be strong enough that it is practically impossible to decrypt information based solely on the ciphertext itself; second, the security of the encryption method comes from the secrecy of the key, not the secrecy of the algorithm. The biggest problem of symmetric encryption systems is that the distribution and management of keys is very complicated and costly. Another disadvantage of symmetric encryption algorithms is that digital signatures are not easily implemented. Therefore, the implementation of encryption algorithms in today's mobile e-commerce domain relies primarily on the public key system.
Public key encryption systems employ different encryption keys (public keys) and decryption keys (private keys). Since the encryption key is public, the distribution and management of the key is simple, and the public key encryption system can easily implement digital signature.
Since the advent of public key cryptography, scholars have proposed a number of public key cryptography methods, the security of which is based on complex mathematical challenges. Classified according to the mathematical problem on which they are based, there are three types of systems currently considered safe and effective: large integer factorization systems (typically RSA), discrete logarithm systems (typically DSA), and elliptic discrete logarithm systems (ECC).
However, with the development of quantum computers, the classical asymmetric key encryption algorithm is no longer secure, and no matter the encryption and decryption method or the key exchange method, the quantum computer can obtain a private key through public key calculation, so that the currently used asymmetric key becomes insaniable in the quantum era.
Disclosure of Invention
The invention provides a quantum computation resistant MQV key agreement method and system based on a private key pool and Elgamal with higher security.
The invention relates to a quantum computation resistant MQV key negotiation method based on a private key pool and Elgamal.A participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool is stored with encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to that of the key fob, each encryption public key pool is stored with an encryption public key corresponding to the encryption private key, and the static public key pool is stored with a static public key corresponding to the static private key;
when the quantum computation resistant MQV key negotiation method is implemented, the method comprises the following steps:
generating a corresponding temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
the cipher text, the true random number and the static public key pointer address from the other party are received, the true random number is used for obtaining an encrypted public key of the other party and an encrypted private key of the own party, the encrypted private key of the own party and the encrypted public key of the other party are used for generating a shared key, the shared key is used for decrypting the cipher text to obtain a temporary public key of the other party, the static public key of the other party is obtained by using the static public key pointer address, and the temporary public key, the static public key of the other party, the temporary private key of the own party, the static public key and an algorithm parameter are used for generating a negotiation key.
Optionally, the participants include an initiator and a responder, and the initiator includes:
generating a first true random number, and generating a first temporary public key and a first temporary private key by using the first true random number;
generating a second true random number, and obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the second true random number;
calculating a first encryption private key of the own party and a first encryption public key of the opposite party to obtain a first shared key, and encrypting the first temporary public key by using the first shared key to obtain a first ciphertext;
and sending the first ciphertext, the second true random number, the own static public key pointer address and the own encryption public key pool number to a responder in a ciphertext mode.
Optionally, the responder includes:
obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the received second true random number;
calculating a first encrypted private key of the own party and a first encrypted public key of the opposite party to obtain a first shared secret key, and decrypting the first ciphertext by using the first shared secret key to obtain a first temporary public key of the opposite party;
obtaining a first static public key of the other party from the key fob by using the received static public key pointer address;
generating a third true random number, and generating a second temporary public key and a second temporary private key by using the third true random number;
obtaining a second static private key of the own party from the key fob, and correspondingly calculating a negotiation key;
generating a fourth true random number, and obtaining a second encryption private key of the own party and a second encryption public key of the other party from the key fob by using the fourth true random number;
calculating a second encryption private key of the own party and a second encryption public key of the opposite party to obtain a second shared secret key, and encrypting the second temporary public key by using the second shared secret key to obtain a second ciphertext;
and sending the second ciphertext, the fourth true random number and the static public key pointer address of the own party to the initiator in a ciphertext form.
Optionally, at the responder, the way of calculating the negotiation key is as follows:
h is the algorithm parameter in the key fob;
kb is a second temporary private key of the responder;
kb is a second temporary public key of the responder;
b is a second static private key of the responder;
ka' is a first temporary public key of the initiator;
a is the first static public key of the initiator.
Optionally, the method further includes, at the initiator:
obtaining a second encryption private key of the own party and a second encryption public key of the opposite party from the key fob by using the received fourth true random number;
the second encryption private key of the own party and the second encryption public key of the opposite party are operated to obtain a second shared secret key, and the second shared secret key is used for decrypting the second ciphertext to obtain a second temporary public key of the opposite party;
obtaining a second static public key of the other party from the key fob by using the received static public key pointer address;
and obtaining the first static private key of the own party from the key fob, and correspondingly calculating the negotiation key.
Optionally, at the initiator, the way of calculating the negotiation key is as follows:
h is the algorithm parameter in the key fob;
ka is a first temporary private key of the initiator;
ka is a first temporary public key of the initiator;
a is a first static private key of an initiator;
kb' is a second temporary public key of the responder;
b is the second static public key of the responder.
The invention also provides an MQV key negotiation system based on quantum computation resistance based on a private key pool and Elgamal, wherein a key fob is configured at a participant, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to the number of the key fob, encryption public keys corresponding to the encryption private keys are stored in each encryption public key pool, and the static public keys corresponding to the static private keys are stored in the static public key pool;
the quantum computation resistant MQV key agreement system comprises:
the first module is used for generating a corresponding temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
the second module is used for receiving the ciphertext, the true random number and the static public key pointer address from the other party, obtaining an encrypted public key of the other party and an encrypted private key of the own party by using the true random number, generating a shared key by using the encrypted private key of the own party and the encrypted public key of the other party, decrypting the ciphertext by using the shared key to obtain a temporary public key of the other party, obtaining the static public key of the other party by using the static public key pointer address, and generating a negotiation key by using the temporary public key of the other party, the static public key, the temporary private key of the own party, the static private key and the algorithm parameter.
The invention also provides an MQV key negotiation system based on quantum computation resistance based on a private key pool and Elgamal, wherein a key fob is configured at a participant, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to the number of the key fob, encryption public keys corresponding to the encryption private keys are stored in each encryption public key pool, and the static public keys corresponding to the static private keys are stored in the static public key pool;
the participator comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the quantum computation resistant MQV key agreement method based on the private key pool and Elgamal when executing the computer program.
In the present invention, the key fob used is a stand-alone hardware isolation device. Other related parameters such as a public key, a private key, a true random number and the like are generated in the server and distributed to the key fob, the corresponding key pool, the private key and the parameters are stored in a designated security region, the possibility of stealing the key by malicious software or malicious operation is greatly reduced, and the key pool, the private key and the parameters cannot be acquired and cracked by the quantum computer. The public key transmitted in the network only has the temporary public key, and the temporary public key is transmitted in an encrypted manner, and the public and private keys used for encryption are selected from the asymmetric key pool and cannot be obtained from the outside, so that the probability of the public key being cracked is extremely low. Other data transmitted in the network are only parameters related to the key position, and the key cannot be obtained through independent calculation, so that the security of the key agreement method is much higher than that of a classical ECMQV key agreement method. The safety of the messages of the subsequent communication parties is also ensured.
Drawings
FIG. 1 is a schematic diagram of the distribution of key pools in the present invention;
FIG. 2 is a flowchart of key agreement of an embodiment;
fig. 3 is a schematic flow chart of calculating the private key and the public key.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
It should be understood that steps may be performed in other sequences unless explicitly stated otherwise. Moreover, at least a portion of the steps may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least a portion of the sub-steps or stages of other steps.
The invention realizes the scene that any two objects A and B in a group of an asymmetric password system. Each object in the group has a key card, can store keys with large data size, and also has the capability of processing information. Each key fob in the group has multiple key pools, respectively a pool of static public keys, a pool of encrypted private keys, and a pool of encrypted public keys, as well as static private keys and associated parameters. The number of the encryption public key pool group is the number of all members in the group, and the encryption public key pool group is a set of the encryption public key pools corresponding to all the members in the group. The distribution within a particular key fob is shown in fig. 1. In the invention, algorithms with corresponding requirements exist in local systems of the object A and the object B.
A key fob is described in the patent application serial No. 201610843210.6. When the mobile terminal is used, the key fob is preferably a key SD card; when a fixed terminal is used, the key fob is preferably a key USBKey or a host key fob.
The mechanism of issuance of key fobs differs from that of the patent application No. 201610843210.6. The key fob issuer of this patent is the owner of the key fob, typically the management of a group, such as the management of a business or institution; the key fob is issued as a member of the key fob's master management, typically a staff of all levels of a business or institution. The user first applies for an account opening to the key fob's supervisor. When the user side has approved registration, a key fob (having a unique key fob ID) will be obtained. The key fob stores customer registration information. The user-side keys in the key fobs are all downloaded from the same key management service station, and the pool of public key-key pools stored in each key fob it issues is completely consistent for the owner of the same group of key fobs. Preferably, the key pool size stored in the key fob can be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G, and so forth.
Key fobs have evolved from smart card technology as identity authentication and encryption/decryption products that incorporate true random number generators (preferably quantum random number generators), cryptography, and hardware security isolation techniques. The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob is protected by a hardware PIN code, the PIN code and hardware constituting two essential factors for the user to use the key fob. So-called "two-factor authentication", a user can log in to the system only by simultaneously acquiring a key fob and a user PIN code, which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known.
When the key card is recharging the key pool, the key management server will assign a group identity to the key card and give the ID in the group. When a server creates a group, the server defines a prime number p, and p satisfies p>3. And generating two non-negative integers smaller than p, a parameter α and a parameter β, for constructing an elliptic curve E: gamma ray2=χ3+ α χ + β. In addition, let the order of the elliptic curve be n, and let h be the cofactor, the origin point of the elliptic curve, i.e. the base point, be Q. The number of group members is set to N. The server generates N true random numbers as static private keys, calculates the corresponding public keys, and writes the public keys into the same file to form a static public key file, namely a static public key pool.The obtained public and private key is used as a static public and private key of the ECMQV algorithm. The server will reuse the generator G to generate a valid description of the q-order cyclic group G. The cyclic group needs to satisfy certain safety properties. And generating random numbers with large data volume in the range of {1, …, q-1} as the encryption private keys, and forming an encryption private key pool, wherein the number of the generated encryption private key pool is N. And corresponding encrypted public keys are obtained through calculation according to the encrypted private keys, and a corresponding encrypted public key pool is formed. The position of the encryption public key in each encryption public key pool is the same as that of the corresponding encryption private key in the corresponding encryption private key pool.
At key fob registration, the server stores a static public key file, a pool of unassigned encrypted private keys, and a pool of encrypted public keys together within the key fob. And simultaneously, randomly selecting one of the unallocated static private keys to be allocated to the key fob and storing a corresponding static public key pointer address in the key fob, wherein the static public key pointer address is used for searching a public key paired with the static private key. In addition, the key fob also stores the own encryption public key pool number and the related algorithm parameters such as the elliptic curve domain parameters { p, α, β, Q, n, h } and { G, Q, G }.
The objects of key negotiation of the system are respectively an object A and an object B. Object A is the master (initiator) of the key agreement, and object B is the partner (responder) of the key agreement. Setting a static public and private key pair corresponding to the object A as (A, a), a public key as A and a private key as a; setting a static public and private key pair corresponding to the object B as (B, B), a public key as B and a private key as B; let the encrypted public and private key pair corresponding to the encrypted asymmetric key pool of the object nail be (Ki, Ki), the public key be Ki, the private key be Ki, and the calculation mode of the public key Ki be Ki gkimod q; let the encrypted public and private key pair corresponding to the encrypted asymmetric key pool of the object B be (Kj, Kj), the public key be Kj, the private key be Kj, and the computing mode of the public key Kj be Kj ═ gkjmod q. In the invention, the encryption algorithm is an Elgamal encryption algorithm.
In one embodiment, a quantum computation resistant MQV key negotiation method based on a private key pool and Elgamal is provided, wherein a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key pool and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools, the number of which corresponds to the number of the key fob, each encryption public key pool stores an encryption public key corresponding to the encryption private key, and the static public key pool stores a static public key corresponding to the static private key;
when the quantum computation resistant MQV key negotiation method is implemented, the method comprises the following steps:
generating a corresponding temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
the cipher text, the true random number and the static public key pointer address from the other party are received, the true random number is used for obtaining an encrypted public key of the other party and an encrypted private key of the own party, the encrypted private key of the own party and the encrypted public key of the other party are used for generating a shared key, the shared key is used for decrypting the cipher text to obtain a temporary public key of the other party, the static public key of the other party is obtained by using the static public key pointer address, and the temporary public key, the static public key of the other party, the temporary private key of the own party, the static public key and an algorithm parameter are used for generating a negotiation key.
The participators comprise an initiator and a responder, and the specific process of negotiating the key mainly comprises three stages.
A first stage comprising, at the initiator:
generating a first true random number, and generating a first temporary public key and a first temporary private key by using the first true random number;
generating a second true random number, and obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the second true random number;
calculating the first encryption private key and a first encryption public key of the other party to obtain a first shared key, and encrypting the first temporary public key by using the first shared key to obtain a first ciphertext;
and sending the first ciphertext, the second true random number, the own static public key pointer address and the own encryption public key pool number to a responder in a ciphertext mode.
A second stage comprising, at the responder:
obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the received second true random number;
calculating the first encrypted private key and a first encrypted public key of the opposite side to obtain a first shared secret key, and decrypting the first ciphertext by using the first shared secret key to obtain a first temporary public key of the opposite side;
obtaining a first static public key of the other party from the key fob by using the received static public key pointer address;
generating a third true random number, and generating a second temporary public key and a second temporary private key by using the third true random number;
obtaining a second static private key of the own party from the key fob, correspondingly calculating a negotiation key, wherein the manner of calculating the negotiation key is as follows:
h is the algorithm parameter in the key fob;
kb is a second temporary private key of the responder;
kb is a second temporary public key of the responder;
b is a second static private key of the responder;
ka' is a first temporary public key of the initiator;
a is a first static public key of an initiator;
generating a fourth true random number, and obtaining a second encryption private key of the own party and a second encryption public key of the other party from the key fob by using the fourth true random number;
the second encryption private key and a second encryption public key of the other party are operated to obtain a second shared key, and the second temporary public key is encrypted by using the second shared key to obtain a second ciphertext;
and sending the second ciphertext, the fourth true random number and the static public key pointer address of the own party to the initiator in a ciphertext form.
A third stage, further comprising, at the initiator:
obtaining a second encryption private key of the own party and a second encryption public key of the opposite party from the key fob by using the received fourth true random number;
the second encryption private key and a second encryption public key of the opposite side are operated to obtain a second shared secret key, and the second shared secret key is used for decrypting the second ciphertext to obtain a second temporary public key of the opposite side;
obtaining a second static public key of the other party from the key fob by using the received static public key pointer address;
obtaining a first static private key of the own party from the key fob, correspondingly calculating a negotiation key, wherein the manner of calculating the negotiation key is as follows:
h is the algorithm parameter in the key fob;
ka is a first temporary private key of the initiator;
ka is a first temporary public key of the initiator;
a is a first static private key of an initiator;
kb' is a second temporary public key of the responder;
b is the second static public key of the responder.
Another embodiment is provided below with reference to fig. 2 to fig. 3, and the quantum computation resistant MQV key agreement method based on a private key pool and Elgamal includes:
step 1: the object A generates a temporary public and private key and sends related parameters to the object B
1.1 object A generates temporary private key: the object A randomly generates a true random number Ka (first true random number) as a temporary private key Ka (first temporary private key) of the key agreement, and calculates to obtain a temporary public key Ka (Ka) Q (first temporary public key), wherein Q is one of the parameters of the elliptic curve domain.
1.2 the object A takes the encrypted private key and the party B encrypted public key: object a generates a true random number r1 (the second true random number). The subject nail splits the random number r1 into ri1 and rj1 by a specified algorithm. The subject nail obtains ri1 through the key pointer algorithm fkp as the encrypted private key pointer address kpi 1. The object nail takes the corresponding encryption private key ki1 (the first encryption private key of the first party) from the pool of encryption private keys of the local system according to the encryption private key pointer address kpi 1.
Meanwhile, the object A calculates rj1 through an asymmetric key pointer function fkp to obtain an encrypted public key pointer address kpj1 of the object B. The object A takes the encryption public key Kj1 (the first encryption public key of the second party) from the encryption public key pool group in the local system according to the encryption public key pointer address kpj1 and the encryption public key pool number Pj of the object B. The encrypted public key pool number Pj of object b is obtained by accessing the server or directly requesting object b.
1.3 object A encrypts temporary public key: the object A generates a shared key s1 Kj1 ki1 (the first shared key). The object nail encrypts the temporary public key Ka to obtain a first ciphertext c1 ═ { Ka }. s 1.
1.4 object A sends a Key Agreement message to object B: the object A encrypts and sends the temporary public key ciphertext c1, the random number r1, the static public key pointer address ra of the object A and the encryption public key pool number Pi of the object A to the object B.
Step 2: object B decrypts the analysis message, calculates to obtain a negotiation key and sends related parameters to object A
2.1 object B receives message and deciphers: and the object B receives the message from the object A, and decrypts the message to obtain the static public key pointer address ra 'of the object A, the encryption public key pool number Pi' of the object A, the random number r1 'and the temporary public key ciphertext c 1'.
2.2 object B gets the encryption private key and party A encryption public key: object b splits the random number r1 ' into ri1 ' and rj1 ' by the specified algorithm. Object b gets the encrypted private key pointer address kpj1 'from rj 1' through the key pointer algorithm fkp. Object b fetches the corresponding encryption private key kj1 (the first encryption private key of party b) from the pool of encryption private keys of the local system according to the encryption private key pointer address kpj 1'.
Meanwhile, the object B calculates ri1 'through an asymmetric key pointer function fkp to obtain an encrypted public key pointer address kpi 1' of the object A. The object b takes out the first party public key Ki1 (the first encryption public key of the first party) from the encryption public key pool group in the local system according to the encryption public key pointer address kpi1 'and the encryption public key pool number Pi' of the object a.
2.3 the object B decrypts to obtain the temporary public key of the first party and takes out the static public key of the first party: object b calculates shared key s 1' ═ Ki1^ kj 1. The object b decrypts the temporary public key ciphertext c1 ' by using the shared key s1 ' to obtain the first temporary public key Ka ' of the party a, c 1's 1 ' -1. s1-1 is the inverse of s1 on cycle group G. The object B uses the static public key pointer address ra' of the object A to take the static public key A (first static public key) of the object A from the static public key pool.
2.4 object B generates temporary private key and takes out self static private key: and the object B randomly generates a true random number Kb (third true random number) as a temporary private key of the key agreement at this time, and calculates to obtain a temporary public key Kb ═ Kb (Kb) Q (second temporary public key). Object b fetches its own static private key b (second static private key).
2.5 the object B obtains the negotiation key by calculation: the object B is obtained by utilizing the existing parameter calculation WhereinAnd isThe object B obtains a negotiation key through calculation
2.6 object B gets the encryption private key and party A encryption public key: object b generates a true random number r2 (fourth true random number). Object b splits the random number r2 into ri2 and rj2 by a specified algorithm. Object b gets rj2 the encrypted private key pointer address kpj2 through key pointer algorithm fkp. Object b fetches the corresponding encryption private key kj2 (second encryption private key of party b) from the pool of encryption private keys of the local system according to the encryption private key pointer address kpj 2.
Meanwhile, the object B calculates ri2 through an asymmetric key pointer function fkp to obtain an encrypted public key pointer address kpi2 of the object A. The object b takes out the first party public key Ki2 (the second encrypted public key of the first party) from the encrypted public key pool in the local system according to the encrypted public key pointer address kpi2 and the public key pool number Pi' of the object a.
2.6 object B encrypts temporary public Key: the object b generates a shared key s2 (second shared key) Ki2 kj 2. The object b encrypts the temporary public key Kb to obtain a second ciphertext c2 ═ Kb }. s 2.
2.7 object B sends a Key Agreement message to object A: object b sends the temporary public key ciphertext c2, the random number r2, and the object b's public key pointer address rb encrypted to object a.
And step 3: the object nail decrypts the analysis message and calculates the negotiation key
3.1 the object A receives the message and decrypts and analyzes: the object A receives the message from the object B, and decrypts the message to obtain the public key pointer address rb ', the random number r2 ' and the temporary public key ciphertext c2 ' of the object B.
3.2 the object A obtains an encryption private key and a party B encryption public key: the subject nail splits the random number r2 ' into ri2 ' and rj2 ' by a specified algorithm. The object nail obtains ri2 'through the key pointer algorithm fkp to obtain an encrypted private key pointer address kpi 2'. The object nail takes the corresponding encryption private key ki2 (the second encryption private key of the first party) from the pool of encryption private keys of the local system according to the encryption private key pointer address kpi 2'.
Meanwhile, the object A calculates rj2 'through an asymmetric key pointer function fkp to obtain an encrypted public key pointer address kpj 2' of the object B. The object A takes the second party public key Kj2 (the second encryption public key of the second party) from the encryption public key pool group in the local system according to the encryption public key pointer address kpj 2' and the public key pool number Pj of the object B.
3.3 object A decrypts to get second temporary public key and takes out second static public key: the object b computes the shared key s 2' ═ Kj2^ ki 2. The object a decrypts the temporary public key ciphertext c2 ' with the shared key s2 ' to obtain Kb ' ═ c2 ' · s2 ' -1. s2-1 is the inverse of s2 on cycle group G. The object A uses the public key pointer address rb' of the object B to fetch the static public key B (second static public key) of the object B from the static public key pool.
3.4 the object A obtains the negotiation key by calculation: the subject nail takes out its own static private key a (first static private key). The object nail is obtained by utilizing the existing parameter calculationWhereinAnd isThe object nail obtains a negotiation key through calculation:
the evolution of the negotiated key of the object nail results in:
the evolution of the negotiated key of the object B is as follows:
therefore, the object A and the object B obtain the same negotiation key, and the key negotiation is successful.
In one embodiment, a quantum computation resistant MQV key negotiation system based on a private key pool and Elgamal is provided, wherein a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key pool and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools, the number of which corresponds to the number of the key fob, each encryption public key pool stores an encryption public key corresponding to the encryption private key, and the static public key pool stores a static public key corresponding to the static private key;
the quantum computation resistant MQV key agreement system comprises:
the first module is used for generating a corresponding temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
the second module is used for receiving the ciphertext, the true random number and the static public key pointer address from the other party, obtaining an encrypted public key of the other party and an encrypted private key of the own party by using the true random number, generating a shared key by using the encrypted private key of the own party and the encrypted public key of the other party, decrypting the ciphertext by using the shared key to obtain a temporary public key of the other party, obtaining the static public key of the other party by using the static public key pointer address, and generating a negotiation key by using the temporary public key of the other party, the static public key, the temporary private key of the own party, the static private key and the algorithm parameter.
For specific limitations of the quantum computation resistant MQV key agreement system, reference may be made to the above limitations of the quantum computation resistant MQV key agreement system, which are not described herein again. The various modules described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device, namely, an anti-quantum computation MQV key agreement system based on a private key pool and Elgamal is provided, the computer device may be a terminal, and its internal structure may include a processor, a memory, a network interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. When the computer program is executed by the processor, the anti-quantum computation MQV key agreement method is implemented, the display screen of the computer device may be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer device may be a touch layer covered on the display screen, or a key, a trackball or a touch pad arranged on a casing of the computer device, or an external keyboard, a touch pad or a mouse, etc.
In one embodiment, a quantum computation resistant MQV key negotiation system based on a private key pool and Elgamal is provided, wherein a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key pool and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools, the number of which corresponds to the number of the key fob, each encryption public key pool stores an encryption public key corresponding to the encryption private key, and the static public key pool stores a static public key corresponding to the static private key;
the participator comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the quantum computation resistant MQV key agreement method based on the private key pool and Elgamal when executing the computer program.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.
Claims (7)
1. The quantum computation resistant MQV key negotiation method based on the private key pool and the Elgamal is characterized in that a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to the number of the key fob, encryption public keys corresponding to the encryption private keys are stored in each encryption public key pool, and the static public keys corresponding to the static private keys are stored in the static public key pool;
when the quantum computation resistant MQV key negotiation method is implemented, the method comprises the following steps:
generating a temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
receiving the ciphertext, the true random number and the static public key pointer address from the other party, obtaining an encrypted public key of the other party and an encrypted private key of the own party by using the true random number, generating a shared key by using the encrypted private key of the own party and the encrypted public key of the other party, decrypting the ciphertext by using the shared key to obtain a temporary public key of the other party, obtaining the static public key of the other party by using the static public key pointer address, and generating a negotiation key by using the temporary public key of the other party, the static public key, the temporary private key of the own party, the static private key and algorithm parameters;
the participants include an initiator and a responder, and the initiator includes:
generating a first true random number, and generating a first temporary public key and a first temporary private key by using the first true random number;
generating a second true random number, and obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the second true random number;
calculating a first encryption private key of the own party and a first encryption public key of the opposite party to obtain a first shared key, and encrypting the first temporary public key by using the first shared key to obtain a first ciphertext;
and sending the first ciphertext, the second true random number, the own static public key pointer address and the own encryption public key pool number to a responder in a ciphertext mode.
2. The quantum computation resistant MQV key agreement method based on the pool of private keys and Elgamal according to claim 1, comprising, at said responder:
obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the received second true random number;
calculating a first encrypted private key of the own party and a first encrypted public key of the opposite party to obtain a first shared secret key, and decrypting the first ciphertext by using the first shared secret key to obtain a first temporary public key of the opposite party;
obtaining a first static public key of the other party from the key fob by using the received static public key pointer address;
generating a third true random number, and generating a second temporary public key and a second temporary private key by using the third true random number;
obtaining a second static private key of the own party from the key fob, and calculating a negotiation key;
generating a fourth true random number, and obtaining a second encryption private key of the own party and a second encryption public key of the other party from the key fob by using the fourth true random number;
calculating a second encryption private key of the own party and a second encryption public key of the opposite party to obtain a second shared secret key, and encrypting the second temporary public key by using the second shared secret key to obtain a second ciphertext;
and sending the second ciphertext, the fourth true random number and the static public key pointer address of the own party to the initiator in a ciphertext form.
3. The quantum computation resistant MQV key agreement method according to claim 2, based on the private key pool and Elgamal, wherein the way of computing the agreement key at the responder is:
h is the algorithm parameter in the key fob;
kb is a second temporary private key of the responder;
kb is a second temporary public key of the responder;
b is a second static private key of the responder;
ka' is a first temporary public key of the initiator;
a is the first static public key of the initiator.
4. The quantum computation resistant MQV key agreement method according to claim 2, based on the private key pool and Elgamal, further comprising, at the initiator:
obtaining a second encryption private key of the own party and a second encryption public key of the opposite party from the key fob by using the received fourth true random number;
the second encryption private key of the own party and the second encryption public key of the opposite party are operated to obtain a second shared secret key, and the second shared secret key is used for decrypting the second ciphertext to obtain a second temporary public key of the opposite party;
obtaining a second static public key of the other party from the key fob by using the received static public key pointer address;
and obtaining the first static private key of the own party from the key fob, and calculating the negotiation key.
5. The quantum computation resistant MQV key agreement method according to claim 4, based on the private key pool and Elgamal, wherein at the initiator, the way of computing the agreement key is:
h is the algorithm parameter in the key fob;
ka is a first temporary private key of the initiator;
ka is a first temporary public key of the initiator;
a is a first static private key of an initiator;
kb' is a second temporary public key of the responder;
b is the second static public key of the responder.
6. The MQV key negotiation system based on quantum computation resistance of a private key pool and Elgamal is characterized in that a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to the number of the key fob, encryption public keys corresponding to the encryption private keys are stored in each encryption public key pool, and the static public keys corresponding to the static private keys are stored in the static public key pool;
the quantum computation resistant MQV key agreement system comprises:
the first module is used for generating a temporary public key and a temporary private key at the own party, generating a shared key by using the encrypted private key and the encrypted public key of the other party, and encrypting the temporary public key of the own party by using the shared key to obtain a ciphertext; the ciphertext is used for obtaining the true random number of the encrypted public key of the opposite party and the static public key pointer address of the own party are sent to the opposite party in a ciphertext mode;
the second module is used for receiving the ciphertext, the true random number and the static public key pointer address from the other party, obtaining an encrypted public key of the other party and an encrypted private key of the own party by using the true random number, generating a shared key by using the encrypted private key of the own party and the encrypted public key of the other party, decrypting the ciphertext by using the shared key to obtain a temporary public key of the other party, obtaining the static public key of the other party by using the static public key pointer address, and generating a negotiation key by using the temporary public key of the other party, the static public key, the temporary private key of the own party, the static private key and algorithm parameters;
the participants include an initiator and a responder, and the initiator includes:
the third module is used for generating a first true random number and generating a first temporary public key and a first temporary private key by utilizing the first true random number;
generating a second true random number, and obtaining a first encryption private key of the own party and a first encryption public key of the opposite party from the key fob by using the second true random number;
calculating a first encryption private key of the own party and a first encryption public key of the opposite party to obtain a first shared key, and encrypting the first temporary public key by using the first shared key to obtain a first ciphertext;
and sending the first ciphertext, the second true random number, the own static public key pointer address and the own encryption public key pool number to a responder in a ciphertext mode.
7. The MQV key negotiation system based on quantum computation resistance of a private key pool and Elgamal is characterized in that a participant is provided with a key fob, a static public key pool, an encryption private key pool, an encryption public key pool, a static private key and algorithm parameters are stored in the key fob, the encryption private key pool stores encryption private keys, the encryption public key pool comprises encryption public key pools the number of which corresponds to the number of the key fob, encryption public keys corresponding to the encryption private keys are stored in each encryption public key pool, and the static public keys corresponding to the static private keys are stored in the static public key pool;
the participator comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the quantum computation resistant MQV key agreement method based on the private key pool and Elgamal in any claim 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910049038.0A CN109787758B (en) | 2019-01-18 | 2019-01-18 | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910049038.0A CN109787758B (en) | 2019-01-18 | 2019-01-18 | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109787758A CN109787758A (en) | 2019-05-21 |
CN109787758B true CN109787758B (en) | 2021-08-10 |
Family
ID=66501703
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910049038.0A Active CN109787758B (en) | 2019-01-18 | 2019-01-18 | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109787758B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110266485B (en) * | 2019-06-28 | 2022-06-24 | 宁波奥克斯电气股份有限公司 | Internet of things safety communication control method based on NB-IoT |
CN110601825B (en) * | 2019-08-29 | 2022-09-30 | 北京思源理想控股集团有限公司 | Ciphertext processing method and device, storage medium and electronic device |
CN112187832A (en) * | 2020-11-03 | 2021-01-05 | 北京指掌易科技有限公司 | Data transmission method and electronic equipment |
CN113904766B (en) * | 2021-09-08 | 2024-04-30 | 北京世纪互联宽带数据中心有限公司 | Encryption communication method, device, equipment and medium |
CN114398602B (en) * | 2022-01-11 | 2024-05-10 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN116961906B (en) * | 2023-09-19 | 2023-12-15 | 长春吉大正元信息技术股份有限公司 | Network communication method, device, equipment and storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1599316A (en) * | 2004-09-17 | 2005-03-23 | 叶润国 | Asymmetic identification scheme and long-distance access safety protocol |
CN101521881A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for assessing wireless local area network |
CN101582906A (en) * | 2009-06-23 | 2009-11-18 | 中国人民解放军信息工程大学 | Key agreement method and device |
US7752444B2 (en) * | 2005-12-21 | 2010-07-06 | Nortel Networks Limited | System and method for providing identity hiding in a shared key authentication protocol |
CN102104481A (en) * | 2010-12-17 | 2011-06-22 | 中国科学院数据与通信保护研究教育中心 | Elliptic curve-based key exchange method |
CN105024807A (en) * | 2014-04-30 | 2015-11-04 | 宇龙计算机通信科技(深圳)有限公司 | Data processing method and system |
CN105024801A (en) * | 2015-07-06 | 2015-11-04 | 国网山东寿光市供电公司 | Quantum encryption communication method |
CN105071929A (en) * | 2015-07-15 | 2015-11-18 | 清华大学 | Postprocessing method for quantum key distribution |
CN106533662A (en) * | 2016-11-03 | 2017-03-22 | 北京奇虎科技有限公司 | Methods and devices for transmitting network safety secret key |
CN106713302A (en) * | 2016-12-19 | 2017-05-24 | 北京握奇智能科技有限公司 | Operating system updating method and device |
CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
CN108768661A (en) * | 2018-05-29 | 2018-11-06 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after modified AKA identity authorization systems and method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103200000B (en) * | 2013-03-27 | 2016-03-16 | 武汉大学 | Shared key method for building up under a kind of quantum computation environment |
-
2019
- 2019-01-18 CN CN201910049038.0A patent/CN109787758B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1599316A (en) * | 2004-09-17 | 2005-03-23 | 叶润国 | Asymmetic identification scheme and long-distance access safety protocol |
US7752444B2 (en) * | 2005-12-21 | 2010-07-06 | Nortel Networks Limited | System and method for providing identity hiding in a shared key authentication protocol |
CN101521881A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for assessing wireless local area network |
CN101582906A (en) * | 2009-06-23 | 2009-11-18 | 中国人民解放军信息工程大学 | Key agreement method and device |
CN102104481A (en) * | 2010-12-17 | 2011-06-22 | 中国科学院数据与通信保护研究教育中心 | Elliptic curve-based key exchange method |
CN105024807A (en) * | 2014-04-30 | 2015-11-04 | 宇龙计算机通信科技(深圳)有限公司 | Data processing method and system |
CN105024801A (en) * | 2015-07-06 | 2015-11-04 | 国网山东寿光市供电公司 | Quantum encryption communication method |
CN105071929A (en) * | 2015-07-15 | 2015-11-18 | 清华大学 | Postprocessing method for quantum key distribution |
CN106533662A (en) * | 2016-11-03 | 2017-03-22 | 北京奇虎科技有限公司 | Methods and devices for transmitting network safety secret key |
CN106713302A (en) * | 2016-12-19 | 2017-05-24 | 北京握奇智能科技有限公司 | Operating system updating method and device |
CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
CN108768661A (en) * | 2018-05-29 | 2018-11-06 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after modified AKA identity authorization systems and method |
Also Published As
Publication number | Publication date |
---|---|
CN109787758A (en) | 2019-05-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109787758B (en) | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal | |
CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
US10785019B2 (en) | Data transmission method and apparatus | |
CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
Tsai et al. | Novel anonymous authentication scheme using smart cards | |
CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
US8868911B2 (en) | Method for key generation, member authentication, and communication security in dynamic group | |
CN109818749B (en) | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool | |
CN109660338B (en) | Anti-quantum computation digital signature method and system based on symmetric key pool | |
CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
CN109951274B (en) | Anti-quantum computing point-to-point message transmission method and system based on private key pool | |
Bai et al. | Elliptic curve cryptography based security framework for Internet of Things (IoT) enabled smart card | |
CN109918888B (en) | Anti-quantum certificate issuing method and issuing system based on public key pool | |
CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
CN110138548B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol | |
CN109905229B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool | |
KR100989185B1 (en) | A password authenticated key exchange method using the RSA | |
CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
CN109905236B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on private key pool | |
CN110677253B (en) | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC | |
CN110768782B (en) | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and IBS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |